#1  
Old 5th February 2013, 15:49
sudip sudip is offline
Junior Member
 
Join Date: Feb 2013
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Default postfix authentication

Hi,
I am administering a server and i must accept that I am a total newbie. I have followed the "The Perfect Server – CentOS 6.3 x86_64 (Apache2, Dovecot, ISPConfig 3)" to setup the server. Everything is ok in it, we do not have any problem in sending/receiving mail except that Postfix is allowing mails within the same domain without authentication.
example : my domain is xyz.com and I have two mail boxes. abc@xyz.com and bcd@xyz.com . Now in the mail client (Thunderbird) of abc@xyz.com , i have given smtp authentication method as "no authentication" and abc@xyz.com is trying to send a mail to bcd@xyx.com , still the mail is getting delivered. Can you please guide me or point me to the setting which might be causing it.

This is my output of postconf -n . In the result I have just modified myhostname and smtp_bind_address.

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
body_checks = regexp:/etc/postfix/body_checks
bounce_queue_lifetime = 1d
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
default_process_limit = 50
header_checks = regexp:/etc/postfix/header_checks
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
mail_owner = postfix
mailbox_size_limit = 0
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
maximal_queue_lifetime = 1d
message_size_limit = 0
milter_default_action = accept
milter_protocol = 2
mime_header_checks = regexp:/etc/postfix/mime_header_checks
mydestination = localhost, localhost.localdomain
myhostname = xyz.com
mynetworks = 127.0.0.0/8 [::1]/128
nested_header_checks = regexp:/etc/postfix/nested_header_checks
newaliases_path = /usr/bin/newaliases.postfix
non_smtpd_milters = $smtpd_milters
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
queue_directory = /var/spool/postfix
queue_run_delay = 15m
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
receive_override_options = no_address_mappings
relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
relayhost =
sample_directory = /usr/share/doc/postfix-2.6.6/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_bind_address = x.x.x.x
smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf
smtpd_milters = inet:127.0.0.1:8891
smtpd_recipient_restrictions = reject_unauth_pipelining,permit_mynetworks,permit_ sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination
smtpd_reject_unlisted_sender = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf
smtpd_tls_CAfile = /usr/local/ispconfig/interface/ssl1/startssl.chain.class1.server.crt
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_tls_security_level = may
smtpd_use_tls = yes
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
unknown_local_recipient_reject_code = 550
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_transport = dovecot
virtual_uid_maps = static:5000


Thanks in advance
Sudip
Reply With Quote
Sponsored Links
  #2  
Old 6th February 2013, 13:21
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

http://www.howtoforge.com/forums/sho...46&postcount=4
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 6th February 2013, 14:31
sudip sudip is offline
Junior Member
 
Join Date: Feb 2013
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hi falko
Thanks for the reply.
But in my case , the ip from which the mail is coming is not listed in mynetworks.
And i did not understand what you meant by rdcipient.

The recipients of the mails which are coming unauthorized are all virtual mailbox.
And just today I had to remove the setting smtpd_reject_unlisted_sender = yes , otherwise all the system mails were getting blocked.

Thanks
Sudip
Reply With Quote
  #4  
Old 9th February 2013, 08:54
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

Quote:
Originally Posted by sudip View Post
And i did not understand what you meant by rdcipient.
A typo. I meant recipient.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 9th February 2013, 15:09
sudip sudip is offline
Junior Member
 
Join Date: Feb 2013
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Question

Quote:
There are two scenarios where users don't have to authenticate:
1) You send to a rdcipient who is on the server.
Then isn't that a security issue? That means i can send mails to any user in our domain and that mail might look like as if the mail has been sent by our MD . I can then send any type of mail to abc@example.com and abc@example.com will think that the mail has been sent by xyz@example.com , but in reality the mail has actually been sent by sudip@example.com - but there is no reference of sudip@example.com in the mail.



Sudip
Reply With Quote
  #6  
Old 11th February 2013, 17:00
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

A weakness of the SMTP protocol - you can use fake sender addresses.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #7  
Old 2nd March 2013, 13:32
sudip sudip is offline
Junior Member
 
Join Date: Feb 2013
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
you can use fake sender addresses.
Sorry Falko but I can not agree with that.
I have another domain which is not on this dedicated server , but is on a shared hosting on a windows server of ixwebhosing.com .
When I am trying to send mail to one of the mailbox of this domain using a fake and non existant userid of the same domain , the mail server is not allowing me to send it.
And that is also SMTP protocol .
Reply With Quote
  #8  
Old 4th March 2013, 18:03
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

Yes, but try to send to a domain that is not on this server...
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #9  
Old 5th March 2013, 05:03
sudip sudip is offline
Junior Member
 
Join Date: Feb 2013
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

hi Falko
I think you misunderstood my first post (the original post with the problem).

Quote:
When I am trying to send mail to one of the mailbox of this domain using a fake and non existant userid of the same domain , the mail server is not allowing me to send it.
This is the problem that I am facing in the dedicated server - I am able to send mail to one of the mailbox of this domain using a fake and non existant userid of the same domain.
Shared windows hosting server is not allowing it , but the dedicated server (The Perfect Server – CentOS 6.3 x86_64 (Apache2, Dovecot, ISPConfig 3) is allowing it.

This has to be some of the settings.

Thanks in advance.
Sudip
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Getting Email Working ISPConfig3 Squirrelmail and Courier etc Ian Wilson Installation/Configuration 17 19th June 2013 22:58
Need help with ISPConfig Mail and Squirrelmail m.xander Installation/Configuration 109 3rd February 2012 00:15
Postfix SMTP Auth to Dovecot Not Working -- HELP! Scratchpad Server Operation 6 12th April 2011 13:29
Centos 4.4 32bit Hangs, High Server load 3cwired_com Server Operation 11 16th November 2006 15:47
Verify email setup meekish Installation/Configuration 28 27th October 2006 15:36


All times are GMT +2. The time now is 06:55.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.