Loading ...
Sorry, an error occurred while loading the content.

Re: smtp auth

Expand Messages
  • Jerry
    On Tue, 25 Jun 2013 12:15:28 +0200 ... [snip] ... Please don t use HTML format to send email. Plain ASCII is preferred. While you are at it, lose the the
    Message 1 of 12 , Jun 25, 2013
    • 0 Attachment
      On Tue, 25 Jun 2013 12:15:28 +0200
      Fabrizio Monti articulated:

      > > hello to all,
      > > I can not understand: I would like to enable authentication on port
      > > 25 to prevent my server was used as a free smtp, I configured, by
      > > the book, postfix, if I connect to telnet gives me back
      > >
      > > Escape character is '^]'.
      > > 220 example.com ESMTP Postfix
      > > ehlo example.com
      > > 250-test.example.com
      > > 250-PIPELINING
      > > 250-SIZE 15360000
      > > 250-VRFY
      > > 250-ETRN
      > > 250-STARTTLS
      > > 250-AUTH PLAIN LOGIN
      > > 250-AUTH=PLAIN LOGIN
      > > 250-ENHANCEDSTATUSCODES
      > > 250-8BITMIME
      > > 250 DSN
      > >
      > > but when I try to send mail from client using port 25 without
      > > authentication and sends the email to me, I do not want this, I do
      > > not want it to work! Where am I doing wrong? Risce someone to tell
      > > me where I'm wrong?
      > >
      > >
      > > this is configuration of main.cf:

      [snip]

      > All this because I have problems with my mail server, I have been
      > using as smtp relay, how can I prevent sending email on port 25 and
      > at the same time able to receive mail on port 25?

      Please don't use HTML format to send email. Plain ASCII is preferred.
      While you are at it, lose the the tendency to top post. Now, please
      follow the directions you received when you signed up for this list.
      Provide the unaltered output of "postconf -n", not a few select bits.
      See: <http://www.postfix.com/DEBUG_README.html> and specifically,
      <http://www.postfix.com/DEBUG_README.html#mail>.

      --
      Jerry ✌
      postfix-user@...
      _____________________________________________________________________
      TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail
      TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html
    • Patrick Ben Koetter
      Fabrizio, ... the purpose of an SMTP server is to accept messages for your domains and e.g. route them into your mailbox. There s nothing wrong with this.
      Message 2 of 12 , Jun 25, 2013
      • 0 Attachment
        Fabrizio,

        * Fabrizio Monti <thefantaman@...>:
        > hello to all,
        > I can not understand: I would like to enable authentication on port 25
        > to prevent
        > my server was used as a free smtp, I configured, by the book, postfix, if I
        > connect to telnet gives me back
        >
        > Escape character is '^]'.
        > 220 example.com ESMTP Postfix
        > ehlo example.com
        > 250-test.example.com
        > 250-PIPELINING
        > 250-SIZE 15360000
        > 250-VRFY
        > 250-ETRN
        > 250-STARTTLS
        > 250-AUTH PLAIN LOGIN
        > 250-AUTH=PLAIN LOGIN
        > 250-ENHANCEDSTATUSCODES
        > 250-8BITMIME
        > 250 DSN
        >
        >
        > but when I try to send mail from client using port 25 without authentication
        > and sends the email to me, I do not want this, I do not want it to work!
        > Where am I doing wrong? Risce someone to tell me where I'm wrong?

        the purpose of an SMTP server is to accept messages for your domains and e.g.
        route them into your mailbox. There's nothing wrong with this.

        p@rick

        --
        [*] sys4 AG

        http://sys4.de, +49 (89) 30 90 46 64
        Franziskanerstraße 15, 81669 München

        Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
        Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
        Aufsichtsratsvorsitzender: Florian Kirstein
      • Fabrizio Monti
        @Jerry ... Sorry, correct it immediately. postconf -n alias_database = hash:/etc/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin
        Message 3 of 12 , Jun 25, 2013
        • 0 Attachment
          @Jerry

          >Please don't use HTML format to send email. Plain ASCII is preferred.
          Sorry, correct it immediately.


          postconf -n

          alias_database = hash:/etc/aliases
          broken_sasl_auth_clients = yes
          command_directory = /usr/sbin
          config_directory = /etc/postfix
          daemon_directory = /usr/libexec/postfix
          data_directory = /var/lib/postfix
          debug_peer_level = 2
          html_directory = no
          inet_protocols = all
          mail_owner = postfix
          mailq_path = /usr/bin/mailq.postfix
          manpage_directory = /usr/share/man
          message_size_limit = 15360000
          mydestination = localhost
          myhostname = mail3.gisnet.it
          newaliases_path = /usr/bin/newaliases.postfix
          queue_directory = /var/spool/postfix
          readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
          relay_domains = /etc/postfix/rcpthosts
          sample_directory = /usr/share/doc/postfix-2.6.6/samples
          sendmail_path = /usr/sbin/sendmail.postfix
          setgid_group = postdrop
          smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
          smtpd_recipient_restrictions = permit_mynetworks,
          permit_sasl_authenticated, rej
          ect_unauth_destination
          smtpd_sasl_auth_enable = yes
          smtpd_sasl_path = private/auth
          smtpd_sasl_type = dovecot
          smtpd_tls_CAfile = /etc/postfix/cert/cacert.pem
          smtpd_tls_cert_file = /etc/postfix/cert/smtpd.crt
          smtpd_tls_key_file = /etc/postfix/cert/smtpd.key
          smtpd_tls_loglevel = 1
          smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
          smtpd_use_tls = yes
          transport_maps = hash:/etc/postfix/transport
          unknown_local_recipient_reject_code = 550
          virtual_alias_maps = ldap:/etc/postfix/ldap-virtual-alias-maps.cf
          virtual_gid_maps = static:8135
          virtual_mailbox_base = /home/vmail
          virtual_minimum_uid = 100
          virtual_uid_maps = static:8135

          @Patrick

          > the purpose of an SMTP server is to accept messages for your domains and e.g.
          > route them into your mailbox. There's nothing wrong with this.

          is my English is bad, I have not explained well. I want my postfix
          mail server is an authenticated smtp. In practice now if you configure
          the SMTP client with my server on port 25 with no authentication you
          can use it. Are using it to send spam.
        • Simon B
          ... and e.g. ... On port 25 you accept only mail you are responsible for. On port 587 you accept any mail as long as it s authenticated. If people are sending
          Message 4 of 12 , Jun 25, 2013
          • 0 Attachment


            On 25 Jun 2013 15:04, "Fabrizio Monti" <thefantaman@...> wrote:
            >
            > @Jerry
            >
            > >Please don't use HTML format to send email. Plain ASCII is preferred.
            > Sorry, correct it immediately.
            >
            >
            > postconf -n
            >
            > alias_database = hash:/etc/aliases
            > broken_sasl_auth_clients = yes
            > command_directory = /usr/sbin
            > config_directory = /etc/postfix
            > daemon_directory = /usr/libexec/postfix
            > data_directory = /var/lib/postfix
            > debug_peer_level = 2
            > html_directory = no
            > inet_protocols = all
            > mail_owner = postfix
            > mailq_path = /usr/bin/mailq.postfix
            > manpage_directory = /usr/share/man
            > message_size_limit = 15360000
            > mydestination = localhost
            > myhostname = mail3.gisnet.it
            > newaliases_path = /usr/bin/newaliases.postfix
            > queue_directory = /var/spool/postfix
            > readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
            > relay_domains = /etc/postfix/rcpthosts
            > sample_directory = /usr/share/doc/postfix-2.6.6/samples
            > sendmail_path = /usr/sbin/sendmail.postfix
            > setgid_group = postdrop
            > smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
            > smtpd_recipient_restrictions = permit_mynetworks,
            > permit_sasl_authenticated, rej
            > ect_unauth_destination
            > smtpd_sasl_auth_enable = yes
            > smtpd_sasl_path = private/auth
            > smtpd_sasl_type = dovecot
            > smtpd_tls_CAfile = /etc/postfix/cert/cacert.pem
            > smtpd_tls_cert_file = /etc/postfix/cert/smtpd.crt
            > smtpd_tls_key_file = /etc/postfix/cert/smtpd.key
            > smtpd_tls_loglevel = 1
            > smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
            > smtpd_use_tls = yes
            > transport_maps = hash:/etc/postfix/transport
            > unknown_local_recipient_reject_code = 550
            > virtual_alias_maps = ldap:/etc/postfix/ldap-virtual-alias-maps.cf
            > virtual_gid_maps = static:8135
            > virtual_mailbox_base = /home/vmail
            > virtual_minimum_uid = 100
            > virtual_uid_maps = static:8135
            >
            > @Patrick
            >
            > > the purpose of an SMTP server is to accept messages for your domains and e.g.
            > > route them into your mailbox. There's nothing wrong with this.
            >
            > is my English is bad, I have not explained well. I want my postfix
            > mail server is an authenticated smtp. In practice now if you configure
            > the SMTP client with my server on port 25 with no authentication you
            > can use it. Are using it to send spam.

            On port 25 you accept only mail you are responsible for.

            On port 587 you accept any mail as long as it's authenticated.

            If people are sending spam through port 25, you're an open relay. Smtp auth is not the answer you want.

            Simon

          • Wietse Venema
            ... If you don t want to receive mail from the Internet, turn off the port 25 (smtp) service in master.cf. /etc/postfix/master.cf: #smtp inet n -
            Message 5 of 12 , Jun 25, 2013
            • 0 Attachment
              Fabrizio Monti:
              > > but when I try to send mail from client using port 25 without
              > > authentication and sends the email to me, I do not want this, I do not
              > > want it to work! Where am I doing wrong? Risce someone to tell me where
              > > I'm wrong?

              If you don't want to receive mail from the Internet, turn off the
              port 25 (smtp) service in master.cf.

              /etc/postfix/master.cf:
              #smtp inet n - n - - smtpd

              Use the master.cf port 25 (smtp) service to receive and deliver
              mail for your domain from the Internet.

              Use the master.cf port 587 (submission) service to receive (and
              relay or deliver) mail from authenticated users.

              Wietse
            • Fabrizio Monti
              Ok, thanks to everyone for their helpful advice, were all valuable. I did some testing and I determined that if I configure the SMTP mail client on port 25 can
              Message 6 of 12 , Jun 27, 2013
              • 0 Attachment
                Ok, thanks to everyone for their helpful advice, were all valuable. I
                did some testing and I determined that if I configure the SMTP mail
                client on port 25 can send e-mails only for my domains. But if I
                connect to telnet on port 25 I can send emails to all the domains. I
                can stop this?
              • /dev/rob0
                ... First, that does not make sense. Telnet on port 25 is the same as any MUA, it s just a means to speak SMTP to a SMTP server. There s no fundamental
                Message 7 of 12 , Jun 27, 2013
                • 0 Attachment
                  On Thu, Jun 27, 2013 at 09:51:50AM +0200, Fabrizio Monti wrote:
                  > I did some testing and I determined that if I configure the SMTP
                  > mail client on port 25 can send e-mails only for my domains.
                  > But if I connect to telnet on port 25 I can send emails to all
                  > the domains. I can stop this?

                  First, that does not make sense. "Telnet on port 25" is the same as
                  any MUA, it's just a means to speak SMTP to a SMTP server. There's
                  no fundamental difference between a MUA and someone using telnet to
                  speak SMTP, except perhaps that the MUA is faster and makes no
                  errors.

                  Second, IIUC what you are saying, it could be that the MUA is
                  configured to AUTH, and when AUTH is refused it rightly goes away.
                  I'll go further to venture a guess that your telnet client's IP
                  address is in $mynetworks, and that you neglected to remove
                  "permit_mynetworks" from your recipient (or relay) restrictions.

                  We have no way to see what you have configured! We can't read your
                  logs. If you want help you have to SHOW us these things.

                  http://www.postfix.org/DEBUG_README.html#mail

                  See also:

                  http://www.postfix.org/BASIC_CONFIGURATION_README.html#relay_from
                  http://www.postfix.org/postconf.5.html#permit_mynetworks

                  http://www.postfix.org/SASL_README.html#server_sasl_authz
                  --
                  http://rob0.nodns4.us/ -- system administration and consulting
                  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
                • Fabrizio Monti
                  @/dev/rob0, you re right that it makes no sense: I wrote a huge stupid, it s working properly!! You ignore the previous email, now go outside and get some
                  Message 8 of 12 , Jun 27, 2013
                  • 0 Attachment
                    @/dev/rob0, you're right that it makes no sense: I wrote a huge
                    stupid, it's working properly!! You ignore the previous email, now go
                    outside and get some fresh air, but I take so much!!!

                    Thank you so much to all of the aid that you gave me!

                    2013/6/27 /dev/rob0 <rob0@...>:
                    > On Thu, Jun 27, 2013 at 09:51:50AM +0200, Fabrizio Monti wrote:
                    >> I did some testing and I determined that if I configure the SMTP
                    >> mail client on port 25 can send e-mails only for my domains.
                    >> But if I connect to telnet on port 25 I can send emails to all
                    >> the domains. I can stop this?
                    >
                    > First, that does not make sense. "Telnet on port 25" is the same as
                    > any MUA, it's just a means to speak SMTP to a SMTP server. There's
                    > no fundamental difference between a MUA and someone using telnet to
                    > speak SMTP, except perhaps that the MUA is faster and makes no
                    > errors.
                    >
                    > Second, IIUC what you are saying, it could be that the MUA is
                    > configured to AUTH, and when AUTH is refused it rightly goes away.
                    > I'll go further to venture a guess that your telnet client's IP
                    > address is in $mynetworks, and that you neglected to remove
                    > "permit_mynetworks" from your recipient (or relay) restrictions.
                    >
                    > We have no way to see what you have configured! We can't read your
                    > logs. If you want help you have to SHOW us these things.
                    >
                    > http://www.postfix.org/DEBUG_README.html#mail
                    >
                    > See also:
                    >
                    > http://www.postfix.org/BASIC_CONFIGURATION_README.html#relay_from
                    > http://www.postfix.org/postconf.5.html#permit_mynetworks
                    >
                    > http://www.postfix.org/SASL_README.html#server_sasl_authz
                    > --
                    > http://rob0.nodns4.us/ -- system administration and consulting
                    > Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
                  Your message has been successfully submitted and would be delivered to recipients shortly.