randyponce
Programmer
Hello,
I am trying to setup postfix to refuse connections, or at least prevent the relaying of email from those that try to connect from remote sources.
That is, I can do a telnet mydomainname.com 25 and am able to connect to and send email without any problems (note: I am NOT telnetting from the same machine that Postfix is on, postfix is on a remotely located server.)
Here is my postconf dump:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
default_destination_concurrency_limit = 1
html_directory = no
inet_interfaces = all
mail_owner = postfix
mailbox_command = /usr/local/bin/maildrop local_destination_concurrency_limit = 1
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain
mydomain = mydomainname.com
mynetworks_style = host
myorigin = mydomainname.com
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_client_restrictions = reject_rbl_client bl.spamcop.net
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_sasl_authenticated permit_mynetworks reject_invalid_hostname reject_non_fqdn_hostname
smtpd_recipient_restrictions = permit_mynetworks strict_rfc821_envelopes = yes
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
virtual_alias_maps = mysql:/etc/postfix/forwards.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/mail/vhosts
virtual_mailbox_domains = mysql:/etc/postfix/domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mailboxes.cf
virtual_transport = maildrop
I have also tried setting mynetworks to the server ip:
mynetworks = xxx.xxx.xxx.xxx/32 (where xxx... represents the server's IP).
Any thoughts on how to close this up?
I am trying to setup postfix to refuse connections, or at least prevent the relaying of email from those that try to connect from remote sources.
That is, I can do a telnet mydomainname.com 25 and am able to connect to and send email without any problems (note: I am NOT telnetting from the same machine that Postfix is on, postfix is on a remotely located server.)
Here is my postconf dump:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
default_destination_concurrency_limit = 1
html_directory = no
inet_interfaces = all
mail_owner = postfix
mailbox_command = /usr/local/bin/maildrop local_destination_concurrency_limit = 1
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain
mydomain = mydomainname.com
mynetworks_style = host
myorigin = mydomainname.com
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_client_restrictions = reject_rbl_client bl.spamcop.net
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_sasl_authenticated permit_mynetworks reject_invalid_hostname reject_non_fqdn_hostname
smtpd_recipient_restrictions = permit_mynetworks strict_rfc821_envelopes = yes
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
virtual_alias_maps = mysql:/etc/postfix/forwards.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/mail/vhosts
virtual_mailbox_domains = mysql:/etc/postfix/domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mailboxes.cf
virtual_transport = maildrop
I have also tried setting mynetworks to the server ip:
mynetworks = xxx.xxx.xxx.xxx/32 (where xxx... represents the server's IP).
Any thoughts on how to close this up?