Postfix/SMTP-AUTH, TLS broken?

Discussion in 'Server Operation' started by Hagforce, Oct 8, 2007.

  1. Hagforce

    Hagforce New Member

    Hello

    I use a server based on The perfect setup, fedora 4.
    I have alway had to use auth when using SMTP.
    The other day I noticed that this was`nt working anymore.
    Now I can send e-mails without hawing to authenticate.

    ehlo localhost:
    250-www.mydomain.com
    250-SIZE 40960000
    250-VRFY
    250-ETRN
    250-AUTH LOGIN PLAIN
    250-AUTH=LOGIN PLAIN
    250 8BITMIME

    So I se that the 250-STARTTLS is missing?

    In my main.cf things lock ok?:
    smtpd_sasl_local_domain =
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_security_options = noanonymous
    broken_sasl_auth_clients = yes
    smtpd_delay_reject = yes
    smtpd_sender_restrictions = reject_unknown_sender_domain
    smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
    smtpd_tls_auth_only = no
    smtp_use_tls = yes
    smtpd_use_tls = yes
    smtp_tls_note_starttls_offer = yes
    smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
    smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
    smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
    smtpd_tls_loglevel = 1
    smtpd_tls_received_header = yes
    smtpd_tls_session_cache_timeout = 3600s
    tls_random_source = dev:/dev/urandom

    virtual_maps = hash:/etc/postfix/virtusertable

    mydestination = /etc/postfix/local-host-names
    message_size_limit = 40960000
    mynetworks = 127.0.0.0/8

    Also tried restarting everything.
    Please help :confused:
     
    Hagforce, Oct 8, 2007
    #1
  2. falko

    falko Super Moderator Howtoforge Staff

    The easiest would be to redo the Postfix configuration from the Perfect FC4 Setup.
     
    falko, Oct 9, 2007
    #2
  3. Hagforce

    Hagforce New Member

    Thank you for quick reply falko.
    As always :)
     
    Hagforce, Oct 9, 2007
    #3
  4. Hagforce

    Hagforce New Member

    I redone the entire prosess under "Postfix With SMTP-AUTH And TLS" step by step.
    Still just the same :(

    Anything I`m missing here?
     
    Hagforce, Oct 10, 2007
    #4
  5. falko

    falko Super Moderator Howtoforge Staff

    What's in your /etc/postfix/main.cf?
     
    falko, Oct 10, 2007
    #5
  6. Hagforce

    Hagforce New Member

    This is my main.cf minus the things that is commented out (#)

    Code:
    queue_directory = /var/spool/postfix

command_directory = /usr/sbin

daemon_directory = /usr/libexec/postfix

mail_owner = postfix

inet_interfaces = all

unknown_local_recipient_reject_code = 550

alias_maps = hash:/etc/aliases

alias_database = hash:/etc/aliases

debug_peer_level = 2

debugger_command =
	 PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
	 xxgdb $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/sbin/sendmail.postfix

newaliases_path = /usr/bin/newaliases.postfix

mailq_path = /usr/bin/mailq.postfix

setgid_group = postdrop

html_directory = no

manpage_directory = /usr/share/man

sample_directory = /usr/share/doc/postfix-2.2.2/samples

readme_directory = /usr/share/doc/postfix-2.2.2/README_FILES
smtpd_sasl_local_domain = 
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_delay_reject = yes
smtpd_sender_restrictions = reject_unknown_sender_domain
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
virtual_maps = hash:/etc/postfix/virtusertable

mydestination = /etc/postfix/local-host-names
message_size_limit = 40960000
mynetworks = 127.0.0.0/8
     
    Hagforce, Oct 10, 2007
    #6
  7. falko

    falko Super Moderator Howtoforge Staff

    Please try this and restart Postfix:

    Code:
    postconf -e 'smtpd_sasl_local_domain ='
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'smtpd_sasl_security_options = noanonymous'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
postconf -e 'inet_interfaces = all'
postconf -e 'mynetworks = 127.0.0.0/8'
postconf -e 'smtpd_tls_auth_only = no'
postconf -e 'smtp_use_tls = yes'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtp_tls_note_starttls_offer = yes'
postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key'
postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt'
postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
postconf -e 'smtpd_tls_loglevel = 1'
postconf -e 'smtpd_tls_received_header = yes'
postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
postconf -e 'tls_random_source = dev:/dev/urandom'
     
    falko, Oct 11, 2007
    #7
  8. Hagforce

    Hagforce New Member

    Still just the same.

    My server vill now soon become a spam bot :eek:

    Other tips, please!
     
    Hagforce, Oct 12, 2007
    #8
  9. falko

    falko Super Moderator Howtoforge Staff

    What's the output of
    Code:
    netstat -tap
    and
    Code:
    telnet localhost 25
    and then
    Code:
    ehlo localhost
    ?
     
    falko, Oct 13, 2007
    #9
  10. Hagforce

    Hagforce New Member

    Code:
    ehlo localhost
250-www.mydomain.com
250-SIZE 40960000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250 8BITMIME
    Code:
    [root@www ~]# netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 *:55360                     *:*                         LISTEN      2221/rpc.statd
tcp        0      0 *:mysql                     *:*                         LISTEN      2579/mysqld
tcp        0      0 www.maydomain.com:783              *:*                         LISTEN      2675/spamd.pid
tcp        0      0 *:sunrpc                    *:*                         LISTEN      2203/portmap
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56840 SYN_RECV    -
tcp        0      0 *:81                        *:*                         LISTEN      27846/ispconfig_htt
tcp        0      0 *:ftp                       *:*                         LISTEN      28115/proftpd: (acc
tcp        0      0 static47.provider-cu:domain *:*                         LISTEN      29241/named
tcp        0      0 static49.provider-cu:domain *:*                         LISTEN      29241/named
tcp        0      0 static48.provider-cu:domain *:*                         LISTEN      29241/named
tcp        0      0 www.maydomain.com:domain           *:*                         LISTEN      29241/named
tcp        0      0 www.maydomain.com:ipp              *:*                         LISTEN      2435/cupsd
tcp        0      0 www.maydomain.com:5335             *:*                         LISTEN      2412/mDNSResponder
tcp        0      0 *:35672                     *:*                         LISTEN      3748/perl
tcp        0      0 www.maydomain.com:rndc             *:*                         LISTEN      29241/named
tcp        0      0 *:smtp                      *:*                         LISTEN      3748/perl
tcp        0      0 *:125                       *:*                         LISTEN      28148/master
tcp        0      0 www.maydomain.com:49220            www.maydomain.com:imap             TIME_WAIT   -
tcp        0      0 www.maydomain.com:56343            www.maydomain.com:125              TIME_WAIT   -
tcp        0      0 www.maydomain.com:56342            www.maydomain.com:125              TIME_WAIT   -
tcp        0      0 static48.provider-cust.:ftp static36.provider-cus:64253 ESTABLISHED 2825/proftpd: jstor
tcp        0      0 *:13024                     *:*                         LISTEN      2478/sshd
tcp        0      0 *:imaps                     *:*                         LISTEN      4693/dovecot
tcp        0      0 *:pop3s                     *:*                         LISTEN      4693/dovecot
tcp        0      0 *:pop3                      *:*                         LISTEN      4693/dovecot
tcp        0      0 *:imap                      *:*                         LISTEN      4693/dovecot
tcp        0      0 *:http                      *:*                         LISTEN      28760/httpd
tcp        0      0 ::1:rndc                    *:*                         LISTEN      29241/named
tcp        0      0 *:https                     *:*                         LISTEN      28760/httpd
tcp        0      0 static48.provider-cust:http static179.provider-cu:61623 TIME_WAIT   -
tcp        0      0 static48.provider-cust:pop3 static163.provider-cus:2478 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http static222.provider-cus:4808 TIME_WAIT   -
tcp        0      0 static48.provider-cust:pop3 static167.provider-cu:62655 TIME_WAIT   -
tcp        0      0 static48.provider-cust:http static179.provider-cu:62337 TIME_WAIT   -
tcp        0      0 static48.provider-cust:pop3 static113.provider-cu:28794 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http static222.provider-cus:8581 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56893 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56892 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56894 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56889 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56888 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http static222.provider-cus:3203 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56891 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56890 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56885 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56884 TIME_WAIT   -
tcp        0      0 static48.provider-cust:http static179.provider-cu:62207 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56887 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56886 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56881 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56880 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56883 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56882 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56877 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56876 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56879 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56878 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56873 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56872 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56875 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56874 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56869 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http static222.provider-cus:7324 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56868 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56871 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56870 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56865 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56864 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56867 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56866 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56861 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56860 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56863 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56862 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56857 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56856 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56859 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56858 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56853 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56852 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56855 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56854 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56849 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56848 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56851 TIME_WAIT   -
tcp        0      0 static48.provider-cust:pop3 static222.provider-cus:8117 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56850 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56845 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56844 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56847 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56846 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56843 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56842 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56837 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56836 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56838 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56833 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56832 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56835 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56834 TIME_WAIT   -
tcp        0      0 static47.provider-cust:http ti132110a341-0037.bb.:56829 TIME_WAIT   -
     
    Hagforce, Oct 13, 2007
    #10
  11. falko

    falko Super Moderator Howtoforge Staff

    There's some Perl process listening on port 25 instead of Postfix. Stop that Perl process and restart Postfix.
     
    falko, Oct 14, 2007
    #11
  12. Hagforce

    Hagforce New Member

    Thank you again.

    I was running ASSP on port 25, and postfix on 125.
    For some reason authentication did`nt work when I use ASSP.
    But it works when I connect directly to postfix.
     
    Hagforce, Oct 18, 2007
    #12

Share This Page