Interesting end to - Re: Open relay from localhost and other questions

Robert Moskowitz rgm at htt-consult.com
Wed Apr 26 00:35:42 CEST 2017


More testing.  There seems to be something not working with the 
mynetworks policy bank.  If the email is from a user not in the mysql 
database, but still on a mynetworks address, sending to a user also not 
in the database, I get the Open relay.

But if the target user IS in the database, the database policy bank tags 
the email as ok and not an Open relay problem.

More testing is needed at some point, but at least for me, once in 
production, the target user of all these server emails go to a 
registered user.

So, for now, on with other testing.



On 04/24/2017 04:40 PM, Robert Moskowitz wrote:
>
>
> On 04/22/2017 01:00 AM, Benny Pedersen wrote:
>> Robert Moskowitz skrev den 2017-04-21 21:16:
>>
>>> Been doing some research.  mynetworks should stop the localhost from
>>> seeming like an Open relay.  I don't have this problem on my old
>>> production server.  I am researching it.
>>
>> check originating policy banks in amavisd, make sure local originated 
>> emails is gone into this bank in amavisd, this is important else it 
>> would be seen as a relay host and all sorts of fake msgs :=)
>>
>> and for xforward in mta as well to help solve it
>>
>> i dont use amavisd anymore, so cant help more with it
>
> I have just done more testing, and cannot get this working.  I even 
> copied exactly what I have for @mynetworks from my old system, and 
> made the change right were the default in amavis.conf is instead of 
> appending it to the end.  No change.
>
> @mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
>                   10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );
>
> And this server is at: 192.168.192.14/24
>
> The old system is running: amavisd-new-2.6.4-2.el6
> and the new one: amavisd-new-2.10.1-5.el7
>
> Also BOTH .confs define policy_bank as:
>
> $policy_bank{'MYNETS'} = {   # mail originating from @mynetworks
>   originating => 1,  # is true in MYNETS by default, but let's make it 
> explicit
>   os_fingerprint_method => undef,  # don't query p0f for internal clients
> };
>
> And no where is MYNETS defined on either system's .conf
>
> ?  Puzzled
>
> WAIT!!!
>
> The old server is at:  50.253.254.3/28
>
> and that is not EVEN in @mynetworks!
>
> And the other servers are on 50.253.254.0/28 and they do not get the 
> Open Relay message!
>
> Something else is at work here...
>
>



More information about the amavis-users mailing list