New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OpenRelay enabled by default ? #1370
Comments
Hi, Is-it a new IP ? To check if you are an open relay, you can do this test (from a linux terminal and from outside your email server) :
If the last response is 250 2.1.5 Ok that means that you are an open relay and there is something wrong in your configuration but if it's not, the problem is probably you IP reputation. |
@rouja How can I turn off the open relay ? |
Hi, @Heziode What is the content of your subnet parameter ? |
My subnet is: I think I found the origin of the issue. I use traefik v2 and for some mysterious reason, mapping port in traefik conf from |
@rouja Sorry for the delay, I was away and couldn't easily check. My ip was a fresh IP, never used as a mail server. It was flagged as an openrelay, The first couple days it worked fine and I had a good reputation. My subnet is set for : 192.168.0.0/16 It went down hill really fast after those couple days. I could switch the traffic policy of the ingress around to see if that helps as it could definitely be related to some derping with the source ip. But it's still weird to me that it's allowing everything even the unauthenticated one. |
Hi @VFourneau Could you show the result of theses commands :
Maybe you are in something similar to Heziode even if you use nginx-ingress. |
I'm new to mailu, but I think a have the same problem. I'm about to migrate from a hand-configured postfix/dovecot/roundcube setup to the mailu chart and I'm not able to understand how incoming smtp traffic should be routed through Loadbalancer/NodePort or Ingress to mailu-postfix in a way that the SUBNET configuration (cp. main.cf / mynetworks) actually works as I expect it. I configured E.g. when sending a mail from a node outside of my Kubernetes cluster (192.168.1.12), I can see the following entry in the postfix log:
10.244.1.1 is the CNI ip address if one of my Kubernetes worker nodes and part of the pod cidr. I expected to see 192.168.1.12 in the log!? I'm not sure if this is a Flannel thing or Kubernetes-related in general, but the result is that all incoming traffic can be relayed to any other mail address without authentication. Can someone confirm? |
Ah, my mistake. It's not a bug, it's a Kubernetes feature (...of course...). I found the solution here: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-type-nodeport Adding |
Hi There, The To help with that, we are currently trying to find out which issues are actively keeping users from using In order for us to better assess this, it would be helpful if you could put a reaction on this post (use the 😃 icon to the top-right).
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
Please see #1823 (comment) |
Hey,
I setup mailu through the helm chart for my kubernetes cluster. Everything works so far but after going through my log aggregator I found an issue.
And there is a lot.
I setup mailu last week and I'm already blacklisted with some providers.
I used the default config.
How can I disable /block smtp relaying ?
The text was updated successfully, but these errors were encountered: