remote smtp using postfix question
I'm running postfix at my office and just setup my firewall so that I can send mail through the office while at home. I did so by only allowing my IP in. My question is if I can setup postfix or something else so that a password will be required before sending mail to my server IF it's coming from the outside world? Thanks, Tom - - - - - - - - - - - - - - - - - - Tom Nielsen Neuro Logic Systems, Inc. 805.389.5435 x18 www.neuro-logic.com
Tom Nielsen wrote:
I'm running postfix at my office and just setup my firewall so that I can send mail through the office while at home. I did so by only allowing my IP in. My question is if I can setup postfix or something else so that a password will be required before sending mail to my server IF it's coming from the outside world?
Yes, of course you can set this up. It's called smtp-auth, which is to be done with Cyrus-SASL. But without some Version-Informations (Suse) i couldn't say anymore. -- Andreas
I have Cyrus-sasl setup already. What version-information do you need? I'm running 8.3 and installed everything from the CD. T On Wed, 2003-08-27 at 10:30, Andreas Winkelmann wrote:
Tom Nielsen wrote:
I'm running postfix at my office and just setup my firewall so that I can send mail through the office while at home. I did so by only allowing my IP in. My question is if I can setup postfix or something else so that a password will be required before sending mail to my server IF it's coming from the outside world?
Yes, of course you can set this up. It's called smtp-auth, which is to be done with Cyrus-SASL. But without some Version-Informations (Suse) i couldn't say anymore.
-- Andreas
- - - - - - - - - - - - - - - - - - Tom Nielsen Neuro Logic Systems, Inc. 805.389.5435 x18 www.neuro-logic.com
On Wed, 2003-08-27 at 14:24, Tom Nielsen wrote:
I have Cyrus-sasl setup already. What version-information do you need? I'm running 8.3 and installed everything from the CD.
Hmmmm. 8.3? Did SuSE release a new version without telling anyone?
T
On Wed, 2003-08-27 at 10:30, Andreas Winkelmann wrote:
Tom Nielsen wrote:
I'm running postfix at my office and just setup my firewall so that I can send mail through the office while at home. I did so by only allowing my IP in. My question is if I can setup postfix or something else so that a password will be required before sending mail to my server IF it's coming from the outside world?
Yes, of course you can set this up. It's called smtp-auth, which is to be done with Cyrus-SASL. But without some Version-Informations (Suse) i couldn't say anymore.
-- Andreas
- - - - - - - - - - - - - - - - - -
Tom Nielsen Neuro Logic Systems, Inc. 805.389.5435 x18 www.neuro-logic.com
I'm home with a sick 1.5 year old and I've got one eye on my computer and the other on watching to make sure he doesn't stick a paperclip into the electrical socket. Althought the later would cause him to take a pretty good nap. tom On Wed, 2003-08-27 at 11:28, Ken Schneider wrote:
On Wed, 2003-08-27 at 14:24, Tom Nielsen wrote:
I have Cyrus-sasl setup already. What version-information do you need? I'm running 8.3 and installed everything from the CD.
Hmmmm. 8.3? Did SuSE release a new version without telling anyone?
T
On Wed, 2003-08-27 at 10:30, Andreas Winkelmann wrote:
Tom Nielsen wrote:
I'm running postfix at my office and just setup my firewall so that I can send mail through the office while at home. I did so by only allowing my IP in. My question is if I can setup postfix or something else so that a password will be required before sending mail to my server IF it's coming from the outside world?
Yes, of course you can set this up. It's called smtp-auth, which is to be done with Cyrus-SASL. But without some Version-Informations (Suse) i couldn't say anymore.
-- Andreas
- - - - - - - - - - - - - - - - - -
Tom Nielsen Neuro Logic Systems, Inc. 805.389.5435 x18 www.neuro-logic.com
- - - - - - - - - - - - - - - - - - Tom Nielsen Neuro Logic Systems, Inc. 805.389.5435 x18 www.neuro-logic.com
8.2 On Wed, 2003-08-27 at 11:33, Andreas Winkelmann wrote:
Tom Nielsen wrote:
I have Cyrus-sasl setup already. What version-information do you need? I'm running 8.3 and installed everything from the CD.
Hmm, 8.3 isn't released yet. 7.3 or 8.2 ?
-- Andreas
- - - - - - - - - - - - - - - - - - Tom Nielsen Neuro Logic Systems, Inc. 805.389.5435 x18 www.neuro-logic.com
Tom Nielsen wrote:
8.2
In 8.2 Postfix and SASL are already installed. It is configured to use your shadow accounts. This means, you could only use mechs as plain or login. The big disadvantage is, the passwords are send in cleartext over the line. Better is to switch to sasldb. It's all installed, but you have something to reconfigure. First create a Useraccount: # saslpasswd2 -c username -u mailserver Behind -u should be a realm, maybe to start it is the best to let "mailserver". Check this with # sasldblistusers2 Configure SASL: Edit /usr/lib/sasl2/smtpd.conf : pwcheck_method: auxprop mech_list: DIGEST-MD5 CRAM-MD5 Configure Postfix: Edit /etc/postfix/main.cf : broken_sasl_auth_clients = yes smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, permit_auth_destination, reject smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = mailserver smtpd_sasl_security_options = noanonymous, noplaintext Restart Postfix: # rcpostfix restart Test it with your client. I hope this is all. If this is not working, send an output from "postconf -n" and the part from /var/log/mail. -- Andreas
On Wed, 2003-08-27 at 11:52, Andreas Winkelmann wrote:
Tom Nielsen wrote:
8.2
In 8.2 Postfix and SASL are already installed. It is configured to use your shadow accounts. This means, you could only use mechs as plain or login. The big disadvantage is, the passwords are send in cleartext over the line. Better is to switch to sasldb. It's all installed, but you have something to reconfigure.
First create a Useraccount:
# saslpasswd2 -c username -u mailserver
I already have one. (I'm at home right now, but set one up for me while I was at work. I'm working at accessing my work info)
Behind -u should be a realm, maybe to start it is the best to let "mailserver".
Check this with
# sasldblistusers2
Configure SASL:
Edit /usr/lib/sasl2/smtpd.conf :
pwcheck_method: auxprop mech_list: DIGEST-MD5 CRAM-MD5
Will the above have any effect to those currently connected? I'm assuming a yes answer and that everyone that sends email must first submit a password, correct?
Configure Postfix:
Edit /etc/postfix/main.cf :
broken_sasl_auth_clients = yes smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, permit_auth_destination, reject smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = mailserver smtpd_sasl_security_options = noanonymous, noplaintext
Restart Postfix:
# rcpostfix restart
Test it with your client.
I hope this is all. If this is not working, send an output from "postconf -n" and the part from /var/log/mail.
-- Andreas
- - - - - - - - - - - - - - - - - - Tom Nielsen Neuro Logic Systems, Inc. 805.389.5435 x18 www.neuro-logic.com
Tom Nielsen wrote:
8.2
In 8.2 Postfix and SASL are already installed. It is configured to use your shadow accounts. This means, you could only use mechs as plain or login. The big disadvantage is, the passwords are send in cleartext over the line. Better is to switch to sasldb. It's all installed, but you have something to reconfigure.
First create a Useraccount:
# saslpasswd2 -c username -u mailserver
I already have one. (I'm at home right now, but set one up for me while I was at work. I'm working at accessing my work info)
Behind -u should be a realm, maybe to start it is the best to let "mailserver".
Check this with
# sasldblistusers2
Configure SASL:
Edit /usr/lib/sasl2/smtpd.conf :
pwcheck_method: auxprop mech_list: DIGEST-MD5 CRAM-MD5
Will the above have any effect to those currently connected? I'm assuming a yes answer and that everyone that sends email must first submit a password, correct?
What means curently connected? Have you got sasl configured yet? Everyone who sends a mail gets an "AUTH..." Header in the EHLO from your Mailserver and normal the client do an authentication, but if a negative result rejects the client decides the smtpd_recipient_restriction in Postfix. The First line is permit_mynetworks, all clients in mynetworks come through without the right password. But the next is permit_sasl_authenticated which rejects any client with is not in mynetworks and is sending the wrong password.
Configure Postfix:
Edit /etc/postfix/main.cf :
broken_sasl_auth_clients = yes smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, permit_auth_destination, reject smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = mailserver smtpd_sasl_security_options = noanonymous, noplaintext
Restart Postfix:
# rcpostfix restart
Test it with your client.
I hope this is all. If this is not working, send an output from "postconf -n" and the part from /var/log/mail.
-- Andreas
On Wed, 2003-08-27 at 12:09, Andreas Winkelmann wrote:
Tom Nielsen wrote:
8.2
In 8.2 Postfix and SASL are already installed. It is configured to use your shadow accounts. This means, you could only use mechs as plain or login. The big disadvantage is, the passwords are send in cleartext over the line. Better is to switch to sasldb. It's all installed, but you have something to reconfigure.
First create a Useraccount:
# saslpasswd2 -c username -u mailserver
I already have one. (I'm at home right now, but set one up for me while I was at work. I'm working at accessing my work info)
Behind -u should be a realm, maybe to start it is the best to let "mailserver".
Check this with
# sasldblistusers2
Configure SASL:
Edit /usr/lib/sasl2/smtpd.conf :
pwcheck_method: auxprop mech_list: DIGEST-MD5 CRAM-MD5
Will the above have any effect to those currently connected? I'm assuming a yes answer and that everyone that sends email must first submit a password, correct?
What means curently connected?
I can send and receive emails from home.
Have you got sasl configured yet?
Yes
Everyone who sends a mail gets an "AUTH..." Header in the EHLO from your Mailserver and normal the client do an authentication, but if a negative result rejects the client decides the smtpd_recipient_restriction in Postfix. The First line is permit_mynetworks, all clients in mynetworks come through without the right password.
I just setup mynetworks last night. Everything seems to work fine. I can send through home without a problem. My thought behind this all this work is so security sake. Have I gone too far?
But the next is permit_sasl_authenticated which rejects any client with is not in mynetworks and is sending the wrong password.
Understand.
Configure Postfix:
Edit /etc/postfix/main.cf :
broken_sasl_auth_clients = yes smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, permit_auth_destination, reject smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = mailserver smtpd_sasl_security_options = noanonymous, noplaintext
Here's what I have currently: readme_directory = /usr/share/doc/packages/postfix/README_FILES mail_spool_directory = /var/mail canonical_maps = hash:/etc/postfix/canonical virtual_maps = hash:/etc/postfix/virtual relocated_maps = hash:/etc/postfix/relocated transport_maps = hash:/etc/postfix/transport sender_canonical_maps = hash:/etc/postfix/sender_canonical masquerade_exceptions = root masquerade_classes = envelope_sender, header_sender, header_recipient myhostname = mailserver.neuro-logic.com program_directory = /usr/lib/postfix masquerade_domains = mydestination = neuro-logic.com, localhost, localhost.$mydomain, $myhostname defer_transports = disable_dns_lookups = no content_filter = vscan: mailbox_command = #mailbox_transport = smtpd_sender_restrictions = hash:/etc/postfix/access smtpd_client_restrictions = smtpd_helo_required = no smtpd_helo_restrictions = strict_rfc821_envelopes = no smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination smtp_sasl_auth_enable = no smtpd_sasl_auth_enable = no smtpd_use_tls = no alias_maps = hash:/etc/aliases mailbox_size_limit = 51200000 message_size_limit = 10240000 delay_notice_recipient = Bob bounce_notice_recipient = Should I not worry about all this since I have mynetworks configured? Again, this is all so that non-company people can't send spam from my system.
Restart Postfix:
# rcpostfix restart
Test it with your client.
I hope this is all. If this is not working, send an output from "postconf -n" and the part from /var/log/mail.
-- Andreas
- - - - - - - - - - - - - - - - - - Tom Nielsen Neuro Logic Systems, Inc. 805.389.5435 x18 www.neuro-logic.com
Tom Nielsen wrote:
8.2
In 8.2 Postfix and SASL are already installed. It is configured to use your shadow accounts. This means, you could only use mechs as plain or login. The big disadvantage is, the passwords are send in cleartext over the line. Better is to switch to sasldb. It's all installed, but you have something to reconfigure.
First create a Useraccount:
# saslpasswd2 -c username -u mailserver
I already have one. (I'm at home right now, but set one up for me while I was at work. I'm working at accessing my work info)
Behind -u should be a realm, maybe to start it is the best to let "mailserver".
Check this with
# sasldblistusers2
Configure SASL:
Edit /usr/lib/sasl2/smtpd.conf :
pwcheck_method: auxprop mech_list: DIGEST-MD5 CRAM-MD5
Will the above have any effect to those currently connected? I'm assuming a yes answer and that everyone that sends email must first submit a password, correct?
What means curently connected?
I can send and receive emails from home.
Yes, over permit_mynetworks.
Have you got sasl configured yet?
Yes
But not for Postfix, it is disabled and not used in your main.cf below. How do you have configured sasl?
Everyone who sends a mail gets an "AUTH..." Header in the EHLO from your Mailserver and normal the client do an authentication, but if a negative result rejects the client decides the smtpd_recipient_restriction in Postfix. The First line is permit_mynetworks, all clients in mynetworks come through without the right password.
I just setup mynetworks last night. Everything seems to work fine. I can send through home without a problem. My thought behind this all this work is so security sake. Have I gone too far?
Hmm, your security based on an ip. This is fakeable. If a spammer knows this ip, he could send Mails over your Mailserver.
But the next is permit_sasl_authenticated which rejects any client with is not in mynetworks and is sending the wrong password.
Understand.
Configure Postfix:
Edit /etc/postfix/main.cf :
broken_sasl_auth_clients = yes smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, permit_auth_destination, reject smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = mailserver smtpd_sasl_security_options = noanonymous, noplaintext
Here's what I have currently:
Next time please "postconf -n". It's much better readable.
readme_directory = /usr/share/doc/packages/postfix/README_FILES mail_spool_directory = /var/mail canonical_maps = hash:/etc/postfix/canonical virtual_maps = hash:/etc/postfix/virtual relocated_maps = hash:/etc/postfix/relocated transport_maps = hash:/etc/postfix/transport sender_canonical_maps = hash:/etc/postfix/sender_canonical masquerade_exceptions = root masquerade_classes = envelope_sender, header_sender, header_recipient myhostname = mailserver.neuro-logic.com program_directory = /usr/lib/postfix masquerade_domains = mydestination = neuro-logic.com, localhost, localhost.$mydomain, $myhostname defer_transports = disable_dns_lookups = no content_filter = vscan: mailbox_command = #mailbox_transport = smtpd_sender_restrictions = hash:/etc/postfix/access smtpd_client_restrictions = smtpd_helo_required = no smtpd_helo_restrictions = strict_rfc821_envelopes = no smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination smtp_sasl_auth_enable = no smtpd_sasl_auth_enable = no smtpd_use_tls = no alias_maps = hash:/etc/aliases mailbox_size_limit = 51200000 message_size_limit = 10240000 delay_notice_recipient = Bob bounce_notice_recipient =
Should I not worry about all this since I have mynetworks configured? Again, this is all so that non-company people can't send spam from my system.
...until they get the Ip... -- Andreas
On Wed, 2003-08-27 at 12:42, Andreas Winkelmann wrote:
Tom Nielsen wrote:
[snip]
Here's what I have currently:
Next time please "postconf -n". It's much better readable.
Here ya go... alias_maps = hash:/etc/aliases bounce_notice_recipient = Bob canonical_maps = hash:/etc/postfix/canonical command_directory = /usr/sbin config_directory = /etc/postfix content_filter = vscan: daemon_directory = /usr/lib/postfix debug_peer_level = 2 defer_transports = delay_notice_recipient = Bob disable_dns_lookups = no mail_spool_directory = /var/mail mailbox_command = mailbox_size_limit = 51200000 mailbox_transport = lmtp:unix:public/lmtp mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man masquerade_classes = envelope_sender, header_sender, header_recipient masquerade_domains = masquerade_exceptions = root message_size_limit = 10240000 mydestination = neuro-logic.com, localhost, localhost.$mydomain, $myhostname mydomain = neuro-logic.com myhostname = mailserver.neuro-logic.com mynetworks = 4.5.259.266/32, 127.0.0.0/8, 192.168.2.0/8 myorigin = neuro-logic.com newaliases_path = /usr/bin/newaliases program_directory = /usr/lib/postfix readme_directory = /usr/share/doc/packages/postfix/README_FILES relocated_maps = hash:/etc/postfix/relocated sample_directory = /usr/share/doc/packages/postfix/samples sender_canonical_maps = hash:/etc/postfix/sender_canonical sendmail_path = /usr/sbin/sendmail setgid_group = maildrop smtp_sasl_auth_enable = no smtpd_client_restrictions = smtpd_helo_required = no smtpd_helo_restrictions = smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination smtpd_sasl_auth_enable = no smtpd_sender_restrictions = hash:/etc/postfix/access smtpd_use_tls = no strict_rfc821_envelopes = no transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 450 I don't mind making everyone use a password to send mail. I think it's a good idea. Also keep in mind, everyone except me uses w2k and outlook. Tom - - - - - - - - - - - - - - - - - - Tom Nielsen Neuro Logic Systems, Inc. 805.389.5435 x18 www.neuro-logic.com
Tom Nielsen wrote:
I don't mind making everyone use a password to send mail. I think it's a good idea. Also keep in mind, everyone except me uses w2k and outlook.
For Outlook don't forget "broken_sasl_auth_clients = yes". -- Andreas
So, I should still at the entries to main.cf as you stated before and make the below entry as well? On Wed, 2003-08-27 at 13:12, Andreas Winkelmann wrote:
Tom Nielsen wrote:
I don't mind making everyone use a password to send mail. I think it's a good idea. Also keep in mind, everyone except me uses w2k and outlook.
For Outlook don't forget "broken_sasl_auth_clients = yes".
-- Andreas
- - - - - - - - - - - - - - - - - - Tom Nielsen Neuro Logic Systems, Inc. 805.389.5435 x18 www.neuro-logic.com
On Wed, 2003-08-27 at 12:42, Andreas Winkelmann wrote:
Tom Nielsen wrote:
[snip]
Will the above have any effect to those currently connected? I'm assuming a yes answer and that everyone that sends email must first submit a password, correct?
What means curently connected?
Sorry, I don't think I answered that correctly. I mean that if I make a change right now, everyone using the server will have to change their Outlook settings in order to send mail. ???
I can send and receive emails from home.
Yes, over permit_mynetworks.
Have you got sasl configured yet?
Yes
But not for Postfix, it is disabled and not used in your main.cf below. How do you have configured sasl?
Sorry, I can't remember. I had someone help me and he's on vacation.
Everyone who sends a mail gets an "AUTH..." Header in the EHLO from your Mailserver and normal the client do an authentication, but if a negative result rejects the client decides the smtpd_recipient_restriction in Postfix. The First line is permit_mynetworks, all clients in mynetworks come through without the right password.
I just setup mynetworks last night. Everything seems to work fine. I can send through home without a problem. My thought behind this all this work is so security sake. Have I gone too far?
Hmm, your security based on an ip. This is fakeable. If a spammer knows this ip, he could send Mails over your Mailserver.
So I guess I should get this setup.
-- Andreas
- - - - - - - - - - - - - - - - - - Tom Nielsen Neuro Logic Systems, Inc. 805.389.5435 x18 www.neuro-logic.com
Andreas, I made the changes and everything appears to be ok. At least on my end....I'm at home and can send and receive email without a problem. I have to see what's happening to the windows folks when I get in in the morning. The one thing I found strange is that I'm not asked for a password. Any thoughts? Tom On Wed, 2003-08-27 at 12:01, Tom Nielsen wrote:
On Wed, 2003-08-27 at 11:52, Andreas Winkelmann wrote:
Tom Nielsen wrote:
8.2
In 8.2 Postfix and SASL are already installed. It is configured to use your shadow accounts. This means, you could only use mechs as plain or login. The big disadvantage is, the passwords are send in cleartext over the line. Better is to switch to sasldb. It's all installed, but you have something to reconfigure.
First create a Useraccount:
# saslpasswd2 -c username -u mailserver
I already have one. (I'm at home right now, but set one up for me while I was at work. I'm working at accessing my work info)
Behind -u should be a realm, maybe to start it is the best to let "mailserver".
Check this with
# sasldblistusers2
Configure SASL:
Edit /usr/lib/sasl2/smtpd.conf :
pwcheck_method: auxprop mech_list: DIGEST-MD5 CRAM-MD5
Will the above have any effect to those currently connected? I'm assuming a yes answer and that everyone that sends email must first submit a password, correct?
Configure Postfix:
Edit /etc/postfix/main.cf :
broken_sasl_auth_clients = yes smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, permit_auth_destination, reject smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = mailserver smtpd_sasl_security_options = noanonymous, noplaintext
Restart Postfix:
# rcpostfix restart
Test it with your client.
I hope this is all. If this is not working, send an output from "postconf -n" and the part from /var/log/mail.
- - - - - - - - - - - - - - - - - - Tom Nielsen Neuro Logic Systems, Inc. 805.389.5435 x18 www.neuro-logic.com
Tom Nielsen wrote:
I made the changes and everything appears to be ok. At least on my end....I'm at home and can send and receive email without a problem. I have to see what's happening to the windows folks when I get in in the morning.
The one thing I found strange is that I'm not asked for a password. Any thoughts?
The Log from your Mailserver? Maybe your Ip is in mynetworks and the authentication fails. But, without log... -- Andreas
On Fri, 2003-08-29 at 06:26, Andreas Winkelmann wrote:
Tom Nielsen wrote:
I made the changes and everything appears to be ok. At least on my end....I'm at home and can send and receive email without a problem. I have to see what's happening to the windows folks when I get in in the morning.
The one thing I found strange is that I'm not asked for a password. Any thoughts?
The Log from your Mailserver?
Maybe your Ip is in mynetworks and the authentication fails. But, without log...
here ya go.
Aug 28 22:15:17 mailserver postfix/smtpd[13754]: connect from
localhost[127.0.0.1]
Aug 28 22:15:17 mailserver postfix/smtpd[13754]: D5B1EBC84:
client=localhost[127.0.0.1]
Aug 28 22:15:17 mailserver postfix/cleanup[13746]: D5B1EBC84:
message-id=<1062134068.9953.10.camel@linux.local>
Aug 28 22:15:17 mailserver postfix/qmgr[13722]: D5B1EBC84:
from=
Tom Nielsen wrote:
here ya go.
Aug 28 22:15:17 mailserver postfix/smtpd[13754]: connect from localhost[127.0.0.1] Aug 28 22:15:17 mailserver postfix/smtpd[13754]: D5B1EBC84: client=localhost[127.0.0.1] Aug 28 22:15:17 mailserver postfix/cleanup[13746]: D5B1EBC84: message-id=<1062134068.9953.10.camel@linux.local> Aug 28 22:15:17 mailserver postfix/qmgr[13722]: D5B1EBC84: from=
, size=1630, nrcpt=1 (queue active) Aug 28 22:15:18 mailserver postfix/smtpd[13754]: disconnect from localhost[127.0.0.1] Aug 28 22:15:18 mailserver postfix/pipe[13748]: C8C86BC57: to= , relay=vscan, delay=2, status=sent (mailserver.neuro-logic.com) Aug 28 22:15:23 mailserver postfix/smtp[13755]: D5B1EBC84: to= , relay=linuxmail-org.mr.outblaze.com[205.158.89.58], delay=6, status=sent (250 Ok: queued as 2B2CC1D7159) My log is huge (meaning my /mail log...not my other log) so I just clipped the part that pertains to me sending an email from home. Everything works fine here at the office, on my machine and everyone else's. I did take out my IP address from mynetworks. I couldn't send at first, but found that I forgot to include a line in main.cf. I'm wondering if it's because I logged in once, then from there on I'm always accepted.
Hmm, i'm missing sasl-messages in your log. Maybe it is disabled? Or switch verbose logging on. Go to /etc/postfix/master.cf and add a "-v" behind the smtpd. Then look at the log, there is after connecting the AUTH... handshake, where a authentication succesfull or something similar should be appearing. And of course, there are testsites in the internet for testing your configuration on open-relays (For example http://www.abuse.net/relay.html). -- Andreas
On Fri, 2003-08-29 at 08:33, Andreas Winkelmann wrote:
Tom Nielsen wrote:
here ya go.
Aug 28 22:15:17 mailserver postfix/smtpd[13754]: connect from localhost[127.0.0.1] Aug 28 22:15:17 mailserver postfix/smtpd[13754]: D5B1EBC84: client=localhost[127.0.0.1] Aug 28 22:15:17 mailserver postfix/cleanup[13746]: D5B1EBC84: message-id=<1062134068.9953.10.camel@linux.local> Aug 28 22:15:17 mailserver postfix/qmgr[13722]: D5B1EBC84: from=
, size=1630, nrcpt=1 (queue active) Aug 28 22:15:18 mailserver postfix/smtpd[13754]: disconnect from localhost[127.0.0.1] Aug 28 22:15:18 mailserver postfix/pipe[13748]: C8C86BC57: to= , relay=vscan, delay=2, status=sent (mailserver.neuro-logic.com) Aug 28 22:15:23 mailserver postfix/smtp[13755]: D5B1EBC84: to= , relay=linuxmail-org.mr.outblaze.com[205.158.89.58], delay=6, status=sent (250 Ok: queued as 2B2CC1D7159) My log is huge (meaning my /mail log...not my other log) so I just clipped the part that pertains to me sending an email from home. Everything works fine here at the office, on my machine and everyone else's. I did take out my IP address from mynetworks. I couldn't send at first, but found that I forgot to include a line in main.cf. I'm wondering if it's because I logged in once, then from there on I'm always accepted.
Hmm, i'm missing sasl-messages in your log. Maybe it is disabled? Or switch verbose logging on. Go to /etc/postfix/master.cf and add a "-v" behind the smtpd. Then look at the log, there is after connecting the AUTH... handshake, where a authentication succesfull or something similar should be appearing.
I don't have an smtpd line. Here's what I have; smtp inet n - n - - smtpd #smtps inet n - n - - smtpd # -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes #submission inet n - n - - smtpd # -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes #628 inet n - n - - qmqpd pickup fifo n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr #qmgr fifo n - n 300 1 nqmgr #tlsmgr fifo - - n 300 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap smtp unix - - n - - smtp relay unix - - n - - smtp # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - n - - showq error unix - - n - - error local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp localhost:10025 inet n - n - - smtpd -o content_filter= maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} cyrus unix - n n - - pipe user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient vscan unix - n n - 10 pipe user=vscan argv=/usr/sbin/amavis ${sender} ${recipient} procmail unix - n n - - pipe flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc ${sender} ${recipient}
And of course, there are testsites in the internet for testing your configuration on open-relays (For example http://www.abuse.net/relay.html).
Thanks for the tip Tom
Tom Nielsen wrote:
Hmm, i'm missing sasl-messages in your log. Maybe it is disabled? Or switch verbose logging on. Go to /etc/postfix/master.cf and add a "-v" behind the smtpd. Then look at the log, there is after connecting the AUTH... handshake, where a authentication succesfull or something similar should be appearing.
I don't have an smtpd line. Here's what I have;
smtp inet n - n - - smtpd
smtp .... smtpd -v -- Andreas
On Fri, 2003-08-29 at 08:55, Andreas Winkelmann wrote:
Tom Nielsen wrote:
Hmm, i'm missing sasl-messages in your log. Maybe it is disabled? Or switch verbose logging on. Go to /etc/postfix/master.cf and add a "-v" behind the smtpd. Then look at the log, there is after connecting the AUTH... handshake, where a authentication succesfull or something similar should be appearing.
I don't have an smtpd line. Here's what I have;
smtp inet n - n - - smtpd
smtp .... smtpd -v
Done. Thanks. I guess I won't be able to test it until I get home tonight. Is there any other way to test? I have my work network setup on mynetworks. Should I take it off to test? Tom
Tom Nielsen wrote:
I don't have an smtpd line. Here's what I have;
smtp inet n - n - - smtpd
smtp .... smtpd -v
Done. Thanks.
I guess I won't be able to test it until I get home tonight. Is there any other way to test? I have my work network setup on mynetworks. Should I take it off to test?
Yes, of course. But maybe let localhost in. -- Andreas
participants (3)
-
Andreas Winkelmann
-
Ken Schneider
-
Tom Nielsen