Koozali.org: home of the SME Server

Block sending for unauthenticated internal users to internal users on port25

Offline janet

  • ****
  • 4,812
  • +0/-0
Mar

Also I think you may have missed running this (from an earlier post & link in this thread)

How do I enable smtp authentication for users on the internal network

mkdir -p /etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/local
cd /etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/local
cp /etc/e-smith/templates/var/service/qpsmtpd/config/peers/0/05auth_cvm_unix_local .
signal-event email-update

(note the "." at the end of the 3rd line)
Authentication for the local network will now follow the setting of config::qpsmtpd::Authentication

ie do

config setprop qpsmtpd Authentication enabled
signal-event email-update
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Offline Mar

  • ***
  • 73
  • +0/-0
Mar

Can you run this again

cat /etc/e-smith/templates-custom/var/service/qpsmtpd/config/relayclients/80relayFromLocalNetwork
//
# SMTP Relay from local network denied by custom template
//

I get

# SMTP Relay from local network denied by custom template

Offline Mar

  • ***
  • 73
  • +0/-0
custom/var/service/qpsmtpd/config/relayclients/80relayFromLocalNetwork

# SMTP Relay from local network denied by custom template

Offline janet

  • ****
  • 4,812
  • +0/-0
Mar

I followed all the steps mentioned in this thread & links provided on a test 9.2 sme server & I cannot send locally via the smtp server, unless I use SSL authentication & select port 465
If I configure no authentication & no password & port 25 (in Thunderbird) then sending does not work ie message not sent via smtp server, if I select SSL & normal password & port 25, I also get a message that Relaying not allowed & cannot send locally via smtp server.
If I configure SSL, normal password & port 465 I can send OK.

So I suggest you go through all the steps carefully, checking your work step by step as you go, & try again.
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Offline Mar

  • ***
  • 73
  • +0/-0
unfortunately,
It still sending even without any authentications and without password under port 25.
I have no idea what is wrong.
Bests

Offline janet

  • ****
  • 4,812
  • +0/-0
Mar

Maybe some mods were done to your server.
Can you tell us the full history of your server, upgrade paths etc, current configuration.

Show output of server manager Review configuration panel

Show output of
/sbin/e-smith/audittools/templates

/sbin/e-smith/audittools/newrpms

/sbin/e-smith/audittools/repositories
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Offline Mar

  • ***
  • 73
  • +0/-0
The server was running under SME 8 later it was updated into SME 9 and full backup was restored to it.
/sbin/e-smith/audittools/templates

/etc/e-smith/templates-custom/etc/http: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/fail2ban/jail.conf/jail.conf: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/dar/DailyBackup.dcf/41go-into: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/dar/DailyBackup.dcf/45prune: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/99allow_url_fopen: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/85SOGoAccess: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/home/sogo/GNUstep/Defaults/.GNUstepDefaults/10defaults: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/var/service/qpsmtpd/config/relayclients/80relayFromLocalNetwork: MANUALLY_ADDED, OVERRIDE
/etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/local/05auth_cvm_unix_local: MANUALLY_ADDED, OVERRIDE
/etc/e-smith/templates/var/service/qpsmtpd/peers/0/05auth_cvm_unix_local: MANUALLY_ADDED




///////
/sbin/e-smith/audittools/repositories
base: enabled
centosplus: disabled
contrib: disabled
dag: disabled
epel: disabled
extras: disabled
fasttrack: disabled
fws: enabled
nethsme: disabled
smeaddons: enabled
smecontribs: disabled
smedev: disabled
smeextras: enabled
smeos: enabled
smetest: disabled
smeupdates: enabled
smeupdates-testing: enabled
sogo: disabled
updates: enabled
///////

/sbin/e-smith/audittools/newrpms
Loaded plugins: fastestmirror, post-transaction-actions, smeserver
Loading mirror speeds from cached hostfile
 * base: centos.turhost.com
 * smeaddons: ftp.nluug.nl
 * smeos: ftp.nluug.nl
 * smeupdates: ftp.nluug.nl
 * updates: centos.vargonen.com
http://centos.turhost.com/6.10/os/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'centos.turhost.com'"
Trying other mirror.


Offline Mar

  • ***
  • 73
  • +0/-0
Unfortunately, with fresh installation for SME 9.2 I could send mail without authentications under port 25

Offline Jean-Philippe Pialasse

  • *
  • 2,746
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
You have to manually added templates that hide each other.
You should not manually create templates in the template folder.  Templates-custom is intended for that.

/etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/local/05auth_cvm_unix_local: MANUALLY_ADDED, OVERRIDE
/etc/e-smith/templates/var/service/qpsmtpd/peers/0/05auth_cvm_unix_local: MANUALLY_ADDED


The second one is hidden by the first one.

Offline Mar

  • ***
  • 73
  • +0/-0
So what is the solution in this case?

Offline Mar

  • ***
  • 73
  • +0/-0
Just to be sure that we are on the same wave:
I have 2 users on SME9.2
User1 is able to send mail to user2 without password and any authentications on port 25.
both: the server and the client are now on the same subnet.

Offline janet

  • ****
  • 4,812
  • +0/-0
Mars

Remove or delete this template fragment, it should NOT be there
/etc/e-smith/templates/var/service/qpsmtpd/peers/0/05auth_cvm_unix_local

Then for good measure run
signal-event post-upgrade
signal-event reboot


This one is OK (as it is in templates-custom), it can stay there
/etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/local/05auth_cvm_unix_local: MANUALLY_ADDED, OVERRIDE

This one is OK too, it can stay there
/etc/e-smith/templates-custom/var/service/qpsmtpd/config/relayclients/80relayFromLocalNetwork: MANUALLY_ADDED, OVERRIDE


Test functionality again to see if unauthenticated smtp access is permitted (it should not be).
« Last Edit: October 20, 2019, 05:35:01 AM by janet »
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Offline janet

  • ****
  • 4,812
  • +0/-0
Mar

Also....
You have 2 repos enabled, that should normally (& more safely) be disabled
fws: enabled
smeupdates-testing: enabled

Change them both to disabled

In particular having the smeupdates-testing repo enabled, could allow unstable rpms to be updated during a normal update event & put your system in a bad state.
Only use that repo by invoking it at command line
eg
yum update packagename --enablerepo=smeupdates-testing
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Offline janet

  • ****
  • 4,812
  • +0/-0
Mar

Quote
/sbin/e-smith/audittools/newrpms
Loaded plugins: fastestmirror, post-transaction-actions, smeserver
Loading mirror speeds from cached hostfile
 * base: centos.turhost.com
 * smeaddons: ftp.nluug.nl
 * smeos: ftp.nluug.nl
 * smeupdates: ftp.nluug.nl
 * updates: centos.vargonen.com
http://centos.turhost.com/6.10/os/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'centos.turhost.com'"
Trying other mirror.

Try
yum clean all --enablerepo=*

then run command again
/sbin/e-smith/audittools/newrpms

more resolution may be needed.
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Offline janet

  • ****
  • 4,812
  • +0/-0
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.