Nullmailer - Possible to disable open relay?
New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

Nullmailer - Possible to disable open relay?

Is there any configuration setting in nullmailer that would enable the user to disable it working as an open relay? I have one set up using the Sparkpost API, within 3 days my dashboard was shown as made 1.5MM API requests which was mostly denied anyways (the originating IP was some AWS IP which I don't have any service with), and I could not send the legitimate emails because I was exceeding the quota.

Tagged:

Comments

  • jarjar Provider

    No experience with nullmailer but I imagine you could do several things not related to it's config. One might be tunnel/VPN + bind to 127.0.0.1 instead of 0.0.0.0 (or public IP). Another might be firewall off the port to all but the servers you intend to send mail to it from.

    Thanked by 1spammy
  • I don't see any relay controls in nullmailer...never heard of it until this thread, but docs are very sparse: https://untroubled.org/nullmailer/HOWTO

    An alternative would be to configure postfix...you could probably take all its default configs and just modify mynetworks in main.cf. I believe out of the box, postfix will only accept mail (without authentication) if the IP is in mynetworks or the recipient is local.

    Though practically speaking, if you can limit by IP, you can also leave port 587 open and firewall access.

    My Advice: VPS Advice

    For LET support, please click here.

  • WSSWSS Member

    nullmailer is yet another 'drank the djb design koolaid' tool. Documentation will be sparse and it probably doesn't even allow further configuration.

    The fact that he's using the API with is key shouldn't be all that hard to wedge into Posfix, Exim, or anything half-sane. You could also write a simple wrapper for msmtp (that acts like a direct sendmail localized plugin) with the header after you auth/etc that traffic, so you don't just blindly pass it on to your services.

    Of course, this means maintaining different config files if you want it to do anything beyond pass it off to Sparkpost, but it's still a hell of a lot easier than feeding an MTA which just relays local shit anyhow.

    I won't be back until @bsdguy is released.

    Thanked by 1spammy
  • Postfix has a whole page of examples, including use as a null client.

Sign In or Register to comment.