[TriLUG] Open Mail Relay - What Happened?

Randy Barlow randy at electronsweatshop.com
Thu Jun 28 14:03:26 EDT 2007 

Michael Hrivnak wrote:
> How about posting the result of "postconf -n"

alias_database = hash:/etc/mail/aliases
alias_maps = hash:/etc/mail/aliases, hash:/usr/local/mailman/data/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
debug_peer_level = 2
default_destination_concurrency_limit = 2
home_mailbox = .maildir/
html_directory = /usr/share/doc/postfix-2.2.10/html
local_destination_concurrency_limit = 2
mail_owner = postfix
mailbox_command = /usr/bin/procmail
mailbox_size_limit = 1000000000
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
message_size_limit = 100000000
mydestination = $myhostname, localhost.$mydomain, $mydomain
mynetworks_style = host
myorigin = $myhostname
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.2.10/readme
relayhost = mail.carolina.rr.com
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtp_sasl_password_maps = hash:/etc/postfix/saslpass
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_tls_session_cache_database = 
btree:/var/spool/postfix/smtp_tld_session_cache
smtp_use_tls = yes
smtpd_client_restrictions = 
permit_sasl_authenticated,reject_unauth_destination,reject_unknown_client
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = reject_unknown_address
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/postfix/electronsweatshop.com-cert.pem
smtpd_tls_key_file = /etc/postfix/electronsweatshop.com-key.pem
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = 
btree:/var/spool/postfix/smtpd_tls_session_cache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 450

> Can you tell us exactly what it relays that you think it shouldn't?

I logged in to an NCSU server.  I configured pine to use this smtp 
server instead of ncsu's.  When I sent an e-mail (to a 
non-electronsweatshop.com address), it let me send the e-mail without 
giving a login/password (although it did make me verify the server 
certificates...)  I thought I had it set up only to allow users with 
valid username/password combinations to use it, but apparently I missed 
something.  I'm about to try Alan's suggestions and also thanks to Kevin 
for showing me that free service!

-- 
Randy Barlow
http://electronsweatshop.com

But you are a chosen race, a royal priesthood, a holy nation, a people 
for his own possession, that you may proclaim the excellencies of him 
who called you out of darkness into his marvelous light. Once you were 
not a people, but now you are God's people; once you had not received 
mercy, but now you have received mercy. ~1 Peter 2:9-10

More information about the TriLUG mailing list