postfix: allow receive but not relay

postfix: allow receive but not relay

Post by Robert Watkin » Wed, 12 Feb 2003 09:23:07



I have made my Postfix config so tight that I can't receive mail other
than from trusted hosts. What I would like to do is to recieve mail from
anyone (with SPAM controls in place, of course) but not allow relaying;
what I can't figure out (my head is a mess of configuration-confusion
now) is where I can relax my configuration without opening myself to
abuse. I have included here what I believe to be the relevant sections
of main.cf (note that for the TLS stuff, the certificate is self-signed):

# JUNK MAIL CONTROLS
#
# The controls listed here are only a very small subset. See the file
# sample-smtpd.cf for an elaborate list of anti-UCE controls.
smtpd_sender_login_maps = hash:/etc/postfix/access
smtpd_recipient_limit = 20
smtpd_recipient_restrictions = permit_sasl_authenticated, \
  permit_mynetworks, check_relay_domains
smtpd_delay_reject = yes
smtpd_client_restrictions = reject_maps_rbl, reject_unknown_client
smtpd_helo_restrictions = permit_mynetworks, reject_maps_rbl, \
  reject_unknown_hostname
allow_untrusted_routing = no
maps_rbl_domains = blackholes.mail-abuse.org

# SMTP AUTH
#
# server
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous, noplaintext
# client
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/saslpass

## TLS
#  Transport Layer Security
#  TLS-Patch by Lutz J?nicke
#
smtpd_use_tls = yes
smtpd_enforce_tls = yes
smtpd_tls_auth_only = yes
smtpd_tls_key_file = /etc/postfix/mailauth_key.pem
smtpd_tls_cert_file = /etc/postfix/mailauth_pubcert.pem
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_loglevel = 0
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

 
 
 

1. postfix: relay domains and open relay

Hello
                I can not send messages anywhere, because of relay problems, here is example:

250 Ok


How can i set my postfix to allow me sending messages anywhere ?
When i set relaydomain to .com .org it became open relay and i do not
want it....

Thanx
Michal

2. A programing question

3. Email relaying not allowed, what to do?

4. Untitled

5. Sendmail Problem Reject=550; relaying not allowed

6. Solaris 7 stdperfmeter bug?

7. Clunky monitor

8. Need SMTP relay service - ISP does not allow gateway

9. Sendmail relay-not a regular relay

10. postfix mail relay

11. closing relays for postfix