OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Re: SMTP AUTH failing

From: Patrick Ben Koetter (pstate-of-mind.de)
Date: Tue Feb 03 2009 - 04:38:10 CST

* punit jain <contactpunitjaingmail.com>:
> Hi All,
>
> I have a mailserver which is getting abused by spammers. It is right now an
> open relay and has been blocked by major sites.
>
> naughtygoogliyahoo.in
> (host f.mx.mail.yahoo.com[209.191.88.247] refused to talk to me: 421 4.7.1
> [TS03] All messages from 125.21.188.69 will be permanently deferred;
> Retrying will
> NOT succeed. See http://postmaster.yahoo.com/421-ts03.html)
> m_duklanyahoo.com
> navinnautiyalyahoo.com
> parashargauryahoo.com
> preetigoyalsyahoo.com
> ramankukretiyahoo.com
> renupremmalasiyahoo.com
> ssr_associatesyahoo.com
> uniyalrpyahoo.com
> vinodnegi2007yahoo.com
>
> I checked out SMTP auth also using command line :-
>
>
> [rootmail ~]# telnet 0 25
> Trying 0.0.0.0...
> Connected to 0 (0.0.0.0).
> Escape character is '^]'.
> 220 mail.orgltd.com ESMTP Welcome to my mailserver
> ehlo localhost
> 250-mail.orgltd.com
> 250-PIPELINING
> 250-SIZE 10485760
> 250-VRFY
> 250-ETRN
> 250-AUTH LOGIN PLAIN
> 250-AUTH=LOGIN PLAIN
> 250 8BITMIME
> AUTH PLAIN c3VtaXQuZ3VsYXRpAHN1bWl0Lmd1bGF0aQBzdW1pdDEyMw==
> 235 Authentication successful

Change the password for sumit.gulati immediately. The AUTH PLAIN string above
can be decoded easily. That's how I got the username "sumit.gulati".

> But when i use telnet to send mail , it goes w/o authentication: -

From where you do you start the telnet session? Localhost?
You must test from a host that is not part of Postfix' $mynetworks.

prick

> [rootmail ~]# telnet 0 25
> Trying 0.0.0.0...
> Connected to 0 (0.0.0.0).
> Escape character is '^]'.
> 220 mail.orgltd.com ESMTP Welcome to my mailserver
> ehlo localhost
> 250-mail.orgltd.com
> 250-PIPELINING
> 250-SIZE 10485760
> 250-VRFY
> 250-ETRN
> 250-AUTH LOGIN PLAIN
> 250-AUTH=LOGIN PLAIN
> 250 8BITMIME
> mail from: testgmail.com
> 250 Ok
> rcpt to: tetsingmahindra.com
> 250 Ok
> data
> 354 End data with <CR><LF>.<CR><LF>
> test
> .
> 250 Ok: queued as EE9486A460F
>
> The message gets queued.
>
> Here is my postconf -n : -
>
> [rootmail ~]# postconf -n
> alias_maps = hash:/etc/aliases
> broken_sasl_auth_clients = yes
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> daemon_directory = /usr/libexec/postfix
> debug_peer_level = 2
> default_process_limit = 100
> home_mailbox = Maildir/
> html_directory = no
> inet_interfaces = all
> mail_owner = postfix
> mail_spool_directory = /var/spool/mail
> mailq_path = /usr/bin/mailq.postfix
> manpage_directory = /usr/share/man
> maximal_queue_lifetime = 4d
> message_size_limit = 10485760
> mydestination = $myhostname, $mydomain, localhost
> mydomain = orgltd.com
> myhostname = mail.orgltd.com
> mynetworks = 192.168.0.254, 127.0.0.0/8, 192.168.0.0/24, 192.168.1.0/24,
> 192.168.110.0/24
> myorigin = $mydomain
> newaliases_path = /usr/bin/newaliases.postfix
> queue_directory = /var/spool/postfix
> readme_directory = /usr/share/doc/postfix-2.1.5/README_FILES
> sample_directory = /usr/share/doc/postfix-2.1.5/samples
> sendmail_path = /usr/sbin/sendmail.postfix
> setgid_group = postdrop
> smtp_data_xfer_timeout = 1800s
> smtpd_banner = $myhostname ESMTP Welcome to my mailserver
> smtpd_error_sleep_time = 15
> smtpd_hard_error_limit = 10
> smtpd_helo_required = yes
> smtpd_recipient_restrictions = reject_non_fqdn_recipient,
> reject_non_fqdn_sender, reject_unknown_sender_domain,
> permit_mynetworks, permit_sasl_authenticated,
> reject_unauth_destination, reject_non_fqdn_hostname, permit
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_security_options = noanonymous
> smtpd_soft_error_limit = 5
> smtpd_timeout = 1800s
> unknown_local_recipient_reject_code = 550
>
> Any ideas what could be the issue for SMTP AUTH not working and server
> acting as open relay ?

--
The Book of Postfix
<http://www.postfix-book.com>
saslfinger (debugging SMTP AUTH):
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>