Security – How to block outside mail FROM postmaster@thedomain.com

postfixSecurityspam

A security firm has been testing my mail server and claims my Postfix daemon is an open relay. The evidence is as follows (valid public IP for mail.mydomain.com has been changed to 10.1.1.1 for security):

Relay User: postmaster Relay Domain: 10.1.1.1
Transaction Log: EHLO elk_scan_137 250-mail.mydomain.com 250-PIPELINING
250-SIZE 20480000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME
250 DSN
MAIL FROM: postmaster@[10.1.1.1]
250 2.1.0 Ok
RCPT TO: postmaster@[10.1.1.1]
250 2.1.5 Ok

I've already blocked mail to root, but clearly I should not block postmaster. I feel that the ability to send mail from a server to itself does not make an open relay. But how can I safely block a spoofed postmaster@mail.mydomain.com sender?

[N.B. I've scanned myself using mxtoolbox.com and they say it is secure and not an open relay]

Best Answer

The fact that someone can send you mail addressed to your own mail server's IP address has absolutely no bearing on whether the mail server is an open relay.

Open relays accept mail for any and all systems outside their administrative domain and forward them onward. This clearly is not what's demonstrated here.

Ask the security firm to share whatever it is they've been smoking, since clearly it's really good stuff.

Related Solutions

Iptables – cannot send mail to postfix /w iptables linux proxy

550 550 #5.1.0 Address rejected user@example.com (state 14) is not a postfix message, which would explain the "/var/log/mail.log shows no new lines when this happens."; perhaps you're not connecting where you think you are.

Also, depending on the setting of parent_domain_matches_subdomains, *.example.com will match "example.com" wherever it is configured in postfix.

While user@example.com | user@example.com is a bit weird, we need to see the contents of the virtual_alias_domains and virtual_mailbox_* tables as well.

Ubuntu – postfix smtps issue

Have you checked the file permissions for

smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

Are these files being created?

What happens if you temporarily disable those lines?

Also try increasing the log level to 3 or 4.

EDIT: These are additional lines I added to master.cf (postfix 2.5.1):

# TLS stuff
smtps     inet  n       -       y       -       -       smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
submission inet n       -       y       -       -       smtpd -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
scache    unix  -       -       n       -       1       scache
discard   unix  -       -       n       -       -       discard
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
retry     unix  -       -       n       -       -       error
proxywrite unix -       -       n       -       1       proxymap

Best Answer

Related Solutions

Iptables – cannot send mail to postfix /w iptables linux proxy

Ubuntu – postfix smtps issue

Related Topic