2013年7月3日水曜日

Postfixのオープンリレーチェック

スズキです。

こちらから簡単に確認することができます。


まずは下記のように、デフォルトの状態(CentOS6&"yum"でインストール)から
SMTPがインターネットから利用できる状態にして確認してみます。
# cat /etc/postfix/main.cf
...
inet_interfaces = all
#inet_interfaces = $myhostname
#inet_interfaces = $myhostname, localhost
#inet_interfaces = localhost
...

結果は下記の通りでリレーはすべて拒否されました。
第三者中継テスト

第三者中継テストのためxxx.xxx.xxx.xxxに接続しています...

<<< 220 ip-xxx-xxx-xxx-xxx.localdomain ESMTP Postfix
>>> HELO h.rbl.jp
<<< 250 ip-xxx-xxx-xxx-xxx.localdomain
中継テスト その0

>>> RSET
<<< 250 2.0.0 Ok
>>> MAIL FROM: <rlychk@h.rbl.jp>
<<< 250 2.1.0 Ok
>>> RCPT TO: <rlytest@rbl.jp>
<<< 554 5.7.1 <rlytest@rbl.jp>: Relay access denied
relay NOT accepted!!

中継テスト その1

>>> RSET
<<< 250 2.0.0 Ok
>>> MAIL FROM: <rlychk>
<<< 250 2.1.0 Ok
>>> RCPT TO: <rlytest@h.rbl.jp>
<<< 554 5.7.1 <rlytest@h.rbl.jp>: Relay access denied
relay NOT accepted!!

中継テスト その2

>>> RSET
<<< 250 2.0.0 Ok
>>> MAIL FROM: <>
<<< 250 2.1.0 Ok
>>> RCPT TO: <rlytest@h.rbl.jp>
<<< 554 5.7.1 <rlytest@h.rbl.jp>: Relay access denied
relay NOT accepted!!

中継テスト その3

>>> RSET
<<< 250 2.0.0 Ok
>>> MAIL FROM: <rlychk@ec2-xxx-xxx-xxx-xxx.ap-northeast-1.compute.amazonaws.com>
<<< 250 2.1.0 Ok
>>> RCPT TO: <rlytest@h.rbl.jp>
<<< 554 5.7.1 <rlytest@h.rbl.jp>: Relay access denied
relay NOT accepted!!

中継テスト その4

>>> RSET
<<< 250 2.0.0 Ok
>>> MAIL FROM: <rlychk@[xxx.xxx.xxx.xxx]>
<<< 250 2.1.0 Ok
>>> RCPT TO: <rlytest@h.rbl.jp>
<<< 554 5.7.1 <rlytest@h.rbl.jp>: Relay access denied
relay NOT accepted!!

中継テスト その5

>>> RSET
<<< 250 2.0.0 Ok
>>> MAIL FROM: <rlychk@ec2-xxx-xxx-xxx-xxx.ap-northeast-1.compute.amazonaws.com>
<<< 250 2.1.0 Ok
>>> RCPT TO: <rlytest%h.rbl.jp@ec2-xxx-xxx-xxx-xxx.ap-northeast-1.compute.amazonaws.com>
<<< 554 5.7.1 <rlytest%h.rbl.jp@ec2-xxx-xxx-xxx-xxx.ap-northeast-1.compute.amazonaws.com>: Relay access denied
relay NOT accepted!!

中継テスト その6

>>> RSET
<<< 250 2.0.0 Ok
>>> MAIL FROM: <rlychk@ec2-xxx-xxx-xxx-xxx.ap-northeast-1.compute.amazonaws.com>
<<< 250 2.1.0 Ok
>>> RCPT TO: <rlytest%h.rbl.jp@[xxx.xxx.xxx.xxx]>
<<< 554 5.7.1 <rlytest%h.rbl.jp@[xxx.xxx.xxx.xxx]>: Relay access denied
relay NOT accepted!!

中継テスト その7

>>> RSET
<<< 250 2.0.0 Ok
>>> MAIL FROM: <rlychk@ec2-xxx-xxx-xxx-xxx.ap-northeast-1.compute.amazonaws.com>
<<< 250 2.1.0 Ok
>>> RCPT TO: <"rlytest@h.rbl.jp">
<<< 554 5.7.1 <rlytest@h.rbl.jp>: Relay access denied
relay NOT accepted!!

中継テスト その8

>>> RSET
<<< 250 2.0.0 Ok
>>> MAIL FROM: <rlychk@ec2-xxx-xxx-xxx-xxx.ap-northeast-1.compute.amazonaws.com>
<<< 250 2.1.0 Ok
>>> RCPT TO: <"rlytest%h.rbl.jp">
<<< 554 5.7.1 <rlytest%h.rbl.jp>: Relay access denied
relay NOT accepted!!

中継テスト その9

>>> RSET
<<< 250 2.0.0 Ok
>>> MAIL FROM: <rlychk@ec2-xxx-xxx-xxx-xxx.ap-northeast-1.compute.amazonaws.com>
<<< 250 2.1.0 Ok
>>> RCPT TO: <rlytest@h.rbl.jp@ec2-xxx-xxx-xxx-xxx.ap-northeast-1.compute.amazonaws.com>
<<< 554 5.7.1 <rlytest@h.rbl.jp@ec2-xxx-xxx-xxx-xxx.ap-northeast-1.compute.amazonaws.com>: Relay access denied
relay NOT accepted!!

中継テスト その10

>>> RSET
<<< 250 2.0.0 Ok
>>> MAIL FROM: <rlychk@ec2-xxx-xxx-xxx-xxx.ap-northeast-1.compute.amazonaws.com>
<<< 250 2.1.0 Ok
>>> RCPT TO: <"rlytest@h.rbl.jp"@ec2-xxx-xxx-xxx-xxx.ap-northeast-1.compute.amazonaws.com>
<<< 554 5.7.1 <rlytest@h.rbl.jp@ec2-xxx-xxx-xxx-xxx.ap-northeast-1.compute.amazonaws.com>: Relay access denied
relay NOT accepted!!

中継テスト その11

>>> RSET
<<< 250 2.0.0 Ok
>>> MAIL FROM: <rlychk@ec2-xxx-xxx-xxx-xxx.ap-northeast-1.compute.amazonaws.com>
<<< 250 2.1.0 Ok
>>> RCPT TO: <"rlytest@h.rbl.jp"@[xxx.xxx.xxx.xxx]>
<<< 554 5.7.1 <rlytest@h.rbl.jp@[xxx.xxx.xxx.xxx]>: Relay access denied
relay NOT accepted!!

中継テスト その12

>>> RSET
<<< 250 2.0.0 Ok
>>> MAIL FROM: <rlychk@ec2-xxx-xxx-xxx-xxx.ap-northeast-1.compute.amazonaws.com>
<<< 250 2.1.0 Ok
>>> RCPT TO: <@ec2-xxx-xxx-xxx-xxx.ap-northeast-1.compute.amazonaws.com:rlytest@h.rbl.jp>
<<< 554 5.7.1 <rlytest@h.rbl.jp>: Relay access denied
relay NOT accepted!!

中継テスト その13

>>> RSET
<<< 250 2.0.0 Ok
>>> MAIL FROM: <rlychk@ec2-xxx-xxx-xxx-xxx.ap-northeast-1.compute.amazonaws.com>
<<< 250 2.1.0 Ok
>>> RCPT TO: <@[xxx.xxx.xxx.xxx]:rlytest@h.rbl.jp>
<<< 554 5.7.1 <rlytest@h.rbl.jp>: Relay access denied
relay NOT accepted!!

中継テスト その14

>>> RSET
<<< 250 2.0.0 Ok
>>> MAIL FROM: <rlychk@ec2-xxx-xxx-xxx-xxx.ap-northeast-1.compute.amazonaws.com>
<<< 250 2.1.0 Ok
>>> RCPT TO: <h.rbl.jp!rlytest>
<<< 554 5.7.1 <h.rbl.jp!rlytest>: Relay access denied
relay NOT accepted!!

中継テスト その15

>>> RSET
<<< 250 2.0.0 Ok
>>> MAIL FROM: <rlychk@ec2-xxx-xxx-xxx-xxx.ap-northeast-1.compute.amazonaws.com>
<<< 250 2.1.0 Ok
>>> RCPT TO: <h.rbl.jp!rlytest@ec2-xxx-xxx-xxx-xxx.ap-northeast-1.compute.amazonaws.com>
<<< 554 5.7.1 <h.rbl.jp!rlytest@ec2-xxx-xxx-xxx-xxx.ap-northeast-1.compute.amazonaws.com>: Relay access denied
relay NOT accepted!!

中継テスト その16

>>> RSET
<<< 250 2.0.0 Ok
>>> MAIL FROM: <rlychk@ec2-xxx-xxx-xxx-xxx.ap-northeast-1.compute.amazonaws.com>
<<< 250 2.1.0 Ok
>>> RCPT TO: <h.rbl.jp!rlytest@[xxx.xxx.xxx.xxx]>
<<< 554 5.7.1 <h.rbl.jp!rlytest@[xxx.xxx.xxx.xxx]>: Relay access denied
relay NOT accepted!!

中継テスト その17

>>> RSET
<<< 250 2.0.0 Ok
>>> MAIL FROM: <rlychk@ec2-xxx-xxx-xxx-xxx.ap-northeast-1.compute.amazonaws.com>
<<< 250 2.1.0 Ok
>>> RCPT TO: <"rlytest%h.rbl.jp"@ap-northeast-1.compute.amazonaws.com>
<<< 554 5.7.1 <rlytest%h.rbl.jp@ap-northeast-1.compute.amazonaws.com>: Relay access denied
relay NOT accepted!!

中継テスト その18

>>> RSET
<<< 250 2.0.0 Ok
>>> MAIL FROM: <rlychk@ec2-xxx-xxx-xxx-xxx.ap-northeast-1.compute.amazonaws.com>
<<< 250 2.1.0 Ok
>>> RCPT TO: <"rlytest@h.rbl.jp"@ap-northeast-1.compute.amazonaws.com>
<<< 554 5.7.1 <rlytest@h.rbl.jp@ap-northeast-1.compute.amazonaws.com>: Relay access denied
relay NOT accepted!!

中継テスト その19

>>> RSET
<<< 250 2.0.0 Ok
>>> MAIL FROM: <rlychk@localhost>
<<< 250 2.1.0 Ok
>>> RCPT TO: <rlytest@h.rbl.jp>
<<< 554 5.7.1 <rlytest@h.rbl.jp>: Relay access denied
relay NOT accepted!!

接続を閉じています...

>>> QUIT
<<< 421 4.7.0 ip-xxx-xxx-xxx-xxx.localdomain Error: too many errors
第三者中継テストの結果

全てのテストが行われました, no relays accepted.

次に下記のように、任意のIPからのSMTPの利用を許可して試してみました。
# cat /etc/postfix/main.cf
...
#mynetworks = 168.100.189.0/28, 127.0.0.0/8
#mynetworks = $config_directory/mynetworks
#mynetworks = hash:/etc/postfix/network_table
mynetworks = 0.0.0.0/0
...

当然ですが結果は下記の通りで、すべてのリレーが許可されてました。
第三者中継テスト

第三者中継テストのためxxx.xxx.xxx.xxxに接続しています...

<<< 220 ip-xxx-xxx-xxx-xxx.localdomain ESMTP Postfix
>>> HELO h.rbl.jp
<<< 250 ip-xxx-xxx-xxx-xxx.localdomain
中継テスト その0

>>> RSET
<<< 250 2.0.0 Ok
>>> MAIL FROM: <rlychk@h.rbl.jp>
<<< 250 2.1.0 Ok
>>> RCPT TO: <rlytest@rbl.jp>
<<< 250 2.1.5 Ok
relay accepted!!

中継テスト その1

>>> RSET
<<< 250 2.0.0 Ok
>>> MAIL FROM: <rlychk>
<<< 250 2.1.0 Ok
>>> RCPT TO: <rlytest@h.rbl.jp>
<<< 250 2.1.5 Ok
relay accepted!!

中継テスト その2

>>> RSET
<<< 250 2.0.0 Ok
>>> MAIL FROM: <>
<<< 250 2.1.0 Ok
>>> RCPT TO: <rlytest@h.rbl.jp>
<<< 250 2.1.5 Ok
relay accepted!!

中継テスト その3

>>> RSET
<<< 250 2.0.0 Ok
>>> MAIL FROM: <rlychk@ec2-xxx-xxx-xxx-xxx.ap-northeast-1.compute.amazonaws.com>
<<< 250 2.1.0 Ok
>>> RCPT TO: <rlytest@h.rbl.jp>
<<< 250 2.1.5 Ok
relay accepted!!

中継テスト その4

>>> RSET
<<< 250 2.0.0 Ok
>>> MAIL FROM: <rlychk@[xxx.xxx.xxx.xxx]>
<<< 250 2.1.0 Ok
>>> RCPT TO: <rlytest@h.rbl.jp>
<<< 250 2.1.5 Ok
relay accepted!!

中継テスト その5

>>> RSET
<<< 250 2.0.0 Ok
>>> MAIL FROM: <rlychk@ec2-xxx-xxx-xxx-xxx.ap-northeast-1.compute.amazonaws.com>
<<< 250 2.1.0 Ok
>>> RCPT TO: <rlytest%h.rbl.jp@ec2-xxx-xxx-xxx-xxx.ap-northeast-1.compute.amazonaws.com>
<<< 250 2.1.5 Ok
relay accepted!!

中継テスト その6

>>> RSET
<<< 250 2.0.0 Ok
>>> MAIL FROM: <rlychk@ec2-xxx-xxx-xxx-xxx.ap-northeast-1.compute.amazonaws.com>
<<< 250 2.1.0 Ok
>>> RCPT TO: <rlytest%h.rbl.jp@[xxx.xxx.xxx.xxx]>
<<< 250 2.1.5 Ok
relay accepted!!

中継テスト その7

>>> RSET
<<< 250 2.0.0 Ok
>>> MAIL FROM: <rlychk@ec2-xxx-xxx-xxx-xxx.ap-northeast-1.compute.amazonaws.com>
<<< 250 2.1.0 Ok
>>> RCPT TO: <"rlytest@h.rbl.jp">
<<< 250 2.1.5 Ok
relay accepted!!

中継テスト その8

>>> RSET
<<< 250 2.0.0 Ok
>>> MAIL FROM: <rlychk@ec2-54-248-91-163.ap-northeast-1.compute.amazonaws.com>
<<< 250 2.1.0 Ok
>>> RCPT TO: <"rlytest%h.rbl.jp">
<<< 250 2.1.5 Ok
relay accepted!!

中継テスト その9

>>> RSET
<<< 250 2.0.0 Ok
>>> MAIL FROM: <rlychk@ec2-xxx.xxx.xxx.xxx.ap-northeast-1.compute.amazonaws.com>
<<< 250 2.1.0 Ok
>>> RCPT TO: <rlytest@h.rbl.jp@ec2-xxx.xxx.xxx.xxx.ap-northeast-1.compute.amazonaws.com>
<<< 250 2.1.5 Ok
relay accepted!!

中継テスト その10

>>> RSET
<<< 250 2.0.0 Ok
>>> MAIL FROM: <rlychk@ec2-xxx.xxx.xxx.xxx.ap-northeast-1.compute.amazonaws.com>
<<< 250 2.1.0 Ok
>>> RCPT TO: <"rlytest@h.rbl.jp"@ec2-xxx.xxx.xxx.xxx.ap-northeast-1.compute.amazonaws.com>
<<< 250 2.1.5 Ok
relay accepted!!

中継テスト その11

>>> RSET
<<< 250 2.0.0 Ok
>>> MAIL FROM: <rlychk@ec2-xxx.xxx.xxx.xxx.ap-northeast-1.compute.amazonaws.com>
<<< 250 2.1.0 Ok
>>> RCPT TO: <"rlytest@h.rbl.jp"@[xxx.xxx.xxx.xxx]>
<<< 250 2.1.5 Ok
relay accepted!!

中継テスト その12

>>> RSET
<<< 250 2.0.0 Ok
>>> MAIL FROM: <rlychk@ec2-xxx.xxx.xxx.xxx.ap-northeast-1.compute.amazonaws.com>
<<< 250 2.1.0 Ok
>>> RCPT TO: <@ec2-xxx.xxx.xxx.xxx.ap-northeast-1.compute.amazonaws.com:rlytest@h.rbl.jp>
<<< 250 2.1.5 Ok
relay accepted!!

中継テスト その13

>>> RSET
<<< 250 2.0.0 Ok
>>> MAIL FROM: <rlychk@ec2-xxx.xxx.xxx.xxx.ap-northeast-1.compute.amazonaws.com>
<<< 250 2.1.0 Ok
>>> RCPT TO: <@[xxx.xxx.xxx.xxx]:rlytest@h.rbl.jp>
<<< 250 2.1.5 Ok
relay accepted!!

中継テスト その14

>>> RSET
<<< 250 2.0.0 Ok
>>> MAIL FROM: <rlychk@ec2-xxx.xxx.xxx.xxx.ap-northeast-1.compute.amazonaws.com>
<<< 250 2.1.0 Ok
>>> RCPT TO: <h.rbl.jp!rlytest>
<<< 250 2.1.5 Ok
relay accepted!!

中継テスト その15

>>> RSET
<<< 250 2.0.0 Ok
>>> MAIL FROM: <rlychk@ec2-xxx.xxx.xxx.xxx.ap-northeast-1.compute.amazonaws.com>
<<< 250 2.1.0 Ok
>>> RCPT TO: <h.rbl.jp!rlytest@ec2-xxx.xxx.xxx.xxx.ap-northeast-1.compute.amazonaws.com>
<<< 250 2.1.5 Ok
relay accepted!!

中継テスト その16

>>> RSET
<<< 250 2.0.0 Ok
>>> MAIL FROM: <rlychk@ec2-xxx.xxx.xxx.xxx.ap-northeast-1.compute.amazonaws.com>
<<< 250 2.1.0 Ok
>>> RCPT TO: <h.rbl.jp!rlytest@[xxx.xxx.xxx.xxx]>
<<< 250 2.1.5 Ok
relay accepted!!

中継テスト その17

>>> RSET
<<< 250 2.0.0 Ok
>>> MAIL FROM: <rlychk@ec2-xxx.xxx.xxx.xxx.ap-northeast-1.compute.amazonaws.com>
<<< 250 2.1.0 Ok
>>> RCPT TO: <"rlytest%h.rbl.jp"@ap-northeast-1.compute.amazonaws.com>
<<< 250 2.1.5 Ok
relay accepted!!

中継テスト その18

>>> RSET
<<< 250 2.0.0 Ok
>>> MAIL FROM: <rlychk@ec2-xxx.xxx.xxx.xxx.ap-northeast-1.compute.amazonaws.com>
<<< 250 2.1.0 Ok
>>> RCPT TO: <"rlytest@h.rbl.jp"@ap-northeast-1.compute.amazonaws.com>
<<< 250 2.1.5 Ok
relay accepted!!

中継テスト その19

>>> RSET
<<< 250 2.0.0 Ok
>>> MAIL FROM: <rlychk@localhost>
<<< 250 2.1.0 Ok
>>> RCPT TO: <rlytest@h.rbl.jp>
<<< 250 2.1.5 Ok
relay accepted!!

接続を閉じています...

>>> QUIT
<<< 221 2.0.0 Bye
第三者中継テストの結果

全てのテストが行われました, 20 relays accepted.

念のため、インターネットに公開するSMTPサーバを構築したらチェックしておきましょう。
--------
http://www.suz-lab.com

0 コメント: