Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 31st October 2008, 11:33
VanDaMe VanDaMe is offline
Junior Member
 
Join Date: Oct 2008
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Default Securing Postfix?

I have follow your instruction on http://www.howtoforge.com/virtual_us...ix_debian_etch and it's works GREAT!

However I got few questions

1. User still able to sending email without auth
2. When I tried to use option My outgoing smtp requires auth, I can't send email

thank's before for your help
Reply With Quote
Sponsored Links
  #2  
Old 31st October 2008, 13:32
_X_ _X_ is offline
Senior Member
 
Join Date: Oct 2008
Posts: 247
Thanks: 8
Thanked 37 Times in 35 Posts
Default

if you have:
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination'

in your postix config then you shouldn't be able to send mail without auth and enabling My outgoing smtp requires auth should work
Reply With Quote
  #3  
Old 1st November 2008, 16:26
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

Quote:
Originally Posted by VanDaMe View Post
I have follow your instruction on http://www.howtoforge.com/virtual_us...ix_debian_etch and it's works GREAT!

However I got few questions

1. User still able to sending email without auth
Authentication is not needed if
- you're sending emails to recipients on that server
- you're logged in on that server (for example by using webmail)
- are sending from an IP address listed in mynetworks in /etc/postfix/main.cf.

Quote:
2. When I tried to use option My outgoing smtp requires auth, I can't send email

thank's before for your help
What's in your mail log?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #4  
Old 3rd November 2008, 03:32
VanDaMe VanDaMe is offline
Junior Member
 
Join Date: Oct 2008
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by falko View Post
Authentication is not needed if
- you're sending emails to recipients on that server
- you're logged in on that server (for example by using webmail)
- are sending from an IP address listed in mynetworks in /etc/postfix/main.cf.
on main.cf, i only set mynetworks to 127.0.0.1/8
I'm sending using outlook
If sending to onother email such as yahoo.com, mail.log shows me
Relay access denied --> seems to be good
But if I using same auth, can't send email.

Quote:
What's in your mail log?
Nov 3 09:28:06 mp-fs-13 postfix/smtpd[23876]: connect from unknown[my.ip.address]
Nov 3 09:28:06 mp-fs-13 postfix/smtpd[23876]: lost connection after UNKNOWN from unknown[my.ip.address]
Nov 3 09:28:06 mp-fs-13 postfix/smtpd[23876]: disconnect from unknown[my.ip.address]
Reply With Quote
  #5  
Old 3rd November 2008, 03:38
VanDaMe VanDaMe is offline
Junior Member
 
Join Date: Oct 2008
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Default

here's the output on postconf -n

Code:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
inet_interfaces = all
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
mydestination = localhost, localhost.localdomain
myhostname = my.domain.com
mynetworks = 127.0.0.0/8
myorigin = /etc/mailname
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
recipient_delimiter = +
relayhost =
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtpd_use_tls = yes
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /home/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_uid_maps = static:5000
Reply With Quote
  #6  
Old 3rd November 2008, 15:45
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

Are there any other errors in your mail log?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #7  
Old 4th November 2008, 03:43
VanDaMe VanDaMe is offline
Junior Member
 
Join Date: Oct 2008
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Nothing else. What we got is only

Code:
Nov 3 09:28:06 mp-fs-13 postfix/smtpd[23876]: connect from unknown[my.ip.address]
Nov 3 09:28:06 mp-fs-13 postfix/smtpd[23876]: lost connection after UNKNOWN from unknown[my.ip.address]
Nov 3 09:28:06 mp-fs-13 postfix/smtpd[23876]: disconnect from unknown[my.ip.address]
Reply With Quote
  #8  
Old 4th November 2008, 14:38
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

What's the output of
Code:
telnet localhost 25
and then
Code:
ehlo localhost
?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #9  
Old 6th November 2008, 07:17
VanDaMe VanDaMe is offline
Junior Member
 
Join Date: Oct 2008
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Code:
mp-fs-13:~# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 my.hostname.com ESMTP Postfix (Debian/GNU)
ehlo localhost
250-my.hostname.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host.
Reply With Quote
  #10  
Old 7th November 2008, 12:42
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
 
Default

Looks ok. Have you tried to restart Postfix and Saslauthd?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Undelivered Mail Returned to Sender Error202 General 5 7th May 2009 11:14
localhost postfix/master: fatal: bind 127.0.0.1 port 125: Permission denied g18c Installation/Configuration 4 24th March 2009 17:39
Mail System Error - Returned Mail tristanlee85 General 16 16th March 2008 09:40
Centos 4.4 32bit Hangs, High Server load 3cwired_com Server Operation 11 16th November 2006 15:47
Verify email setup meekish Installation/Configuration 28 27th October 2006 15:36


All times are GMT +2. The time now is 11:33.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.