To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

Gatekeeper for Linux is an Open relay

Ronin W/ Alumni Posts: 2 Security Scout


As far as I see this topic was already discussed here:

I will appreciete an additional info om this matter.

The SMTP proxy of my Getekeeper for Linux is functioning as an open relay and I have no clue ho to disable it.

Besides check with I verified it manually as well:


[root@mytestmachine ~]# telnet 25
Connected to
Escape character is '^]'.
220 F-Secure/fsigk_smtp/530/
mail from:
250 2.1.0 Ok
rcpt to:
250 2.1.5 Ok
354 Enter mail (F-Secure/fsigk_smtp/530/
testing mail 03
250 2.0.0 Ok: queued as 98F28762F5



I attampted to block it with a custom filter rules, but with no luck.

Also I read on a forum that there suppose to be an option called "Restrict LAN access" in the smtp proxy settings. I'm unable to locate this option in my Gatekeeper web panel.


I'm using CentOS 6.6 and F-secure 5.


Thanks in advance for the responce.


  • etomcat
    etomcat W/ Alumni Posts: 1,172 Firewall Master



    Some weeks ago I got this explanation from F-Secure support for a similar question:


    Q: How to restore open relay protection strenght, after IGK installation on a server running Postfix?


    A: "The implementation will be different based on what the customer's system administrator is considering to do. For example, if they would like to filter by IP addresses, they can actually use firewall function to filter incoming traffic. By doing this, unwanted traffic would not reach service and no configuration is needed at IGK side.

    Another option is to use IGK in "transparent mode" which would require:
    1. configuring proxy by using 'transparent=yes' and
    2., adding iptables NAT rule to redirect the incoming SMTP traffic to IGK.
    (Note: there might be an issue with this approach if Postfix is listening on '' where the kernel probably does not allow traffic from Internet to "localhost", depending on the kernel version and configuration. To solve this, IGK and Postfix could run on different hosts or Postfix could listen on some other IP addresses.)"


    Yours Sincerely: Tamas Feher, Hungary.

  • Ronin
    Ronin W/ Alumni Posts: 2 Security Scout


    Thanks for a reply, but looks like transparent mode didn't help.


    I've set it in an [smtp] section of /opt/f-secure/fsigk/conf/fsigk.ini, since I didn't find how to set in using Webui. I also restarted fsigk_smtp afterwards.


    IGK still functions as an open relay.

This discussion has been closed.