I've been trying to setup Courier MTA (www.courier-mta.org) to handle mail for a few domains of mine, but have run into problems.

Courier acts as an open relay out-of-the-box.

This is what I did:
1. Downloaded the packages :-
courier-0.44.0.tar.bz2
courier-imap-2.2.0.tar.bz2
2. Built them as RPMs under a redhat 9 system:
rpmbuild -ta courier-0.44.0.tar.bz2
rpmbuild -ta courier-imap-2.2.0.tar.bz2
3. Removed the existing sendmail package from the mailserver that comes with redhat:
rpm -e sendmail
(note: i don't know if this makes a difference, but the sendmail package was setup, in the conf, with the accept_unresolvable_domains option on)
4. Installed selected courier RPM packages:
rpm -Uvh courier-0.44.0-1.i386.rpm courier-imapd-0.44.0-1.i386.rpm courier-maildrop-0.44.0-1.i386.rpm courier-maildrop-wrapper-0.44.0-1.i386.rpm courier-smtpauth-0.44.0-1.i386.rpm courier-webadmin-0.44.0-1.i386.rpm
5. I start courier with "service courier start"

Without doing anything else, courier comes up and starts listening on port 25.
Doing a check on this port from free mail relay test sites (such as http://www.abuse.net/relay.html), courier relays all traffic.

Couriers relay configuration (in /etc/courier/smtpaccess/default) shows:
127.0.0.1 allow,RELAYCLIENT
10 allow,RELAYCLIENT
192.168 allow,RELAYCLIENT

Even though couriers configuration only specifies relays for local addresses, it still accepts and relays everything. (unless it is using some other configuration not in the couriers conf directory - does anyone know about this?!!)

The only other thing I think I havn't mentioned is the mail server is internal on the network. A router masquerades all connections to port 25 internally to the mailserver and back.
I do wonder whether courier, from the masquerading router, sees the connection 'coming' from the router (but that doesn't make sense).

Can someone please help!!!!!!
David

Check your mail log to see what the IP address of the incoming connections is logged as. A NAT (ip masq) router should not be making the packets appear to be coming from an internal address, but it's possible that it is happening. In any case, checking your logs will report what the MTA thinks the IP is.

that's the problem!!
the source address is coming up as the routers internal address (don't ask me how i didn't notice it before)..
though my question is now how do i fix it???!??

I've done a test with apache and it also reports the remote address incorrectly [as coming from the router].

Are there any kernel options I need to use to correct the NAT source address?
I'm using redhat fedora core on the router with iptables rules:
IPTABLES -t nat -A PREROUTING -d {externalip} -p tcp -m tcp --dport 25 -j DNAT --to-destination {internalip}
IPTABLES -t nat -A POSTROUTING -o {interface} -j MASQUERADE

I tried playing around with some of the kernel options and added/removed modules but got nowhere.:s
P.S: thanks chort on that last reply

ok well figured out my problem

double checking through my rules, i found i also had the line:
IPTABLES -t nat -A POSTROUTING -o {internalinterface} -j MASQUERADE

explains why the source address was the router for all NAT traffic
(also explains some other things