Open relay? Nonlocal recips but not originating ... for roaming, authenticated users?

a7476765 at your-mail.com a7476765 at your-mail.com
Sun Apr 29 17:21:49 CEST 2012 

I'm setting up Amavis with Postfix.

It's mostly all working, but when I send mail from an authenticated
roaming user -- specifically from my mobile phone authenticating to and
sending via my server -- I get

	Apr 28 11:31:50 test postfix/qmgr[26625]: 9689560119:
	from=<a7 at test.stratfivXX.net>, size=3984, nrcpt=1 (queue active)
	Apr 28 11:31:50 test amavis[26375]: (26375-01) Checking:
	Yf23MOH6kTEC [184.208.230.208] <a7 at test.stratfivXX.net> ->
	<a7test97454321 at gmail.com>
	Apr 28 11:31:50 test amavis[26375]: (26375-01) Open relay?
	Nonlocal recips but not originating: a7test97454321 at gmail.com
	Apr 28 11:31:50 test postfix/smtpd[31605]: disconnect from
	184-208-230-208.pools.spcsdns.net[184.208.230.208]
	Apr 28 11:31:57 test postfix/qmgr[26625]: D07C96021B:
	from=<a7 at test.stratfivXX.net>, size=4505, nrcpt=1 (queue active)

I tracked down this thread,

	"Open relay? Nonlocal recips but not originating: ..."
	 http://lists.amavis.org/pipermail/amavis-users/2011-March/000063.html

which says,

	"For simple cases
	 (all users coming from internal networks, no authenticated
	 roaming
	 users), all you need to do is to properly configure the
	 @mynetworks
	 ..."
	 For more complex setups where your users submit mail from
	 foreign
	 networks, you need to set up a dedicated policy bank with
	 originating=>1, attach it to a dedicated TCP port, then
	 configure
	 Postfix to pass authenticated mail from MSA to such port."

I've read that latter paragraph, and more at,

	"Putting policy banks to good use -- examples"
	 http://www.ijs.si/software/amavisd/amavisd-new-docs.html#pbanks-ex

and honestly still don't get it.

Sending mail from an authenticated roaming user seems like a pretty
simple use case.  At least it's pretty common. It appears to be
considered in amavis as a non-simple/standard case.

I've verified my server's not an open relay, only auth'd users can send.
 In principle I can just ignore the amavis message.  I'd eally like to
get it done right though.

I'd appreciate any help -- ideally in the form of a concrete example --
getting this properly set up.

Cheers.

-A

More information about the amavis-users mailing list