Sendmail vs nespusteny port 25

Sekcia: Aplikácie & Desktop 04.08.2008 | 05:34
Avatar Kapo Debian  Používateľ
Zdravim, som nuteny pouzit na odosielanie posty sendmail namiesto postfixu. Ako som predpokladal nejde to tak lahko. Potrebujem totiz z dohladoveho systemu odosielat varovne emaily. Konfiguraciu som myslim zvladol, dokonca som si ju prebral a skontroloval z druheho servera na ktorom to bezi, ktory je na tej istej sieti. service sendmail start prebehne - vsetko OK. ale nmap localhost nevykazuje spusteny port 25 a tj nemozem odosielat maily. Nejaky napad cim by to mohlo byt? Viem ze to nie je moc konkretne, ale pokial sa da skuste ma nasmerovat spravnym smerom.

Dakujem
    • Re: Sendmail vs nespusteny port 25 04.08.2008 | 07:11
      Avatar Samuel BWPOW Kupka CentOS, Mandriva  Používateľ
      Skus pozriet, ci to naozaj na tom porte nepocuva, alebo je to len bloknute firewallom (stava sa). netstat -tnlp Dalej kukni logy.
      Strach dát najevo své pocity a zjednat si u druhých respekt je jedním z problémů civilizovaného člověka, který se naučil zpochybňovat svou vlastní pravdu pro zdání objektivity
      • Re: Sendmail vs nespusteny port 25 04.08.2008 | 08:01
        kapo   Návštevník
        Firewall ma napadol a tak som ho uz aj predtym skusil uplne odstavit tj service iptables stop a nepomohlo. Ale nasiel som asi jadro problemu v logoch, konkretne poslednych par riadkov:

        Aug 3 04:35:24 nms-agp01 sm-msp-queue[14645]: m7322ZMw014407: to=root, ctladdr=root (0/0), delay=00:32:49, xdelay=00:00:00, mailer=relay, pri=121613, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
        Aug 3 04:35:24 nms-agp01 sm-msp-queue[14645]: m727AW8I011246: to=postmaster, delay=19:24:49, xdelay=00:00:00, mailer=relay, pri=1834104, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
        Aug 3 04:35:24 nms-agp01 sm-msp-queue[14645]: m727AW8J011246: to=postmaster, delay=19:24:48, xdelay=00:00:00, mailer=relay, pri=1835823, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
        Aug 3 04:35:24 nms-agp01 sm-msp-queue[14645]: m727AW8K011246: to=postmaster, delay=19:24:48, xdelay=00:00:00, mailer=relay, pri=1837179, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
        Aug 3 04:35:24 nms-agp01 sm-msp-queue[14645]: m727AW8L011246: to=postmaster, delay=19:24:48, xdelay=00:00:00, mailer=relay, pri=1838728, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
        Aug 3 04:35:24 nms-agp01 sm-msp-queue[14645]: m727AW8M011246: to=postmaster, delay=19:24:48, xdelay=00:00:00, mailer=relay, pri=1841147, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
        • Re: Sendmail vs nespusteny port 25 04.08.2008 | 08:03
          Avatar Kapo Debian  Používateľ
          Nejaky napad?
          • Re: Sendmail vs nespusteny port 25 04.08.2008 | 10:13
            Steve++   Návštevník
            1) skontroluj si subor master.cf, priklad: # ==========================================================================
            # service type private unpriv chroot wakeup maxproc command + args
            # (yes) (yes) (yes) (never) (100)
            # ==========================================================================
            smtp inet n - n - - smtpd
            # -o smtpd_enforce_tls=yes
            # -o smtpd_sasl_auth_enable=yes
            # -o smtpd_client_restrictions=permit_sasl_authenticated,reject
            pickup fifo n - n 60 1 pickup
            cleanup unix n - n - 0 cleanup
            qmgr fifo n - n 300 1 qmgr
            #qmgr fifo n - n 300 1 oqmgr
            tlsmgr unix - - n 1000? 1 tlsmgr
            rewrite unix - - n - - trivial-rewrite
            bounce unix - - n - 0 bounce
            defer unix - - n - 0 bounce
            trace unix - - n - 0 bounce
            verify unix - - n - 1 verify
            flush unix n - n 1000? 0 flush
            proxymap unix - - n - - proxymap
            smtp unix - - n - - smtp# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
            relay unix - - n - - smtp
            -o fallback_relay=
            # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
            showq unix n - n - - showq
            error unix - - n - - error
            retry unix - - n - - error
            discard unix - - n - - discard
            local unix - n n - - local
            virtual unix - n n - - virtual
            lmtp unix - - n - - lmtp
            anvil unix - - n - 1 anvil
            scache unix - - n - 1 scache


            2) skontroluj subor main.cf, priklad: myhostname = mail.domain.tld
            mydomain = domain.tld
            myorigin = $mydomain
            inet_interfaces = all
            mydestination = localhost
            unknown_local_recipient_reject_code = 550
            mynetworks_style = hostmynetworks = 127.0.0.0/8 192.168.1.0/24
            mailbox_size_limit = 0
            message_size_limit = 0
            virtual_mailbox_limit = 0
            virtual_transport = virtual
            virtual_minimum_uid = 125
            virtual_gid_maps = static:125
            virtual_uid_maps = static:125
            virtual_mailbox_limit = 0
            virtual_mailbox_base = /usr/local/virtual
            virtual_maps = mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf
            virtual_alias_maps = mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf
            virtual_alias_domains = mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf
            virtual_mailbox_maps = mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf
            virtual_mailbox_domains = mysql:/usr/local/etc/postfi
            x/mysql_virtual_domains_maps.cf
            # Additional for quota support
            virtual_create_maildirsize = yes
            virtual_mailbox_extended = yes
            virtual_mailbox_limit_maps = mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
            virtual_mailbox_limit_override = yes
            virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.
            virtual_overquota_bounce = yes
            #relay_domains = mysql:/usr/local/etc/postfix/mysql_relay_domains_maps.cf

            smtpd_recipient_restrictions =
            permit_mynetworks,
            permit_sasl_authenticated,
            reject_sender_login_mismatch,
            reject_unauth_destination,
            reject_invalid_hostname,
            reject_unauth_pipelining,
            reject_non_fqdn_sender,
            reject_unauth_destination,
            reject_unknown_sender_domain,
            reject_non_fqdn_recipient,
            reject_unknown_recipient_domain,
            permitsmtpd_helo_required = yes

            smtpd_client_restrictions =
            permit_mynetworks

            smtpd_helo_restrictions =
            permit_mynetworks,
            reject_invalid_hostname

            smtpd_sender_restrictions =
            reject_unknown_sender_domain

            smtp_use_tls = yes
            smtp_tls_note_starttls_offer = yes
            smtpd_use_tls = yes
            smtpd_tls_key_file = /etc/ssl/private/dovecot.pem
            smtpd_tls_cert_file = /etc/ssl/certs/dovecot.pem
            smtpd_tls_loglevel = 3
            smtpd_tls_received_header = yes
            smtpd_tls_session_cache_timeout = 3600s
            tls_random_source = dev:/dev/urandom
            smtpd_tls_auth_only = yes
            smtpd_sasl_auth_enable = yes
            smtpd_sasl_security_options = noanonymous
            broken_sasl_auth_clients = yes
            data_directory = /var/db/postfix
            smtpd_use_tls = yes
            smtpd_sasl_auth_enable = yes
            smtpd_sasl_type = dovecot
            smtpd_sasl_path = /var/run/dovecot/auth-client
            smtpd_tls_loglevel = 1
            smtpd_tls_received_header = yes
            smtpd_tls_session_cache_timeout = 3600s
            • Re: Sendmail vs nespusteny port 25 04.08.2008 | 10:23
              Avatar Kapo Debian  Používateľ
              Takze ako to nakoniec vzdy byva, problem bol trivialny.. Sendmail mi nebezal ako daemon stacil prikaz sendmail -bd, potom restart sendmailu a port 25 je na svete :)

              Dakujem za informacie..