* punit jain <contactpunitj...@gmail.com>: > Hi All, > > I have a mailserver which is getting abused by spammers. It is right now an > open relay and has been blocked by major sites. > > naughtygoo...@yahoo.in > (host f.mx.mail.yahoo.com[209.191.88.247] refused to talk to me: 421 4.7.1 > [TS03] All messages from 125.21.188.69 will be permanently deferred; > Retrying will > NOT succeed. See http://postmaster.yahoo.com/421-ts03.html) > m_duk...@yahoo.com > navinnauti...@yahoo.com > parasharg...@yahoo.com > preetigoy...@yahoo.com > ramankukr...@yahoo.com > renupremmal...@yahoo.com > ssr_associa...@yahoo.com > uniya...@yahoo.com > vinodnegi2...@yahoo.com > > I checked out SMTP auth also using command line :- > > > [r...@mail ~]# telnet 0 25 > Trying 0.0.0.0... > Connected to 0 (0.0.0.0). > Escape character is '^]'. > 220 mail.orgltd.com ESMTP Welcome to my mailserver > ehlo localhost > 250-mail.orgltd.com > 250-PIPELINING > 250-SIZE 10485760 > 250-VRFY > 250-ETRN > 250-AUTH LOGIN PLAIN > 250-AUTH=LOGIN PLAIN > 250 8BITMIME > AUTH PLAIN c3VtaXQuZ3VsYXRpAHN1bWl0Lmd1bGF0aQBzdW1pdDEyMw== > 235 Authentication successful
Change the password for sumit.gulati immediately. The AUTH PLAIN string above can be decoded easily. That's how I got the username "sumit.gulati". > But when i use telnet to send mail , it goes w/o authentication: - >From where you do you start the telnet session? Localhost? You must test from a host that is not part of Postfix' $mynetworks. p...@rick > [r...@mail ~]# telnet 0 25 > Trying 0.0.0.0... > Connected to 0 (0.0.0.0). > Escape character is '^]'. > 220 mail.orgltd.com ESMTP Welcome to my mailserver > ehlo localhost > 250-mail.orgltd.com > 250-PIPELINING > 250-SIZE 10485760 > 250-VRFY > 250-ETRN > 250-AUTH LOGIN PLAIN > 250-AUTH=LOGIN PLAIN > 250 8BITMIME > mail from: t...@gmail.com > 250 Ok > rcpt to: tets...@mahindra.com > 250 Ok > data > 354 End data with <CR><LF>.<CR><LF> > test > . > 250 Ok: queued as EE9486A460F > > The message gets queued. > > Here is my postconf -n : - > > [r...@mail ~]# postconf -n > alias_maps = hash:/etc/aliases > broken_sasl_auth_clients = yes > command_directory = /usr/sbin > config_directory = /etc/postfix > daemon_directory = /usr/libexec/postfix > debug_peer_level = 2 > default_process_limit = 100 > home_mailbox = Maildir/ > html_directory = no > inet_interfaces = all > mail_owner = postfix > mail_spool_directory = /var/spool/mail > mailq_path = /usr/bin/mailq.postfix > manpage_directory = /usr/share/man > maximal_queue_lifetime = 4d > message_size_limit = 10485760 > mydestination = $myhostname, $mydomain, localhost > mydomain = orgltd.com > myhostname = mail.orgltd.com > mynetworks = 192.168.0.254, 127.0.0.0/8, 192.168.0.0/24, 192.168.1.0/24, > 192.168.110.0/24 > myorigin = $mydomain > newaliases_path = /usr/bin/newaliases.postfix > queue_directory = /var/spool/postfix > readme_directory = /usr/share/doc/postfix-2.1.5/README_FILES > sample_directory = /usr/share/doc/postfix-2.1.5/samples > sendmail_path = /usr/sbin/sendmail.postfix > setgid_group = postdrop > smtp_data_xfer_timeout = 1800s > smtpd_banner = $myhostname ESMTP Welcome to my mailserver > smtpd_error_sleep_time = 15 > smtpd_hard_error_limit = 10 > smtpd_helo_required = yes > smtpd_recipient_restrictions = reject_non_fqdn_recipient, > reject_non_fqdn_sender, reject_unknown_sender_domain, > permit_mynetworks, permit_sasl_authenticated, > reject_unauth_destination, reject_non_fqdn_hostname, permit > smtpd_sasl_auth_enable = yes > smtpd_sasl_security_options = noanonymous > smtpd_soft_error_limit = 5 > smtpd_timeout = 1800s > unknown_local_recipient_reject_code = 550 > > Any ideas what could be the issue for SMTP AUTH not working and server > acting as open relay ? -- The Book of Postfix <http://www.postfix-book.com> saslfinger (debugging SMTP AUTH): <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
