After following ISPconfig ubuntu guide - server is an open relay

Discussion in 'Installation/Configuration' started by lspdev, Feb 11, 2012.

  1. falko

    falko Super Moderator ISPConfig Developer

    Can you run
    Code:
    telnet localhost 25
    and then type in
    Code:
    ehlo localhost
    ? Does it show that it supports STARTTLS?

    What's in your main.cf?
     
  2. lspdev

    lspdev New Member

    Falko,

    Connected to localhost.localdomain.
    Escape character is '^]'.
    220 server.christiancoalition.co.za ESMTP Postfix (Ubuntu)
    ehlo localhost
    250-server.christiancoalition.co.za
    250-PIPELINING
    250-SIZE
    250-VRFY
    250-ETRN
    250-STARTTLS
    250-AUTH LOGIN PLAIN
    250-AUTH=LOGIN PLAIN
    250-ENHANCEDSTATUSCODES
    250-8BITMIME
    250 DSN


    And my main.cf is listed below:

    # See /usr/share/postfix/main.cf.dist for a commented, more complete version


    # Debian specific: Specifying a file name will cause the first
    # line of that file to be used as the name. The Debian default
    # is /etc/mailname.
    #myorigin = /etc/mailname

    smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
    biff = no

    # appending .domain is the MUA's job.
    append_dot_mydomain = no

    # Uncomment the next line to generate "delayed mail" warnings
    #delay_warning_time = 4h

    readme_directory = /usr/share/doc/postfix
    # TLS parameters
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_key_file = /etc/postfix/smtpd.key
    smtpd_use_tls = yes
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

    # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
    # information on enabling SSL in the smtp client.

    myhostname = server.christiancoalition.co.za
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    myorigin = /etc/mailname
    mydestination = server.christiancoalition.co.za, localhost, localhost.localdomain
    relayhost =
    mynetworks = 127.0.0.0/8 [::1]/128
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    html_directory = /usr/share/doc/postfix/html
    virtual_alias_domains =
    virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
    virtual_mailbox_base = /var/vmail
    virtual_uid_maps = static:5000
    virtual_gid_maps = static:5000
    smtpd_sasl_auth_enable = yes
    broken_sasl_auth_clients = yes
    smtpd_sasl_authenticated_header = yes
    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination
    smtpd_tls_security_level = may
    transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
    relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
    relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
    smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf
    smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf
    maildrop_destination_concurrency_limit = 1
    maildrop_destination_recipient_limit = 1
    virtual_transport = maildrop
    header_checks = regexp:/etc/postfix/header_checks
    mime_header_checks = regexp:/etc/postfix/mime_header_checks
    nested_header_checks = regexp:/etc/postfix/nested_header_checks
    body_checks = regexp:/etc/postfix/body_checks
    content_filter = amavis:[127.0.0.1]:10024
    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination
    smtpd_tls_security_level = may
    transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
    relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
    relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
    smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf
    smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf
    maildrop_destination_concurrency_limit = 1
    maildrop_destination_recipient_limit = 1
    virtual_transport = maildrop
    header_checks = regexp:/etc/postfix/header_checks
    mime_header_checks = regexp:/etc/postfix/mime_header_checks
    nested_header_checks = regexp:/etc/postfix/nested_header_checks
    body_checks = regexp:/etc/postfix/body_checks
    content_filter = amavis:[127.0.0.1]:10024
    receive_override_options = no_address_mappings
    message_size_limit = 0


    What confuses me is that it works, then stops and then miraculously starts working again, without doing anything???? Could it be client related, on thunderbird?
     
  3. falko

    falko Super Moderator ISPConfig Developer

    I'm not sure why this happens, but I don't see an error in your Postfix configuration.
     
  4. lspdev

    lspdev New Member

    This is driving me crazy!!! Weeks have gone by, been working fine using Starttls... and now, after a server reboot, due from an update, it now does it again..

    I can only send email now if I do not use authentication - but even though I try:

    root@server:~# telnet localhost 25
    Trying 127.0.0.1...
    Connected to localhost.localdomain.
    Escape character is '^]'.
    220 server.christiancoalition.co.za ESMTP Postfix (Ubuntu)
    ehlo localhost
    250-server.christiancoalition.co.za
    250-PIPELINING
    250-SIZE
    250-VRFY
    250-ETRN
    250-STARTTLS
    250-AUTH PLAIN LOGIN
    250-AUTH=PLAIN LOGIN
    250-ENHANCEDSTATUSCODES
    250-8BITMIME
    250 DSN
    quit
    221 2.0.0 Bye
    Connection closed by foreign host.


    IT expects it.... But NO matter what I try, it does not accept connection with STARTTLS.... WHY WHY WHY???
     
  5. lspdev

    lspdev New Member

    An error occurred sending mail: Unable to establish a secure link with SMTP server mail.christiancoalition.co.za using STARTTLS since it doesn't advertise that feature. Switch off STARTTLS for that server or contact your service provider.
     
  6. lspdev

    lspdev New Member

    Not sure if this is related ... but my root user is getting mails on the sell relating to sqlite...

    PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib/php5/2009062
    6/sqlite.so' - /usr/lib/php5/20090626/sqlite.so: cannot open shared object file:
    No such file or directory in Unknown on line 0


    is this related in any way to my problem?
     
  7. falko

    falko Super Moderator ISPConfig Developer

    I don't think this is related, but to go sure I'd update your PHP packages.
     

Share This Page