HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=16)
-   -   SMTP and POP3 RESTRICTION (http://www.howtoforge.com/forums/showthread.php?t=8032)

iovo 8th November 2006 15:08

SMTP and POP3 RESTRICTION
 
hello
i want to make some restriction.
i've ISPConfig instaled and work very good, but i have some sequrity hole.
when i use php mail() from other server i can send e-mail!!!
here is php simple code:

ini_set("SMTP","hhh.hhh.hhh.hhh");
mail('hhhh@hhh.hhh', $subject, $message, $headers );


How can i restrict that!?
i've found somthing about this problem in internet, but i don't know that it is right:

smtpd_recipient_restrictions =
permit_mynetworks
check_client_access hash:/etc/postfix/client_access
reject_unauth_destination
if this work, how can i maket it work with ISPConfig installation

Thanks

fobicodam 8th November 2006 17:25

Almost sure your other server is inside your network, did you try from outside your network?

iovo 8th November 2006 18:17

Yes i did. I'm sure about that.

fobicodam 8th November 2006 18:54

Did you follow the perfect setup steps?

The commands must be on /etc/postfix/postfix.conf (i believe) and the perfect setup put this lines inside.

Hans 8th November 2006 19:02

Tip
 
If i was you add the line:

mynetworks = 127.0.0.0/8

to your main.cf file.

(If it is not there)

This will allow email sending only from the network configured in the variable mynetworks. This is normally set to 127.0.0.0/8 which means sending is only allowed from localhost.

iovo 8th November 2006 21:02

readme_directory = /usr/share/doc/packages/postfix/README_FILES
inet_protocols = all
biff = no
mydomain = domain.com
myhostname = $mydomain
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_auth_enable = yes
mynetworks = 127.0.0.0/8
smtpd_client_restrictions = permit_mynetworks
smtpd_delay_reject = no

smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, check_relay_domains
inet_interfaces = all
alias_maps = hash:/etc/aliases
smtpd_tls_auth_only = yes
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
masquerade_domains = $mydomain


here is my main.cf

everything is as perfect setup

till 9th November 2006 09:46

Thats correct so far. Please check with a relay test if your server is really relaying mail:

http://www.abuse.net/relay.html

Please post the output of:

postconf -n | grep mynetworks


All times are GMT +2. The time now is 19:47.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.