postfix relay also with sasluser empty

Discussion in 'General' started by themark, Sep 21, 2015.

  1. themark

    themark Member


    as usual we are in centos enviroment with latest ispconfig installed (mta postfix). We have smtp_sasl enable with dovecot...and today strange stuff happen (never happened before).

    A customer of us, has sent several emails (something like 600/700), and they are goes outside with that logs:
    Sep 19 04:04:18 XXX cbpolicyd[22017]: module=Quotas, mode=update, host=EX.TER.NAL.IP, helo=[],
    from=MYLOCALFROM, to=DESTINATIONEMAIL, reason=quota_update, policy=5, quota=4, limit=5,
    track=SASLUsername:,counter=MessageCount, quota=363.96/600 (60.7%)
    As you can see, nothing appear on SASLUsername, but the email goes outside correctly. Why it's possibile that?

    I have did an hypothesis. Could be possible that the user, use a very old email client (something like outlook 4, or exchange 5), and then he can able to do the relay just because we have the variable "broken_sasl_auth_clients" to yes? And moreover, the log can't read the saslusername from the payload of the connection?

    Thank you.
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    I'am preytty sure that nobody can relay without correct authentication on a ispconfig perfect setup. But yours setup seems to be modified so I cant say that for sure for your setup. Did you check your server with an open relay tester? And are you sure that the mails don't originate from a destination that is whitelisted in mynetworks in postfix
  3. themark

    themark Member

    open relay is the very first stuff that we control on our mail server. And yes, i have checked right not, and obviously is not an open relay.
    What you see of difference here is just about policyd installation onver the default perfect server setup.
    mynetworks right now have onlye address, so i think that could not be the problem here
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    The line you posted is just from policyd. Did you check the other lines belonging to this mail, from where did it come (really an external IP or, is there an postfix auth line at all etc.
  5. themark

    themark Member

    Well, after several days of debug, we have found nothing... :-( in my opinion could be something related to "broken_sasl_auth_clients". If in the future we will have the same problem, we will provide more details that we can.

    thank you

Share This Page