Hi, Could someone please provide some info on how to turn on SMTP Auth for ISPConfig? I have: - Built Debian Lenny server in accordance with http://howtoforge.com/perfect-server-debian-lenny-ispconfig3 - Searched the forum - Read the manual (where I would have thought something might be mentioned - there is discussion about monitoring SASL with fail2ban, but nothing on how to enable it!) I note that there is perhaps a hint when installing ISPConfig: To enable saslauthd, edit /etc/default/saslauthd and set START=yes (warning). I've done the above... is there anything else? If I do a telnet: myserver:~# telnet localhost 25 Trying 127.0.0.1... Connected to localhost.localdomain. Escape character is '^]'. 220 myserver.net ESMTP Postfix (Debian/GNU) ehlo localhost 250-hosting01.reidware.net 250-PIPELINING 250-SIZE 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN Maybe it is a simple case of I'm not connecting using the right config - I'm using Thunderbird to test. Thanks! James.
SMTP-Auth is always on, when you followed the guide and installed ispconfig 3. This shows also your telnet output "250-AUTH PLAIN LOGIN".
Thanks Till... so does the comment in the ISPConfig 3 installation "To enable saslauthd, edit /etc/default/saslauthd and set START=yes (warning)." have any significance?
Ok... having had a look at main.cf again I think I'm understanding what is going on... am I correct in thinking that smtp auth uses dovecot auth for authentication? I have noticed that it does not seem to matter whether I configure Thunderbird to use any form of encryption for logging in - is there a way to force smtp auth only accept encrypted sessions? I've tried doing a few searches - found a couple of things like smtpd_tls_auth_only but this does not seem to make any difference. Thanks! James.
That depends on your setup. If you use dovecot for imap and pop3, then dovecot is used. If you hace courier installed, then salauthd is used. SMTP-auth and smtp encryption are two different things, so dont mix that up! If you want to have encrypted smtp sessions, then enable smtp encryption in your email client. The email client will then use ssl encrypted session to communicate with postfix on port 25 automatically. SMTP-auth works with encrypted sessions as well.
How do I disable email sending for unauthenticated users? I'm running a mail server with postfix / courier.
Please post the exact error messages that you get in the mail.log file when you try to authenticate and check your mail client settings again that the correct username is used for smtp, the username is the full email address. E.g. Thunderbird has a bug so that not the full email address is used until you correct the username in the smtp settings.
That's where you didn't understand ( Or I wasn't clear ). I'm saying i can send emails to my server without being authenticated. I could create a script that would send thousands of email and cause a DoS because of hd running out of space. Code: MacbookPro:~ gawry$ telnet mail.myinternaldomain.com 25 Trying 66.66.66.66... Connected to mail.myinternaldomain.com Escape character is '^]'. 220 mail.myinternaldomain.com ESMTP Postfix (Debian/GNU) EHLO mail.myinternaldomain.com 250-mail.myinternaldomain.com 250-PIPELINING 250-SIZE 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN MAIL FROM: [email protected] 250 2.1.0 Ok RCPT TO: [email protected] 250 2.1.5 Ok DATA 354 End data with <CR><LF>.<CR><LF> Sending data . 250 2.0.0 Ok: queued as 460E72B450
