Hello, I'm trying to understand how the smtp auth works in ISPConfig. I have installed the server on centos 6.2 with this tutorial: http://www.howtoforge.com/perfect-server-centos-6.2-x86_64-with-apache2-ispconfig-3 (so I use courier for imap/pop3) From what I understand from it the authentication should be done using saslauthd but it's not running on my system and the smtp auth works. Am I wrong ? or is something broken in my installation?
On courier setups, smtp authentication is handled by saslauthd. On Dovecot setups, smtp authentication is handled by dovecot.
Ok, It's what I understood, but the authsasld deamon is not running in my system and the authentication works, how is it possible ?
Ok I saw the thread but I still have something strange I tried to send a message from a different network that is not in mynetworks to a gmail.com address (so the recipient is not on the ispconfig server) As said in other messages authsasld is not running but the authentication still works ok, the message is sent only if username and passwords are correct.
Code: [daniele@hosting ~]$ ps aux|grep -i saslauthd daniele 1490 0.0 0.0 103232 812 pts/0 S+ 12:11 0:00 grep -i saslauthd [daniele@hosting ~]$ main.cf (with comments removed) Code: queue_directory = /var/spool/postfix command_directory = /usr/sbin daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix mail_owner = postfix inet_interfaces = all inet_protocols = all mydestination = [server-hostname], localhost, localhost.localdomain unknown_local_recipient_reject_code = 550 alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 sendmail_path = /usr/sbin/sendmail.postfix newaliases_path = /usr/bin/newaliases.postfix mailq_path = /usr/bin/mailq.postfix setgid_group = postdrop html_directory = no manpage_directory = /usr/share/man sample_directory = /usr/share/doc/postfix-2.6.6/samples readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES virtual_alias_domains = virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf virtual_mailbox_base = /var/vmail virtual_uid_maps = static:5000 virtual_gid_maps = static:5000 smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination smtpd_use_tls = yes smtpd_tls_security_level = may smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_tls_key_file = /etc/postfix/smtpd.key transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf maildrop_destination_concurrency_limit = 1 maildrop_destination_recipient_limit = 1 virtual_transport = maildrop header_checks = regexp:/etc/postfix/header_checks mime_header_checks = regexp:/etc/postfix/mime_header_checks nested_header_checks = regexp:/etc/postfix/nested_header_checks body_checks = regexp:/etc/postfix/body_checks myhostname = [server-hostname] mynetworks = 127.0.0.0/8 [::1]/128 content_filter = amavis:[127.0.0.1]:10024 receive_override_options = no_address_mappings relayhost = mailbox_size_limit = 0 message_size_limit = 0 /etc/sasl2/smtpd.conf Code: pwcheck_method: saslauthd mech_list: plain login I have also /usr/lib64/sasl2/smtpd.conf with this content Code: pwcheck_method: authdaemond log_level: 3 mech_list: PLAIN LOGIN authdaemond_path:/var/spool/authdaemon/socket
Strange. Have you tried to check if your server is an open relay? http://www.spamhelp.org/shopenrelay/
I tried with http://www.checkor.com/ and everything is ok. Code: Checking [hostname]: 220 [hostname] ESMTP Postfix HELO ortest.checkor.com 250 [hostname] RSET 250 2.0.0 Ok MAIL FROM: [email protected] 250 2.1.0 Ok RCPT TO: [email protected] 554 5.7.1 : Relay access denied RSET 250 2.0.0 Ok MAIL FROM: 501 5.5.4 Syntax: MAIL FROM: RCPT TO: [email protected] 503 5.5.1 Error: need MAIL command RSET 250 2.0.0 Ok MAIL FROM: spam@[hostname] 250 2.1.0 Ok RCPT TO: [email protected] 554 5.7.1 : Relay access denied RSET 250 2.0.0 Ok MAIL FROM: spam@[hostname] 250 2.1.0 Ok RCPT TO: [email protected] 554 5.7.1 : Relay access denied RSET 250 2.0.0 Ok MAIL FROM: spam@[hostname] 250 2.1.0 Ok RCPT TO: test1@[hostname] 550 5.1.1 : Recipient address rejected: User unknown in local recipient table RSET 250 2.0.0 Ok MAIL FROM: spam@[hostname] 250 2.1.0 Ok RCPT TO: "[email protected]"@[hostname] 554 5.7.1 : Relay access denied RSET 250 2.0.0 Ok MAIL FROM: spam@[hostname] 250 2.1.0 Ok RCPT TO: @[hostname]:[email protected] 554 5.7.1 : Relay access denied http://www.spamhelp.org/shopenrelay says that it cannot connect to the server.
Can you post the output of Code: netstat -tap ? I want to go sure that it is Postfix that is running on port 25 and not some other MTA (sendmail, etc.).
sendmail is not present on the system. Here is the output of netstat -tap Code: Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 localhost:10025 *:* LISTEN 2103/master tcp 0 0 *:mysql *:* LISTEN 9743/mysqld tcp 0 0 localhost:dyna-access *:* LISTEN 1699/clamd tcp 0 0 *:sunrpc *:* LISTEN 1437/rpcbind tcp 0 0 *:40401 *:* LISTEN - tcp 0 0 *:ftp *:* LISTEN 2154/pure-ftpd (SER tcp 0 0 192.168.100.160:domain *:* LISTEN 1417/named tcp 0 0 [server-name]:domain *:* LISTEN 1417/named tcp 0 0 localhost:domain *:* LISTEN 1417/named tcp 0 0 localhost:ipp *:* LISTEN 1558/cupsd tcp 0 0 *:smtp *:* LISTEN 2103/master tcp 0 0 *:51075 *:* LISTEN 1455/rpc.statd tcp 0 0 *:38022 *:* LISTEN 1683/sshd tcp 0 0 localhost:10024 *:* LISTEN 20288/amavisd (mast tcp 0 0 192.168.100.160:nas 192.168.100.1:nfs ESTABLISHED - tcp 0 0 *:rsync *:* LISTEN 1691/xinetd tcp 0 0 *:pop3 *:* LISTEN 2022/couriertcpd tcp 0 0 *:imap *:* LISTEN 2009/couriertcpd tcp 0 0 *:sunrpc *:* LISTEN 1437/rpcbind tcp 0 0 *:webcache *:* LISTEN 729/httpd tcp 0 0 *:http *:* LISTEN 729/httpd tcp 0 0 *:tproxy *:* LISTEN 729/httpd tcp 0 0 *:ftp *:* LISTEN 2154/pure-ftpd (SER tcp 0 0 *:domain *:* LISTEN 1417/named tcp 0 0 *:45078 *:* LISTEN 1455/rpc.statd tcp 0 0 localhost:ipp *:* LISTEN 1558/cupsd tcp 0 0 *:smtp *:* LISTEN 2103/master tcp 0 0 *:https *:* LISTEN 729/httpd tcp 0 0 *:59454 *:* LISTEN - tcp 0 0 *:imaps *:* LISTEN 2016/couriertcpd tcp 0 0 *:pop3s *:* LISTEN 2028/couriertcpd tcp 0 0 *:38022 *:* LISTEN 1683/sshd tcp 0 0 localhost:47530 localhost:ftp TIME_WAIT - Another thing, there is no mention of sasl in any of the logs in /var/log It seems that my postfix uses something different for authentication; is it possible that it reads /usr/lib64/sasl2/smtpd.conf instead of /etc/sasl2/smtpd.conf ? the file in /usr/lib64/sasl2 uses authdeamon instead of saslauthd
Yes, Code: [daniele@hosting ~]$ ps ax|grep authd 1465 ? S 0:00 /usr/sbin/courierlogger -pid=/var/spool/authdaemon/pid -start /usr/libexec/courier-authlib/authdaemond 1466 ? S 0:00 /usr/libexec/courier-authlib/authdaemond 1470 ? S 0:00 /usr/libexec/courier-authlib/authdaemond 1471 ? S 0:00 /usr/libexec/courier-authlib/authdaemond 1472 ? S 0:00 /usr/libexec/courier-authlib/authdaemond 1473 ? S 0:00 /usr/libexec/courier-authlib/authdaemond 1474 ? S 0:00 /usr/libexec/courier-authlib/authdaemond 27555 pts/0 S+ 0:00 grep authd
