Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm looking to deploy a Postfix server in place of a sendmail server after reading up on how Postfix works. I've got the system so it can deliver mail locally, but now I'm looking to add security (gradually) to the Postfix install. I'm trying to test out the server accepting FQDNs only. I telnet to the system & issue a: HELO sparky . If I continue composing the email in telnet, it happily accepts everything. What am I doing wrong? This is my Postfix configuration to date:
================================================== ======
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
default_privs = nobody
==================================================
If I activate just the helo restrictions, it lets the email complete. If I enable the recipient restrictions, the moment I telnet to port 25, the cursor just hangs.
Nothing. You have permit_mynetworks first in your helo_restrictions, so anyone
telnetting from the LAN would pass the helo tests without question.
D'oh!! Makes sense. I guess it's like the book says: position. position. position. So you have to be certain that you order the restrictions the way you want them applied.
Though, why is it if I include the smptd_recipient_restrictions area, the telnet session sits frozen? I don't even get the greeting from the mail server.
Also, the book I'm reading on postfix says that to do the FQDN protection it goes in the recipient restrictions. Why would that be? Their restrictions are printed:
smtp_recipient_restrictions = permit_mynetworks,reject_unauth_destination,reject_non_fqdn_hostname, permit
Though, why is it if I include the smptd_recipient_restrictions area, the telnet session sits frozen?
Check your mail logs. But the reason is probably that your recipient_restrictions are too permissive. See the postconf(5) man page for rules that are mandatory for smtpd_recipient_restrictions.
Also. with smtpd_delay_reject = yes, as you have it, the client would not be rejected until the RCPT TO phase, even if the client violated one of the helo_restrictions. In this case, you can list your access rules under a single recipient_restrictions stanza (instead of having separate client_restrictions, helo_restrictions, etc.)
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.