Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 9th January 2012, 13:24
Ovidiu Ovidiu is offline
Senior Member
 
Join Date: Sep 2005
Posts: 1,269
Thanks: 84
Thanked 25 Times in 21 Posts
Default need some help with my main.cf (postfix)

the server is running the latest Debian OS and ISPCFG3 and has been set up according to the perfect Debian Server how to available here.
first of all please find my main.cf further down:

I thought I had it all perfectly configured but I am getting a weird problem now. From my work station everything works with these settings:

POP3, SSL, port 995 and POP3 no SSL port 110

When sending, if I use these settings:

SMTP, port 25, TLS same with SMTp port 25 no SSL

I get the following error due to the fact that I didn't check the box where it says: "Server requries authentification", seems logical to me so far.

Quote:
--- Error ---
frogalla [0: POP3] ['mail.premaman.co.za' (port: 995)] [SSL: 1]
Send Mail: Error verifying 'To'<br> Server Returned: 5.5.2 &lt;TITAN&gt;: Helo command rejected: need fully-qualified hostname (#504)
if I use SMTP, TLS, port 25 and check the box: "server requries authentification" and tell it to use the same settings as for the incoming mail server, everything is working just fine.

And now comes the problem: one customer in particular cannot use SSL/TLS which I will figure out soon but she is able to send via SMTP port 25 without the checkbox being ticked for "Server requires authentification". I checked the server and I am not an open relay, so how can this be? I remember Outlook express had a checkbox for: "pop before SMTP" but this particular client is using Outlook and I can't find such a setting so how is she sending mail?


Code:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = /usr/share/doc/postfix

# TLS parameters
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = h1870666.stratoserver.net
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = h1870666.stratoserver.net, localhost, localhost.localdomain
relayhost =
mynetworks = 127.0.0.0/8 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
html_directory = /usr/share/doc/postfix/html
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /var/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions =
            permit_sasl_authenticated,
            reject_non_fqdn_sender,
            reject_non_fqdn_recipient,
            reject_unknown_sender_domain,
            reject_unknown_recipient_domain,
            permit_mynetworks,
            check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf,
            reject_invalid_hostname,
            reject_non_fqdn_hostname,
            reject_unauth_destination,
            reject_rbl_client zen.spamhaus.org,
            check_policy_service inet:127.0.0.1:10023,
            permit
smtpd_tls_security_level = may
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
virtual_create_maildirsize = yes
virtual_maildir_extended = yes
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = "The user you are trying to reach is over quota."
virtual_overquota_bounce = yes
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_$
smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf
smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf
maildrop_destination_concurrency_limit = 1
maildrop_destination_recipient_limit = 1
virtual_transport = maildrop
header_checks = regexp:/etc/postfix/header_checks
mime_header_checks = regexp:/etc/postfix/mime_header_checks
nested_header_checks = regexp:/etc/postfix/nested_header_checks
body_checks = regexp:/etc/postfix/body_checks
content_filter = amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings
message_size_limit = 0
inet_protocols = all
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_tls_auth_only = no
smtp_tls_note_starttls_offer = yes
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 4
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

Last edited by Ovidiu; 9th January 2012 at 13:46.
Reply With Quote
Sponsored Links
  #2  
Old 9th January 2012, 14:09
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,022
Thanks: 840
Thanked 5,653 Times in 4,462 Posts
Default

How did she test that? I guess she send a email to another domain which is on the same server, then the behaviour is OK as smtp authentication is only required when you send email to another server like a gmail.com address.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 9th January 2012, 21:07
Ovidiu Ovidiu is offline
Senior Member
 
Join Date: Sep 2005
Posts: 1,269
Thanks: 84
Thanked 25 Times in 21 Posts
Default

I definitely know she sent to the same domain :-) - she actually clicked the "Test settigns" button Outlook offers which sends out an email to itself...

Thanks for opening my eyes to this but does that mean any email from a domain to itself can be used for spamming?

Apart from this mistery, does my main.cf above look ok to you?
Reply With Quote
  #4  
Old 9th January 2012, 21:48
pititis pititis is offline
Senior Member
 
Join Date: Dec 2010
Location: München
Posts: 364
Thanks: 39
Thanked 89 Times in 68 Posts
 
Default

You are using old postfix syntax in reject_invalid_hostname (reject_invalid_helo_hostname). Also you need smtpd_helo_required = yes to enforce this restriction.

Cheers
Reply With Quote
Reply

Bookmarks

Tags
courier, ispcfg3, postfix

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Getting Email Working ISPConfig3 Squirrelmail and Courier etc Ian Wilson Installation/Configuration 17 19th June 2013 23:58
Postfix SMTP Auth to Dovecot Not Working -- HELP! Scratchpad Server Operation 6 12th April 2011 14:29
localhost postfix/master: fatal: bind 127.0.0.1 port 125: Permission denied g18c Installation/Configuration 4 24th March 2009 18:39
Centos 4.4 32bit Hangs, High Server load 3cwired_com Server Operation 11 16th November 2006 16:47
Verify email setup meekish Installation/Configuration 28 27th October 2006 16:36


All times are GMT +2. The time now is 20:12.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.