I have a CentOS7 server that will be deployed to a customer site. I want to get alerts via emails when something goes wrong on the server.
I have an office365 account so I am thinking whether I can use it as a SMTP relay server. (Forgive me here if my words don't make sense since I have very limited knowledge about SMTP and email related technology).
My first question is, do I need to do anything special with the office365 account? I am using smtp.office365.com:587 as the SMTP relay host.
Here is my postfix main.cf config:
relayhost = [smtp.office365.com]:587
smtp_always_send_ehlo = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_generic_maps = hash:/etc/postfix/generic
smtp_tls_security_level = may
smtp_sasl_security_options = noanonymous
Here is my "generic" and "sasl_passwd" file look like. I also used the "postmap" to generate the .db file
/.*/ <o365 email>
root#server.difan.local <o365 email>
root#localdomain <o365 email>
#localdomain <o365 email>
[smtp.office365.com]:587 <o365 email>:<o365 password>
This is the command I used to test it
echo "This is the body of the email" | mail -s "This is the subject line" difan.zhao#outlook.com
Here is what I see in /var/log/maillog
Mar 26 10:46:00 server postfix/pickup[1921]: 5DC594087202: uid=0 from=<root>
Mar 26 10:46:00 server postfix/cleanup[2495]: 5DC594087202: message-id=<20170326164600.5DC594087202#server.difan.local>
Mar 26 10:46:00 server postfix/qmgr[1922]: 5DC594087202: from=<root#server.difan.local>, size=486, nrcpt=1 (queue active)
Mar 26 10:46:00 server postfix/smtp[2497]: warning: SASL authentication failure: No worthy mechs found
Mar 26 10:46:00 server postfix/smtp[2497]: 5DC594087202: SASL authentication failed; cannot authenticate to server smtp.office365.com[40.97.128.34]: no mechanism available
... <last two messages repeated 4 times>
Mar 26 10:46:02 server postfix/smtp[2497]: 5DC594087202: to=<difan.zhao#outlook.com>, relay=smtp.office365.com[40.97.142.194]:587, delay=2.2, delays=0.02/0/2.2/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.office365.com[40.97.142.194]: no mechanism available)
Where did I do wrong here? Thanks!
Firstly change your generic files to:
/.*/ email#domain.com
Secondly verify your generic and sasl permissions:
set the owner and permissions.
sudo postmap hash:/etc/postfix/generic
sudo chown root:root /etc/postfix/generic /etc/postfix/generic.db
sudo chmod 644 /etc/postfix/generic /etc/postfix/generic.db
Same to sasl_passwd and db file.
On new versions of Ubuntu/Debian you need install this package: libsasl2-modules
apt install libsasl2-modules
And then reload postfix
systemctl reload postfix
I had to install these... Not sure what they are but they worked!
yum install cyrus-sasl cyrus-sasl-lib cyrus-sasl-plain
Related
I'm having a strange problem. I followed few guides from the net. My goal is to create a SMTP postfix that will use Cyrus SASL to authenticate users upon sending email with different imap server.
Making all more simple: have to transfer/replace current smtp server with new one as current is on public cloud and gets on black lists pretty often.
What I managed so far is:
Working Postfix
Authentication working when using :
testsaslauthd -u user#domain.com -p password
I'm getting Ok "Success" so I assume sasl itself work.
When I invoke saslfinger -s
I'm getting:
There is no smtpd.conf that defines what SASL should do for Postfix.
SMTP AUTH can't work!
but it seems that all is fine within the configuration files:
/etc/postfix/sasls/smtp.conf:
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
/etc/postfix/main.cf:
smtpd_recipient_restrictions = reject_invalid_hostname,
permit permit_mynetworks,
permit_sasl_authenticated
disable_vrfy_command = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
/etc/default/saslauthd-postfix:
START=yes
MECHANISMS="rimap"
MECH_OPTIONS="domain.com -r"
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"
I'm running postfix chroot'ed so had to create a symlink but like I said. It all seems to work independently, just need to be linked somehow.
When I try to setup account in outlook, I got wrong name or password.
The log on Debian says:
May 11 23:35:43 smtp-test postfix/smtpd[741]: warning: unknown[192.168.108.1]: SASL NTLM authentication failed: authentication failure
May 11 23:35:43 smtp-test postfix/smtpd[741]: warning: SASL authentication failure: unable to canonify user and get auxprops
May 11 23:35:43 smtp-test postfix/smtpd[741]: warning: unknown[192.168.108.1]: SASL DIGEST-MD5 authentication failed: authentication failure
May 11 23:35:43 smtp-test postfix/smtpd[741]: warning: unknown[192.168.108.1]: SASL LOGIN authentication failed: authentication failure
May 11 23:35:43 smtp-test postfix/smtpd[741]: lost connection after AUTH from unknown[192.168.108.1]
May 11 23:35:43 smtp-test postfix/smtpd[741]: disconnect from unknown[192.168.108.1]
Strange thing is it tries NTLM(not mentioned anywhere) instead of RIMAP. And cannot make canonical name of user even after adding -r switch that should combine name and realm/domain name.
I guess that is related to first warning from saslfinger but cannot find the cause.
All updated to newest available versions.
Any help?
I was following this guide to setup an LDAP server on CentOS 6.6: http://www.learnitguide.net/2016/01/configure-openldap-server-on-rhel7.html. I know the guide is for RHEL, but I think the vast majority of steps should be the same. I went through the tutorial and everything seems to work right except for sshing into the server as an LDAP user. As root I am able to su to any LDAP user. getent passwd username returns appropriate results. But every time I try to ssh in as a user I get permission denied and these messages show up in /var/log/secure:
Aug 8 22:13:14 servername sshd[5900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=rhostname user=username
Aug 8 22:13:14 servername sshd[5900]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=rhostname user=username
Aug 8 22:13:14 servername sshd[5900]: pam_sss(sshd:auth): received for user username: 6 (Permission denied)
Aug 8 22:13:17 servername sshd[5900]: Failed password for username from rhostIPaddress port 34758 ssh2
I was hoping maybe someone may know of a step that guide left out that would cause this behavior. Thanks.
Turns out the self signed certificate I was using needed to have the IP address as the common name as opposed to the FQDN, not sure why that is but it's working now.
Information that can help others.
In my case this message was a time difference problem between the FreeIPA server and the clients. The command systemctl status sssd -l presented the message (skew clock too great).
This message from the Kerberos authentication server appears if the difference hour in servers is too large (more than three or four minutes).
OS: Ubuntu Server
Long time user and first time poster on stack-overflow but I'm a bit stumped.
A few months ago I bought and set up a virtual machine running CentOS 6 so that I could host a few websites and a mail server for myself and a few clients. I set the entire thing up myself from the Unix knowledge I already had, including the mail server - which was at the time something I had never done before.
The mail server is working as intended, dovecot enforces IMAP logins and everything was running smoothly, until recently when I noticed one of the domains has been sending mail from un-registered users.
To give you an extract from the log at /var/log/maillog
s18646572 postfix/qmgr[3763]: 45A9520F2DF8A: from=<daisy_gibson#friendsdomain.uk>, size=1321, nrcpt=1 (queue active)
s18646572 postfix/qmgr[3763]: A98FC20F2D350: from=<regina_reeves#friendsdomain.uk>, size=1420, nrcpt=1 (queue active)
s18646572 postfix/qmgr[3763]: E45E820F2DD3A: from=<robyn_holland#friendsdomain.uk>, size=1334, nrcpt=1 (queue active)
s18646572 postfix/qmgr[3763]: AD06220F28246: from=<lorraine_murphy#friendsdomain.uk>, size=1393, nrcpt=1 (queue active)
s18646572 postfix/qmgr[3763]: DC00D1849D7CC: from=<kristine_gardner#friendsdomain.uk>, size=1401, nrcpt=1 (queue active)
s18646572 postfix/qmgr[3763]: 890EE20F28F2A: from=<mae_shaw#friendsdomain.uk>, size=1418, nrcpt=1 (queue active)
So from what I can gather somebody is using his domain "friendsdomain.uk" but also piggybacking on our SMTP server to send the mail, given that it's being deposited into our queue.
I found a tool online to help test SMTP relay and managed to configure some rules to prevent SMTP relays - at least through this tools. Users now need to be SASL authenticated in order to send mail.
However, the mail is still going out - postfix doesn't seem to be stopping the spam at all which leads me to believe that whoever is using the server is already authenticated. I've changed the passwords of all users but that doesn't seem to have halted the problem - and the logs don't indicate which user is being used to send the mail.
Extract of my postfix config below:
### SMTP Setup ###
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unauth_destination
broken_sasl_auth_clients = yes
smtpd_sender_login_maps = hash:/etc/postfix/sender_login_maps
smtpd_relay_restrictions = permit_sasl_authenticated, reject_unauth_destination
smtpd_sender_restrictions = permit_sasl_authenticated, reject_sender_login_mismatch, reject_unauthenticated_sender_login_mismatch, reject_unlisted_sender
I added the SMTP_sender restrictions following some other answers I found on the site - which seemingly prevented the relaying at least.
I paused the SMTP server and inspected a few of the mail items in the queue, extract below.
Subject: 1 New SnapF#ck AlertN=X-PHP-Originating-Script: 48:plugin.php(1959) : eval()'d codeN$
Date: Wed, 9 Dec 2015 22:02:26 +0000N5From: Kelly Fleming <kelly_fleming#friendsdomain.uk>N#Message-ID: <64b6713d232e7a4f88e85344aac5cc9c#friendsdomain.uk>N
X-Priority: 3w
0NCX-Mailer: PHPMailer 5.2.9 (https://github.com/PHPMailer/PHPMailer/)N
The headers indicate that whoever is doing this is using a PHP mailer
SO the problem still remains, people are sending spam using my SMTP server - I need a way to either user logins for the User logins, unless an account has been compromised in which case I need a way to find out which. I can't simply suspend the accounts as the genuine users still need access to their email - however now we're receiving so many hits that the TCP sockets are preventing other services from running.
Any advice would be greatly appreciated.
Thanks.
Solved the mystery (somewhat)
The mail was coming internally from one of our hosted sites. Either the site has been configured to use the SMTP with authentication or was not required to authenticate because it was on localhost.
The clue was in the sending error logs
Dec 10 11:35:15 s18646572 postfix/pickup[6439]: 9A7BA20F29112: uid=48 from=<sally_weaver#friendomain.uk>
The user id of the sender UID=48 indicated that it was a local user, and after checking the passwd file this was confirmed to be the apache user.
It is now evident that some part of the website hosted on frienddomain.uk is being exploited to send spam, and after suspending the website and restarting services the mail ceased.
The problem now is finding and removing the exploit, however if you wish you can disable the mail() function in your php.ini file.
I have munin v1.4.6 setup on Ubuntu Server 12.04 and configured correctly: the graphs display and munin logs show no errors. However, it keeps emailing the root user instead of my personal email. My /etc/munin/munin.conf has the following contact:
contact.joe.command mail -s "Munin notification" xxxx#gmail.com
When munin runs, I see the following in my /var/log/mail.log:
Aug 26 13:35:34 joe-computer postfix/local[15964]: 581812DFD: to=<root#joe-computer>, orig_to=<root>, relay=local, delay=0.06, delays=0.04/0.01/0/0.01, dsn=2.0.0, status=sent (delivered to command: procmail -a "$EXTENSION")
Can anyone help me figure out why it is not mailing "xxxx#gmail.com"?
I am getting SMTP Authentication Failure on the server and the mail is getting send via the server SMTP only...
It appears to be a server configuration or related problem, but I am not sure.
This is the debug details:
250-SIZE 52428800
250-8BITMIME
250-PIPELINING
250-AUTH PLAIN LOGIN
250-STARTTLS
250 HELP
Failed to authenticate password. Error: 535 Incorrect authentication data
from: 250 OK
to: 250 Accepted
data: 354 Enter message, ending with "." on a line by itself
250 OK id=1U8Pjp-0002As-FB
quit: 221 ************** closing connection
Your message has been successfully sent using the following protocol: smtp
While testing from my local system, this works and the email is being sent via sendgrid.me
Again, This may not be a SendGrid Problem, but if you have faced similar issue, Can you please tell me what is the problem here?
I am using CentOs and I have cPanel in the server. I believe we are using EXIM for mail server.
For anyone that comes across this in future and are using cpanel/whm, you need to 'disable' this option under 'SMTP Restrictions' in WHM.
I was able to resolve this.
The issue was my server was not allowing the use of external SMTP and using its own SMTP server. I changed the settings and now it works fine.
I am using centos 7 Finally it works!
I was getting this issue(tail -f /var/log/mailog):
to=<usmanali#example.com>, relay=smtp.sendgrid.net[169.45.113.201]:587, delay=0.3, delays=0.05/0.07/0.16/0.02, dsn=5.0.0, status=bounced (host smtp.sendgrid.net[169.45.113.201] said: 550 Unauthenticated senders not allowed (in reply to MAIL FROM command))
Then i changed file /etc/postfix/main.cf in this way that added following lines into end of file
mtpd_sasl_local_domain = $myhostname
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
mailbox_size_limit = 256000000
# Sendgrid Settings
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = static:apikey:SG.YOUR_SENDGRID_KEY
smtp_sasl_security_options = noanonymous
smtp_tls_security_level = may
header_size_limit = 4096000
relayhost = [smtp.sendgrid.net]:587
Then Installing postfix missing module dependency using:
sudo yum install cyrus-sasl cyrus-sasl-lib cyrus-sasl-plain
Then restarting postfix
sudo systemctl restart postfix.service