Results 1 to 5 of 5

Thread: Network configurations for a mailserver

  1. #1
    Join Date
    Feb 2002

    Question Network configurations for a mailserver

    I've searched on Google and the forums of AO for mailservers and network configurations but still can't find what I'm looking for.

    If I want to run a mailserver at my own domainname, behind a firewall / NAT router, I probably have to add some portmapping configs to my firewall / router. My question is: isn't this an open relay server? because if there's one thing that I don't want, it's an open relay. What configurations do I have to make in my network to run a "non open relay" mailserver and is this possible.
    [shadow]OpenGL rules the game[/shadow]http://www.AntiOnline.com/sig.php?imageid=499

  2. #2
    AOs Resident Troll
    Join Date
    Nov 2003
    I guess that all depends on what mailserver you are running and what services you are offering... and to whom...the internet, your lan, the everyone group


    to reduce your risk...only accept connections from authenticated users, and have a strong password policy...
    How people treat you is their karma- how you react is yours-Wayne Dyer

  3. #3
    Senior Member
    Join Date
    Nov 2001
    As long as it requires authentication before sending it's not an open relay. Authentication is usually the same as your pop account.

    You can use Sam Spade or even telnet to check and see if it’s open.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  4. #4
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    99% of all available mail servers out there, even the free ones, offer the ability to prevent realy completely and/or authorized relay from certain subnets.

    The whole relay issue is very simple. A mail server should only accept mail for transfer to it's own domain(s) from the public internet. Thus, if your domain is mydomain.net and I try to send mail to yahoo.com from my home address I should receive a "500 relaying denied". However if I send an email to you@yourdomain.net I should receive a "250 recipient ok" message.

    The _only_ port you require to have forwarded on your firewall is port 25 which needs to be forwarded to the mailserver's internal IP. Nothing else is required to be opened. outgoing mail will go anyway. You need to test it first if this is a home connection because some ISP's are blocking port 25 inbound to their customers, (Comcast doesn't).

    If you want to provide yourself webmail, (assuming your mail server provides it), you can usually select a port of your own for the web server to operate on. You would then also need to forward that port through the firewall too.

    At home I use this. It has stacks of features including spam filtering and relay prevention. I like it and it seems to be fairly free of vulnerabilities/attacks which is nice too.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  5. #5
    Senior Member
    Join Date
    Sep 2001
    Concretely, in postfix for example, it would mean making sure the following variables are defined:

    mydomain = yourdomain.net
    mynetworks =

    so only hosts in the subnet can relay mails through your server to addresses other than @yourdomain.net..

    Now as was also said, it's possible to make use of authentication mechanisms like POP berfore SMTP or SMTP AUTH (check out cyrus sasl) but they require more configuration and are generaly not needed unless you need to use your smtp as a relay from the internet or don't trust your internal users....

    Credit travels up, blame travels down -- The Boss

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts