On Wed, May 18, 2016 at 06:47:45PM -0400, Wietse Venema wrote:
> Noel Jones:
> [ Charset windows-1252 converted... ]
> > On 5/18/2016 3:46 PM, Sebastian Nielsen wrote:
> > > It is actually possible to use multiple results when using the
> > > built-in restriction commands (permit_sasl_authenticati
Yeah, it do break forwarding where stupid mailservers (or more correctly,
mailservers configured by stupid admins) just forward the mail verbatim, and
even forge the MAIL FROM to the destination server.
That is the thing that causes SPF to fail when for example:
My server --> Receivers Company ser
On 19/05/16 00:38, Wietse Venema wrote:
Wietse Venema:
A brief example:
/etc/postfix/sender_access:
example.comreject Sender address requires authentication
other.example reject Sender address requires authentication
Do "postmap /etc/postfix/sender_access", then add this
Noel Jones:
[ Charset windows-1252 converted... ]
> On 5/18/2016 3:46 PM, Sebastian Nielsen wrote:
> > It is actually possible to use multiple results when using the built-in
> > restriction commands (permit_sasl_authentication, permit_mynetworks, reject,
> > etc)
> > (Eg, words that can be used in
Aah now I see. I tought colon between the key and value was something
specific to hash.
But strangely, it works both with/without colon too.
Maybe its how postmap parses the file.
However, the OPs problem is solved.
-Ursprungligt meddelande-
Från: owner-postfix-us...@postfix.org
[mailto:o
On 5/18/2016 3:46 PM, Sebastian Nielsen wrote:
> It is actually possible to use multiple results when using the built-in
> restriction commands (permit_sasl_authentication, permit_mynetworks, reject,
> etc)
> (Eg, words that can be used in the rules chain instead of
> "check_sender_access")
>
> Th
It is actually possible to use multiple results when using the built-in
restriction commands (permit_sasl_authentication, permit_mynetworks, reject,
etc)
(Eg, words that can be used in the rules chain instead of
"check_sender_access")
Then they will be inserted in the rule chain just where the
che
Catalin Badirca wrote:
> I will try to be more specific. Create an test account that can
> send emails from postfix.
Send THROUGH Postfix is more accurate wording than send FROM. Also,
creation of the account does not matter. By default there is no
checking of sender addresses.
> Telnet on
This is what I was looking for. Thank you very very much Sebastien. I will try
it right now and will post the result.
Sent from my iPhone
> On 18 May 2016, at 22:07, Sebastian Nielsen wrote:
>
> Yes.
> Remove permit_sasl_authenticated and permit_mynetworks.
> Then add the following rule inste
Yes.
Remove permit_sasl_authenticated and permit_mynetworks.
Then add the following rule instead, immediately BEFORE
reject_unauth_destination:
check_sender_access hash:/etc/postfix/relay_auth
Inside the file relay_auth, which must be postmap:ed, you have the
following:
yourdomain.com: permit_sas
I will try to be more specific. Create an test account that can send emails
from postfix. Telnet on the postfix machine on port 25. Now send an email from
that test account to any other valid email on your domain. You will see that
you are allowed to do so without authentication. The whole world
Apologies on the html mail. I wish I could make plain email the default on my
phone. Also apologies on the blank message I just sent. I have nerve damage and
the phone slipped enough to slide into send.
Original Message
From: Patrick Ben Koetter
Sent: Wednesday, May 18, 2016 8:07 AM
To: postfix-users@postfix.org
Reply To: postfix-users@postfix.org
Subject: Re: Postfix penetration test
* li...@lazygranch.com :
> body { font-family: "Calibri","Slate
> Pro",sans-serif,"sans-serif"; color:#26
On Wed, May 18, 2016 at 07:50:35AM -0700, li...@lazygranch.com wrote:
> Any suggestions on a penetration test program that will trigger sshguard or
> fail2ban from the maillog?
swaks might do the trick
http://www.jetmore.org/john/code/swaks/
--
Christian Recktenwald
postfix-users-d...@citecs.de
* li...@lazygranch.com :
> body { font-family: "Calibri","Slate
> Pro",sans-serif,"sans-serif"; color:#262626 } lang="en-US">Any suggestions on a penetration test program that will
> trigger sshguard or fail2ban from the maillog?
>
Send lots of HTML markup?
Use swaks and a script and let
Any suggestions on a penetration test program that will trigger sshguard or fail2ban from the maillog?
Wietse Venema:
> A brief example:
>
> /etc/postfix/sender_access:
> example.com reject Sender address requires authentication
> other.example reject Sender address requires authentication
>
> Do "postmap /etc/postfix/sender_access", then add this to main.cf:
>
> smtpd_sender_re
A brief example:
/etc/postfix/sender_access:
example.com reject Sender address requires authentication
other.example reject Sender address requires authentication
Do "postmap /etc/postfix/sender_access", then add this to main.cf:
smtpd_sender_restrictions =
permit_mynet
On Wed, 18 May 2016 13:22:49 +0300
Catalin Badirca wrote:
> I've tried your suggestion and the issue remains. Someone could
> telnet into postfix and would be allowed to send mails from a valid
> address to another valid address in mydomain without authentication.
>
> Is there any way I can stop
If you do not accept submission on port 25, you could add a
sender_access map to the service on port 25
smtpd_sender_restrictions =
...
check_sender_access hash:/etc/postfix/sender_access
...
and in said file list your domains each with action "reject"
Am 18.05.2016 um 12:22 schrieb Catalin Bad
Thank you very much for your time and sorry for the long response time.
I've tried your suggestion and the issue remains. Someone could telnet into
postfix and would be allowed to send mails from a valid address to another
valid address in mydomain without authentication.
Is there any way I ca
21 matches
Mail list logo
