LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   Prevent spoofing from authenticated dovecot+postfix+sasl+postgre (http://www.linuxquestions.org/questions/linux-security-4/prevent-spoofing-from-authenticated-dovecot-postfix-sasl-postgre-734702/)

kiswono 06-22-2009 03:28 AM

Prevent spoofing from authenticated dovecot+postfix+sasl+postgre
 
just like this thread:
http://www.linuxquestions.org/questi...l-part-722506/

yay~ i had the same problem T_T
i currently run a postfix dovecot postgre with virtualdomain
sasl works fine, but it still allow user spoofing for local accounts

currently i'm using roundcube for webmail..

i've been seeking out this problem for about a month, would anyone care to help me? thank you in advance ^^


some of my configuration:

Code:

smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_security_options = noanonymous
smtpd_sasl_authenticated_header = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/dovecot-auth
smtpd_sasl_local_domain = $myhostname
virtual_alias_maps = pgsql:/etc/postfix/pg_alias.cf
smtpd_sender_login_maps = pgsql:/etc/postfix/pg_alias.cf
smtpd_sender_restrictions = reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, reject_sender_login_mismatch, permit_mynetworks, permit
alias_maps =  pgsql:/etc/postfix/pg_alias.cf
alias_database =
myorigin = /etc/mailname
mydestination = $myhostname, localhost, localhost.$myhostname, levicitus
mailbox_size_limit = 0
inet_interfaces = all
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4
local_recipient_maps =
mydomain = mydomain.net
myhostname = leviticus.mydomain.net


Here's the log:

Code:

Jun 22 14:41:34 leviticus dovecot: imap-login: Login: user=<kiz@mydomain.net>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
Jun 22 14:41:34 leviticus postfix/pickup[4755]: 9483A180082: uid=33 from=<cah@mydomain.net>
Jun 22 14:41:34 leviticus postfix/cleanup[4784]: 9483A180082: message-id=<c6ae10637b59507786eabc1f228cabf0@127.0.0.1>
Jun 22 14:41:34 leviticus dovecot: IMAP(kiz@mydomain.net): Disconnected: Logged out bytes=511/151
Jun 22 14:41:34 leviticus postfix/qmgr[4756]: 9483A180082: from=<cah@mydomain.net>, size=585, nrcpt=1 (queue active)
Jun 22 14:41:34 leviticus postfix/virtual[4792]: 9483A180082: to=<kiz@mydomain.net>, relay=virtual, delay=0.09, delays=0.06/0.02/0/0.01, dsn=2.0.0, status=sent (de
livered to maildir)
Jun 22 14:41:34 leviticus postfix/qmgr[4756]: 9483A180082: removed

so, i'm logged in as "kiz", but i send as "cah".. that's wrong because cah is not an alias of kiz..

kiswono 06-22-2009 08:12 PM

ow, it's working now..
i forgot to set client's auth to 'LOGIN', that's the problem ^^ thank you anyway (for anyone)

Code:

Jun 23 08:06:18 leviticus postfix/smtpd[21419]: connect from localhost[127.0.0.1]
Jun 23 08:06:18 leviticus postfix/smtpd[21419]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 553 5.7.1 <cah@mydomain.net>: Sender address rejected: not owned by user kiz@mydomain.net; from=<cah@mydomain.net> to=<kiz@mydomain.net> proto=ESMTP helo=<mydomain.net>
Jun 23 08:06:18 leviticus postfix/smtpd[21419]: disconnect from localhost[127.0.0.1]



All times are GMT -5. The time now is 01:07 AM.