Postfix from scratch – episode 1 – open relay

Let's play a little with installation of postfix along the setup of complete solution.

Before we start

I'll be illustrating what is directly possible through the use of netcat on SMTP/25 port. So you might concider installing it.

# sudo apt-get install netcat

And we'll check often the content of /var/log/mail.{err,log} which are full of information on what is happening in postfix. As a reminder, you can see this content with:

# sudo tail -f /var/log/mail.{err,log}

Postfix basic installation

Installation of postfix base repertories will be done through apt mecanism:

# sudo apt-get install postfix

As of Ubuntu Jaunty, this doesn't install the main configuration file of postfix which is /etc/postfix/ . Without it, /etc/init.d/postfix won't do anything.

So let's create an empty configuration file:

# touch /etc/postfix/

For this first configuration, to avoid giving a chance to some nasty guys to use an open smtp relay, let's protect us:

# cat <<EOF >> /etc/postfix/
## temporary protection against unwanted external connection
inet_interface = localhost

We are done, well not completely done yet, as after

# /etc/init.d/postfix start

we will try to send a mail through

# nc localhost 25

And this will stall. You'll notice in the logs that:

smtpd[30428]:  fatal:   open database /etc/aliases.db: No such file or directory
master[30332]: warning: process /usr/lib/postfix/smtpd pid 30428 exit status 1
master[30332]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling

To create the /etc/aliases.db, simply type:

# newaliases

It'll take content of /etc/aliases and create the /etc/aliases.db. Don't forget to restart postfix:

# /etc/init.d/postfix restart

First test of our open relay

Let's try to send a mail:

# nc localhost 25
220 myhostname.localdomain ESMTP Postfix
MAIL FROM:<foo@bar.comx>
250 2.1.0 Ok
RCPT TO:<wiz@bee.orgx>
250 2.1.5 Ok
354 End data with <CR><LF>.<CR><LF>
Subject: test mail

test content
250 2.0.0 Ok: queued as 94B822AC246
221 2.0.0 Bye

Note that neither sender email foo@bar.comx nor destination emailĀ wiz@bee.orgx are correct mail addresses. This doesn't seem to bother postfix which seems to take care of my content. But in the log:

smtpd[30451]:   connect from myhostname.mydomain[]
smtpd[30451]:   A7FB62AC246: client=myhostname.mydomain[]
cleanup[30546]: A7FB62AC246: message-id=<20100317214750.A7FB62AC246@myhostname.mydomain>
smtp[30547]:    A7FB62AC246: to=<wiz@bee.orgx>, relay=none, delay=31, delays=31/0.02/0.11/0, dsn=5.4.4, status=bounced (Host or domain name not found. Name service error for name=bee.orgx type=A: Host not found)
cleanup[30546]: 4EBCA2AC249: message-id=<20100317214811.4EBCA2AC249@myhostname.mydomain>
qmgr[30446]:    4EBCA2AC249: from=<>, size=2282, nrcpt=1 (queue active)
bounce[30548]:  A7FB62AC246: sender non-delivery notification: 4EBCA2AC249
qmgr[30446]:    A7FB62AC246: removed
smtp[30547]:    4EBCA2AC249: to=<foo@bar.comx>, relay=none, delay=0.04, delays=0.02/0/0.03/0, dsn=5.4.4, status=bounced (Host or domain name not found. Name service error for name=bar.comx type=A: Host not found)
qmgr[30446]:    4EBCA2AC249: removed

You can see that postfix tried to send the mail, and received a Host not found error for host bee.orgx. An email is generated to warn the sender that his mail has not been sent correctly, butĀ bar.comx ends also in a Host not found. Finally, the original message and the warning message are deleted from their queue as they can't be sent to their respective domain.

In this basic configuration, there are no check at all. This is an open relay. This is why we limited access to this postfix to localhost only.

Next stage we will setup postfix to deliver mail on our host...