Hi to all, I use ISPConfig from many years. I have a 3.0.5.2 installation. 2 weeks ago my ISP blocked my ip address 25 smpt port for spam... So I had to move my server to another Ip address and I have changed all email account password because I was scared that somebody had used them to spam without authorization... Today, looking to some logs I have read something strange: *** Dec 12 01:39:00 server1 postfix/pickup[18194]: 75D0F361204F: uid=5045 from=<[email protected]> Dec 12 01:39:00 server1 postfix/cleanup[21629]: 75D0F361204F: message-id=<[email protected]> Dec 12 01:39:00 server1 postfix/qmgr[3816]: 75D0F361204F: from=<[email protected]>, size=1212, nrcpt=1 (queue active) Dec 12 01:39:05 server1 postfix/smtpd[21676]: connect from localhost[127.0.0.1] Dec 12 01:39:05 server1 postfix/smtpd[21676]: 500303612057: client=localhost[127.0.0.1] Dec 12 01:39:05 server1 postfix/cleanup[21629]: 500303612057: message-id=<[email protected]> Dec 12 01:39:05 server1 postfix/smtpd[21676]: disconnect from localhost[127.0.0.1] Dec 12 01:39:05 server1 postfix/qmgr[3816]: 500303612057: from=<[email protected]>, size=1732, nrcpt=1 (queue active) Dec 12 01:39:05 server1 amavis[29901]: (29901-13) Passed CLEAN, <[email protected]> -> <[email protected]>, Message-ID: <[email protected]>, mail_id: tX9YG7IOCRit, Hits: 0.411, size: 1211, queued_as: 500303612057, 4837 ms Dec 12 01:39:05 server1 postfix/smtp[21633]: 75D0F361204F: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=4.9, delays=0.04/0/0/4.8, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 500303612057) Dec 12 01:39:05 server1 postfix/qmgr[3816]: 75D0F361204F: removed Dec 12 01:39:09 server1 postfix/smtp[21678]: 500303612057: to=<[email protected]>, relay=mail.porevoonline.net[176.99.6.113]:25, delay=4.6, delays=0.01/0.01/4.2/0.45, dsn=2.0.0, status=sent (250 OK id=1VqrUr-0002Cd-Oh) Dec 12 01:39:09 server1 postfix/qmgr[3816]: 500303612057: removed *** mineofduty.it is a hosted website that at now it is abandoned by his customer. taking a look in to joomla administration panel I discovered that a suspicious guest is registered in that web site and he sent some emails from that. How can I avoid to send email from joomla or any other CMS without using SMTP AUTHENTICATION? If you look to the attachment you'll see that at now anybody can send email anonymously. Can you help? THIS IS A COPY OF /etc/postfix/main.cf *** # See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = /usr/share/doc/postfix # TLS parameters smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_tls_key_file = /etc/postfix/smtpd.key smtpd_use_tls = yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. myhostname = server1.XXXXXXXXXX.it alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases myorigin = /etc/mailname mydestination = server1.XXXXXXXXXX.it, localhost, localhost.localdomain relayhost = mynetworks = 127.0.0.0/8 [::1]/128 mailbox_command = procmail -a "$EXTENSION" mailbox_size_limit = 0 message_size_limit = 0 recipient_delimiter = + inet_interfaces = all html_directory = /usr/share/doc/postfix/html virtual_alias_domains = virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf, hash:/var/lib/mailman/data/virtual-mailman virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf virtual_mailbox_base = /var/vmail virtual_uid_maps = static:5000 virtual_gid_maps = static:5000 inet_protocols = all smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination smtpd_tls_security_level = may transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf smtpd_client_message_rate_limit = 100 maildrop_destination_concurrency_limit = 1 maildrop_destination_recipient_limit = 1 virtual_transport = dovecot header_checks = regexp:/etc/postfix/header_checks mime_header_checks = regexp:/etc/postfix/mime_header_checks nested_header_checks = regexp:/etc/postfix/nested_header_checks body_checks = regexp:/etc/postfix/body_checks owner_request_special = no dovecot_destination_recipient_limit = 1 smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth content_filter = amavis:[127.0.0.1]:10024 receive_override_options = no_address_mappings
according to http://www.webhostingtalk.com/showthread.php?t=758198 I can disable phpmail function modifing the php.ini file in this way: disabled_functions = mail doing in this way, my customers are forced to send mail from SMTP server or they can send mail from their web site in another way? I'd like that they can send their newsletter only with SMTP authentication (even from their CMS)... Is it possible?
There are several ways to send mail. If you cannot use the "mail" function you can call "sendmail" directly via exec, shell_exec and so on. If this is forbidden, too, you can use fsockopen on port 25 (or whatever the local mail server listens on). If your mail server is on a different physical server you could disable the postfix daemon on your web server completely. Keep in mind that if you forbid the mail function with disable_functions you will render some of the wide-spread cms useless. Wordpress is not able to use smtp without plugin and lot's of web software may throw php errors and stop working if mail function is not existing.
Thank you for your reply: I'm asking if there is a way to "disable" the "Auth SMTP NO" option because at now any customer that install a CMS can sends email without "SMTP ACCOUNT AUTHENTICATION"... I hope I was clear this time
I understood what you meant before I just wanted to make clear that this will not be possible without blocking mails from several cms completely. If you disable unauthenticated mail sending even from the local host, mails that are sent through php mail function etc. are silently bounced and your customers won't even recognize it. And, as I said, multiple cms do not offer smtp authed mail sending without extra plugins.
According to this post http://www.howtoforge.com/forums/showthread.php?t=53828 I could try to remove the following line-code from this file /etc/postfix/main.cf : mynetworks = 127.0.0.0/8 [::1]/128 Is it correct? I'm scared that something will go bad.
Thank you very much! It works Now I have to disable "sendmail" ... According to http://serverfault.com/questions/82...il-transport-agent-from-starting-up-in-ubuntu it could be disable the "sendmail service" from startup, but I suppose that I have to remove the service "completely" according to this other post http://forum.i-mscp.net/Thread-HOWTO-DEBIAN-How-to-properly-remove-sendmail-completely ... this procedure is safe for ispconfig ? I use roundcube for my customers and if I disable or remove "sendmail service" I suppose that roundcube will not be able to send emails anymore... Is it possible to tell roundcube to use postfix or "disable sendmail" is not a good solution?
You could configure roundcube to use smtp during configuration. I don't know if removing/disabling sendmail completely will break something else on your server. But I believe it could as sendmail is used for lots of services to send mail.
I have done it, but disabling sendmail, roundcube isn't able to send email anymore... it would be great if I can disable sendmail only for "clients-part" (websites only...) I have written another post to continue this argument : http://www.howtoforge.com/forums/showthread.php?p=307536
