#1  
Old 8th November 2006, 15:08
iovo iovo is offline
Junior Member
 
Join Date: Oct 2006
Posts: 29
Thanks: 1
Thanked 0 Times in 0 Posts
Question SMTP and POP3 RESTRICTION

hello
i want to make some restriction.
i've ISPConfig instaled and work very good, but i have some sequrity hole.
when i use php mail() from other server i can send e-mail!!!
here is php simple code:

ini_set("SMTP","hhh.hhh.hhh.hhh");
mail('hhhh@hhh.hhh', $subject, $message, $headers );


How can i restrict that!?
i've found somthing about this problem in internet, but i don't know that it is right:

smtpd_recipient_restrictions =
permit_mynetworks
check_client_access hash:/etc/postfix/client_access
reject_unauth_destination
if this work, how can i maket it work with ISPConfig installation

Thanks
Reply With Quote
Sponsored Links
  #2  
Old 8th November 2006, 17:25
fobicodam fobicodam is offline
Senior Member
 
Join Date: Apr 2006
Location: Argentina
Posts: 346
Thanks: 0
Thanked 1 Time in 1 Post
Send a message via MSN to fobicodam
Default

Almost sure your other server is inside your network, did you try from outside your network?
Reply With Quote
  #3  
Old 8th November 2006, 18:17
iovo iovo is offline
Junior Member
 
Join Date: Oct 2006
Posts: 29
Thanks: 1
Thanked 0 Times in 0 Posts
Default

Yes i did. I'm sure about that.
Reply With Quote
  #4  
Old 8th November 2006, 18:54
fobicodam fobicodam is offline
Senior Member
 
Join Date: Apr 2006
Location: Argentina
Posts: 346
Thanks: 0
Thanked 1 Time in 1 Post
Send a message via MSN to fobicodam
Default

Did you follow the perfect setup steps?

The commands must be on /etc/postfix/postfix.conf (i believe) and the perfect setup put this lines inside.
Reply With Quote
  #5  
Old 8th November 2006, 19:02
Hans Hans is offline
Moderator
 
Join Date: Dec 2005
Location: Montfoort, The Netherlands
Posts: 2,256
Thanks: 212
Thanked 648 Times in 294 Posts
Default Tip

If i was you add the line:

mynetworks = 127.0.0.0/8

to your main.cf file.

(If it is not there)

This will allow email sending only from the network configured in the variable mynetworks. This is normally set to 127.0.0.0/8 which means sending is only allowed from localhost.
__________________
Hans

MrHostman | Master in managed hosting
Reply With Quote
  #6  
Old 8th November 2006, 21:02
iovo iovo is offline
Junior Member
 
Join Date: Oct 2006
Posts: 29
Thanks: 1
Thanked 0 Times in 0 Posts
Default

readme_directory = /usr/share/doc/packages/postfix/README_FILES
inet_protocols = all
biff = no
mydomain = domain.com
myhostname = $mydomain
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_auth_enable = yes
mynetworks = 127.0.0.0/8
smtpd_client_restrictions = permit_mynetworks
smtpd_delay_reject = no

smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, check_relay_domains
inet_interfaces = all
alias_maps = hash:/etc/aliases
smtpd_tls_auth_only = yes
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
masquerade_domains = $mydomain


here is my main.cf

everything is as perfect setup
Reply With Quote
  #7  
Old 9th November 2006, 09:46
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,177
Thanks: 829
Thanked 5,414 Times in 4,257 Posts
 
Default

Thats correct so far. Please check with a relay test if your server is really relaying mail:

http://www.abuse.net/relay.html

Please post the output of:

postconf -n | grep mynetworks
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
How to ban failed SSH, FTP, POP3 and SMTP logins? nenad Tips/Tricks/Mods 21 15th June 2008 18:21
DNS zones for mail exchange, subdomain, smtp and pop3 nabuk Installation/Configuration 5 7th November 2006 15:56
smtp problem z.y Installation/Configuration 12 14th April 2006 16:51
POP3 SMTP FTP problem arsu Installation/Configuration 1 11th November 2005 09:32
Unable to connect MS Outlook to pop3 nandhu HOWTO-Related Questions 1 12th August 2005 18:06


All times are GMT +2. The time now is 23:54.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.