10.8 Server Sending Spam, how to force authentication

thanks phillip,

so at least i know it's not an open relay, so either a user account has been compromised or the server is not correctly locked down to send only fully authenticated requests.

So now i just need someone to help me lock it down completely

Here is the result of that command with the domain etc taken out:

mail:postfix:smtpd_pw_server_security_options:_array_index:0 = "cram-md5"

mail:postfix:smtpd_pw_server_security_options:_array_index:1 = "digest-md5"

mail:postfix:smtpd_pw_server_security_options:_array_index:2 = "gssapi"

mail:postfix:spam_quarantine = "junk-quarantine@example.com"

mail:postfix:smtp_reject_list_enabled = no

mail:postfix:bayes_path = "/Library/Server/Mail/Data/scanner/amavis/.spamassassin/bayes"

mail:postfix:smtp_sasl_auth_enable = no

mail:postfix:whitelist_from = _empty_array

mail:postfix:submit_cred:<mydomain>:username = "submit"

mail:postfix:submit_cred:<mydomain>:password = "BJd3CcFFAVGpyMmgE7Jz3x"

mail:postfix:smtp_auth_relay_dict:smtp_auth_relay_userid = ""

mail:postfix:smtp_auth_relay_dict:smtp_auth_relay_pwd = ""

mail:postfix:smtp_auth_relay_dict:smtp_auth_relay_host = "000.000.000.000"

mail:postfix:client_permit_mynetworks = yes

mail:postfix:smtpd_tls_cert_file = "/etc/certificates/xserver.piccolo.net.au.13B6821CEC7E404DFFE23E9D53617CA5712EA 4BD.cert.pem"

mail:postfix:maps_rbl_domains_enabled = yes

mail:postfix:spam_subject_tag = "***JUNK MAIL*** "

mail:postfix:smtpd_tls_CAfile = "/etc/certificates/xserver.piccolo.net.au.13B6821CEC7E404DFFE23E9D53617CA5712EA 4BD.chain.pem"

mail:postfix:message_size_limit_enabled = yes

mail:postfix:virus_db_last_update = "2013-03-27 17:30:01 +0000"

mail:postfix:mail_enabled_groups = _empty_array

mail:postfix:add_whitelist_domain:_array_index:0 = "<mydomain>"

mail:postfix:add_whitelist_domain:_array_index:1 = "<mydomain>"

mail:postfix:virus_scan_enabled = yes

mail:postfix:spam_ok_locales = "en"

mail:postfix:spam_notify_admin_email = "junk-admin@example.com"

mail:postfix:black_hole_domains:_array_index:0 = "zen.spamhaus.org"

mail:postfix:virus_db_log_level = "info"

mail:postfix:spam_scan_enabled = no

mail:postfix:virus_quarantine = "virus-quarantine@example.com"

mail:postfix:reject_unauth_piplining_enabled = no

mail:postfix:blacklist_from = _empty_array

mail:postfix:spam_rewrite_subject = yes

mail:postfix:message_size_limit = 68485760

mail:postfix:greylist_disable = no

mail:postfix:mynetworks:_array_index:0 = "127.0.0.0/8"

mail:postfix:mynetworks:_array_index:1 = "192.168.4.0/24"

mail:postfix:mynetworks:_array_index:2 = "192.168.1.0/24"

mail:postfix:virus_log_level = "info"

mail:postfix:host_whitelist:_array_index:0 = "<mydomain>"

mail:postfix:host_whitelist:_array_index:1 = "<mydomain>"

mail:postfix:host_whitelist:_array_index:2 = "<mydomain>"

mail:postfix:rbl_override_list = _empty_array

mail:postfix:group_expansion:start_interval = 10

mail:postfix:group_expansion:enable_group_expansion = no

mail:postfix:virus_notify_recipients = no

mail:postfix:luser_relay_enabled = no

mail:postfix:mydomain = "piccolo.net.au"

mail:postfix:mydestination:_array_index:0 = "localhost"

mail:postfix:mydestination:_array_index:1 = "<mydomain>"

mail:postfix:mydestination:_array_index:2 = "<mydomain>"

mail:postfix:mydestination:_array_index:3 = "$mydomain"

mail:postfix:virus_notify_admin_email = "virus-admin@example.com"

mail:postfix:enable_virtual_domains = no

mail:postfix:spam_notify_admin = no

mail:postfix:required_hits = 40

mail:postfix:add_whitelist_host:_array_index:0 = "<mydomain>"

mail:postfix:add_whitelist_host:_array_index:1 = "<mydomain>"

mail:postfix:add_whitelist_host:_array_index:2 = "<mydomain>"

mail:postfix:always_bcc_enabled = no

mail:postfix:enable_var_mail = no

mail:postfix:junk_mail_userid = "junkmail"

mail:postfix:smtpd_tls_key_file = "/etc/certificates/xserver.piccolo.net.au.13B6821CEC7E404DFFE23E9D53617CA5712EA 4BD.key.pem"

mail:postfix:enable_smtp = yes

mail:postfix:relayhost = "mail.internode.on.net"

mail:postfix:not_junk_mail_userid = "notjunkmail"

mail:postfix:mynetworks_enabled = yes

mail:postfix:spam_ok_languages = "en fr de ja"

mail:postfix:virtual_domains = _empty_array

mail:postfix:rbl_override_enabled = no

mail:postfix:log_rolling_days = 1

mail:postfix:enable_smtp_in = yes

mail:postfix:tls_server_options = "use"

mail:postfix:spam_action = "deliver"

mail:postfix:log_rolling_days_enabled = yes

mail:postfix:spam_log_level = "info"

mail:postfix:smtp_uce_controlls = 0

mail:postfix:relayhost_enabled = yes

mail:postfix:virus_action = "delete"

mail:postfix:virus_db_update_days = 12

mail:postfix:virus_notify_admin = no

mail:postfix:domain_whitelist:_array_index:0 = "<mydomain>"

mail:postfix:domain_whitelist:_array_index:1 = "<mydomain>"

mail:postfix:enable_smtp_out = yes

mail:postfix:text_only_attachments = no

mail:postfix:reject_unknown_client_enabled = no

mail:postfix:log_level = "info"

mail:postfix:myhostname = "<mydomain>"

mail:global:auto_auth = no

mail:global:service_data_path = "/Library/Server/Mail"

mail:imap:imap_auth_cram_md5 = yes

mail:imap:srvtab = "/etc/srvtab"

mail:imap:imap_auth_clear = no

mail:imap:loginuseacl = no

mail:imap:popexpiretime = 0

mail:imap:notifysocket = "/var/imap/socket/notify"

mail:imap:timeout = 30

mail:imap:max_imap_connections = 1000

mail:imap:sieve_maxscripts = 5

mail:imap:logtimestamps = no

mail:imap:quota_enforce_restrictions = no

mail:imap:tls_imap_key_file = ""

mail:imap:mupdate_authname = ""

mail:imap:newsprefix = ""

mail:imap:proxyservers = _empty_array

mail:imap:junk_mail_userid = ""

mail:imap:singleinstancestore = yes

mail:imap:mupdate_password = ""

mail:imap:imap_auth_digest_md5 = yes

mail:imap:tls_cert_file = "/etc/certificates/<mydomain>.13B6821CEC7E404DFFE23E9D53617CA5712EA4BD.cert.pem "

mail:imap:lmtp_admins = _empty_array

mail:imap:poptimeout = 10

mail:imap:postuser = ""

mail:imap:imap_auth_plain = no

mail:imap:quota_custom_error = _empty_dictionary

mail:imap:tls_imap_cert_file = ""

mail:imap:aps_topic = " "

mail:imap:sieve_proxyservers = _empty_array

mail:imap:request_enable_webmail = no

mail:imap:lmtp_luser_relay_enabled = no

mail:imap:unixhierarchysep = no

mail:imap:urlauth_hostport = ""

mail:imap:imap_auth_gssapi = yes

mail:imap:partition-default = "/Library/Server/Mail/Data/mail"

mail:imap:allowanonymouslogin = no

mail:imap:quota_custom_warning_message_path = ""

mail:imap:imapidlepoll = 60

mail:imap:quota_custom_error_message_path = ""

mail:imap:enable_pop = yes

mail:imap:tls_session_timeout = 1440

mail:imap:mupdate_server = ""

mail:imap:mupdate_realm = ""

mail:imap:auth_gssapi_hostname = "&quot;$ALL&quot;"

mail:imap:enable_sieve = yes

mail:imap:lmtpsocket = "/var/imap/socket/lmtp"

mail:imap:enable_quota_warnings = no

mail:imap:mupdate_port = ""

mail:imap:postmaster = "postmaster"

mail:imap:pop_auth_gssapi = yes

mail:imap:pop_auth_apop = no

mail:imap:deleteright = "c"

mail:imap:proxyd_allow_status_referral = no

mail:imap:sharedprefix = "Shared Folders"

mail:imap:sasl_auto_transition = no

mail:imap:tls_ca_file = "/etc/certificates/<mydomain>.13B6821CEC7E404DFFE23E9D53617CA5712EA4BD.chain.pe m"

mail:imap:sasl_minimum_layer = 0

mail:imap:sievedir = ""

mail:imap:debug_command = ""

mail:imap:duplicatesuppression = yes

mail:imap:tls_lmtp_key_file = ""

mail:imap:servername = "<mydomain>"

mail:imap:quota_full_tempfail = yes

mail:imap:partitions = _empty_array

mail:imap:tls_imap_require_cert = no

mail:imap:sieve_admins = _empty_array

mail:imap:global_quota = 0

mail:imap:mupdate_retry_delay = 20

mail:imap:not_junk_mail_userid = ""

mail:imap:quota_custom_warning = _empty_dictionary

mail:imap:enable_imap = yes

mail:imap:popminpoll = 0

mail:imap:tls_pop3_key_file = ""

mail:imap:sendmail = "/usr/lib/sendmail"

mail:imap:tls_lmtp_cert_file = ""

mail:imap:tls_require_cert = no

mail:imap:notification_server_enabled = no

mail:imap:tls_sieve_require_cert = no

mail:imap:defaultpartition = "default"

mail:imap:pop_auth_clear = no

mail:imap:allowallsubscribe = no

mail:imap:sasl_pwcheck_method = "auxprop"

mail:imap:sieve_maxscriptsize = 32

mail:imap:tls_sieve_key_file = ""

mail:imap:tls_ca_path = ""

mail:imap:defaultacl = "anyone lrs"

mail:imap:reject8bit = no

mail:imap:tls_key_file = "/etc/certificates/<mydomain>.13B6821CEC7E404DFFE23E9D53617CA5712EA4BD.key.pem"

mail:imap:tls_pop3_require_cert = no

mail:imap:sasl_maximum_layer = 256

mail:imap:autocreatequota = 0

mail:imap:tls_sieve_cert_file = ""

mail:imap:userprefix = "Other Users"

mail:imap:mupdate_admins = _empty_array

mail:imap:postmaster_address = "postmaster@<mydomain>"

mail:imap:mupdate_username = ""

mail:imap:quota_warn_frequency_days = 0

mail:imap:tls_pop3_cert_file = ""

mail:imap:aps_topic_enabled = no

mail:imap:quotawarn = 80

mail:imap:plaintextloginpause = 0

mail:imap:enforce_quotas = no

mail:imap:tls_server_options = "use"

mail:imap:allowplaintext = yes

mail:imap:loginrealms = _empty_array

mail:imap:lmtp_luser_relay = ""

mail:imap:imapidresponse = yes

mail:imap:tls_cipher_list:_array_index:0 = "DEFAULT"

mail:imap:imap_auth_login = no

mail:imap:admins = _empty_array

mail:imap:altnamespace = no

mail:imap:sieveusehomedir = no

mail:imap:tls_lmtp_require_cert = no

mail:imap:log_level = "info"

mail:imap:umask = "077"

mail:imap:hashimapspool = no

mail:imap:imap_proxyservers = _empty_array

Of note, i did notice this

mail:postfix:smtp_sasl_auth_enable = no

as well as there being a setting for authorised relay id and password which are blank but this doesnt matter as only internal relays are accepted.

I would be happy enough to go to the configre file and change things around but i am not certain about the syntax for more settings and whether it might break anything.

I am also aware of a "smtpd_recipient_restrictions" setting that can be added but i am not sure what restrictions i should be including and if they require any other settings tinkering to work properly

yes i did upgrade from 10.6.8

I will delete those entries (which i was going to do anyway) but they shouldn't really be what is wrong as they will only send from those subnets which is what is used internally and the person was sending from an ip address which started with 21.x.x.x

the thing thats concerning me is that after testing this vigorously, it won't let anyone send without authentication but to authenticate the ONLY need a valid username and they are able to leave the password blank and it will send. I have never seen this before. I am not sure if this means the problem is with the mail config of if its an open directory issue (i have mail set to only accept open directory users and not local users)

I will make a backup of the mail configurations files as they stand now and change some settings that i think should be different and delete some that have clearly been carried forward from the migration that i know are not needed.

But like i said above, i need to fix the fact it allows external users to send with only a username and a blank password.

my guess is that i would need to include these settings:

smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination

and

smtpd_tls_auth_only = yes

smtpd_sender_restrictions = reject_unknown_sender_domain

smtpd_tls_auth_only = yes

but before adding these settings, i want to make sure that i don't need to make sure i have any other settings turned on or configured to get these to work.

philippergo wrote:

mail:postfix:mynetworks:_array_index:0 = "127.0.0.0/8"

mail:postfix:mynetworks:_array_index:1 = "192.168.4.0/24"

mail:postfix:mynetworks:_array_index:2 = "192.168.1.0/24"

It accepts mail from other networks, which it shouldn´t.

Did you upgrade from a previous Server version? In 10.8. Apple cut a lot of options from the GUI. You got to use the terminal to delete the two 192.168.*.* networks:

serveradmin stop mail

sudo serveradmin settings mail:postfix:mynetworks:_array_index:1 = "delete"

sudo serveradmin settings mail:postfix:mynetworks:_array_index:2 = "delete"

serveradmin start mail

Please try this!

when i try to run the commands to delete the relay entries, i get this error

Invalid index "1", must specifiy array elements in order

Index = 1, count = 0, currentArray = (

)

for key: "mail:postfix:mynetworks:_array_index:1"