SMTP and POP3 RESTRICTION

Discussion in 'Installation/Configuration' started by iovo, Nov 8, 2006.

  1. iovo

    iovo New Member

    hello
    i want to make some restriction.
    i've ISPConfig instaled and work very good, but i have some sequrity hole.
    when i use php mail() from other server i can send e-mail!!!
    here is php simple code:

    ini_set("SMTP","hhh.hhh.hhh.hhh");
    mail('[email protected]', $subject, $message, $headers );

    How can i restrict that!?
    i've found somthing about this problem in internet, but i don't know that it is right:

    smtpd_recipient_restrictions =
    permit_mynetworks
    check_client_access hash:/etc/postfix/client_access
    reject_unauth_destination
    if this work, how can i maket it work with ISPConfig installation

    Thanks
     
    iovo, Nov 8, 2006
    #1
  2. fobicodam

    fobicodam New Member

    Almost sure your other server is inside your network, did you try from outside your network?
     
    fobicodam, Nov 8, 2006
    #2
  3. iovo

    iovo New Member

    Yes i did. I'm sure about that.
     
    iovo, Nov 8, 2006
    #3
  4. fobicodam

    fobicodam New Member

    Did you follow the perfect setup steps?

    The commands must be on /etc/postfix/postfix.conf (i believe) and the perfect setup put this lines inside.
     
    fobicodam, Nov 8, 2006
    #4
  5. Hans

    Hans Moderator Moderator

    Tip

    If i was you add the line:

    mynetworks = 127.0.0.0/8

    to your main.cf file.

    (If it is not there)

    This will allow email sending only from the network configured in the variable mynetworks. This is normally set to 127.0.0.0/8 which means sending is only allowed from localhost.
     
    Hans, Nov 8, 2006
    #5
  6. iovo

    iovo New Member

    readme_directory = /usr/share/doc/packages/postfix/README_FILES
    inet_protocols = all
    biff = no
    mydomain = domain.com
    myhostname = $mydomain
    smtpd_sasl_local_domain = $mydomain
    smtpd_sasl_auth_enable = yes
    mynetworks = 127.0.0.0/8
    smtpd_client_restrictions = permit_mynetworks
    smtpd_delay_reject = no

    smtpd_sasl_security_options = noanonymous
    broken_sasl_auth_clients = yes
    smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, check_relay_domains
    inet_interfaces = all
    alias_maps = hash:/etc/aliases
    smtpd_tls_auth_only = yes
    smtp_use_tls = yes
    smtpd_use_tls = yes
    smtp_tls_note_starttls_offer = yes
    smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
    smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
    smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
    smtpd_tls_loglevel = 1
    smtpd_tls_received_header = yes
    smtpd_tls_session_cache_timeout = 3600s
    tls_random_source = dev:/dev/urandom
    masquerade_domains = $mydomain


    here is my main.cf

    everything is as perfect setup
     
    iovo, Nov 8, 2006
    #6
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    Thats correct so far. Please check with a relay test if your server is really relaying mail:

    http://www.abuse.net/relay.html

    Please post the output of:

    postconf -n | grep mynetworks
     
    till, Nov 9, 2006
    #7

Share This Page