Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 14th July 2012, 09:10
sygram sygram is offline
Senior Member
 
Join Date: Jan 2007
Posts: 101
Thanks: 10
Thanked 2 Times in 2 Posts
Default exclude localhost from postfix sasl, tls

Hi there,

due to pci dss check i am trying to allow only secure connections to postfix and exclude sslv2. I've added the following lines to main.cf

smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_mandatory_ciphers = medium, high
smtpd_tls_auth_only = yes
smtpd_tls_security_level = encrypt

and now as far as i can see it accepts only TLS connections. Unfortunately i can not connect simply from localhost to 25 and various web apps that do not authenticate locally can not send emails.

So my questions are :

1) how do i allow unencrypted and anonymous connections from localhost (as before)
2) how do instruct dovecot to use encrypted passwords ?

Thank you in advance.

Regards,

Leon
Reply With Quote
Sponsored Links
  #2  
Old 16th July 2012, 13:09
sygram sygram is offline
Senior Member
 
Join Date: Jan 2007
Posts: 101
Thanks: 10
Thanked 2 Times in 2 Posts
Default

Hi there,

only if i change smtpd_tls_security_level = encrypt to "may" i can send email from localhost as tls is not mandatory in this case.

I am not sure how to auto authorize localhost to sasl. This is what maillog prints :

Jul 16 14:01:56 server postfix/smtpd[7778]: connect from server[127.0.0.1]
Jul 16 14:01:56 server postfix/smtpd[7778]: lost connection after EHLO from server [127.0.0.1]
Jul 16 14:01:56 server postfix/smtpd[7778]: disconnect from server[127.0.0.1]

i tried to add smtpd_sasl_exceptions_networks = $mynetworks where mynetworks = 127.0.0.0/8 but nothing

Any ideas ?
Reply With Quote
  #3  
Old 28th July 2012, 12:17
sygram sygram is offline
Senior Member
 
Join Date: Jan 2007
Posts: 101
Thanks: 10
Thanked 2 Times in 2 Posts
Default

any assistance will be appreciated.
Reply With Quote
  #4  
Old 30th July 2012, 03:31
createch createch is offline
Senior Member
 
Join Date: Aug 2007
Posts: 118
Thanks: 24
Thanked 16 Times in 13 Posts
Default

Did you try to use sendmail thru another port , e.g. 1025 (instead of using postix on port 25) to send out the email from localhost ? What is the result ?
Reply With Quote
  #5  
Old 30th July 2012, 12:13
sygram sygram is offline
Senior Member
 
Join Date: Jan 2007
Posts: 101
Thanks: 10
Thanked 2 Times in 2 Posts
 
Default

Hi createch,

i appreciate your reply.

I actually managed to find a solution that i am posting to save a lot of time for anyone else having the same issue.

the solution is to change the file master.cf :

submission inet n - n - - smtpd
-o smtpd_enforce_tls=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_mynetworks,permit _sasl_authenticated,reject
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_mynetworks,permit _sasl_authenticated,reject

enable submission and smtps and added permit_mynetworks accordingly. Now i use ssl over port 465.

Everything safe and secure.

Regards
Reply With Quote
The Following User Says Thank You to sygram For This Useful Post:
createch (30th July 2012)
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
postfix problems with smtp linkdeb Server Operation 13 15th March 2014 17:58
strange fail2ban behaviour > doesn't ban specific IP Djamu Server Operation 2 13th January 2012 02:29
Postfix SMTP Auth to Dovecot Not Working -- HELP! Scratchpad Server Operation 6 12th April 2011 13:29
CPU load locks up box. Apache or MYSQL related. crypted General 61 29th October 2010 22:16
Question about Virtual Hosting With Proftpd And MySQL (Incl. Quota) On Debian Etch ikkem HOWTO-Related Questions 30 26th February 2008 19:38


All times are GMT +2. The time now is 01:43.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.