Debian Configuration :: Exim4 Public Not Requiring Any Authentication
Jul 9, 2015
I've installed it properly until it works now, it does send emails and receive them, but heres the problem.
1) it does not send emails to a certain domain, unless i do dpkg-reconfigure on exim4 and put the domain on allowed relay... can't i just put something on settings which allow to send emails to ALL domains?
2) EVERYONE can connect to the server by telnet from any position, terminal or pc, and just use an existing user to send emails to anyone.... example, i have testuser123 setted up in debian/exim4 .. then they simply write "mail from:testuser123@host.dot" and the server accepts it.. without even request an authentication for that. And this is a problem, because everyone can use my email addresses to send emails to whoever.. heaven for spammers/hackers..
I am working on a Debian 2.6.26-19 Distribution with exim4 as MTA. After a system restart a problem occurred with delivering emails to local addresses. These local addresses use a 1and1 mailserver for email. The MX records for the local domain are set correctly but exim does not use a DNS lookup for these addresses because it identifies them as local addresses. I figured this out by executing the exim4 -d -bt command. The dns lookup part of the result looks like this (I replaced the actual address with placeholders):
[Code]....
The eventual result of the exim4 -d -bt command is: [user]@[domain.ext] is undeliverable: Unrouteable address How can I make sure, that exim4 makes a DNS lookup for the local addresses instead of skipping it? I know that I have to edit a exim4 configuration file, but I could not figure out which and how.
How can I forward all traffic from a public IP to another public IP. Let's say I have a first debian box named box1 with eth0 = 1.1.1.1 and eth0:1 = 1.1.1.2 and I want to forward all traffic from 1.1.1.2 to "box2" located somewhere else over the internet and having for eth0 2.2.2.2 Both 1.1.1.0/24 and 3.3.3.0/24 are public IP ranges.
Linux [URL] 2.6.26-2-686 #1 SMP Wed Feb 10 08:59:21 UTC 2010 i686 GNU/Linux Currently I have exim4 configured to use my mail server as a relay to send php emails. Though I don�t think I want this setup. My goal is to be able to track emails sent out to make sure that nothing happened and they got bounced back. I need to be able to find the emails that are bounced.
If I configure exim4 to send emails from the current (apache2 / php) server any emails that bounce will end up there, correct? We have clients that are expecting emails and are complaining they do not always get them so something is not 100% configured correctly. I am going to re-run #dpkg-reconfigure exim4-config
I'm trying to set up a *simple* MTA in my local network. The only thing it should be able to do is send system / daemon mails to admin@mylocaldomain. but at the moment I'm pretty much overwhelmed by everything i *should* know in order to set up this MTA
I configured exim to be in "internet"-mode. now i have a variety of errors I can choose from (and a variety of solutions that i don't like ).. my test is always an email from test01.mylocaldomain:
echo "Hello World" | mail -s Testmail admin@mylocaldomain
- after running the config, i get the error: admin@mylocaldomain: all relevant MX records point to non-existent hosts --> google says, edit and udpate update-exim4.conf.conf --> dc_relay_domains='mylocaldomain' --> but this exim installation should not be a relay at all. it should only be able to SEND (to this domain), not deliver it. or do i get something wrong?
- after i added dc_relay_domains='mylocaldomain', i get --> SMTP error from remote mail server after RCPT TO:<admin@mylocaldomain>: host mail.mylocaldomain [192.168.x.x]: 550 5.1.1 <root@mylocaldomain>: Sender address rejected: User unknown in virtual mailbox table --> but i don't want to create an account on the mailserver for the SENDER...
- ...so i thought, i'd config exim with the domain "test01.mylocaldomain" (including the server name), so that the sender is clearly from another domain than the mail server handles (e.g. user@test01.mylocaldomain).. but then i get this --> SMTP error from remote mail server after RCPT TO:<admin@mylocaldomain>: host mail.mylocaldomain [192.168.x.x]: 450 4.1.8 <root@test01.mylocaldomain>: Sender address rejected: Domain not found
I really just wanna send mails in my local network.
I configured ssh on one of my servers to require public/private key authentication and deny access to login requests not using a public/private key. Now I need to unconfigure that,but I can't remember how I did it. I've looked through ssh_config and sshd_config, and nothing rings a bell. Googling only tells me how to enable public/private key authentication, not how to require it or stop requiring it.
My debian server has been attacked due to a security breach in exim4 4.69-9 (probably applies to loads of other versions too). The security breach allows the attacker to get root access by creating a buffer overflow in a header which then can be used to inject code.
[URL]
The securtiy breach is fixed with 4.69-9+lenny1 I want to share my actions with you on what I did to (hopefully) get rid of it. However at the time of writing this, the above website is down due to too much load (DDOS Attack?). How you can check if you've been attacked:
The attack creates a buffer overflow in exim4, which results in paniclog entries.
$ cat /var/log/exim4/paniclog 2010-12-17 07:34:11 string too large in xxxyyy() 2010-12-19 10:42:10 string too large in xxxyyy()
this would be an example of two attacks. One on 2010-12-17 and the other two days later 2010-12-19.with this information you can start find potentially infected files. There may be a better way, but I searched for them with this command:
$ find / -mtime 31 2>/dev/null # files,directories,links created 31 days ago (i.e. 2010-12-17)
I often run into this and it's such a hassle that I have had no choice but to ignore it. But, I would like to run it properly but I don't understand why my sources list is 'wrong' or has incorrect info so that it's often not verified or authenticated. The public keyring is wrong or the source or both? I get these messages, for e.g.:
# apt-get update && apt-get install dmo-archive-keyring && apt-get update exit with result: W: GPG error: http://unofficial.debian-maintainers.org squeeze Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9EEBC8DB9B9C3CB6
I probably don't need that but I ran into a similar error trying to authenticate the multimedia keyring. Not sure it worked but I am guessing the system works the same with all the authentications? I hope to understand what I'm doing wrong and what the process is.
I have one Centos Server and I want to forward root mail to 1 external account: [URL] I installed sendmail and created /root/.forward with this content: [URL] and I sent a test mail with this command: /usr/sbin/sendmail root <prueba.txt But nothing was forwarded.
After that I ran the same command with the verbose option:
/usr/sbin/sendmail -v root <prueba.txt
And this is the output:
root... Connecting to [127.0.0.1] via relay...
220 localhost.localdomain ESMTP Sendmail 8.13.8/8.13.8; Wed, 3 Nov 2010 21:09:39 -0600 >>> EHLO localhost.localdomain 250-localhost.localdomain Hello myfriend [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES
[code]....
For some reason sendmail tried to connect to example.com smtp server and couldn't reach it. I am sure this is because the smtp server for example.com domain is not example.com is mail.example.com. Besides mail.example.com requires authentication, username , password and the smtp port is not the default 25 is 9999. configure sendmail to forward root mail to a smtp server that requires authentication, username, password with a not the default 25 port?
I installed Chromium Browser and made it default. The version which is available through squeeze and wheezy main is a dinosaur, and as such I cannot install any Chrome addons. I tried ubuntu or launchpad ppa for Chromium-Daily. I added [URL] maverick main to my Third party Repositories. Its not working.
The terminal returns an error: W: GPG error: [URL] maverick Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 5A9BF3BB4E5E17B5
Just added Squeeze multimedia repositories in source list,but get this after reload :
W: GPG error: ftp://ftp.debian-multimedia.org squeeze Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 07DC563D1F41B907
However,update for Audacity & Mplayer showed in Update Manager,and I successfully updated.
My /etc/resolv.conf file is normally just set up to use Google's public DNS:
When I connect to the network at the university library, it totally overwrites my /etc/resolv.conf file to something like:
This is pretty annoying, so I tried comprimising by making a file with the school's domain and search entries plus the Google nameservers, then revoking write permission on the file. However, I couldn't access any domain name with this config on their network, so I reverted to using their nameservers. I keep all the school's entries commented out when I connect to my home network.
My ultimate question is what is actually overwriting the file? I suspect that my connecting through DHCP is responsible. Whatever it is, I'm pretty annoyed that no back up file was created.
I'd like to ask one simple question I can't figure out how to solve.I've set up my public key authentication by generating the public key on my Windows box. Copied that into /root/.ssh/authorized_keysDisabled password authentication in /etc/ssh/sshd_config:
I just installed a net-install of debian 5.0.6. with no GUI and Apache http d. Does anyone know where I can find or how to do a basic Authentication on my web server (user-name and password) I found some stuff but they include .HTpass (of Apache) etc etc, but I can't find them anywhere
I created a private/public pair. I put the public on github.But I can never push to github.Every time, it says public denied. In order to push, I need to do this:eval ssh-agentssh-add ~/.ssh/github_dsaThis is driving me nuts that I have to do this every time. So, I just put it in my ~/.bashrc file. I feel like that's a hack. Is this normal?
I'm trying to connect to my Xubuntu box (zelda) remotely using my RSA key. I'm using Cygwin on my Windows box (link) to SSH in to the Xubuntu box. I've created the key and placed it in the authorized_keys file on my remote box. Here's where it gets weird. When I ssh into zelda the first time, it prompts me for my password. However, if I'm already connected to zelda and try to open another connection, it prompts me for my RSA passphrase. This is very confusing, and I have no idea what's going on.Here's my sshd_config file on zelda.
Code: # Package generated configuration file # See the sshd(8) manpage for details
Im trying to create a public/private key for open ssh, I don't really know what difference between the two. I want it to all be one command and not have to hit enter after each command. Here is what I mean:i type "ssh-keygen"and it asks me were to save, then my paraphrase, then reenter the paraphrase.I just want to be I guess you could say unattended if that makes any sense.
After years with Linux and using ssh on a daily basis I have to admit I've never setup public/private key authentication and I've never run passwordless logon to ssh. It's not that I've never tried, I have - I've just never got it working. That to me is an almost alien concept as I am a tinkerer at heart and rarely stop until something is working the way I'd like it to. I get the principle of what's going on but I've always had a mental block about it.
I am trying in debian 8.2 but i am not found packet libapache2-mod-auth-radius whereas i have been include dvd1-3 debian and dvd1-2 update debian in my system. Where is that packet stand?
I have an ssh (OpenSSH_5.1p1 Debian-6ubuntu2) client A and a server B set up for public key authentication as described in [URL]
The problem is the following: ssh asks for a password when connecting from A to B without any other ssh session going on between A and B; but if I connect from A to B whenever there is another ssh session between A and B, either I get prompted for the passphrase I used to encrypt the private key or I get logged automatically.
I already checked permissions on B: .ssh is 700 and authorized_keys is 600. I already tried "StrictModes no" in sshd_config. Printing debug information using DEBUG3 does not any useful insight. Moreover, there is no /var/log/secure (is it supposed to be there?)
Right now the computer is far far away from my reach, but when I configured the system I noted that whenever I was locally logged to B and then ssh'ed from A to B, I was logged in without any problem; whenever I was not logged in locally I was asked for a password. Note that at that time I was using a different public/private key pair whose private part had no passphrase.
how to know exactly what cipher is ssh/sshd using for a particular session? Is there a way to know any statistics for a given session (something like the ~s option in section 5 of [URL]
P.S. 2: does the following mean that ssh is using protocol 2.0 or something different than protocol 2.0?
(..........) sshd[2606]: debug1: Enabling compatibility mode for protocol 2.0
So after tinkering for a while, I was able to configure ssh for private/public key authentication and disabled Password-Authentication. In the past I had some issues with people brute force trying passwords/usernames so I want to avoid this, but I need some form of secure FTP that now doesn't work due to the aforementioned setting.
I'm trying to get OpenSSH public key authentication to work. My server runs ubuntu. My client is a windows machine, and I'm using cygwin. I tried using the instructions here: [URL]... If I test it out using this line: ssh -v -v -v -o PreferredAuthentications=publickey server.example.org
I get this: debug3: no such identity: /home/Julie/.ssh/identity debug1: Offering public key: /home/Julie/.ssh/id_rsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug3: Wrote 368 bytes for a total of 1477
I'm trying to restrict command line ssh and yet keep NoMachine working, so I followed this post [URL]... and tried adding this to /etc/ssh/sshd_config:
On restarting the ssh daemon other users can't login by the terminal, but I can. However, NoMachine won't log me in. I get: NX> 502 ERROR: Public key authentication failed. As a server side check:
I did create an rsa certificate with ssh-keygen using my root account on a client: ssh-keygen -t rsa -b 2048 no passphrase I did copy the rsa pub_key from my client to the server scp id_rsa sampleuser@sampleserver:/home/sampleuser/.ssh/authorized_keys
I did change the ownership to the "sampleuser" of the pub key file on the server: I trayd to connect: ssh sampleuser@sapleserver
I get that: permission denied (public key)... I know I do smth wrong but I don't know what.
After having problems with lxde crashing while running Jessie, and re-installing Wheezy, I am not able to mount my WinXP drive. In the past I was able to run pcmanfm and mount the drive from there. It would ask for my root password and then would mount the drive. Now, however, when I click on the drive icon it gives me an error message saying authentication required.
One thing is that when I installed Wheezy I had the WinXP drive disconnected so as to not inadvertently install Wheezy on the wrong drive (I have two identical drives). After installing I connected the WinXP drive and then did a grub update. I can boot either drive, as expected, but I can not mount the WinXP drive from pcmanfm. Do I need to change the Policykit?
I added my linux server to a windows AD using winbind / samba. Everything worked just fine. After changing the OS to Debian lenny x64 I get a "segmentation fault" when trying to change user passwords. I am using the exact same configuration, on my 32 bit Server everything works.
debian:~# passwd <user> sgmentation fault tail /var/log/syslog: kernel: [689689.005934] passwd[11209]: segfault at 0 ip b7b84418 sp bfc37fc0 error 4 in pam_winbind.so[b7b7e000+b000] Debian Lenny 5.0
