Dear, as usual we are in centos enviroment with latest ispconfig installed (mta postfix). We have smtp_sasl enable with dovecot...and today strange stuff happen (never happened before). A customer of us, has sent several emails (something like 600/700), and they are goes outside with that logs: """" Sep 19 04:04:18 XXX cbpolicyd[22017]: module=Quotas, mode=update, host=EX.TER.NAL.IP, helo=[192.168.1.16], from=MYLOCALFROM, to=DESTINATIONEMAIL, reason=quota_update, policy=5, quota=4, limit=5, track=SASLUsername:,counter=MessageCount, quota=363.96/600 (60.7%) """" As you can see, nothing appear on SASLUsername, but the email goes outside correctly. Why it's possibile that? I have did an hypothesis. Could be possible that the user, use a very old email client (something like outlook 4, or exchange 5), and then he can able to do the relay just because we have the variable "broken_sasl_auth_clients" to yes? And moreover, the log can't read the saslusername from the payload of the connection? Thank you. Mark
I'am preytty sure that nobody can relay without correct authentication on a ispconfig perfect setup. But yours setup seems to be modified so I cant say that for sure for your setup. Did you check your server with an open relay tester? And are you sure that the mails don't originate from a destination that is whitelisted in mynetworks in postfix main.cf?
open relay is the very first stuff that we control on our mail server. And yes, i have checked right not, and obviously is not an open relay. What you see of difference here is just about policyd installation onver the default perfect server setup. mynetworks right now have onlye 127.0.0.1 address, so i think that could not be the problem here
The line you posted is just from policyd. Did you check the other lines belonging to this mail, from where did it come (really an external IP or 127.0.0.1, is there an postfix auth line at all etc.
Well, after several days of debug, we have found nothing... :-( in my opinion could be something related to "broken_sasl_auth_clients". If in the future we will have the same problem, we will provide more details that we can. thank you
