I have follow your instruction on http://www.howtoforge.com/virtual_users_and_domains_with_postfix_debian_etch and it's works GREAT! However I got few questions 1. User still able to sending email without auth 2. When I tried to use option My outgoing smtp requires auth, I can't send email thank's before for your help
if you have: postconf -e 'smtpd_sasl_auth_enable = yes' postconf -e 'broken_sasl_auth_clients = yes' postconf -e 'smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination' in your postix config then you shouldn't be able to send mail without auth and enabling My outgoing smtp requires auth should work
Authentication is not needed if - you're sending emails to recipients on that server - you're logged in on that server (for example by using webmail) - are sending from an IP address listed in mynetworks in /etc/postfix/main.cf. What's in your mail log?
on main.cf, i only set mynetworks to 127.0.0.1/8 I'm sending using outlook If sending to onother email such as yahoo.com, mail.log shows me Relay access denied --> seems to be good But if I using same auth, can't send email. Nov 3 09:28:06 mp-fs-13 postfix/smtpd[23876]: connect from unknown[my.ip.address] Nov 3 09:28:06 mp-fs-13 postfix/smtpd[23876]: lost connection after UNKNOWN from unknown[my.ip.address] Nov 3 09:28:06 mp-fs-13 postfix/smtpd[23876]: disconnect from unknown[my.ip.address]
here's the output on postconf -n Code: alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no broken_sasl_auth_clients = yes config_directory = /etc/postfix inet_interfaces = all mailbox_command = procmail -a "$EXTENSION" mailbox_size_limit = 0 mydestination = localhost, localhost.localdomain myhostname = my.domain.com mynetworks = 127.0.0.0/8 myorigin = /etc/mailname proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps recipient_delimiter = + relayhost = smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_tls_key_file = /etc/postfix/smtpd.key smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache smtpd_use_tls = yes transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf virtual_alias_domains = virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf virtual_gid_maps = static:5000 virtual_mailbox_base = /home/vmail virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf virtual_uid_maps = static:5000
Nothing else. What we got is only Code: Nov 3 09:28:06 mp-fs-13 postfix/smtpd[23876]: connect from unknown[my.ip.address] Nov 3 09:28:06 mp-fs-13 postfix/smtpd[23876]: lost connection after UNKNOWN from unknown[my.ip.address] Nov 3 09:28:06 mp-fs-13 postfix/smtpd[23876]: disconnect from unknown[my.ip.address]
Code: mp-fs-13:~# telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 my.hostname.com ESMTP Postfix (Debian/GNU) ehlo localhost 250-my.hostname.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH LOGIN PLAIN 250-AUTH=LOGIN PLAIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN quit 221 2.0.0 Bye Connection closed by foreign host.
Yes already for many times. Seems that the email program can't auth to the server. I tried to auth by telnet localhost 25 it's auth-ing succesfully
Not sure what it is, but I'd compare all configuration files with the ones from the tutorial again. Maybe there's a small typo somewhere.
also my postfix is being used for spam Note : I removed 127.0.0.1 from my networks. Because I don't use webmail at all here's what I found on logs Code: Nov 11 14:45:20 mp-fs-13 postfix/smtpd[17200]: lost connection after DATA from localhost[127.0.0.1] Nov 11 14:45:20 mp-fs-13 postfix/smtpd[17200]: disconnect from localhost[127.0.0.1] Nov 11 14:45:59 mp-fs-13 postfix/smtpd[17200]: connect from localhost[127.0.0.1] Nov 11 14:46:42 mp-fs-13 postfix/smtpd[17200]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 554 5.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<127.0.0.1> Nov 11 14:46:48 mp-fs-13 postfix/smtpd[17200]: disconnect from localhost[127.0.0.1] Nov 11 14:47:12 mp-fs-13 postfix/smtpd[17260]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 554 5.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<gdiqbjvu> Nov 11 14:47:12 mp-fs-13 postfix/smtpd[17260]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 554 5.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<gdiqbjvu> Nov 11 14:47:12 mp-fs-13 postfix/smtpd[17260]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 554 5.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<gdiqbjvu> Nov 11 14:47:12 mp-fs-13 postfix/smtpd[17260]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 554 5.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<gdiqbjvu> Nov 11 14:47:12 mp-fs-13 postfix/smtpd[17260]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 554 5.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<gdiqbjvu> Nov 11 14:47:12 mp-fs-13 postfix/smtpd[17260]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 554 5.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<gdiqbjvu> Nov 11 14:47:12 mp-fs-13 postfix/smtpd[17260]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 554 5.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<gdiqbjvu> Nov 11 14:47:12 mp-fs-13 postfix/smtpd[17260]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 554 5.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<gdiqbjvu> Nov 11 14:47:12 mp-fs-13 postfix/smtpd[17260]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 554 5.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<gdiqbjvu> Nov 11 14:47:18 mp-fs-13 postfix/smtpd[17260]: lost connection after DATA from localhost[127.0.0.1] Nov 11 14:47:18 mp-fs-13 postfix/smtpd[17260]: disconnect from localhost[127.0.0.1] It seems there's a hole inside the server? So that the user can send email from localhost?
It says Relay access denied which means spammers tried to abuse your server, but they did not succeed. Nothing to worry about here.
Yes I don't care about that.. It's because I removed 127.0.0.1 from mynetwork. So how about the authentication issue? I do saslfinger -c here's the output Code: saslfinger - postfix Cyrus sasl configuration Thu Nov 13 16:44:01 WIT 2008 version: 1.0.2 mode: client-side SMTP AUTH -- basics -- Postfix: 2.3.8 System: Debian GNU/Linux 4.0 \n \l -- smtp is linked to -- libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7dbe000) -- active SMTP AUTH and TLS parameters for smtp -- relayhost = smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache -- listing of /usr/lib/sasl2 -- total 791 drwxr-xr-x 2 root root 1392 2008-09-29 09:12 . drwxr-xr-x 54 root root 14504 2008-11-12 15:24 .. -rw-r--r-- 1 root root 13304 2006-12-14 04:26 libanonymous.a -rw-r--r-- 1 root root 855 2006-12-14 04:26 libanonymous.la -rw-r--r-- 1 root root 12844 2006-12-14 04:26 libanonymous.so -rw-r--r-- 1 root root 12844 2006-12-14 04:26 libanonymous.so.2 -rw-r--r-- 1 root root 12844 2006-12-14 04:26 libanonymous.so.2.0.22 -rw-r--r-- 1 root root 15502 2006-12-14 04:26 libcrammd5.a -rw-r--r-- 1 root root 841 2006-12-14 04:26 libcrammd5.la -rw-r--r-- 1 root root 15052 2006-12-14 04:26 libcrammd5.so -rw-r--r-- 1 root root 15052 2006-12-14 04:26 libcrammd5.so.2 -rw-r--r-- 1 root root 15052 2006-12-14 04:26 libcrammd5.so.2.0.22 -rw-r--r-- 1 root root 46320 2006-12-14 04:26 libdigestmd5.a -rw-r--r-- 1 root root 864 2006-12-14 04:26 libdigestmd5.la -rw-r--r-- 1 root root 43040 2006-12-14 04:26 libdigestmd5.so -rw-r--r-- 1 root root 43040 2006-12-14 04:26 libdigestmd5.so.2 -rw-r--r-- 1 root root 43040 2006-12-14 04:26 libdigestmd5.so.2.0.22 -rw-r--r-- 1 root root 13482 2006-12-14 04:26 liblogin.a -rw-r--r-- 1 root root 835 2006-12-14 04:26 liblogin.la -rw-r--r-- 1 root root 13384 2006-12-14 04:26 liblogin.so -rw-r--r-- 1 root root 13384 2006-12-14 04:26 liblogin.so.2 -rw-r--r-- 1 root root 13384 2006-12-14 04:26 liblogin.so.2.0.22 -rw-r--r-- 1 root root 29300 2006-12-14 04:26 libntlm.a -rw-r--r-- 1 root root 829 2006-12-14 04:26 libntlm.la -rw-r--r-- 1 root root 28776 2006-12-14 04:26 libntlm.so -rw-r--r-- 1 root root 28776 2006-12-14 04:26 libntlm.so.2 -rw-r--r-- 1 root root 28776 2006-12-14 04:26 libntlm.so.2.0.22 -rw-r--r-- 1 root root 13818 2006-12-14 04:26 libplain.a -rw-r--r-- 1 root root 835 2006-12-14 04:26 libplain.la -rw-r--r-- 1 root root 13992 2006-12-14 04:26 libplain.so -rw-r--r-- 1 root root 13992 2006-12-14 04:26 libplain.so.2 -rw-r--r-- 1 root root 13992 2006-12-14 04:26 libplain.so.2.0.22 -rw-r--r-- 1 root root 21726 2006-12-14 04:26 libsasldb.a -rw-r--r-- 1 root root 856 2006-12-14 04:25 libsasldb.la -rw-r--r-- 1 root root 17980 2006-12-14 04:26 libsasldb.so -rw-r--r-- 1 root root 17980 2006-12-14 04:26 libsasldb.so.2 -rw-r--r-- 1 root root 17980 2006-12-14 04:26 libsasldb.so.2.0.22 -rw-r--r-- 1 root root 23576 2006-12-14 04:26 libsql.a -rw-r--r-- 1 root root 964 2006-12-14 04:26 libsql.la -rw-r--r-- 1 root root 23072 2006-12-14 04:26 libsql.so -rw-r--r-- 1 root root 23072 2006-12-14 04:26 libsql.so.2 -rw-r--r-- 1 root root 23072 2006-12-14 04:26 libsql.so.2.0.22 [B]Cannot find the smtp_sasl_password_maps parameter in main.cf. Client-side SMTP AUTH cannot work without this parameter![/B] How can I fix this?
Yes already.. here's the full config of main.cf file Code: # See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) biff = no # appending .domain is the MUA's job. append_dot_mydomain = yes # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h # TLS parameters smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_tls_key_file = /etc/postfix/smtpd.key smtpd_use_tls = yes smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. myhostname = xmail.seleb.tv alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = localhost, localhost.localdomain relayhost = mynetworks = 10.50.12.0/24 mailbox_command = procmail -a "$EXTENSION" mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all virtual_alias_domains = virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf virtual_mailbox_base = /home/vmail virtual_uid_maps = static:5000 virtual_gid_maps = static:5000 smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = $myhostname smtpd_error_sleep_time = 5s smtpd_soft_error_limit = 10 smtpd_hard_error_limit = 20 smtpd_data_restrictions = reject_unauth_pipelining smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination broken_sasl_auth_clients = yes transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf virtual_create_maildirsize = yes virtual_mailbox_extended = yes virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf virtual_mailbox_limit_override = yes virtual_maildir_limit_message = "The user you are trying to reach is over quota." virtual_overquota_bounce = yes proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps mydomain = my.domain.com Is there somethink I'm missing?
on /etc/pam.d/smtp Code: auth required pam_mysql.so user=mail_admin passwd=mail_admin_password host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1 account sufficient pam_mysql.so user=mail_admin passwd=mail_admin_password host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1
