Loading ...
Sorry, an error occurred while loading the content.

smtp auth

Expand Messages
  • Federico Nan
    Hi, i want to auth my posftix against a AD2003, its that possible? sorry my english! -- Federico Nan Nantec.net federico@nantec.net
    Message 1 of 12 , Nov 29, 2007
    • 0 Attachment
      Hi, i want to auth my posftix against a AD2003, its that possible?

      sorry my english!



      --
      Federico Nan
      Nantec.net
      federico@...
    • Patrick Ben Koetter
      ... Rumor has it that Cyrus SASL is able to proxy authentication request to WinNT, Win2K, Samba, etc. as documented in options.html. This HTML page in the
      Message 2 of 12 , Nov 29, 2007
      • 0 Attachment
        * Federico Nan <federico@...>:
        > Hi, i want to auth my posftix against a AD2003, its that possible?

        Rumor has it that Cyrus SASL is able to proxy authentication request to WinNT,
        Win2K, Samba, etc. as documented in options.html. This HTML page in the Cyrus
        SASL documentation lists the ntlm_server parameter to do that.

        How it is done is left to your patience. I have not tried it before and I have
        no idea how it would be done.

        p@rick




        >
        > sorry my english!
        >
        >
        >
        > --
        > Federico Nan
        > Nantec.net
        > federico@...

        --
        The Book of Postfix
        <http://www.postfix-book.com>
        saslfinger (debugging SMTP AUTH):
        <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
      • Fabrizio Monti
        hello to all, I can not understand: I would like to enable authentication on port 25 to prevent my server was used as a free smtp, I configured, by the book,
        Message 3 of 12 , Jun 25, 2013
        • 0 Attachment
          hello to all,
          I can not understand: I would like to enable authentication on port 25 to prevent my server was used as a free smtp, I configured, by the book, postfix, if I connect to telnet gives me back

          Escape character is '^]'.
          220 example.com ESMTP Postfix
          ehlo example.com
          250-test.example.com
          250-PIPELINING
          250-SIZE 15360000
          250-VRFY
          250-ETRN
          250-STARTTLS
          250-AUTH PLAIN LOGIN
          250-AUTH=PLAIN LOGIN
          250-ENHANCEDSTATUSCODES
          250-8BITMIME
          250 DSN


          but when I try to send mail from client using port 25 without authentication and sends the email to me, I do not want this, I do not want it to work! Where am I doing wrong? Risce someone to tell me where I'm wrong?


          this is configuration of main.cf:

          smtpd_sasl_auth_enable = yes
          broken_sasl_auth_clients = yes
          smtpd_sasl_type = dovecot
          smtpd_sasl_path = private/auth
          smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
          #
          smtpd_tls_key_file = /etc/postfix/cert/smtpd.key
          smtpd_tls_cert_file = /etc/postfix/cert/smtpd.crt
          smtpd_tls_CAfile = /etc/postfix/cert/cacert.pem
          smtpd_use_tls=yes
          smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
          smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
          smtpd_tls_loglevel = 1

          this is configuration of master.cf

          smtp      inet  n       -       n       -       -       smtpd
          submission inet n - - - - smtpd
            -o smtpd_tls_security_level=encrypt
            -o smtpd_sasl_auth_enable=yes
            -o smtpd_sasl_type=dovecot
            -o smtpd_sasl_path=private/auth
            -o smtpd_sasl_security_options=noanonymous
            -o smtpd_sasl_local_domain=$myhostname
            -o smtpd_client_restrictions=permit_sasl_authenticated,reject
            -o smtpd_sender_login_maps=ldap:/etc/postfix/ldap-user.cf
            -o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject




          Thanks a lot,
          Fabrizio.

        • Fabrizio Monti
          All this because I have problems with my mail server, I have been using as smtp relay, how can I prevent sending email on port 25 and at the same time able to
          Message 4 of 12 , Jun 25, 2013
          • 0 Attachment
            All this because I have problems with my mail server, I have been using as smtp relay, how can I prevent sending email on port 25 and at the same time able to receive mail on port 25?


            2013/6/25 Fabrizio Monti <thefantaman@...>
            hello to all,
            I can not understand: I would like to enable authentication on port 25 to prevent my server was used as a free smtp, I configured, by the book, postfix, if I connect to telnet gives me back

            Escape character is '^]'.
            220 example.com ESMTP Postfix
            ehlo example.com
            250-test.example.com
            250-PIPELINING
            250-SIZE 15360000
            250-VRFY
            250-ETRN
            250-STARTTLS
            250-AUTH PLAIN LOGIN
            250-AUTH=PLAIN LOGIN
            250-ENHANCEDSTATUSCODES
            250-8BITMIME
            250 DSN


            but when I try to send mail from client using port 25 without authentication and sends the email to me, I do not want this, I do not want it to work! Where am I doing wrong? Risce someone to tell me where I'm wrong?


            this is configuration of main.cf:

            smtpd_sasl_auth_enable = yes
            broken_sasl_auth_clients = yes
            smtpd_sasl_type = dovecot
            smtpd_sasl_path = private/auth
            smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
            #
            smtpd_tls_key_file = /etc/postfix/cert/smtpd.key
            smtpd_tls_cert_file = /etc/postfix/cert/smtpd.crt
            smtpd_tls_CAfile = /etc/postfix/cert/cacert.pem
            smtpd_use_tls=yes
            smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
            smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
            smtpd_tls_loglevel = 1

            this is configuration of master.cf

            smtp      inet  n       -       n       -       -       smtpd
            submission inet n - - - - smtpd
              -o smtpd_tls_security_level=encrypt
              -o smtpd_sasl_auth_enable=yes
              -o smtpd_sasl_type=dovecot
              -o smtpd_sasl_path=private/auth
              -o smtpd_sasl_security_options=noanonymous
              -o smtpd_sasl_local_domain=$myhostname
              -o smtpd_client_restrictions=permit_sasl_authenticated,reject
              -o smtpd_sender_login_maps=ldap:/etc/postfix/ldap-user.cf
              -o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject




            Thanks a lot,
            Fabrizio.


          • Jerry
            On Tue, 25 Jun 2013 12:15:28 +0200 ... [snip] ... Please don t use HTML format to send email. Plain ASCII is preferred. While you are at it, lose the the
            Message 5 of 12 , Jun 25, 2013
            • 0 Attachment
              On Tue, 25 Jun 2013 12:15:28 +0200
              Fabrizio Monti articulated:

              > > hello to all,
              > > I can not understand: I would like to enable authentication on port
              > > 25 to prevent my server was used as a free smtp, I configured, by
              > > the book, postfix, if I connect to telnet gives me back
              > >
              > > Escape character is '^]'.
              > > 220 example.com ESMTP Postfix
              > > ehlo example.com
              > > 250-test.example.com
              > > 250-PIPELINING
              > > 250-SIZE 15360000
              > > 250-VRFY
              > > 250-ETRN
              > > 250-STARTTLS
              > > 250-AUTH PLAIN LOGIN
              > > 250-AUTH=PLAIN LOGIN
              > > 250-ENHANCEDSTATUSCODES
              > > 250-8BITMIME
              > > 250 DSN
              > >
              > > but when I try to send mail from client using port 25 without
              > > authentication and sends the email to me, I do not want this, I do
              > > not want it to work! Where am I doing wrong? Risce someone to tell
              > > me where I'm wrong?
              > >
              > >
              > > this is configuration of main.cf:

              [snip]

              > All this because I have problems with my mail server, I have been
              > using as smtp relay, how can I prevent sending email on port 25 and
              > at the same time able to receive mail on port 25?

              Please don't use HTML format to send email. Plain ASCII is preferred.
              While you are at it, lose the the tendency to top post. Now, please
              follow the directions you received when you signed up for this list.
              Provide the unaltered output of "postconf -n", not a few select bits.
              See: <http://www.postfix.com/DEBUG_README.html> and specifically,
              <http://www.postfix.com/DEBUG_README.html#mail>.

              --
              Jerry ✌
              postfix-user@...
              _____________________________________________________________________
              TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail
              TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html
            • Patrick Ben Koetter
              Fabrizio, ... the purpose of an SMTP server is to accept messages for your domains and e.g. route them into your mailbox. There s nothing wrong with this.
              Message 6 of 12 , Jun 25, 2013
              • 0 Attachment
                Fabrizio,

                * Fabrizio Monti <thefantaman@...>:
                > hello to all,
                > I can not understand: I would like to enable authentication on port 25
                > to prevent
                > my server was used as a free smtp, I configured, by the book, postfix, if I
                > connect to telnet gives me back
                >
                > Escape character is '^]'.
                > 220 example.com ESMTP Postfix
                > ehlo example.com
                > 250-test.example.com
                > 250-PIPELINING
                > 250-SIZE 15360000
                > 250-VRFY
                > 250-ETRN
                > 250-STARTTLS
                > 250-AUTH PLAIN LOGIN
                > 250-AUTH=PLAIN LOGIN
                > 250-ENHANCEDSTATUSCODES
                > 250-8BITMIME
                > 250 DSN
                >
                >
                > but when I try to send mail from client using port 25 without authentication
                > and sends the email to me, I do not want this, I do not want it to work!
                > Where am I doing wrong? Risce someone to tell me where I'm wrong?

                the purpose of an SMTP server is to accept messages for your domains and e.g.
                route them into your mailbox. There's nothing wrong with this.

                p@rick

                --
                [*] sys4 AG

                http://sys4.de, +49 (89) 30 90 46 64
                Franziskanerstraße 15, 81669 München

                Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
                Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
                Aufsichtsratsvorsitzender: Florian Kirstein
              • Fabrizio Monti
                @Jerry ... Sorry, correct it immediately. postconf -n alias_database = hash:/etc/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin
                Message 7 of 12 , Jun 25, 2013
                • 0 Attachment
                  @Jerry

                  >Please don't use HTML format to send email. Plain ASCII is preferred.
                  Sorry, correct it immediately.


                  postconf -n

                  alias_database = hash:/etc/aliases
                  broken_sasl_auth_clients = yes
                  command_directory = /usr/sbin
                  config_directory = /etc/postfix
                  daemon_directory = /usr/libexec/postfix
                  data_directory = /var/lib/postfix
                  debug_peer_level = 2
                  html_directory = no
                  inet_protocols = all
                  mail_owner = postfix
                  mailq_path = /usr/bin/mailq.postfix
                  manpage_directory = /usr/share/man
                  message_size_limit = 15360000
                  mydestination = localhost
                  myhostname = mail3.gisnet.it
                  newaliases_path = /usr/bin/newaliases.postfix
                  queue_directory = /var/spool/postfix
                  readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
                  relay_domains = /etc/postfix/rcpthosts
                  sample_directory = /usr/share/doc/postfix-2.6.6/samples
                  sendmail_path = /usr/sbin/sendmail.postfix
                  setgid_group = postdrop
                  smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
                  smtpd_recipient_restrictions = permit_mynetworks,
                  permit_sasl_authenticated, rej
                  ect_unauth_destination
                  smtpd_sasl_auth_enable = yes
                  smtpd_sasl_path = private/auth
                  smtpd_sasl_type = dovecot
                  smtpd_tls_CAfile = /etc/postfix/cert/cacert.pem
                  smtpd_tls_cert_file = /etc/postfix/cert/smtpd.crt
                  smtpd_tls_key_file = /etc/postfix/cert/smtpd.key
                  smtpd_tls_loglevel = 1
                  smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
                  smtpd_use_tls = yes
                  transport_maps = hash:/etc/postfix/transport
                  unknown_local_recipient_reject_code = 550
                  virtual_alias_maps = ldap:/etc/postfix/ldap-virtual-alias-maps.cf
                  virtual_gid_maps = static:8135
                  virtual_mailbox_base = /home/vmail
                  virtual_minimum_uid = 100
                  virtual_uid_maps = static:8135

                  @Patrick

                  > the purpose of an SMTP server is to accept messages for your domains and e.g.
                  > route them into your mailbox. There's nothing wrong with this.

                  is my English is bad, I have not explained well. I want my postfix
                  mail server is an authenticated smtp. In practice now if you configure
                  the SMTP client with my server on port 25 with no authentication you
                  can use it. Are using it to send spam.
                • Simon B
                  ... and e.g. ... On port 25 you accept only mail you are responsible for. On port 587 you accept any mail as long as it s authenticated. If people are sending
                  Message 8 of 12 , Jun 25, 2013
                  • 0 Attachment


                    On 25 Jun 2013 15:04, "Fabrizio Monti" <thefantaman@...> wrote:
                    >
                    > @Jerry
                    >
                    > >Please don't use HTML format to send email. Plain ASCII is preferred.
                    > Sorry, correct it immediately.
                    >
                    >
                    > postconf -n
                    >
                    > alias_database = hash:/etc/aliases
                    > broken_sasl_auth_clients = yes
                    > command_directory = /usr/sbin
                    > config_directory = /etc/postfix
                    > daemon_directory = /usr/libexec/postfix
                    > data_directory = /var/lib/postfix
                    > debug_peer_level = 2
                    > html_directory = no
                    > inet_protocols = all
                    > mail_owner = postfix
                    > mailq_path = /usr/bin/mailq.postfix
                    > manpage_directory = /usr/share/man
                    > message_size_limit = 15360000
                    > mydestination = localhost
                    > myhostname = mail3.gisnet.it
                    > newaliases_path = /usr/bin/newaliases.postfix
                    > queue_directory = /var/spool/postfix
                    > readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
                    > relay_domains = /etc/postfix/rcpthosts
                    > sample_directory = /usr/share/doc/postfix-2.6.6/samples
                    > sendmail_path = /usr/sbin/sendmail.postfix
                    > setgid_group = postdrop
                    > smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
                    > smtpd_recipient_restrictions = permit_mynetworks,
                    > permit_sasl_authenticated, rej
                    > ect_unauth_destination
                    > smtpd_sasl_auth_enable = yes
                    > smtpd_sasl_path = private/auth
                    > smtpd_sasl_type = dovecot
                    > smtpd_tls_CAfile = /etc/postfix/cert/cacert.pem
                    > smtpd_tls_cert_file = /etc/postfix/cert/smtpd.crt
                    > smtpd_tls_key_file = /etc/postfix/cert/smtpd.key
                    > smtpd_tls_loglevel = 1
                    > smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
                    > smtpd_use_tls = yes
                    > transport_maps = hash:/etc/postfix/transport
                    > unknown_local_recipient_reject_code = 550
                    > virtual_alias_maps = ldap:/etc/postfix/ldap-virtual-alias-maps.cf
                    > virtual_gid_maps = static:8135
                    > virtual_mailbox_base = /home/vmail
                    > virtual_minimum_uid = 100
                    > virtual_uid_maps = static:8135
                    >
                    > @Patrick
                    >
                    > > the purpose of an SMTP server is to accept messages for your domains and e.g.
                    > > route them into your mailbox. There's nothing wrong with this.
                    >
                    > is my English is bad, I have not explained well. I want my postfix
                    > mail server is an authenticated smtp. In practice now if you configure
                    > the SMTP client with my server on port 25 with no authentication you
                    > can use it. Are using it to send spam.

                    On port 25 you accept only mail you are responsible for.

                    On port 587 you accept any mail as long as it's authenticated.

                    If people are sending spam through port 25, you're an open relay. Smtp auth is not the answer you want.

                    Simon

                  • Wietse Venema
                    ... If you don t want to receive mail from the Internet, turn off the port 25 (smtp) service in master.cf. /etc/postfix/master.cf: #smtp inet n -
                    Message 9 of 12 , Jun 25, 2013
                    • 0 Attachment
                      Fabrizio Monti:
                      > > but when I try to send mail from client using port 25 without
                      > > authentication and sends the email to me, I do not want this, I do not
                      > > want it to work! Where am I doing wrong? Risce someone to tell me where
                      > > I'm wrong?

                      If you don't want to receive mail from the Internet, turn off the
                      port 25 (smtp) service in master.cf.

                      /etc/postfix/master.cf:
                      #smtp inet n - n - - smtpd

                      Use the master.cf port 25 (smtp) service to receive and deliver
                      mail for your domain from the Internet.

                      Use the master.cf port 587 (submission) service to receive (and
                      relay or deliver) mail from authenticated users.

                      Wietse
                    • Fabrizio Monti
                      Ok, thanks to everyone for their helpful advice, were all valuable. I did some testing and I determined that if I configure the SMTP mail client on port 25 can
                      Message 10 of 12 , Jun 27, 2013
                      • 0 Attachment
                        Ok, thanks to everyone for their helpful advice, were all valuable. I
                        did some testing and I determined that if I configure the SMTP mail
                        client on port 25 can send e-mails only for my domains. But if I
                        connect to telnet on port 25 I can send emails to all the domains. I
                        can stop this?
                      • /dev/rob0
                        ... First, that does not make sense. Telnet on port 25 is the same as any MUA, it s just a means to speak SMTP to a SMTP server. There s no fundamental
                        Message 11 of 12 , Jun 27, 2013
                        • 0 Attachment
                          On Thu, Jun 27, 2013 at 09:51:50AM +0200, Fabrizio Monti wrote:
                          > I did some testing and I determined that if I configure the SMTP
                          > mail client on port 25 can send e-mails only for my domains.
                          > But if I connect to telnet on port 25 I can send emails to all
                          > the domains. I can stop this?

                          First, that does not make sense. "Telnet on port 25" is the same as
                          any MUA, it's just a means to speak SMTP to a SMTP server. There's
                          no fundamental difference between a MUA and someone using telnet to
                          speak SMTP, except perhaps that the MUA is faster and makes no
                          errors.

                          Second, IIUC what you are saying, it could be that the MUA is
                          configured to AUTH, and when AUTH is refused it rightly goes away.
                          I'll go further to venture a guess that your telnet client's IP
                          address is in $mynetworks, and that you neglected to remove
                          "permit_mynetworks" from your recipient (or relay) restrictions.

                          We have no way to see what you have configured! We can't read your
                          logs. If you want help you have to SHOW us these things.

                          http://www.postfix.org/DEBUG_README.html#mail

                          See also:

                          http://www.postfix.org/BASIC_CONFIGURATION_README.html#relay_from
                          http://www.postfix.org/postconf.5.html#permit_mynetworks

                          http://www.postfix.org/SASL_README.html#server_sasl_authz
                          --
                          http://rob0.nodns4.us/ -- system administration and consulting
                          Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
                        • Fabrizio Monti
                          @/dev/rob0, you re right that it makes no sense: I wrote a huge stupid, it s working properly!! You ignore the previous email, now go outside and get some
                          Message 12 of 12 , Jun 27, 2013
                          • 0 Attachment
                            @/dev/rob0, you're right that it makes no sense: I wrote a huge
                            stupid, it's working properly!! You ignore the previous email, now go
                            outside and get some fresh air, but I take so much!!!

                            Thank you so much to all of the aid that you gave me!

                            2013/6/27 /dev/rob0 <rob0@...>:
                            > On Thu, Jun 27, 2013 at 09:51:50AM +0200, Fabrizio Monti wrote:
                            >> I did some testing and I determined that if I configure the SMTP
                            >> mail client on port 25 can send e-mails only for my domains.
                            >> But if I connect to telnet on port 25 I can send emails to all
                            >> the domains. I can stop this?
                            >
                            > First, that does not make sense. "Telnet on port 25" is the same as
                            > any MUA, it's just a means to speak SMTP to a SMTP server. There's
                            > no fundamental difference between a MUA and someone using telnet to
                            > speak SMTP, except perhaps that the MUA is faster and makes no
                            > errors.
                            >
                            > Second, IIUC what you are saying, it could be that the MUA is
                            > configured to AUTH, and when AUTH is refused it rightly goes away.
                            > I'll go further to venture a guess that your telnet client's IP
                            > address is in $mynetworks, and that you neglected to remove
                            > "permit_mynetworks" from your recipient (or relay) restrictions.
                            >
                            > We have no way to see what you have configured! We can't read your
                            > logs. If you want help you have to SHOW us these things.
                            >
                            > http://www.postfix.org/DEBUG_README.html#mail
                            >
                            > See also:
                            >
                            > http://www.postfix.org/BASIC_CONFIGURATION_README.html#relay_from
                            > http://www.postfix.org/postconf.5.html#permit_mynetworks
                            >
                            > http://www.postfix.org/SASL_README.html#server_sasl_authz
                            > --
                            > http://rob0.nodns4.us/ -- system administration and consulting
                            > Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
                          Your message has been successfully submitted and would be delivered to recipients shortly.