SMTPAUTH_RESTRICT
SMTPAUTH_RESTRICT
Hi all,
I enabled SMTPAUTH_RESTRICT and followed the instructions as per the readme. All was working fine, and the amount of SMTP brute force attacks went to zero, and the countries I specified could relay. But then clients phoned and said they cannot email via webmail. I tested and it gives me the error:
Message not sent.
Bad sequence of commands
Server replied: 503 AUTH command used when not advertised
Is there anyway to get this working, because it is a great feature.
Regards,
Dieter
I enabled SMTPAUTH_RESTRICT and followed the instructions as per the readme. All was working fine, and the amount of SMTP brute force attacks went to zero, and the countries I specified could relay. But then clients phoned and said they cannot email via webmail. I tested and it gives me the error:
Message not sent.
Bad sequence of commands
Server replied: 503 AUTH command used when not advertised
Is there anyway to get this working, because it is a great feature.
Regards,
Dieter
-
- Moderator
- Posts: 1524
- Joined: 01 Oct 2008, 09:24
Re: SMTPAUTH_RESTRICT
Try listing the servers own IP addresses in /etc/csf/csf.smtpauth (if using NAT add the internal and external ones). Then restart csf and try again, let us know how it goes.
Re: SMTPAUTH_RESTRICT
Just tried it, still giving the same error.
-
- Moderator
- Posts: 1524
- Joined: 01 Oct 2008, 09:24
Re: SMTPAUTH_RESTRICT
I would try the following:
1. Check the error when sending in /var/log/exim_mainlog and note the actual IP address that is failing to ensure it is one you whitelisted
2. Check the file in /etc/exim.smtpauth that the IP also appears in there (this is the file csf generates from /etc/csf/csf.smtpauth)
3. Check /etc/exim.conf.local and ensure that the line:
Appears in the @CONFIG@ section.
4. Check permissions on /etc/exim.smtpauth and ensure they are 644:
1. Check the error when sending in /var/log/exim_mainlog and note the actual IP address that is failing to ensure it is one you whitelisted
2. Check the file in /etc/exim.smtpauth that the IP also appears in there (this is the file csf generates from /etc/csf/csf.smtpauth)
3. Check /etc/exim.conf.local and ensure that the line:
Code: Select all
auth_advertise_hosts = ${if match_ip{$sender_host_address}{iplsearch;/etc/exim.smtpauth}{*}{}}
4. Check permissions on /etc/exim.smtpauth and ensure they are 644:
Code: Select all
# ls -la /etc/exim.smtpauth
-rw-r--r-- 1 root root 189315 Jun 4 01:00 /etc/exim.smtpauth
Re: SMTPAUTH_RESTRICT
Hi,
I checked all you listed. Same error on 2 different servers.
On your Nr. 1, it not an return message that the person gets, but a page error at the top of squirrelmail. So all I get in the exim_mainlog is :
2014-06-05 14:14:16 SMTP connection from [::1]:43096 (TCP/IP connection count = 6)
2014-06-05 14:14:16 SMTP connection from (http://www.redacted.com) [::1]:43096 lost
Has anybody else tried this yet?
I checked all you listed. Same error on 2 different servers.
On your Nr. 1, it not an return message that the person gets, but a page error at the top of squirrelmail. So all I get in the exim_mainlog is :
2014-06-05 14:14:16 SMTP connection from [::1]:43096 (TCP/IP connection count = 6)
2014-06-05 14:14:16 SMTP connection from (http://www.redacted.com) [::1]:43096 lost
Has anybody else tried this yet?
Re: SMTPAUTH_RESTRICT
When I look at the log when sending via webmail, there is no host IP, but it authenticates, so I think that would be the problem:
2014-06-05 15:05:16 1WsXM4-0006TY-JI <= test@xyz.com H=(http://www.xyz.com) [::1]:50615 P=esmtpa A=dovecot_login:test@xyz.com S=753 id=1a66167ab980730eb88bdc7434ab2ff9.squirrel@www.xyz.com T="" for dieter@yyy.com
Is there anyway to get the host passed not as the domain but as the IP when using webmail on the server?
2014-06-05 15:05:16 1WsXM4-0006TY-JI <= test@xyz.com H=(http://www.xyz.com) [::1]:50615 P=esmtpa A=dovecot_login:test@xyz.com S=753 id=1a66167ab980730eb88bdc7434ab2ff9.squirrel@www.xyz.com T="" for dieter@yyy.com
Is there anyway to get the host passed not as the domain but as the IP when using webmail on the server?
-
- Moderator
- Posts: 1524
- Joined: 01 Oct 2008, 09:24
Re: SMTPAUTH_RESTRICT
The [::1] is actually an IPv6 address - it's the equivalent to the 127.0.0.1 IPv4 address. You could try simply disabling IPv6 in exim by adding the following line using the same method you used to add the other line to the exim configuration:
It should then use IPv4 to send the webmail.
Code: Select all
disable_ipv6 = true
Re: SMTPAUTH_RESTRICT
Working!! Thank you very much.
Re: SMTPAUTH_RESTRICT
Hi,
I have a related issue about IPv6 and SMTPAUTH_RESTRICT
When I try to add IPv6 addresses to /etc/csf/csf.smtpauth and reloading csf (csf -r) its regenerates the /etc/exim.smtpauth file but, it has a problem.
Exim's iplsearch function is working well with IPv4 addresses, but it's needs IPv6 addresses in a qoute. CSF generates these without quote. :-(
snippet from exim org/exim-html-current/doc/html/spec_html/ch-file_and_database_lookups.html
1.2.3.4: data for 1.2.3.4
192.168.0.0/16: data for 192.168.0.0/16
"abcd::cdab": data for abcd::cdab
"abcd:/32" data for abcd:/32
I have a related issue about IPv6 and SMTPAUTH_RESTRICT
When I try to add IPv6 addresses to /etc/csf/csf.smtpauth and reloading csf (csf -r) its regenerates the /etc/exim.smtpauth file but, it has a problem.
Exim's iplsearch function is working well with IPv4 addresses, but it's needs IPv6 addresses in a qoute. CSF generates these without quote. :-(
snippet from exim org/exim-html-current/doc/html/spec_html/ch-file_and_database_lookups.html
1.2.3.4: data for 1.2.3.4
192.168.0.0/16: data for 192.168.0.0/16
"abcd::cdab": data for abcd::cdab
"abcd:/32" data for abcd:/32
-
- Moderator
- Posts: 1524
- Joined: 01 Oct 2008, 09:24
Re: SMTPAUTH_RESTRICT
Thank you for reporting that. We'll have a fix for it in the next release.