I am trying to test SMTP AUTH, because I know if I don't have it working I'll have 10000 spammers using my new server minutes after I unblock the ports. I have NOT installed ISPConfig yet, but I intend to once I am sure mail is secure... my host name is www.4pdx.com I have setup "The Perfect Setup for Fedora Core 5" and everything looks ok. I try testing the SMTP server by using: > telnet localhost 25 Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. 220 www.4pdx.com ESMTP Postfix ehlo cnn.com 250-www.4pdx.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250 8BITMIME mail from: <[email protected]> 250 Ok rcpt to: <[email protected]> 250 Ok data 354 End data with <CR><LF>.<CR><LF> well this doesn't work... . 250 Ok: queued as EEC061348033 quit As you can see it let me send the email even though none of the domains listed are on my server. I have also tried unblocking my firewall ports, (External firewall, both the Fedora firewall and SELinux are disabled) and trying an external client. I use a username and password, but don't have the SMTP Authentication on and it still lets me send mail. This isn't secure is it? can't anyone connect to port 25 and send anything anywhere? Please help if you can. Thanks Randy I am including below all the outputs I can think of that you guys usually ask for. If you need one not here, please let me know and I'll send it! --------------------------------------------------------------------- Output of netstat -tap Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 *:mysql *:* LISTEN 1868/mysqld tcp 0 0 *:53452 *:* LISTEN 1532/rpc.statd tcp 0 0 *:sunrpc *:* LISTEN 1513/portmap tcp 0 0 192.168.1.4:domain *:* LISTEN 1495/named tcp 0 0 192.168.1.3:domain *:* LISTEN 1495/named tcp 0 0 192.168.1.2:domain *:* LISTEN 1495/named tcp 0 0 192.168.1.105:domain *:* LISTEN 1495/named tcp 0 0 localhost.localdomai:domain *:* LISTEN 1495/named tcp 0 0 localhost.localdomain:ipp *:* LISTEN 1747/cupsd tcp 0 0 *:smtp *:* LISTEN 1957/master tcp 0 0 localhost.localdomain:rndc *:* LISTEN 1495/named tcp 0 1 192.168.1.105:60781 mx4.hotmail.com:smtp SYN_SENT 2446/smtp tcp 0 0 *:imaps *:* LISTEN 1896/dovecot tcp 0 0 *op3s *:* LISTEN 1896/dovecot tcp 0 0 *op3 *:* LISTEN 1896/dovecot tcp 0 0 *:imap *:* LISTEN 1896/dovecot tcp 0 0 *:http *:* LISTEN 1991/httpd tcp 0 0 *:ftp *:* LISTEN 1971/proftpd: (acce tcp 0 0 *:ssh *:* LISTEN 1755/sshd tcp 0 0 *:https *:* LISTEN 1991/httpd tcp 0 44 ::ffff:192.168.1.105:ssh SAPPHIRE.LUCIDNET:4596 ESTABLISHED 2383/sshd: ralex [p ----------------------------------------------------------------------- my main.cf file (Minus the comments and commented out directives) queue_directory = /var/spool/postfix command_directory = /usr/sbin daemon_directory = /usr/libexec/postfix mail_owner = postfix inet_interfaces = all mydestination = $myhostname, localhost.$mydomain, localhost unknown_local_recipient_reject_code = 550 alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5 sendmail_path = /usr/sbin/sendmail.postfix newaliases_path = /usr/bin/newaliases.postfix mailq_path = /usr/bin/mailq.postfix setgid_group = postdrop html_directory = no manpage_directory = /usr/share/man sample_directory = /usr/share/doc/postfix-2.2.8/samples readme_directory = /usr/share/doc/postfix-2.2.8/README_FILES smtpd_sasl_local_domain = smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination smtpd_tls_auth_only = no smtp_use_tls = yes smtpd_use_tls = yes smtp_tls_note_starttls_offer = yes smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom ------------------------------------------------------------------------ Contents of /usr/lib/sasl/smtpd.conf pwcheck_method: saslauthd saslauthd_version: 2
Please add the line: to your postfix main.cf. This enables you to send emails without authentication only from localhost. All other hosts will require username and password to send email.
That worked great! Thank you so much! I get a MD5/CRAM authentication error. No secret in database, now. so I still have something weird. I installed Ravencore so that probably replaced something I had set up before, so I'll have to dig into it! Thanks again! Randy
What's in /usr/lib64/sasl2/smtpd.conf (if you're on a x86_64 system) or /usr/lib/sasl2/smtpd.conf (if you're on a i386 system)? It should contain Code: pwcheck_method: saslauthd mech_list: plain login nothing else.