Default Outbound Relay - Deny

[cmurrayis]

Hi,

Is it possible to configure the outbound proxy/relay default action for unknown senders to reject/drop? I can see the option that sounds what I am after under Configuration > Mail Proxy > Options > Reject Unknown Clients / Servers (Set to Yes) however emails are still allowed outbound.

Ideally what I am looking for is the Networks / Whitelist to be the only allowed addressed to send via the proxy.

 

[hata_ph]

Is the unknown senders reside in the same network range that same as the trusted network under Mail Proxy -> Networks?

 

[cmurrayis]

Currently we have nothing configured in the Networks section however my assumption is maybe if the unknown client is in the same subnet that the test server is configured as it is automatically allowed?

Eg, Server 192.168.0.1 and test client 192.168.0.2

 

[hata_ph]

Show the log files regarding your unknown sending out emails.

 

[cmurrayis]

Sure;

Apr 13 09:59:08 pmg postfix/smtpd[1877]: connect from unknown[192.168.78.3]
Apr 13 09:59:08 pmg postfix/smtpd[1877]: 0FBDC41886: client=unknown[192.168.78.3]
Apr 13 09:59:08 pmg postfix/cleanup[1880]: 0FBDC41886: message-id=<766db4cef64f32e0fb835a64000f8cb7@domain.com>
Apr 13 09:59:08 pmg postfix/qmgr[1634]: 0FBDC41886: from=<address@domain.com>, size=798, nrcpt=1 (queue active)
Apr 13 09:59:08 pmg postfix/smtpd[1877]: disconnect from unknown[192.168.78.3] ehlo=1 mail=1 rcpt=1 data=1 rset=1 quit=1 commands=6
Apr 13 09:59:08 pmg pmg-smtp-filter[1287]: 217E66074DECC1F9A6: new mail message-id=<766db4cef64f32e0fb835a64000f8cb7@domain.com>#012
Apr 13 09:59:08 pmg postfix/smtpd[1885]: connect from localhost.localdomain[127.0.0.1]
Apr 13 09:59:08 pmg postfix/smtpd[1885]: 276AF41889: client=localhost.localdomain[127.0.0.1], orig_client=unknown[192.168.78.3]
Apr 13 09:59:08 pmg postfix/cleanup[1880]: 276AF41889: message-id=<766db4cef64f32e0fb835a64000f8cb7@domain.com>
Apr 13 09:59:08 pmg postfix/qmgr[1634]: 276AF41889: from=<address@domain.com>, size=997, nrcpt=1 (queue active)
Apr 13 09:59:08 pmg pmg-smtp-filter[1287]: 217E66074DECC1F9A6: accept mail to <address@gmail.com> (276AF41889) (rule: default-accept)
Apr 13 09:59:08 pmg pmg-smtp-filter[1287]: 217E66074DECC1F9A6: processing time: 0.034 seconds (0, 0.014, 0)
Apr 13 09:59:08 pmg postfix/lmtp[1881]: 0FBDC41886: to=<address@gmail.com>, relay=127.0.0.1[127.0.0.1]:10023, delay=0.11, delays=0.06/0.01/0/0.04, dsn=2.5.0, status=sent (250 2.5.0 OK (217E66074DECC1F9A6))
Apr 13 09:59:08 pmg postfix/qmgr[1634]: 0FBDC41886: removed
Apr 13 09:59:08 pmg postfix/smtpd[1885]: disconnect from localhost.localdomain[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 data=1 commands=5
Apr 13 09:59:10 pmg postfix/smtp[1886]: 276AF41889: to=<address@gmail.com>, relay=gmail-smtp-in.l.google.com[142.250.4.27]:25, delay=2, delays=0/0.01/0.89/1.1, dsn=2.0.0, status=sent (250 2.0.0 OK 1618271949 v30si15613604pgk.284 - gsmtp)
Apr 13 09:59:10 pmg postfix/qmgr[1634]: 276AF41889: removed

 

[Stoiko Ivanov]

Currently we have nothing configured in the Networks section however my assumption is maybe if the unknown client is in the same subnet that the test server is configured as it is automatically allowed?

This is the case - the implicit assumption by PMG is that it is in a subnet with only very few hosts.
The code for this is here:
https://git.proxmox.com/?p=pmg-api....2dfebda65b52d3a2b9e096d1551db1a;hb=HEAD#l1313

If you really need to change that you need to modify the main.cf.in template - see https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmgconfig_template_engine

I hope this helps!

 

[hata_ph]

Is the unknown client (192.168.78.3) same network range with your pmg?