Postfix – How to Fix Open Relay
An open relay is “a mail server that does not verify that it is authorised to send mail from the email address that a user is trying to send from. Therefore, users would be able to send email originating from any third-party email address they want.”
Using open relay Someone could use your domain name to send emails from dummy accounts. It is a method of sending spam while ensuring they are neither identified nor blocked from sending future spam messages.
You can easily determine your PostFix mail server is an open relay by using a tool from spamhelp.org. If you found your server working as open relay, you can secure your PostFix mail server by setting proper authentication protocols. Edit PostFix configuration file /etc/mail/main.cf, and search to edit (or add new lines as below, if you don’t find in PostFix configuration file):
smtpd_delay_reject = no
disable_vrfy_command = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,
reject_invalid_hostname,
reject_unknown_hostname,
reject_non_fqdn_hostname
These settings will force incoming requests to stop and identify themselves before accessing the SMTP server. Authenticated users will be allowed to pass through and send mail. Restart PostFix to apply changes:
/etc/init.d/postfix restart
Tags: authentication protocols, cf, domain name, fqdn, incoming requests, mail server, open relay, proper authentication, smtp server, spam messages
