* punit jain <contactpunitj...@gmail.com>: > Ok I have changed password and also tested from outside. Relaying is denied > but SMTP AUTH doesnt work. In outlook i can send mail w/o clicking on "My > server requires authentication" . Also attached are logs: -
Nothing in your log indicates you use SMTP AUTH. p...@rick > > Feb 3 15:41:10 mail imap-login: Login: gaurav.jain [127.0.0.1] > Feb 3 15:41:10 mail pop3-login: Login: dinesh.rathore [203.187.243.154] > Feb 3 15:41:11 mail postfix/smtpd[11235]: NOQUEUE: reject: RCPT from > unknown[189.27.38.246]: 550 <sanjay.ku...@orgltd.com>: Recipient address > > rejected: User unknown in local recipient table; from=< > > sanjay.ku...@in.hjheinz.com> to=<sanjay.ku...@orgltd.com> proto=SMTP helo=< > > amerblind.outbound.ed10.com> > Feb 3 15:41:12 mail postfix/smtpd[11235]: disconnect from > > unknown[189.27.38.246] > Feb 3 15:41:13 mail postfix/smtp[11429]: EC4EF6A4611: host > > mx1.mail.eu.yahoo.com[217.12.11.64] refused to talk to me: 421 4.7.1 [TS03] > > All messages from 125.21.188.69 will be permanently deferred; Retrying will > > NOT succeed. See http://postmaster.yahoo.com/421-ts03.html > Feb 3 15:41:14 mail postfix/smtp[11429]: EC4EF6A4611: to=< > > kailashand...@yahoo.co.uk>, relay=mx2.mail.eu.yahoo.com[77.238.177.142], > > delay=5, status=deferred (host mx2.mail.eu.yahoo.com[77.238.177.142] refused > > to talk to me: 421 4.7.1 [TS03] All messages from 125.21.188.69 will be > > permanently deferred; Retrying will NOT succeed. See > > http://postmaster.yahoo.com/421-ts03.html) > Feb 3 15:41:14 mail postfix/smtpd[11285]: warning: smtpd_peer_init: > > 203.187.243.154: hostname 154-243-187-203.static.youtele.com verification > > failed: Name or service not known > Feb 3 15:41:14 mail postfix/smtpd[11285]: connect from > > unknown[203.187.243.154] > > > > On Tue, Feb 3, 2009 at 4:08 PM, Patrick Ben Koetter > <p...@state-of-mind.de>wrote: > > > * punit jain <contactpunitj...@gmail.com>: > > > Hi All, > > > > > > I have a mailserver which is getting abused by spammers. It is right now > > an > > > open relay and has been blocked by major sites. > > > > > > naughtygoo...@yahoo.in > > > (host f.mx.mail.yahoo.com[209.191.88.247] refused to talk to me: 421 > > 4.7.1 > > > [TS03] All messages from 125.21.188.69 will be permanently deferred; > > > Retrying will > > > NOT succeed. See http://postmaster.yahoo.com/421-ts03.html) > > > m_duk...@yahoo.com > > > navinnauti...@yahoo.com > > > parasharg...@yahoo.com > > > preetigoy...@yahoo.com > > > ramankukr...@yahoo.com > > > renupremmal...@yahoo.com > > > ssr_associa...@yahoo.com > > > uniya...@yahoo.com > > > vinodnegi2...@yahoo.com > > > > > > I checked out SMTP auth also using command line :- > > > > > > > > > [r...@mail ~]# telnet 0 25 > > > Trying 0.0.0.0... > > > Connected to 0 (0.0.0.0). > > > Escape character is '^]'. > > > 220 mail.orgltd.com ESMTP Welcome to my mailserver > > > ehlo localhost > > > 250-mail.orgltd.com > > > 250-PIPELINING > > > 250-SIZE 10485760 > > > 250-VRFY > > > 250-ETRN > > > 250-AUTH LOGIN PLAIN > > > 250-AUTH=LOGIN PLAIN > > > 250 8BITMIME > > > AUTH PLAIN c3VtaXQuZ3VsYXRpAHN1bWl0Lmd1bGF0aQBzdW1pdDEyMw== > > > 235 Authentication successful > > > > Change the password for sumit.gulati immediately. The AUTH PLAIN string > > above > > can be decoded easily. That's how I got the username "sumit.gulati". > > > > > > > But when i use telnet to send mail , it goes w/o authentication: - > > > > From where you do you start the telnet session? Localhost? > > You must test from a host that is not part of Postfix' $mynetworks. > > > > p...@rick > > > > > > > > > [r...@mail ~]# telnet 0 25 > > > Trying 0.0.0.0... > > > Connected to 0 (0.0.0.0). > > > Escape character is '^]'. > > > 220 mail.orgltd.com ESMTP Welcome to my mailserver > > > ehlo localhost > > > 250-mail.orgltd.com > > > 250-PIPELINING > > > 250-SIZE 10485760 > > > 250-VRFY > > > 250-ETRN > > > 250-AUTH LOGIN PLAIN > > > 250-AUTH=LOGIN PLAIN > > > 250 8BITMIME > > > mail from: t...@gmail.com > > > 250 Ok > > > rcpt to: tets...@mahindra.com > > > 250 Ok > > > data > > > 354 End data with <CR><LF>.<CR><LF> > > > test > > > . > > > 250 Ok: queued as EE9486A460F > > > > > > The message gets queued. > > > > > > Here is my postconf -n : - > > > > > > [r...@mail ~]# postconf -n > > > alias_maps = hash:/etc/aliases > > > broken_sasl_auth_clients = yes > > > command_directory = /usr/sbin > > > config_directory = /etc/postfix > > > daemon_directory = /usr/libexec/postfix > > > debug_peer_level = 2 > > > default_process_limit = 100 > > > home_mailbox = Maildir/ > > > html_directory = no > > > inet_interfaces = all > > > mail_owner = postfix > > > mail_spool_directory = /var/spool/mail > > > mailq_path = /usr/bin/mailq.postfix > > > manpage_directory = /usr/share/man > > > maximal_queue_lifetime = 4d > > > message_size_limit = 10485760 > > > mydestination = $myhostname, $mydomain, localhost > > > mydomain = orgltd.com > > > myhostname = mail.orgltd.com > > > mynetworks = 192.168.0.254, 127.0.0.0/8, 192.168.0.0/24, 192.168.1.0/24, > > > 192.168.110.0/24 > > > myorigin = $mydomain > > > newaliases_path = /usr/bin/newaliases.postfix > > > queue_directory = /var/spool/postfix > > > readme_directory = /usr/share/doc/postfix-2.1.5/README_FILES > > > sample_directory = /usr/share/doc/postfix-2.1.5/samples > > > sendmail_path = /usr/sbin/sendmail.postfix > > > setgid_group = postdrop > > > smtp_data_xfer_timeout = 1800s > > > smtpd_banner = $myhostname ESMTP Welcome to my mailserver > > > smtpd_error_sleep_time = 15 > > > smtpd_hard_error_limit = 10 > > > smtpd_helo_required = yes > > > smtpd_recipient_restrictions = reject_non_fqdn_recipient, > > > reject_non_fqdn_sender, reject_unknown_sender_domain, > > > permit_mynetworks, permit_sasl_authenticated, > > > reject_unauth_destination, reject_non_fqdn_hostname, > > permit > > > smtpd_sasl_auth_enable = yes > > > smtpd_sasl_security_options = noanonymous > > > smtpd_soft_error_limit = 5 > > > smtpd_timeout = 1800s > > > unknown_local_recipient_reject_code = 550 > > > > > > Any ideas what could be the issue for SMTP AUTH not working and server > > > acting as open relay ? > > > > -- > > The Book of Postfix > > <http://www.postfix-book.com> > > saslfinger (debugging SMTP AUTH): > > <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/> > > -- state of mind Agentur für Kommunikation, Design und Softwareentwicklung Patrick Koetter Tel: 089 45227227 Echinger Strasse 3 Fax: 089 45227226 85386 Eching Web: http://www.state-of-mind.de Amtsgericht München Partnerschaftsregister PR 563
