SMTP Authentication

[danypd69]

Hello, I'm trying to understand how the smtp auth works in ISPConfig.
I have installed the server on centos 6.2 with this tutorial: http://www.howtoforge.com/perfect-se...e2-ispconfig-3 (so I use courier for imap/pop3)

From what I understand from it the authentication should be done using saslauthd but it's not running on my system and the smtp auth works.

Am I wrong ? or is something broken in my installation?

[till]

On courier setups, smtp authentication is handled by saslauthd. On Dovecot setups, smtp authentication is handled by dovecot.

[danypd69]

Ok, It's what I understood, but the authsasld deamon is not running in my system and the authentication works, how is it possible ?

[falko]

http://www.howtoforge.com/forums/sho...rios+smtp-auth

[danypd69]

Ok I saw the thread but I still have something strange

I tried to send a message from a different network that is not in mynetworks to a gmail.com address (so the recipient is not on the ispconfig server)

As said in other messages authsasld is not running but the authentication still works ok, the message is sent only if username and passwords are correct.

[falko]

Can you post your /etc/postfix/main.cf? What's the output of

Code:

ps aux | grep -i saslauthd

?

[danypd69]

Code:

[daniele@hosting ~]$ ps aux|grep -i saslauthd
daniele   1490  0.0  0.0 103232   812 pts/0    S+   12:11   0:00 grep -i saslauthd
[daniele@hosting ~]$

main.cf (with comments removed)

Code:

queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
inet_interfaces = all
inet_protocols = all
mydestination = [server-hostname], localhost, localhost.localdomain
unknown_local_recipient_reject_code = 550
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
debug_peer_level = 2
debugger_command =
	 PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
	 ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.6.6/samples
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
virtual_alias_domains = 
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /var/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination
smtpd_use_tls = yes
smtpd_tls_security_level = may
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf
smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf
maildrop_destination_concurrency_limit = 1
maildrop_destination_recipient_limit = 1
virtual_transport = maildrop
header_checks = regexp:/etc/postfix/header_checks
mime_header_checks = regexp:/etc/postfix/mime_header_checks
nested_header_checks = regexp:/etc/postfix/nested_header_checks
body_checks = regexp:/etc/postfix/body_checks
myhostname = [server-hostname]
mynetworks = 127.0.0.0/8 [::1]/128
content_filter = amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings
relayhost = 
mailbox_size_limit = 0
message_size_limit = 0

/etc/sasl2/smtpd.conf

Code:

pwcheck_method: saslauthd
mech_list: plain login

I have also /usr/lib64/sasl2/smtpd.conf with this content

Code:

pwcheck_method: authdaemond
log_level: 3
mech_list: PLAIN LOGIN
authdaemond_path:/var/spool/authdaemon/socket

[falko]

Strange. Have you tried to check if your server is an open relay?

http://www.spamhelp.org/shopenrelay/

[danypd69]

I tried with http://www.checkor.com/ and everything is ok.

Code:

Checking [hostname]:

220 [hostname] ESMTP Postfix
HELO ortest.checkor.com
250 [hostname]
RSET
250 2.0.0 Ok
MAIL FROM: test@checkor.com
250 2.1.0 Ok
RCPT TO: test1@checkor.com
554 5.7.1 : Relay access denied

RSET
250 2.0.0 Ok
MAIL FROM:
501 5.5.4 Syntax: MAIL FROM:

RCPT TO: test1@checkor.com
503 5.5.1 Error: need MAIL command

RSET
250 2.0.0 Ok
MAIL FROM: spam@[hostname]
250 2.1.0 Ok
RCPT TO: test1@checkor.com
554 5.7.1 : Relay access denied

RSET
250 2.0.0 Ok
MAIL FROM: spam@[hostname]
250 2.1.0 Ok
RCPT TO: test1@checkor.com
554 5.7.1 : Relay access denied

RSET
250 2.0.0 Ok
MAIL FROM: spam@[hostname]
250 2.1.0 Ok
RCPT TO: test1@[hostname]
550 5.1.1 : Recipient address rejected: User unknown in local recipient table

RSET
250 2.0.0 Ok
MAIL FROM: spam@[hostname]
250 2.1.0 Ok
RCPT TO: "test1@test.com"@[hostname]
554 5.7.1 : Relay access denied

RSET
250 2.0.0 Ok
MAIL FROM: spam@[hostname]
250 2.1.0 Ok
RCPT TO: @[hostname]:spamtest@checkor.com
554 5.7.1 : Relay access denied

http://www.spamhelp.org/shopenrelay says that it cannot connect to the server.

[falko]

Can you post the output of

Code:

netstat -tap

? I want to go sure that it is Postfix that is running on port 25 and not some other MTA (sendmail, etc.).