User is able to send after changing password on ISPConfig(SASL)

Discussion in 'General' started by pendexgabo, Jun 17, 2013.

  1. pendexgabo

    pendexgabo New Member

    Hello,

    I'm having a huge issue with my ISPConfig installation.

    I found out that users who are authenticating on POP3 are able to send email even if their password was changed through the ISPConfig.

    if you check the follow log the SASL LOGIN fails but still the email is delivered.

    How that can be even possible?

    Code:
    Jun 17 01:07:07 host postfix/smtpd[3215]: connect from hostXXX-XXX-XXX-XXX.telecom.net.ar[XXX.XXX.XXX.XXX]
    Jun 17 01:07:08 host postfix/smtpd[3215]: warning: hostXXX-XXX-XXX-XXX.telecom.net.ar[XXX.XXX.XXX.XXX]: SASL LOGIN authentication failed: authentication failure
    Jun 17 01:07:08 host postfix/smtpd[3215]: lost connection after AUTH from hostXXX-XXX-XXX-XXX.telecom.net.ar[XXX.XXX.XXX.XXX]
    Jun 17 01:07:08 host postfix/smtpd[3215]: disconnect from hostXXX-XXX-XXX-XXX.telecom.net.ar[XXX.XXX.XXX.XXX]
    Jun 17 01:07:09 host postfix/smtpd[3215]: connect from hostXXX-XXX-XXX-XXX.telecom.net.ar[XXX.XXX.XXX.XXX]
    Jun 17 01:07:10 host postfix/smtpd[3215]: AA372246D9: client=hostXXX-XXX-XXX-XXX.telecom.net.ar[XXX.XXX.XXX.XXX], sasl_method=LOGIN, sasl_username=test@sender-example.com
    Jun 17 01:07:11 host postfix/cleanup[3219]: AA372246D9: message-id=<008601ce6b10$248b49c0$6f44a8c0@xpvmx01>
    Jun 17 01:07:11 host postfix/qmgr[418]: AA372246D9: from=<test@sender-example.com>, size=1440, nrcpt=1 (queue active)
    Jun 17 01:07:11 host postfix/smtpd[3215]: disconnect from hostXXX-XXX-XXX-XXX.telecom.net.ar[XXX.XXX.XXX.XXX]
    Jun 17 01:07:12 host postfix/smtp[3220]: AA372246D9: to=<mail@hotmail.com>, relay=mx2.hotmail.com[65.55.92.152]:25, delay=1.7, delays=1.2/0.01/0.14/0.34, dsn=2.0.0, status=sent (250  <008601ce6b10$248b49c0$6f44a8c0@xpvmx01> Queued mail for delivery)
    Jun 17 01:07:12 host postfix/qmgr[418]: AA372246D9: removed
    

    I'm running ISPConfig 3.0.2.1 on Debian


    the content of my main.cf file is:

    Code:
    # See /usr/share/postfix/main.cf.dist for a commented, more complete version
    
    
    # Debian specific:  Specifying a file name will cause the first
    # line of that file to be used as the name.  The Debian default
    # is /etc/mailname.
    #myorigin = /etc/mailname
    
    smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
    biff = no
    
    # appending .domain is the MUA's job.
    append_dot_mydomain = no
    
    # Uncomment the next line to generate "delayed mail" warnings
    #delay_warning_time = 4h
    
    readme_directory = /usr/share/doc/postfix
    
    # TLS parameters
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_key_file = /etc/postfix/smtpd.key
    smtpd_use_tls = yes
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
    
    # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
    # information on enabling SSL in the smtp client.
    
    myhostname = host.example.com
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    myorigin = /etc/mailname
    mydestination = host.example.com, localhost, localhost.localdomain
    relayhost = 
    mynetworks = 127.0.0.0/8 [::1]/128
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    html_directory = /usr/share/doc/postfix/html
    virtual_alias_domains = 
    virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
    virtual_mailbox_base = /var/vmail
    virtual_uid_maps = static:5000
    virtual_gid_maps = static:5000
    smtpd_sasl_auth_enable = yes
    broken_sasl_auth_clients = yes
    smtpd_sasl_authenticated_header = yes
    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination
    smtpd_tls_security_level = may
    transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
    relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
    relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
    virtual_create_maildirsize = yes
    virtual_maildir_extended = yes
    virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
    virtual_mailbox_limit_override = yes
    virtual_maildir_limit_message = "The user you are trying to reach is over quota."
    virtual_overquota_bounce = yes
    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
    smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf
    #smtpd_sender_restrictions = reject_authenticated_sender_login_mismatch, check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf
    smtpd_client_restrictions =  permit_mynetworks, permit_sasl_authenticated, reject_unknown_client_hostname, check_client_access mysql:/etc/postfix/mysql-virtual_client.cf
    maildrop_destination_concurrency_limit = 1
    maildrop_destination_recipient_limit = 1
    virtual_transport = maildrop
    header_checks = regexp:/etc/postfix/header_checks
    mime_header_checks = regexp:/etc/postfix/mime_header_checks
    nested_header_checks = regexp:/etc/postfix/nested_header_checks
    body_checks = regexp:/etc/postfix/body_checks
    
    ##
    # http://www.lordblacksuca.net/tag/clamd/
    #content_filter = amavis:[127.0.0.1]:10024
    #receive_override_options = no_address_mappings
    message_size_limit = 0
    bounce_queue_lifetime = 3d
    
    
    any clue?
     
    Last edited: Jun 17, 2013

Share This Page