I'm trying to setup a mail server(on a virtual machine - ubuntu 14.04) with postfix, dovecot, mysql and postfixadmin.
The problem is that if a do a telnet to my host I can send emails without be authenticated.
Code:
telnet my_domain.com 25
Trying 192.168.1.23...
Connected to my_domain.com.
Escape character is '^]'.
220 my_domain.my_domain.com ESMTP Postfix (Ubuntu)
ehlo my_domain.com
250-my_domain.my_domain.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from: user@my_domain.com
250 2.1.0 Ok
rcpt to: user@my_domain.com
250 2.1.5 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
test
.
250 2.0.0 Ok: queued as 0D48F42C15
quit
221 2.0.0 Bye
Connection closed by foreign host.
My configuration files:
1)/etc/postfix/main.cf
Code:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
body_checks = pcre:/etc/postfix/body_checks.pcre
broken_sasl_auth_clients = yes
config_directory = /etc/postfixauthenticated
header_checks = regexp:/etc/postfix/header_checks
home_mailbox = Maildir/
inet_interfaces = all
inet_protocols = all
local_transport = virtual
mailbox_command =
mailbox_size_limit = 0
mydestination = localhost
myhostname = my_domain.my_domain.com
mynetworks = 127.0.0.0/8
myorigin = /etc/hostname
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,permit_sasl_authenticated,check_helo_access pcre:/etc/postfix/helo_access.pcre
smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/sender_checks, check_client_access cidr:/etc/postfix/blacklist_cidr,check_client_access hash:/etc/postfix/blacklist,reject_unknown_recipient_domain,reject_non_fqdn_recipient, reject_unlisted_recipient,permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = no
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = reject_unknown_sender_domain,reject_non_fqdn_sender,reject_unlisted_sender,reject_sender_login_mismatch,permit_sasl_authenticated,permit_mynetworks,check_sender_access pcre:/etc/postfix/sender_access.pcre
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = no
virtual_alias_maps = proxy:mysql:/etc/postfix/virtual_alias_maps.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /home/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/virtual_mailbox_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/virtual_mailbox_maps.cf
virtual_minimum_uid = 5000
virtual_transport = virtual
virtual_uid_maps = static:5000
2)dovecot -n
Code:
# 2.2.9: /etc/dovecot/dovecot.conf
# OS: Linux 3.13.0-32-generic i686 Ubuntu 14.04.1 LTS ext4
auth_debug = yes
auth_debug_passwords = yes
auth_default_realm = my_domain.com
auth_mechanisms = PLAIN LOGIN
auth_verbose = yes
auth_verbose_passwords = sha1
debug_log_path = /var/log/dovecot.log
disable_plaintext_auth = no
first_valid_gid = 5000
last_valid_gid = 5000
log_path = /var/log/dovecot.log
mail_gid = vmail
mail_location = maildir:/home/vmail/%d/%n
mail_uid = vmail
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
protocols = " imap pop3"
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
unix_listener auth-master {
group = vmail
mode = 0666
user = vmail
}
unix_listener auth-userdb {
group = vmail
mode = 0660
user = vmail
}
}
service imap-login {
inet_listener imap {
port = 143
}
}
service pop3-login {
inet_listener pop3 {
port = 110
}
}
ssl_cert = </etc/dovecot/dovecot.pem
ssl_key = </etc/dovecot/private/dovecot.pem
userdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
3) I added these lines in /etc/postfix/master.cf
Code:
submission inet n - n - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
4) /etc/dovecot/dovecot-sql.conf.ext
Code:
driver = mysql
connect = host=localhost dbname=mail user=mailuser password=pass
default_pass_scheme = SHA512-CRYPT
user_query = SELECT '/home/vmail/%d/%n' as home, 'maildir:/home/vmail/%d/%n' as mail, 5000 AS uid, 5000 as gid, concat('dirsize:storage=', quota) AS quota FROM mailbox WHERE username = '%u' AND active = '1'
password_query = SELECT username as user, password, '/home/vmail/%d/%n' as userdb_home, 'maildir:/home/vmail/%d/%n' as userdb_mail, 5000 AS userdb_uid, 5000 as userdb_gid FROM mailbox WHERE username = '%u' AND active = '1'
5) /etc/postfix/virtual_alias_maps.cf
Code:
user = mailuser
password = pass
hosts = localhost
dbname = mail
table = alias
select_field = goto
where_field = address
6) /etc/postfix/virtual_mailbox_domains.cf
Code:
user = mailuser
password = pass
hosts = localhost
dbname = mail
table = domain
select_field = domain
where_field = domain
7) /etc/postfix/virtual_mailbox_maps.cf
Code:
user = mailuser
password = pass
hosts = localhost
dbname = mail
table = mailbox
select_field = maildir
where_field = username
8) /etc/postfix/mysql_virtual_mailbox_domainaliases_maps.cf
Code:
user = mailuser
password = pass
hosts = 127.0.0.1
dbname = mail
query = SELECT maildir FROM mailbox, alias_domain
WHERE alias_domain.alias_domain = '%d'
AND mailbox.username=concat('%u', '@', alias_domain.target_domain )
AND mailbox.active = 1
9) /etc/postfix/mysql_virtual_alias_domainaliases_maps.cf
Code:
user = mailuser
password = pass
hosts = 127.0.0.1
dbname = mail
query = SELECT goto FROM alias,alias_domain
WHERE alias_domain.alias_domain = '%d'
AND alias.address=concat('%u', '@', alias_domain.target_domain)
AND alias.active = 1
And I don't find any errors on my logs
P.S. I tried an AUTH LOGIN in my telnet session with user and password..and
it worked.