A security firm has been testing my mail server and claims my Postfix daemon is an open relay. The evidence is as follows (valid public IP for mail.mydomain.com has been changed to 10.1.1.1 for security):
Relay User: postmaster Relay Domain: 10.1.1.1 Transaction Log: EHLO elk_scan_137 250-mail.mydomain.com 250-PIPELINING 250-SIZE 20480000 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN MAIL FROM: [email protected][10.1.1.1] 250 2.1.0 Ok RCPT TO: [email protected][10.1.1.1] 250 2.1.5 Ok
I’ve already blocked mail to root, but clearly I should not block postmaster. I feel that the ability to send mail from a server to itself does not make an open relay. But how can I safely block a spoofed [email protected] sender?
[N.B. I’ve scanned myself using mxtoolbox.com and they say it is secure and not an open relay]
The fact that someone can send you mail addressed to your own mail server’s IP address has absolutely no bearing on whether the mail server is an open relay.
Open relays accept mail for any and all systems outside their administrative domain and forward them onward. This clearly is not what’s demonstrated here.
Ask the security firm to share whatever it is they’ve been smoking, since clearly it’s really good stuff.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.