Loading ...
Sorry, an error occurred while loading the content.

Re: security hole -- anynomous user can send email from my postfix

Expand Messages
  • Charles Marcus
    ... Ok - but what about logs? When troubleshooting this kind of thing, you should always provide the logs of an attempt to do whatever is failing - this will
    Message 1 of 23 , Apr 2, 2007
    • 0 Attachment
      >>> I have done smtpd_recipient_restrictions = reject_unlisted_sender
      >>>
      >>> and now I can't send mail even as a valid user. have I done anything
      >>> wrong here ?
      >>> please suggest.

      >> Logs? postconf -n (to prove you made the changes)?
      >
      > here is postconf -n

      Ok - but what about logs? When troubleshooting this kind of thing, you
      should always provide the logs of an attempt to do whatever is failing -
      this will usually tell you what is wrong, or at least point you in the
      right direction.

      --

      Best regards,

      Charles
    • JOYDEEP
      ... log reports ... Apr 3 13:34:32 linux postfix/smtpd[8498]: dict_ldap_get_values[1]: Search found 0 match(es) Apr 3 13:34:32 linux postfix/smtpd[8498]:
      Message 2 of 23 , Apr 3, 2007
      • 0 Attachment
        Charles Marcus wrote:
        >>>> I have done smtpd_recipient_restrictions = reject_unlisted_sender
        >>>>
        >>>> and now I can't send mail even as a valid user. have I done anything
        >>>> wrong here ?
        >>>> please suggest.
        >
        >>> Logs? postconf -n (to prove you made the changes)?
        >>
        >> here is postconf -n
        >
        > Ok - but what about logs? When troubleshooting this kind of thing, you
        > should always provide the logs of an attempt to do whatever is failing
        > - this will usually tell you what is wrong, or at least point you in
        > the right direction.
        >
        log reports
        ---------------------------------
        Apr 3 13:34:32 linux postfix/smtpd[8498]: dict_ldap_get_values[1]:
        Search found 0 match(es)
        Apr 3 13:34:32 linux postfix/smtpd[8498]: dict_ldap_get_values[1]:
        Leaving dict_ldap_get_values
        Apr 3 13:34:32 linux postfix/smtpd[8498]: dict_ldap_lookup: Search
        returned nothing
        Apr 3 13:34:32 linux postfix/smtpd[8498]: maps_find:
        virtual_alias_maps: @...: not found
        Apr 3 13:34:32 linux postfix/smtpd[8498]: mail_addr_find:
        aftab@... -> (not found)
        Apr 3 13:34:32 linux postfix/smtpd[8498]: send attr request = lookup
        Apr 3 13:34:32 linux postfix/smtpd[8498]: send attr table =
        unix:passwd.byname
        Apr 3 13:34:32 linux postfix/smtpd[8498]: send attr flags = 64
        Apr 3 13:34:32 linux postfix/smtpd[8498]: send attr key =
        aftab@...
        Apr 3 13:34:32 linux postfix/smtpd[8498]: private/proxymap socket:
        wanted attribute: status
        Apr 3 13:34:32 linux postfix/smtpd[8498]: input attribute name: status
        Apr 3 13:34:32 linux postfix/smtpd[8498]: input attribute value: 1
        Apr 3 13:34:32 linux postfix/smtpd[8498]: private/proxymap socket:
        wanted attribute: value
        Apr 3 13:34:32 linux postfix/smtpd[8498]: input attribute name: value
        Apr 3 13:34:32 linux postfix/smtpd[8498]: input attribute value: (end)
        Apr 3 13:34:32 linux postfix/smtpd[8498]: private/proxymap socket:
        wanted attribute: (list terminator)
        Apr 3 13:34:32 linux postfix/smtpd[8498]: input attribute name: (end)
        Apr 3 13:34:32 linux postfix/smtpd[8498]: dict_proxy_lookup:
        table=unix:passwd.byname flags=0100 key=aftab@... ->
        status=1 result=
        Apr 3 13:34:32 linux postfix/smtpd[8498]: maps_find:
        local_recipient_maps: aftab@...: not found
        Apr 3 13:34:32 linux postfix/smtpd[8498]: send attr request = lookup
        Apr 3 13:34:32 linux postfix/smtpd[8498]: send attr table =
        unix:passwd.byname
        Apr 3 13:34:32 linux postfix/smtpd[8498]: send attr flags = 64
        Apr 3 13:34:32 linux postfix/smtpd[8498]: send attr key = aftab
        Apr 3 13:34:32 linux postfix/smtpd[8498]: private/proxymap socket:
        wanted attribute: status
        Apr 3 13:34:32 linux postfix/smtpd[8498]: input attribute name: status
        Apr 3 13:34:32 linux postfix/smtpd[8498]: input attribute value: 1
        Apr 3 13:34:32 linux postfix/smtpd[8498]: private/proxymap socket:
        wanted attribute: value
        Apr 3 13:34:32 linux postfix/smtpd[8498]: input attribute name: value
        Apr 3 13:34:32 linux postfix/smtpd[8498]: input attribute value: (end)
        Apr 3 13:34:32 linux postfix/smtpd[8498]: private/proxymap socket:
        wanted attribute: (list terminator)
        Apr 3 13:34:32 linux postfix/smtpd[8498]: input attribute name: (end)
        Apr 3 13:34:32 linux postfix/smtpd[8498]: dict_proxy_lookup:
        table=unix:passwd.byname flags=0100 key=aftab -> status=1 result=
        Apr 3 13:34:32 linux postfix/smtpd[8498]: maps_find:
        local_recipient_maps: aftab: not found
        Apr 3 13:34:32 linux postfix/smtpd[8498]: send attr request = lookup
        Apr 3 13:34:32 linux postfix/smtpd[8498]: send attr table =
        unix:passwd.byname
        Apr 3 13:34:32 linux postfix/smtpd[8498]: send attr flags = 64
        Apr 3 13:34:32 linux postfix/smtpd[8498]: send attr key =
        @...
        Apr 3 13:34:32 linux postfix/smtpd[8498]: private/proxymap socket:
        wanted attribute: status
        Apr 3 13:34:32 linux postfix/smtpd[8498]: input attribute name: status
        Apr 3 13:34:32 linux postfix/smtpd[8498]: input attribute value: 1
        Apr 3 13:34:32 linux postfix/smtpd[8498]: private/proxymap socket:
        wanted attribute: value
        Apr 3 13:34:32 linux postfix/smtpd[8498]: input attribute name: value
        Apr 3 13:34:32 linux postfix/smtpd[8498]: input attribute value: (end)
        Apr 3 13:34:32 linux postfix/smtpd[8498]: private/proxymap socket:
        wanted attribute: (list terminator)
        Apr 3 13:34:32 linux postfix/smtpd[8498]: input attribute name: (end)
        Apr 3 13:34:32 linux postfix/smtpd[8498]: dict_proxy_lookup:
        table=unix:passwd.byname flags=0100 key=@... ->
        status=1 result=
        Apr 3 13:34:32 linux postfix/smtpd[8498]: maps_find:
        local_recipient_maps: @...: not found
        Apr 3 13:34:32 linux postfix/smtpd[8498]: mail_addr_find:
        aftab@... -> (not found)
        Apr 3 13:34:32 linux postfix/smtpd[8498]: NOQUEUE: reject: RCPT from
        linux.kolkatainfoservices.in[127.0.0.1]: 550
        <aftab@...>: Sender address rejected: User unknown in
        local recipient table; from=<aftab@...>
        to=<joydeep@...> proto=ESMTP helo=<linux.kolkatainfoservices.in>
        Apr 3 13:34:32 linux postfix/smtpd[8498]: generic_checks:
        name=reject_unlisted_sender status=2
        Apr 3 13:34:32 linux postfix/smtpd[8498]: >
        linux.kolkatainfoservices.in[127.0.0.1]: 550
        <aftab@...>: Sender address rejected: User unknown in
        local recipient table
        Apr 3 13:34:32 linux postfix/smtpd[8498]: <
        linux.kolkatainfoservices.in[127.0.0.1]: DATA
        Apr 3 13:34:32 linux postfix/smtpd[8498]: >
        linux.kolkatainfoservices.in[127.0.0.1]: 554 Error: no valid recipients
        Apr 3 13:34:32 linux postfix/smtpd[8498]: <
        linux.kolkatainfoservices.in[127.0.0.1]: RSET
        Apr 3 13:34:32 linux postfix/smtpd[8498]: >
        linux.kolkatainfoservices.in[127.0.0.1]: 250 Ok
        Apr 3 13:34:32 linux postfix/smtpd[8498]: <
        linux.kolkatainfoservices.in[127.0.0.1]: QUIT
        Apr 3 13:34:32 linux postfix/smtpd[8498]: >
        linux.kolkatainfoservices.in[127.0.0.1]: 221 Bye
        Apr 3 13:34:32 linux postfix/smtpd[8498]: match_hostname:
        linux.kolkatainfoservices.in ~? 127.0.0.0/8
        Apr 3 13:34:32 linux postfix/smtpd[8498]: match_hostaddr: 127.0.0.1 ~?
        127.0.0.0/8
        Apr 3 13:34:32 linux postfix/smtpd[8498]: disconnect from
        linux.kolkatainfoservices.in[127.0.0.1]
        Apr 3 13:34:32 linux postfix/smtpd[8498]: master_notify: status 1
        Apr 3 13:34:32 linux postfix/smtpd[8498]: connection closed
        --------------------------------------------------------------------------------------------------------------------------
      • mouss
        ... so user isn t found in local_recipient_maps. is aftab in your /etc/passwd?
        Message 3 of 23 , Apr 4, 2007
        • 0 Attachment
          JOYDEEP wrote:
          > Charles Marcus wrote:
          >
          >>>>> I have done smtpd_recipient_restrictions = reject_unlisted_sender
          >>>>>
          >>>>> and now I can't send mail even as a valid user. have I done anything
          >>>>> wrong here ?
          >>>>> please suggest.
          >>>>>
          >>>> Logs? postconf -n (to prove you made the changes)?
          >>>>
          >>> here is postconf -n
          >>>
          >> Ok - but what about logs? When troubleshooting this kind of thing, you
          >> should always provide the logs of an attempt to do whatever is failing
          >> - this will usually tell you what is wrong, or at least point you in
          >> the right direction.
          >>
          >>
          > log reports
          > ---------------------------------
          > Apr 3 13:34:32 linux postfix/smtpd[8498]: dict_ldap_get_values[1]:
          > Search found 0 match(es)
          > Apr 3 13:34:32 linux postfix/smtpd[8498]: dict_ldap_get_values[1]:
          > Leaving dict_ldap_get_values
          > Apr 3 13:34:32 linux postfix/smtpd[8498]: dict_ldap_lookup: Search
          > returned nothing
          > Apr 3 13:34:32 linux postfix/smtpd[8498]: maps_find:
          > virtual_alias_maps: @...: not found
          > Apr 3 13:34:32 linux postfix/smtpd[8498]: mail_addr_find:
          > aftab@... -> (not found)
          > Apr 3 13:34:32 linux postfix/smtpd[8498]: send attr request = lookup
          > Apr 3 13:34:32 linux postfix/smtpd[8498]: send attr table =
          > unix:passwd.byname
          > Apr 3 13:34:32 linux postfix/smtpd[8498]: send attr flags = 64
          > Apr 3 13:34:32 linux postfix/smtpd[8498]: send attr key =
          > aftab@...
          > Apr 3 13:34:32 linux postfix/smtpd[8498]: private/proxymap socket:
          > wanted attribute: status
          > Apr 3 13:34:32 linux postfix/smtpd[8498]: input attribute name: status
          > Apr 3 13:34:32 linux postfix/smtpd[8498]: input attribute value: 1
          > Apr 3 13:34:32 linux postfix/smtpd[8498]: private/proxymap socket:
          > wanted attribute: value
          > Apr 3 13:34:32 linux postfix/smtpd[8498]: input attribute name: value
          > Apr 3 13:34:32 linux postfix/smtpd[8498]: input attribute value: (end)
          > Apr 3 13:34:32 linux postfix/smtpd[8498]: private/proxymap socket:
          > wanted attribute: (list terminator)
          > Apr 3 13:34:32 linux postfix/smtpd[8498]: input attribute name: (end)
          > Apr 3 13:34:32 linux postfix/smtpd[8498]: dict_proxy_lookup:
          > table=unix:passwd.byname flags=0100 key=aftab@... ->
          > status=1 result=
          > Apr 3 13:34:32 linux postfix/smtpd[8498]: maps_find:
          > local_recipient_maps: aftab@...: not found
          > Apr 3 13:34:32 linux postfix/smtpd[8498]: send attr request = lookup
          > Apr 3 13:34:32 linux postfix/smtpd[8498]: send attr table =
          > unix:passwd.byname
          > Apr 3 13:34:32 linux postfix/smtpd[8498]: send attr flags = 64
          > Apr 3 13:34:32 linux postfix/smtpd[8498]: send attr key = aftab
          > Apr 3 13:34:32 linux postfix/smtpd[8498]: private/proxymap socket:
          > wanted attribute: status
          > Apr 3 13:34:32 linux postfix/smtpd[8498]: input attribute name: status
          > Apr 3 13:34:32 linux postfix/smtpd[8498]: input attribute value: 1
          > Apr 3 13:34:32 linux postfix/smtpd[8498]: private/proxymap socket:
          > wanted attribute: value
          > Apr 3 13:34:32 linux postfix/smtpd[8498]: input attribute name: value
          > Apr 3 13:34:32 linux postfix/smtpd[8498]: input attribute value: (end)
          > Apr 3 13:34:32 linux postfix/smtpd[8498]: private/proxymap socket:
          > wanted attribute: (list terminator)
          > Apr 3 13:34:32 linux postfix/smtpd[8498]: input attribute name: (end)
          > Apr 3 13:34:32 linux postfix/smtpd[8498]: dict_proxy_lookup:
          > table=unix:passwd.byname flags=0100 key=aftab -> status=1 result=
          > Apr 3 13:34:32 linux postfix/smtpd[8498]: maps_find:
          > local_recipient_maps: aftab: not found
          >

          so user isn't found in local_recipient_maps. is "aftab" in your
          /etc/passwd?
        • JOYDEEP
          ... no; aftab is in the LDAP
          Message 4 of 23 , Apr 4, 2007
          • 0 Attachment
            mouss wrote:
            > JOYDEEP wrote:
            >> Charles Marcus wrote:
            >>
            >>>>>> I have done smtpd_recipient_restrictions = reject_unlisted_sender
            >>>>>>
            >>>>>> and now I can't send mail even as a valid user. have I done anything
            >>>>>> wrong here ?
            >>>>>> please suggest.
            >>>>>>
            >>>>> Logs? postconf -n (to prove you made the changes)?
            >>>>>
            >>>> here is postconf -n
            >>>>
            >>> Ok - but what about logs? When troubleshooting this kind of thing, you
            >>> should always provide the logs of an attempt to do whatever is failing
            >>> - this will usually tell you what is wrong, or at least point you in
            >>> the right direction.
            >>>
            >>>
            >> log reports
            >> ---------------------------------
            >> Apr 3 13:34:32 linux postfix/smtpd[8498]: dict_ldap_get_values[1]:
            >> Search found 0 match(es)
            >> Apr 3 13:34:32 linux postfix/smtpd[8498]: dict_ldap_get_values[1]:
            >> Leaving dict_ldap_get_values
            >> Apr 3 13:34:32 linux postfix/smtpd[8498]: dict_ldap_lookup: Search
            >> returned nothing
            >> Apr 3 13:34:32 linux postfix/smtpd[8498]: maps_find:
            >> virtual_alias_maps: @...: not found
            >> Apr 3 13:34:32 linux postfix/smtpd[8498]: mail_addr_find:
            >> aftab@... -> (not found)
            >> Apr 3 13:34:32 linux postfix/smtpd[8498]: send attr request = lookup
            >> Apr 3 13:34:32 linux postfix/smtpd[8498]: send attr table =
            >> unix:passwd.byname
            >> Apr 3 13:34:32 linux postfix/smtpd[8498]: send attr flags = 64
            >> Apr 3 13:34:32 linux postfix/smtpd[8498]: send attr key =
            >> aftab@...
            >> Apr 3 13:34:32 linux postfix/smtpd[8498]: private/proxymap socket:
            >> wanted attribute: status
            >> Apr 3 13:34:32 linux postfix/smtpd[8498]: input attribute name: status
            >> Apr 3 13:34:32 linux postfix/smtpd[8498]: input attribute value: 1
            >> Apr 3 13:34:32 linux postfix/smtpd[8498]: private/proxymap socket:
            >> wanted attribute: value
            >> Apr 3 13:34:32 linux postfix/smtpd[8498]: input attribute name: value
            >> Apr 3 13:34:32 linux postfix/smtpd[8498]: input attribute value: (end)
            >> Apr 3 13:34:32 linux postfix/smtpd[8498]: private/proxymap socket:
            >> wanted attribute: (list terminator)
            >> Apr 3 13:34:32 linux postfix/smtpd[8498]: input attribute name: (end)
            >> Apr 3 13:34:32 linux postfix/smtpd[8498]: dict_proxy_lookup:
            >> table=unix:passwd.byname flags=0100 key=aftab@... ->
            >> status=1 result=
            >> Apr 3 13:34:32 linux postfix/smtpd[8498]: maps_find:
            >> local_recipient_maps: aftab@...: not found
            >> Apr 3 13:34:32 linux postfix/smtpd[8498]: send attr request = lookup
            >> Apr 3 13:34:32 linux postfix/smtpd[8498]: send attr table =
            >> unix:passwd.byname
            >> Apr 3 13:34:32 linux postfix/smtpd[8498]: send attr flags = 64
            >> Apr 3 13:34:32 linux postfix/smtpd[8498]: send attr key = aftab
            >> Apr 3 13:34:32 linux postfix/smtpd[8498]: private/proxymap socket:
            >> wanted attribute: status
            >> Apr 3 13:34:32 linux postfix/smtpd[8498]: input attribute name: status
            >> Apr 3 13:34:32 linux postfix/smtpd[8498]: input attribute value: 1
            >> Apr 3 13:34:32 linux postfix/smtpd[8498]: private/proxymap socket:
            >> wanted attribute: value
            >> Apr 3 13:34:32 linux postfix/smtpd[8498]: input attribute name: value
            >> Apr 3 13:34:32 linux postfix/smtpd[8498]: input attribute value: (end)
            >> Apr 3 13:34:32 linux postfix/smtpd[8498]: private/proxymap socket:
            >> wanted attribute: (list terminator)
            >> Apr 3 13:34:32 linux postfix/smtpd[8498]: input attribute name: (end)
            >> Apr 3 13:34:32 linux postfix/smtpd[8498]: dict_proxy_lookup:
            >> table=unix:passwd.byname flags=0100 key=aftab -> status=1 result=
            >> Apr 3 13:34:32 linux postfix/smtpd[8498]: maps_find:
            >> local_recipient_maps: aftab: not found
            >>
            >
            > so user isn't found in local_recipient_maps. is "aftab" in your
            > /etc/passwd?

            no; "aftab" is in the LDAP
            >
            >
          Your message has been successfully submitted and would be delivered to recipients shortly.