It has been discovered that the company mail server is configured as an open relay. Which of the following actions would help prevent the mail server from being used as an open relay while maintaining the possibility to receive company mails? (Choose two.)
To prevent the mail server from being used as an open relay while still allowing it to receive company emails, it is necessary to configure the server to accept emails only for the domains hosted on the server and ensure that only the internal network can relay outbound emails. By restricting Postfix to only accept emails for domains hosted on the server, external emails meant for the company's domains will still be received. Additionally, by restricting Postfix to only relay outbound SMTP from the internal network, unauthorized use of the server to send emails won't be possible, thus preventing the open relay issue.
I think, it's A & D: A: Restrict to domains hosted on this server: Yes, we want to receive mails addressed to the company domains from outside B: irrelevant C: Block port 25 on public networks: If we block port 25, we can't receive any emails, which conflicts to A. D: Restrict relay to outbound SMTP to internal network: Yes, we want only send outgoing emails to other SMTP servers, if they are coming from our internal network E: irrelevant
I would select A and D too, but I have a doubt about your explanation in answer D. If we restrict relay to outbound SMTP traffic, wouldn't we avoiding workers of our company to send emails as well if they are at home for example (they would be outside of the company network)? I am a bit confused. This question is not easy and we don't know the LPI arguments.
I think rather A&D
A and C is correct. D would be only if you are relaying to another mail server instead.
Thinking again I believe C and D looks fine
A and D are correct. Company supposed to receive mails from outside (public) but sending mail should be only possible to internal mail address. In this way preventing “open relay” (using mail outside of company to send to any other public mails) is partly rejected and just receiving from public and private internal are accepted by postfix server. ######### C is not correct because both inbound and outbound traffic of the port 26 will be blocked (rejected) on public Ethernet Network that means: iptables -A INPUT -i eth0-public -p tcp --dport 25 -j REJECT iptables -A OUTPUT -o eth0-public -p tcp --dport 25 -j REJECT
*traffic of the port 25
I've found a "mynetworks" parameter, which is used to restrict the mail relaying by subnets mainly. So D option seems to be true. https://www.postfix.org/postconf.5.html#mynetworks
"maintaining the possibility to receive company mails" -> C is in conflict, if you block the SMTP port on public network, the company can't receive mails from outside (public) A -> We restrict reception to our domain only D -> We restrict only our private LAN to send to outside