HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=16)
-   -   Security Issue in Mailserver after ISPConfig installation (http://www.howtoforge.com/forums/showthread.php?t=7714)

bogdinator 26th October 2006 17:46

Security Issue in Mailserver after ISPConfig installation
 
Hello folks,
i was going along lucky with ISPConfig for half a year but today in the morning I've received an email from our university network administrator. It states that the server I've set up after "The Perfect Setup of ISPConfig for Suse 9.3" has an open mail relay; and whether I could arrange for it to be closed please :eek:
I am a bit confused now as I thought the installation routine was quite worked out. Is it because we can send emails at the moment without requested authentication? Any help would be appreciated.

Thanks!!!

till 26th October 2006 18:08

The howto configures your server not as open relay. Please post your main.cf file.

bogdinator 26th October 2006 19:19

Here is /etc/postfix/main.cf
Code:


queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
mail_owner = postfix
unknown_local_recipient_reject_code = 550
debug_peer_level = 2
debugger_command =
        PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
        xxgdb $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = maildrop
html_directory = /usr/share/doc/packages/postfix/html
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/packages/postfix/samples
readme_directory = /usr/share/doc/packages/postfix/README_FILES
inet_protocols = all
biff = no
mail_spool_directory = /var/mail
canonical_maps = hash:/etc/postfix/canonical
#virtual_maps = hash:/etc/postfix/virtual
relocated_maps = hash:/etc/postfix/relocated
transport_maps = hash:/etc/postfix/transport
sender_canonical_maps = hash:/etc/postfix/sender_canonical
masquerade_exceptions = root
masquerade_classes = envelope_sender, header_sender, header_recipient
myhostname = alpheratz.$mydomain
program_directory = /usr/lib/postfix
inet_interfaces = all
masquerade_domains =
#mydestination = $myhostname, localhost.$mydomain
defer_transports =
disable_dns_lookups = no
relayhost = xxx name of our university server here xxx
mailbox_command =
mailbox_transport =
smtpd_sender_restrictions = hash:/etc/postfix/access
smtpd_client_restrictions =
smtpd_helo_required = no
smtpd_helo_restrictions =
strict_rfc821_envelopes = no
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,check_relay_domains
smtp_sasl_auth_enable = no
smtpd_sasl_auth_enable = yes
smtpd_use_tls = yes
smtp_use_tls = yes
alias_maps = hash:/etc/aliases
mailbox_size_limit = 0
message_size_limit = 10240000
mydomain = xxx domain name of our university department xxx
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_tls_auth_only = no
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
#home_mailbox = Maildir/

#virtual_maps = hash:/etc/postfix/virtusertable

#mydestination = /etc/postfix/local-host-names

Hope it does help you till.
Thanks in beforehand for all the efforts!

falko 27th October 2006 15:13

What's the output of
Code:

postconf -d|grep mynetworks
and
Code:

postconf -n|grep mynetworks
?

bogdinator 30th October 2006 11:27

Sorry for a late reply falko but our offices were closed during the weekend due to some technical problems. Here are outputs you wanted to see
postconf -d|grep mynetworks
Code:

mynetworks = 127.0.0.0/8 149.170.0.0/16
mynetworks_style = subnet
parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_maps
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks
smtpd_client_event_limit_exceptions = ${smtpd_client_connection_limit_exceptions:$mynetworks}
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination

and
postconf -n|grep mynetworks
Code:

smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,check_relay_domains
Thanks again for all the hard work!

till 31st October 2006 09:45

Please change mynetworks from:

mynetworks = 127.0.0.0/8 149.170.0.0/16

to:

mynetworks = 127.0.0.0/8

Do you have any relay domains defined?

bogdinator 31st October 2006 11:37

Hi till,
cheers for the fast reply! I did change the "mynetworks" settings like you've said.
I didn't do anything different from the description given in the HOWTO "The Perfect Setup of ISPConfig for Suse 9.3". Hope this gives you the answer you wanted.
Is the problem with the open rely issue solved by applying the corrections you've suggested?

Many thanks!

edge 31st October 2006 11:48

The 149.170.0.0/16 told your network/postfix that anyone with an IP from149.170.0.1 to 149.170.255.254 was a local user and okay to use your mailserver. (about 64770 IP's)

Quote:

NetAddr 149.170.0.0/16
First Host 149.170.0.1
Last Host 149.170.255.254

edge 31st October 2006 12:00

Quote:

I didn't do anything different from the description given in the HOWTO "The Perfect Setup of ISPConfig for Suse 9.3". Hope this gives you the answer you wanted.
Is the problem with the open rely issue solved by applying the corrections you've suggested?

Many thanks!
Not sure about the Suse setup, but it should not be there!

Maybe do a rootkit scan, to see if you are okay?
More info @ www.rootkit.nl/


All times are GMT +2. The time now is 03:16.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.