HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   HOWTO-Related Questions (http://www.howtoforge.com/forums/forumdisplay.php?f=2)
-   -   Can't seem to get SMTP AUTH working.. (http://www.howtoforge.com/forums/showthread.php?t=4659)

ralexpdx 2nd June 2006 07:42

Can't seem to get SMTP AUTH working..
 
I am trying to test SMTP AUTH, because I know if I don't have it working I'll have 10000 spammers using my new server minutes after I unblock the ports.

I have NOT installed ISPConfig yet, but I intend to once I am sure mail is secure...

my host name is www.4pdx.com

I have setup "The Perfect Setup for Fedora Core 5" and everything looks ok. I try testing the SMTP server by using:


> telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 www.4pdx.com ESMTP Postfix
ehlo cnn.com
250-www.4pdx.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250 8BITMIME
mail from: <admin@peterpan.org>
250 Ok
rcpt to: <r_alexb@hotmail.com>
250 Ok
data
354 End data with <CR><LF>.<CR><LF>
well this doesn't work...
.
250 Ok: queued as EEC061348033
quit


As you can see it let me send the email even though none of the domains listed are on my server. I have also tried unblocking my firewall ports, (External firewall, both the Fedora firewall and SELinux are disabled) and trying an external client. I use a username and password, but don't have the SMTP Authentication on and it still lets me send mail.

This isn't secure is it? can't anyone connect to port 25 and send anything anywhere? Please help if you can. Thanks

Randy

I am including below all the outputs I can think of that you guys usually ask for. If you need one not here, please let me know and I'll send it!

---------------------------------------------------------------------
Output of netstat -tap

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:mysql *:* LISTEN 1868/mysqld
tcp 0 0 *:53452 *:* LISTEN 1532/rpc.statd
tcp 0 0 *:sunrpc *:* LISTEN 1513/portmap
tcp 0 0 192.168.1.4:domain *:* LISTEN 1495/named
tcp 0 0 192.168.1.3:domain *:* LISTEN 1495/named
tcp 0 0 192.168.1.2:domain *:* LISTEN 1495/named
tcp 0 0 192.168.1.105:domain *:* LISTEN 1495/named
tcp 0 0 localhost.localdomai:domain *:* LISTEN 1495/named
tcp 0 0 localhost.localdomain:ipp *:* LISTEN 1747/cupsd
tcp 0 0 *:smtp *:* LISTEN 1957/master
tcp 0 0 localhost.localdomain:rndc *:* LISTEN 1495/named
tcp 0 1 192.168.1.105:60781 mx4.hotmail.com:smtp SYN_SENT 2446/smtp
tcp 0 0 *:imaps *:* LISTEN 1896/dovecot
tcp 0 0 *:pop3s *:* LISTEN 1896/dovecot
tcp 0 0 *:pop3 *:* LISTEN 1896/dovecot
tcp 0 0 *:imap *:* LISTEN 1896/dovecot
tcp 0 0 *:http *:* LISTEN 1991/httpd
tcp 0 0 *:ftp *:* LISTEN 1971/proftpd: (acce
tcp 0 0 *:ssh *:* LISTEN 1755/sshd
tcp 0 0 *:https *:* LISTEN 1991/httpd
tcp 0 44 ::ffff:192.168.1.105:ssh SAPPHIRE.LUCIDNET:4596 ESTABLISHED 2383/sshd: ralex [p
-----------------------------------------------------------------------

my main.cf file (Minus the comments and commented out directives)

queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost
unknown_local_recipient_reject_code = 550
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.2.8/samples
readme_directory = /usr/share/doc/postfix-2.2.8/README_FILES

smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject _unauth_destination
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
------------------------------------------------------------------------
Contents of /usr/lib/sasl/smtpd.conf

pwcheck_method: saslauthd
saslauthd_version: 2

till 2nd June 2006 10:20

Please add the line:

Quote:

mynetworks = 127.0.0.0/8
to your postfix main.cf.

This enables you to send emails without authentication only from localhost. All other hosts will require username and password to send email.

ralexpdx 2nd June 2006 23:28

Quote:

Originally Posted by till
Please add the line:



to your postfix main.cf.

This enables you to send emails without authentication only from localhost. All other hosts will require username and password to send email.


That worked great! Thank you so much! I get a MD5/CRAM authentication error. No secret in database, now. so I still have something weird. I installed Ravencore so that probably replaced something I had set up before, so I'll have to dig into it! Thanks again!

Randy

falko 3rd June 2006 14:20

What's in /usr/lib64/sasl2/smtpd.conf (if you're on a x86_64 system) or /usr/lib/sasl2/smtpd.conf (if you're on a i386 system)? It should contain

Code:

pwcheck_method: saslauthd
mech_list: plain login

nothing else.


All times are GMT +2. The time now is 03:40.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.