Ubuntu Servers :: Postfix And Prevent Clients To Connect To Port 25 Without Authentication?
Jan 29, 2011
I'm a NOOB setting up Postfix but managed quite well by following the Ubuntu Server guide. I have managed to set it up using SSL but testing a mail client like thunderbird I can also connect to port 25 using no authentication. Connecting using SSL on port 465 by editing "master.cf" file works but 25 i still open.
1. How do I prevent clients to connect to port 25 without authentication?
2. I guess I have to have port 25 open in order to receive mail from the outside world?
On Ubuntu server 10.10, with a relay smtp server with authentication via postfix; I keep getting 535: Incorrect authentication data. I'm sure my username and password is correct. Heres how I set up postfix: I created a file called smarthosts.conf in my /etc/postfix/ directory that contains the following:
my server uses plain text authentication on port 25. I would like to use security like SSL, but this particular server is unsecured.
I would like to know whether ldap can be used to authenticate wireless clients with my server.server and clients are connected to a wireless router and i am able to get wireless adapter work in my ubuntu. Is there any anything extra which is required or the openldap server will work for wireless clients?
I have a problem with my VPS not being able to send any emails to Yahoo! addresses. Each time someone with a mail account tries to send something to a Yahoo! address, the email stays stuck in the mail queue and a 'delayed mail (still trying)' message is sent back to the user. I understand that Yahoo! has a tendency to block mail servers on a whim, but what I'd like to know is, how can I prevent Postfix from specifically retrying to send emails to Yahoo! mail servers? I don't want to stop retries to other mail servers.
configuring my postfix server to send mail over smtps port 465. My ISP (as is the case with many ISPs), is blocking outbound SMTP, so I need to configure postfix to relay my mail out through my ISPs SMTP servers.
I was able to get it to work with gmail, which uses port 587, by using SASL: [URL] but that configuration is less than ideal as gmail drops the "reply to" address so when people receive my email, it looks like it's from gmail instead of from my server.
If I use my ISP SMTP servers as a relay the "reply to" address is not stripped, but the relay uses ssl over port 465 instead of TLS. According to the SASL readme:
Postfix does not deliver mail via TCP port 465 (the obsolete "wrappermode" protocol). See TLS_README for a solution that uses the "stunnel" command.
I've looked at the TLS_README and can't figure out what I need to do. how to configure this?
I have been faithfully following the postfix/sasl/etc install docs from [URL] and seem to have hit a minor snag with SASL authentication for SMTP. KMail cryptically leaves me with a generic auth fail notice and tailing the mail logs gives me
make install then i got this error: postfix: fatal: chdir(/usr/libexec/postfix): No such file or directory make: *** [install] Error 1 I don't understand why it's checking the usr/libexec folder for the daemons although I've set the folder to /opt/product/postfix-2.6.5/libexec in the makefile. Here is also the cat of my makedefs.out:
so i set out to change the default smtp port the server uses because my ISP blocks port 25 and i need the email to work in outlook. this morning i could receive email, but not send it. so i did some research and thought that i needed to edit the master.cf file in /etc/postfix/ by commenting out this line: smtp inet n - n - - smtpd -oand replace it with587 inet n - n - - smtpd (587 being the port i want to use)somewhere along the lines postfix server stopped running and now i cannot get it to start.if i try using SSH it crashes immediately and if i restart it in simple control panel nothing happens
I installed FC10, and configured everything to work with my static IP address [URL]. As far as email goes everything works except for the php script on my website. This script worked fine on my previous install, and it appears to actually submit the email as shown in the maillog:
Aug 12 14:21:02 myhome postfix/pickup: 37406BFDD9: uid=48 from=<apache> Aug 12 14:21:02 myhome postfix/cleanup: 37406BFDD9: message-id=<20090812192102.37406BFDD9@www.myhome.com>
I also created the following php script to test
<? (mail ("test@myhome","Test message","this is a test")) ?>
And I was able to send successfully with this script with the only difference being it was sent by root rather than apache. This leads me to believe it's some sort of rights issue with the apache user. I wouldn't be surprised is SELinux was behind it all. I spent days and days after installing wordpress trying to get it to connect to mysql, and that turned out to be a SELinux issue.
when i fisrt signed up for this forums i accidently posted this same topic in the first place i found apropriate(network/wirless) and i just realised i didn't look hard enough so i marked my old post as solved, please admin delete that one. ubuntu server 10.04 LTS running ubuntu desktop on top(for my lack of skill)ok nitty-gritty. i have been learning to use linux for a few months now and i like it but i cannot access my server through WAN on any ports, yes i have them all open and enabled and associated on my router properly. i even tryed turning off firewall on here and i have tryed a list of misc. things. is there something i am not doing that one might initialy do when first starting an ubuntu server?
I'm trying to utilize my company's IT orginazation's LDAP service (running on some sort of windows) for authenticating users on an Ubuntu box.Another group has done something similar for CENTOS; I've used their ldap.conf as a reference as well as ap-server.html (LDAP Authentication section)I can't get it to work. When I try to connect as my corporate user I see this in auth.log:
Code: Jan 14 14:32:24 Algalon sshd: nss_ldap: could not connect to any LDAP server as cn=ldapquery2,cn=Users,dc=<companyname>,dc=com - Can't contact LDAP server
I have an issue where postfix is setup to use dovecot auth and as far as I know it works, if i login using telnet to the mail server i can authorize myself y providing the base64 encoded user & password. so if i can login, why cant my email clients. have tried thunderbird and evolution. this is the mail.log relavant entries for sucessful login via telnet
Login by pop or imap works flawlessly that what i dont get. From what i see it SHOULD be working. It it changes things, im using postfixadmin, postfix, dovecot. passwords and info stored in mysql tables. passwords are md5 encrypted. I thought that may be the issue, but that dosnt make sence.
I have been able to accomplish my goal of creating an AD-like authentication using LDAP,SAMBA and LAM. From what I have seen you can have this type of setup but it doesn't allow the passing of group policies to the desktops of the users.
I'm working on configuring a mail server on Ubuntu 8.04 using Postfix 2.5.1 and Courier 0.59.0. I don't want to have to open up specific networks for SMTP relaying, so I want my server to require authenticated SMTP sessions. I'm just confused on how to do this. Here's my main.cf file from Postfix:
It seems like getting this enabled is way more complicated than I expected, assuming I'm not on the wrong path.
Ok, here goes, I have a rdp server sitting at a remote store which is behind a router I do not control.
I might be able to get the phone company to add routing to it but at the moment I'd like to do this with ssh and reverse port routing, because I might need this for other ports later and I never know if the phone company wont break other routings already in place or just screw up the entire thing .
I am able to have a linux box at the site ssh into a server located where I'm at and reverse port forward port 3389 to that server. I can also then ssh into that server from my linux box and port forward 3389 to my box, under another port since my 3389 is already in use. Finally I can use rdesktop to rdp on the my local box which bounces it through the server and back to the linux box which forwards it to the rdp server (A Windows 2008 server to be exact). This is all well and good and works reasonably fast, but, I need to be able to have users on windows boxes at my site do this without all of the rigmarole. I need to, I guess, redirect a normal open port, or create one, on the server where I am so that it connects internally to the reverse forwarded port or open the internal port to the outside. So I guess I need to make it a 'gateway' for that one port, this way all I have to do is point the rdp clients at the main server and port to have it eventually connect to the rdp server in the remote store.
how to go about doing it. I guess I need an iptables entry forwarding the port but I'm not sure what is should be.
The other option is opening up the port 3389 to the outside but I'm not sure how to do that either. Right now I have no iptables entries at all but even if I turn off iptables completely port 3389 is not available if I try to use it from another pc on the network but I can rdp from the server itself using the 3389 port so I know it's working internally.
we are using linux email server axigen past few years. we keep port open ssh and pop,smtp webmail etc. ssh use for remote trouble shooting. so through firewall it is globally accessable. we notice many attacks coming to our machine, also some people try to enter in our system but failure. as example see below a log come in messages file
Mar 17 09:19:50 sa1 sshd(pam_unix): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=126.96.36.199 user=root how we can secure more. as per my understanding only good long strong password can stop to prevent from attacks.
I just upgraded my Ubuntu 8.04 server to 10.04 and now I cannot receive mail on my Ubuntu 10.04 Evolution client, although I can send mail. No errors appear in auth.log or mail.log when I attempt to log in from my Evolution client, in fact mail.log shows 'pop3d-ssl: connection' from my laptop IP, followed by 'pop3d: Disconnected' when the log-in attempts fail.
I'm able to ssh into the server using the same log-on and password as before the upgrade, however I haven't changed the public or private keys in my .ssh directory. I updated the ssl keys in /etc/postfix/ssl but wasn't able to receive mail before or after the update.
The error in the client reads: 'Unable to connect to POP server mail.mydomain.com, error sending username'
I ran this test and the output appears to be related:
Is the pop3 server not running TLS? /etc/postfix/main.cf says it should, and I get no errors restarting / reloading postfix.
I am receiving messages in /home/user/Maildir, but I cannot download them.
I checked for supported authentication types in my Evolution client - 'Password' is the only one supported, as was true before. The client is not using any certificates.
The output of openssl s_client -tls1 -connect 127.0.0.1:995 shows 'certificate has expired' on the 'Verify return code' entry, not sure if that's significant.
What's different about incoming versus outgoing mail authentication?
I have postfix installed on my computer to let scripts send email. I want to use my isp as the smtp server. In /etc/postfix/main.cf I have told postfix to use gmail as my smtp server using "relayhost = outgoing.verizon.net". However, when I send an email, it gets returned. The full email is included below (my server's address has been replaced with ***.com).
I believe that I need to authenticate to [URL]... from postfix, but I am not sure how to add these directives to the config file.
I am merely trying to change the port for my ssh server.However it isn't changing.I edited my ssh_config file to:
# This is the ssh client system-wide configuration file. See # ssh_config(5) for more information. This file provides defaults for[code]...
When i try to connect to my server via port 443 i get a connection refused error. However when i try to connect via port 22 it connects. Since that didn't work, i tried restarting the entire server.To restate, i changed the config file and restarted ssh then the computer, however the port didn't change.Ohh and yes my router is set to port forwarding on port 443, though it doesn't matter since I'm inside the network.
I'm using postfix with unix accounts for a while now and I just realized today that SASL authentication, instead of working only with the USERNAME, it also works if the username is followed by ANYDOMAIN.COM
So, let's say I have the following UNIX users: tim, mike, john. If I set the Outgoing Username:[URL]..(where whatever.com can be any name you can think of) IT WORKS, even though it shouldn't, it should only work with tim, mike and john without any domain name. Does anyone know what might cause this and what's the workaround to this problem?
When I send an email via TLS I see the following log entries.
Code: Oct 14 11:53:06 ns2 postfix/smtpd: connect from unknown[172.16.1.159] Oct 14 11:53:06 ns2 postfix/smtpd: setting up TLS connection from unknown[172.16.1.159] [Code]....
What I'm really curious about is there is an intial TLS connection with a 256 bit cipher, but then.. The last entry states "sasl_method=PLAIN" - so surely this is not encrypted? Or am I misunderstanding how it works?
I am re setting up a server of mine running red hat enterprise Linux server 6 and I had all of this working befor but for some reason I had troubles getting sasl to work and now when I login my smtp server I get an error stating that my username or password is incorrect though I am sure I am entering both correctly. Would anyone know what could be happening? I have been spending days on the web looking for the solution and only went from sasl not working when started as a service to this. For some reason I can't use Pam with saslauthd and had to use shadow instead of which from what I hear I get to use better methods of secure authentication with smtp
I'm presently writing software to keep my system time from drifting, it uses an external clock device.To verify it's accuracy I'm running ntpd as a server, and have another server monior the first as a client. This allows me to compare the offset with other 'valid' time servers.The problem is that the monitoring client keeps synchronising with my development server. How can I configure either the dev. server or the client so that it's time won't be selected as a good time source?The ntp.conf on the dev. server looks like:
Code: server 127.127.1.0 # local clock fudge 127.127.1.0 stratum 10
I followed this How To (https://help.ubuntu.com/community/Postfix) in order to add smtp authentication to my Postfix installation used as spam filter for my exhange server, and it'seem all ok; the only thing that I don't understand is where I list all the users (with passwords) that I authorize to send mail through my server...
I was asked to setup 802.1x Port Based Authentication for users connecting to a Managed Cisco Switch. From what I was told, it should work like this: - User plugs workstation into switch. - Workstation asks user for radius credentials. - Workstation is then able to authenticate to the Radius server. - After workstation is authenticated, the switchport then becomes unrestricted and allows the workstation to communicate on the network.