| View previous topic :: View next topic |
| Author |
Message |
sysspoof
n00b
Joined: 20 Mar 2007
Posts: 9
|
 Posted: Tue Jun 26, 2007 12:18 pm Post subject: [solved] Postfix allows anonymous emailing.... |
 |
|
Hi
I am using postfix on a server. I set all possible configuration parameter (?), but i am still possible to send anonymous emails.
I authenticate against sasl.
| Code: |
/etc/postfix/main.cf
# SMTP sasl
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_mechanism_filter = login, plain
smtpd_recipient_restrictions = permit_sasl_authenticated,reject_unauth_destination,warn_if_reject, reject_unknown_client,warn_if_reject, reject_unknown_hostname,check_relay_domains,reject, permin_mynetworks
# SMTP sasl2
#------
# This is done, because i don't know which settings take affect...
#------
smtpd_sasl2_local_domain = $myhostname
smtpd_sasl2_auth_enable = yes
smtpd_sasl2_security_options = noanonymous
broken_sasl2_auth_clients = yes
smtpd_sasl2_mechanism_filter = login, plain
|
| Code: |
/etc/postfix/master.cf
smtp inet n - n - - smtpd -o smtpd_sasl_auth_enable=yes -v
|
| Code: |
/var/log/mail.info
.
.
.
Jun 26 15:45:28 vbox postfix/smtpd[2802]: input attribute name: reason
Jun 26 15:45:28 vbox postfix/smtpd[2802]: input attribute value: (end)
Jun 26 15:45:28 vbox postfix/smtpd[2802]: public/cleanup socket: wanted attribute: (list terminator)
Jun 26 15:45:28 vbox postfix/smtpd[2802]: input attribute name: (end)
Jun 26 15:45:28 vbox postfix/smtpd[2802]: > unknown[192.168.251.5]: 250 2.0.0 Ok: queued as 7CA1510E741
Jun 26 15:45:28 vbox postfix/smtpd[2802]: < unknown[192.168.251.5]: QUIT
Jun 26 15:45:28 vbox postfix/smtpd[2802]: > unknown[192.168.251.5]: 221 2.0.0 Bye
Jun 26 15:45:28 vbox postfix/smtpd[2802]: match_hostname: unknown ~? 127.0.0.0/8
Jun 26 15:45:28 vbox postfix/smtpd[2802]: match_hostaddr: 192.168.251.5 ~? 127.0.0.0/8
Jun 26 15:45:28 vbox postfix/smtpd[2802]: match_hostname: unknown ~? 192.168.251.0/24
Jun 26 15:45:28 vbox postfix/smtpd[2802]: match_hostaddr: 192.168.251.5 ~? 192.168.251.0/24
Jun 26 15:45:28 vbox postfix/smtpd[2802]: disconnect from unknown[192.168.251.5]
Jun 26 15:45:28 vbox postfix/local[2807]: 7CA1510E741: to=<user@vbox.domain>, orig_to=<root@vbox.domain>, relay=local, delay=0.4, delays=0.25/0.09/0/0.05, dsn=2.0.0, status=sent (delivered to maildir)
Jun 26 15:45:28 vbox postfix/qmgr[2801]: 7CA1510E741: removed
Jun 26 15:45:28 vbox postfix/smtpd[2802]: master_notify: status 1
Jun 26 15:45:28 vbox postfix/smtpd[2802]: connection closed
.
.
.
|
| Code: |
~ # ps waux
.
.
.
root 2735 0.0 0.6 7220 988 ? Ss 15:44 0:00 /usr/sbin/saslauthd -a sasldb -c -n 5
root 2736 0.0 0.3 7220 544 ? S 15:44 0:00 /usr/sbin/saslauthd -a sasldb -c -n 5
root 2737 0.0 0.2 7220 364 ? S 15:44 0:00 /usr/sbin/saslauthd -a sasldb -c -n 5
root 2738 0.0 0.2 7220 364 ? S 15:44 0:00 /usr/sbin/saslauthd -a sasldb -c -n 5
root 2739 0.0 0.2 7220 364 ? S 15:44 0:00 /usr/sbin/saslauthd -a sasldb -c -n 5
root 2795 0.0 1.0 4812 1608 ? Ss 15:44 0:00 /usr/lib/postfix/master
postfix 2800 0.0 0.9 4824 1572 ? S 15:44 0:00 pickup -l -t fifo -u -c
postfix 2801 0.0 1.0 4860 1700 ? S 15:44 0:00 qmgr -l -t fifo -u
postfix 2804 0.0 1.2 4872 1996 ? S 15:45 0:00 tlsmgr -l -t unix -u -c
.
.
.
|
Can you say me, what i am missing, that anonymous is still possible? - I created a test "sasl"-user. And if i select authentification at the email client, it works with auth (eg CRAM-MD5, even if i just declared login & plain)...
Thanks
_________________
ng-lab.org
Last edited by sysspoof on Wed Jun 27, 2007 6:54 am; edited 1 time in total |
|
| Back to top |
|
 |
magic919
Advocate
Joined: 17 Jun 2005
Posts: 2182
Location: Berkshire, UK
|
| Posted: Tue Jun 26, 2007 6:27 pm Post subject: |
|
|
| What are you trying to achieve? Do you want to only accept email from an authenticated client and refuse all else? |
|
| Back to top |
|
|
nobspangle
Veteran
Joined: 23 Mar 2004
Posts: 1318
Location: Manchester, UK
|
| Posted: Tue Jun 26, 2007 9:27 pm Post subject: |
|
|
I'm also not sure what you are trying to achieve.
If your email server is the final destination for a domain then it will have to accept anonymous connections for emails destined for that domain, otherwise you won't be able to receive mail. |
|
| Back to top |
|
|
sysspoof
n00b
Joined: 20 Mar 2007
Posts: 9
|
| Posted: Wed Jun 27, 2007 5:46 am Post subject: |
|
|
| magic919 wrote: | | What are you trying to achieve? Do you want to only accept email from an authenticated client and refuse all else? |
I am sorry. Yes, thats exactly, what i want.
| Quote: |
If your email server is the final destination for a domain then it will have to accept anonymous connections for emails destined for that domain, otherwise you won't be able to receive mail. |
Yes the server is the final destination. No relay-host. After receiving a mail, it's going to be saved in the Maildir on this server. Viewed by the user with a web interface (courier-imap).
Abstract network plan:
Mail Client ---> Mail ---> Postfix
Edit: Ah, yes i see now the problem. It's simple not possible  So my auth- configuration will probably work, if i will use "Postfix" as a relay-host...
Thanks
_________________
ng-lab.org |
|
| Back to top |
|
|
magic919
Advocate
Joined: 17 Jun 2005
Posts: 2182
Location: Berkshire, UK
|
| Posted: Wed Jun 27, 2007 8:10 am Post subject: |
|
|
| You can enforce SASL if you don't need to be RFC compliant. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
