open relay problem detected by DSBL, how to disabile sasl_username=test

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

open relay problem detected by DSBL, how to disabile sasl_username=test

nik600 hotmail
Hi to all

i'm experiencing a problem:
i've got a postfix installation (postfix-2.5.1) integrated with mysql

i've noticed that the server of DSBL has sent the email using
sasl_username=test authentication, how can i disable it?

Thanks



--
/*************/
nik600
https://sourceforge.net/projects/ccmanager
https://sourceforge.net/projects/reportmaker
https://sourceforge.net/projects/nikstresser
Reply | Threaded
Open this post in threaded view
|

Re: open relay problem detected by DSBL, how to disabile sasl_username=test

mouss-2
nik600 wrote:
> Hi to all
>
> i'm experiencing a problem:
> i've got a postfix installation (postfix-2.5.1) integrated with mysql
>
> i've noticed that the server of DSBL has sent the email using
> sasl_username=test authentication, how can i disable it?
>  

Please show
- relevant logs
- 'postconf -n'



Reply | Threaded
Open this post in threaded view
|

Re: open relay problem detected by DSBL, how to disabile sasl_username=test

nik600 hotmail
On Sat, May 3, 2008 at 5:02 PM, mouss <[hidden email]> wrote:

> nik600 wrote:
>
> > Hi to all
> >
> > i'm experiencing a problem:
> > i've got a postfix installation (postfix-2.5.1) integrated with mysql
> >
> > i've noticed that the server of DSBL has sent the email using
> > sasl_username=test authentication, how can i disable it?
> >
> >
>
>  Please show
>  - relevant logs
>  - 'postconf -n'
>
>
>
>

May  2 16:38:30 kumbemail postfix/smtpd[10785]: 30C544D0F75:
client=noc.saveho.com[84.96.74.10], sasl_method=LOGIN,
sasl_username=test
May  2 16:38:30 kumbemail postfix/cleanup[21381]: 30C544D0F75:
message-id=<l3uX/[hidden email]>
May  2 16:38:30 kumbemail postfix/qmgr[22696]: 30C544D0F75:
from=<[hidden email]>, size=1003, nrcpt=1 (queue active)
May  2 16:38:30 kumbemail postfix/smtpd[10785]: disconnect from
noc.saveho.com[84.96.74.10]
May  2 16:38:30 kumbemail spamd[12817]: spamd: connection from
localhost [127.0.0.1] at port 54237
May  2 16:38:30 kumbemail spamd[12817]: spamd: processing message
<l3uX/[hidden email]> for
[hidden email]:99
May  2 16:38:30 kumbemail postfix/smtpd[8674]: connect from
noc.saveho.com[84.96.74.10]
May  2 16:38:30 kumbemail postfix/smtpd[8674]: warning: SASL
authentication failure: Couldn't find mech NTLM
May  2 16:38:30 kumbemail postfix/smtpd[8674]: warning:
noc.saveho.com[84.96.74.10]: SASL NTLM authentication failed: no
mechanism available
May  2 16:38:30 kumbemail postfix/smtpd[8674]: disconnect from
noc.saveho.com[84.96.74.10]
May  2 16:38:30 kumbemail spamd[12817]: auto-whitelist: open of
auto-whitelist file failed: locker: safe_lock: cannot create tmp
lockfile //.spamassassin/auto-whitelist.lock.kumbemail.kumbe.it.12817
for //.spamassassin/auto-whitelist.lock: No such file or directory
May  2 16:38:30 kumbemail spamd[12817]: spamd: clean message
(-1.4/5.0) for [hidden email]:99 in 0.2 seconds, 1020 bytes.
May  2 16:38:30 kumbemail spamd[12817]: spamd: result: . -1 -
ALL_TRUSTED scantime=0.2,size=1020,user=[hidden email],uid=99,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=54237,mid=<l3uX/[hidden email]>,autolearn=failed
May  2 16:38:30 kumbemail spamd[1983]: prefork: child states: II
May  2 16:38:30 kumbemail postfix/pickup[11220]: 9D27F4D10EE: uid=1001
from=<[hidden email]>
May  2 16:38:30 kumbemail postfix/cleanup[16784]: 9D27F4D10EE:
message-id=<l3uX/[hidden email]>
May  2 16:38:30 kumbemail postfix/pipe[16852]: 30C544D0F75:
to=<[hidden email]>, relay=filter, delay=0.47,
delays=0.13/0/0/0.34, dsn=2.0.0, status=sent (delivered via filter
service)
May  2 16:38:30 kumbemail postfix/qmgr[22696]: 30C544D0F75: removed
May  2 16:38:30 kumbemail postfix/qmgr[22696]: 9D27F4D10EE:
from=<[hidden email]>, size=1311, nrcpt=1 (queue active)

root@kumbemail:/var/log# postconf -n
alias_database = hash:/etc/mail/aliases
alias_maps = hash:/etc/mail/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
html_directory = no
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
message_size_limit = 100240000
mydestination = $transport_maps
mydomain = kumbe.it
myhostname = kumbemail.kumbe.it
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = no
relay_domains =
proxy:mysql:/etc/postfix/mysql_relay_domains_maps.cf,hash:/etc/postfix/relay
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtp_host_lookup = native,dns
smtpd_recipient_restrictions =
permit_mynetworks,permit_sasl_authenticated,check_sender_access
hash:/etc/postfix/whitelist/whitelist_reject_non_fqdn_sender,reject_non_fqdn_sender,reject_non_fqdn_sender,reject_unauth_destination,reject_unauth_pipelining
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_path = sasl2/smtpd
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = cyrus
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:102
virtual_mailbox_base = /var/spool/postfix/vmail
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 100240000
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 1000
virtual_transport = virtual
virtual_uid_maps = static:1000

thanks for your help

--
/*************/
nik600
https://sourceforge.net/projects/ccmanager
https://sourceforge.net/projects/reportmaker
https://sourceforge.net/projects/nikstresser
Reply | Threaded
Open this post in threaded view
|

Re: open relay problem detected by DSBL, how to disabile sasl_username=test

nik600 hotmail
infact, i've tried and if i use

username test
password test

i can send email.. but these username isn't present in my mysql table.

Do you know if there is some default users?

thanks

--
/*************/
nik600
https://sourceforge.net/projects/ccmanager
https://sourceforge.net/projects/reportmaker
https://sourceforge.net/projects/nikstresser
Reply | Threaded
Open this post in threaded view
|

Re: open relay problem detected by DSBL, how to disabile sasl_username=test

/dev/rob0
On Sat May 3 2008 11:10:56 nik600 wrote:
> infact, i've tried and if i use
>
> username test
> password test
>
> i can send email.. but these username isn't present in my mysql
> table.

You appear to have a valid user "test" with password "test".  You need
to fix that in your Cyrus SASL backend.

$ telnet kumbemail.kumbe.it 25
Trying 84.18.157.49...
Connected to kumbemail.kumbe.it.
Escape character is '^]'.
220 kumbemail.kumbe.it ESMTP Postfix
EHLO hostname.example.net
250-kumbemail.kumbe.it
250-SIZE 100240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH PLAIN dXNlcgB1c2VyAHRlc3Q=
535 5.7.8 Error: authentication failed: authentication failure
AUTH PLAIN dGVzdAB0ZXN0AHRlc3Q=
235 2.7.0 Authentication successful
quit
221 2.0.0 Bye
Connection closed by foreign host.

The failed auth is username "user" and password "test". The successful
auth was username "test" and password "test".

This is an exploitable weakness! I strongly suggest that you disable
AUTH until you find and fix the Cyrus SASL issue.

> Do you know if there is some default users?

AUTH credentials are passed through Postfix smtpd(8) to the specified
SASL implementation. If you didn't configure Cyrus SASL to use your
mysql for validation of credentials, then it's probably not doing so.
--
    Offlist mail to this address is discarded unless
    "/dev/rob0" or "not-spam" is in Subject: header
Reply | Threaded
Open this post in threaded view
|

Re: open relay problem detected by DSBL, how to disabile sasl_username=test

nik600 hotmail
In reply to this post by nik600 hotmail
ok, i've resolved...

on my default domani there was a test@domain user :@ with password: test.

GRRRRRRRRRRR

Thanks to all.

--
/*************/
nik600
https://sourceforge.net/projects/ccmanager
https://sourceforge.net/projects/reportmaker
https://sourceforge.net/projects/nikstresser
Reply | Threaded
Open this post in threaded view
|

Re: open relay problem detected by DSBL, how to disabile sasl_username=test

mouss-2
nik600 wrote:
> ok, i've resolved...
>
> on my default domani there was a test@domain user :@ with password: test.
>
> GRRRRRRRRRRR
>  

Lesson 1: never use trivial passwords even for test accounts.

now check all your login:password for possible weaknesses.

Also consider enforcing TLS so that passwords aren't sent in the clear
over the network (this way, you can use PLAIN and LOGIN which are
supported by most MUAs, and are easier to setup than challenge based
authentication methods).

Reply | Threaded
Open this post in threaded view
|

Re: open relay problem detected by DSBL, how to disabile sasl_username=test

Arturo 'Buanzo' Busleiman
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

mouss wrote:
| Lesson 1: never use trivial passwords even for test accounts.
|
| now check all your login:password for possible weaknesses.

There are many tools for such testing (John The Ripper, PAM-based "strength" testing, etc). Check
out sourceforge.net, freshmeat.net and google for more details.

- --
Arturo "Buanzo" Busleiman
Reliable inter-continental Mail Relay Service - Ask me!
Independent Security Consultant - SANS - OISSG
http://www.buanzo.com.ar/pro/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIHMtsAlpOsGhXcE0RCmxQAJ9Cqythwlz8Ao85US1p5CZe0l4cSACfeM1+
ghgZcSQoJpMJq7pB9KHRvaE=
=YhM1
-----END PGP SIGNATURE-----