Can't seem to get SMTP AUTH working..

Discussion in 'HOWTO-Related Questions' started by ralexpdx, Jun 2, 2006.

  1. ralexpdx

    ralexpdx New Member

    I am trying to test SMTP AUTH, because I know if I don't have it working I'll have 10000 spammers using my new server minutes after I unblock the ports.

    I have NOT installed ISPConfig yet, but I intend to once I am sure mail is secure...

    my host name is www.4pdx.com

    I have setup "The Perfect Setup for Fedora Core 5" and everything looks ok. I try testing the SMTP server by using:


    > telnet localhost 25
    Trying 127.0.0.1...
    Connected to localhost.localdomain (127.0.0.1).
    Escape character is '^]'.
    220 www.4pdx.com ESMTP Postfix
    ehlo cnn.com
    250-www.4pdx.com
    250-PIPELINING
    250-SIZE 10240000
    250-VRFY
    250-ETRN
    250-STARTTLS
    250-AUTH PLAIN LOGIN
    250-AUTH=PLAIN LOGIN
    250 8BITMIME
    mail from: <admin@peterpan.org>
    250 Ok
    rcpt to: <r_alexb@hotmail.com>
    250 Ok
    data
    354 End data with <CR><LF>.<CR><LF>
    well this doesn't work...
    .
    250 Ok: queued as EEC061348033
    quit


    As you can see it let me send the email even though none of the domains listed are on my server. I have also tried unblocking my firewall ports, (External firewall, both the Fedora firewall and SELinux are disabled) and trying an external client. I use a username and password, but don't have the SMTP Authentication on and it still lets me send mail.

    This isn't secure is it? can't anyone connect to port 25 and send anything anywhere? Please help if you can. Thanks

    Randy

    I am including below all the outputs I can think of that you guys usually ask for. If you need one not here, please let me know and I'll send it!

    ---------------------------------------------------------------------
    Output of netstat -tap

    Active Internet connections (servers and established)
    Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
    tcp 0 0 *:mysql *:* LISTEN 1868/mysqld
    tcp 0 0 *:53452 *:* LISTEN 1532/rpc.statd
    tcp 0 0 *:sunrpc *:* LISTEN 1513/portmap
    tcp 0 0 192.168.1.4:domain *:* LISTEN 1495/named
    tcp 0 0 192.168.1.3:domain *:* LISTEN 1495/named
    tcp 0 0 192.168.1.2:domain *:* LISTEN 1495/named
    tcp 0 0 192.168.1.105:domain *:* LISTEN 1495/named
    tcp 0 0 localhost.localdomai:domain *:* LISTEN 1495/named
    tcp 0 0 localhost.localdomain:ipp *:* LISTEN 1747/cupsd
    tcp 0 0 *:smtp *:* LISTEN 1957/master
    tcp 0 0 localhost.localdomain:rndc *:* LISTEN 1495/named
    tcp 0 1 192.168.1.105:60781 mx4.hotmail.com:smtp SYN_SENT 2446/smtp
    tcp 0 0 *:imaps *:* LISTEN 1896/dovecot
    tcp 0 0 *:pop3s *:* LISTEN 1896/dovecot
    tcp 0 0 *:pop3 *:* LISTEN 1896/dovecot
    tcp 0 0 *:imap *:* LISTEN 1896/dovecot
    tcp 0 0 *:http *:* LISTEN 1991/httpd
    tcp 0 0 *:ftp *:* LISTEN 1971/proftpd: (acce
    tcp 0 0 *:ssh *:* LISTEN 1755/sshd
    tcp 0 0 *:https *:* LISTEN 1991/httpd
    tcp 0 44 ::ffff:192.168.1.105:ssh SAPPHIRE.LUCIDNET:4596 ESTABLISHED 2383/sshd: ralex [p
    -----------------------------------------------------------------------

    my main.cf file (Minus the comments and commented out directives)

    queue_directory = /var/spool/postfix
    command_directory = /usr/sbin
    daemon_directory = /usr/libexec/postfix
    mail_owner = postfix
    inet_interfaces = all
    mydestination = $myhostname, localhost.$mydomain, localhost
    unknown_local_recipient_reject_code = 550
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    debug_peer_level = 2
    debugger_command =
    PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
    xxgdb $daemon_directory/$process_name $process_id & sleep 5
    sendmail_path = /usr/sbin/sendmail.postfix
    newaliases_path = /usr/bin/newaliases.postfix
    mailq_path = /usr/bin/mailq.postfix
    setgid_group = postdrop
    html_directory = no
    manpage_directory = /usr/share/man
    sample_directory = /usr/share/doc/postfix-2.2.8/samples
    readme_directory = /usr/share/doc/postfix-2.2.8/README_FILES

    smtpd_sasl_local_domain =
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_security_options = noanonymous
    broken_sasl_auth_clients = yes
    smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
    smtpd_tls_auth_only = no
    smtp_use_tls = yes
    smtpd_use_tls = yes
    smtp_tls_note_starttls_offer = yes
    smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
    smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
    smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
    smtpd_tls_loglevel = 1
    smtpd_tls_received_header = yes
    smtpd_tls_session_cache_timeout = 3600s
    tls_random_source = dev:/dev/urandom
    ------------------------------------------------------------------------
    Contents of /usr/lib/sasl/smtpd.conf

    pwcheck_method: saslauthd
    saslauthd_version: 2
     
    Last edited: Jun 2, 2006
  2. till

    till Super Moderator

    Please add the line:

    to your postfix main.cf.

    This enables you to send emails without authentication only from localhost. All other hosts will require username and password to send email.
     
  3. ralexpdx

    ralexpdx New Member


    That worked great! Thank you so much! I get a MD5/CRAM authentication error. No secret in database, now. so I still have something weird. I installed Ravencore so that probably replaced something I had set up before, so I'll have to dig into it! Thanks again!

    Randy
     
  4. falko

    falko Super Moderator

    What's in /usr/lib64/sasl2/smtpd.conf (if you're on a x86_64 system) or /usr/lib/sasl2/smtpd.conf (if you're on a i386 system)? It should contain

    Code:
    pwcheck_method: saslauthd
    mech_list: plain login
    nothing else.
     

Share This Page