Magnus Holmgren wrote:
> Tuesday 23 May 2006 22:57 Mark Menzies wrote:
>
>> I have the following set in my config:
>>
>> hostlist relay_from_hosts = 127.0.0.1 : x.x.x.160/29
>>
>> with the subnet belonging to me. I am led to believe that this is the
>> best way to limit access to my server but I have hit this problem.
>>
>> When I start my server, I can access the mail and even send mail over
>> command line from ANY host. Mail is accepted and delivered fine.
>>
>> Is there another setting I need to configure along with the
>> relay_from_hosts? Is this in any way related to the acl_check_rcpt
>> settings too?
>>
>
> Yes, the relay_from_hosts hostlist in itself does nothing, it's just the list
> of hosts that are allowed to relay in the default configuration. It is
> referenced in the acl_check_rcpt acl of the default config:
>
> accept hosts = +relay_from_hosts
> control = submission
>
> If the "hostlist relay_from_hosts" line is the only thing you have changed,
> you should be safe. Are you saying that you can telnet in to port 25 of your
> server from any host on the internet and send mail to any domain?
>
Yes I can telnet onto my server on port 25 from any host and send
mail!!! This is why I am concerned. I also have another issue with
iptables that says it is blocking port 25 from all but a select set of
IPs, but still allows traffic through, This I can deal with outwith
this list, but any assistance on locking down my server will be useful. :)
Thanks
Mark