Postfix- open relay. How to configure so it is not?

I have setup Postfix but am having trouble with the setup.

Whenever I used to send emails to the server, it reject my mails saying 'Relaying Denied', so I changed the following in main.cf:

mynetworks = 0.0.0.0/0
mynetworks_style = subnet

I can now send email and it works, but MX tests say that it is an open relay (obviously unintended).

How can I resolve this? I obviously want anybody to be able to email my domain, but I'm unsure of the configuration.

I know I can change the mynetworks, but then doesn't this restrict who CAN email to the server?

Solution 1:

mynetworks must only contain trusted users that can use the server to relay mails to other domains - otherwise, as you've found, it's an open relay. You might want to set it to 192.168.0.0/16, 10/8 or 172.16.0.0/12 if using RFC 1918 addresses on your internal network.

The settings that control whether people can send mail to your server include mydestination and virtual_mailbox_domains - read the docs here or here.

Solution 2:

The problem that opens you up is the

mynetworks = 0.0.0.0/0

Cause somewhere below you probably have it listed in

smtpd_recipient_restrictions = ... permit_mynetworks ...

If you need to be able to send email from any ip then you just look at enabled a user/password to send email which the common one is sasl

Solution 3:

As documented at http://www.postfix.org/postconf.5.html#mynetworks :

mynetworks (default: see "postconf -d" output)
The list of "trusted" remote SMTP clients that have more privileges than "strangers".

In particular, "trusted" SMTP clients are allowed to relay mail through Postfix.
See the smtpd_recipient_restrictions parameter description in the postconf(5) manual.