Results 1 to 3 of 3

Thread: Postfix TLS authentication bug

Hybrid View

  1. #1
    Join Date
    Aug 2011
    Location
    Managua, Nicaragua
    Posts
    8
    Rep Power
    4

    Default Postfix TLS authentication bug

    Hi everyone!

    I found out a bug in the postfix authentication, because an email accounts from a domain that it's not set up in my server was sending spam from my mail server. My Zimbra version is Release 7.1.4_GA_2555.F11_64_20120105094338 F11_64 FOSS edition.

    I got this in my zimbra.log file

    Jul 5 15:03:47 mail postfix/smtpd[6614]: connect from unknown[177.145.182.254]
    Jul 5 15:03:47 mail postfix/smtpd[29642]: disconnect from unknown[177.145.182.254]
    Jul 5 15:03:48 mail postfix/smtpd[6614]: setting up TLS connection from unknown[177.145.182.254]
    Jul 5 15:03:48 mail postfix/smtpd[6614]: Anonymous TLS connection established from unknown[177.145.182.254]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
    Jul 5 15:03:50 mail postfix/smtpd[6614]: 598F921297: client=unknown[177.145.182.254], sasl_method=LOGIN, sasl_username=info
    Jul 5 15:03:51 mail amavis[21926]: (21926-16) Checking: M7iXHCVrAhVI [177.145.182.254] <no-replay@itau.com.br> -> <trabalhandocomsucesso2012@gmail.com>
    Jul 5 15:03:51 mail amavis[21926]: (21926-16) Passed CLEAN, [177.145.182.254] [177.145.182.254] <no-replay@itau.com.br> -> <trabalhandocomsucesso2012@gmail.com>, Message-ID: <20120705210350.598F921297@mail.garciabodan.com> , mail_id: M7iXHCVrAhVI, Hits: 0.041, size: 3064, queued_as: 7464D2129A, 371 ms
    Jul 5 15:03:51 mail postfix/smtpd[6614]: disconnect from unknown[177.145.182.254]
    Jul 5 15:08:03 mail postfix/anvil[24145]: statistics: max connection rate 3/60s for (smtp:177.145.182.254) at Jul 5 15:02:38
    Jul 5 15:08:03 mail postfix/anvil[24145]: statistics: max connection count 1 for (smtp:177.145.182.254) at Jul 5 14:59:08


    I don't know how this account from this IP was allowed to send mail using my smtp, can someone give me a hand trying to understand what happened and how to avoid to happen again?

    Thank you very much.

  2. #2
    Join Date
    Jul 2009
    Location
    Jyväskylä, Finland
    Posts
    83
    Rep Power
    6

    Default

    Quote Originally Posted by futadict View Post
    Jul 5 15:03:50 mail postfix/smtpd[6614]: 598F921297: client=unknown[177.145.182.254], sasl_method=LOGIN, sasl_username=info
    Correct me if I'm wrong, but doesn't that line suggest successful sasl logon by username info?
    So this is a question of compromised account password rather than TLS authentication bug.

    Default configuration allows user from any IP to send mail through your server if they authenticate successfully.

  3. #3
    Join Date
    Aug 2011
    Location
    Managua, Nicaragua
    Posts
    8
    Rep Power
    4

    Default

    Thank you very much, I didn't notice that.

Similar Threads

  1. Replies: 3
    Last Post: 12-01-2011, 12:41 AM
  2. Replies: 2
    Last Post: 12-01-2011, 12:23 AM
  3. Replies: 1
    Last Post: 10-18-2009, 11:34 PM
  4. Replies: 10
    Last Post: 08-24-2009, 02:14 AM
  5. SMTP authentication for zimbra postfix
    By Vivek k c in forum Administrators
    Replies: 14
    Last Post: 11-18-2008, 07:37 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •