SMTPAUTH_RESTRICT

dieter
Junior Member
Posts: 11
Joined: 18 Mar 2011, 05:36

SMTPAUTH_RESTRICT

Post by dieter »

Hi all,

I enabled SMTPAUTH_RESTRICT and followed the instructions as per the readme. All was working fine, and the amount of SMTP brute force attacks went to zero, and the countries I specified could relay. But then clients phoned and said they cannot email via webmail. I tested and it gives me the error:
Message not sent.
Bad sequence of commands
Server replied: 503 AUTH command used when not advertised

Is there anyway to get this working, because it is a great feature.

Regards,

Dieter
ForumAdmin
Moderator
Posts: 1523
Joined: 01 Oct 2008, 09:24

Re: SMTPAUTH_RESTRICT

Post by ForumAdmin »

Try listing the servers own IP addresses in /etc/csf/csf.smtpauth (if using NAT add the internal and external ones). Then restart csf and try again, let us know how it goes.
dieter
Junior Member
Posts: 11
Joined: 18 Mar 2011, 05:36

Re: SMTPAUTH_RESTRICT

Post by dieter »

Just tried it, still giving the same error.
ForumAdmin
Moderator
Posts: 1523
Joined: 01 Oct 2008, 09:24

Re: SMTPAUTH_RESTRICT

Post by ForumAdmin »

I would try the following:

1. Check the error when sending in /var/log/exim_mainlog and note the actual IP address that is failing to ensure it is one you whitelisted

2. Check the file in /etc/exim.smtpauth that the IP also appears in there (this is the file csf generates from /etc/csf/csf.smtpauth)

3. Check /etc/exim.conf.local and ensure that the line:

Code: Select all

auth_advertise_hosts = ${if match_ip{$sender_host_address}{iplsearch;/etc/exim.smtpauth}{*}{}}
Appears in the @CONFIG@ section.

4. Check permissions on /etc/exim.smtpauth and ensure they are 644:

Code: Select all

# ls -la /etc/exim.smtpauth 
-rw-r--r-- 1 root root 189315 Jun  4 01:00 /etc/exim.smtpauth
dieter
Junior Member
Posts: 11
Joined: 18 Mar 2011, 05:36

Re: SMTPAUTH_RESTRICT

Post by dieter »

Hi,

I checked all you listed. Same error on 2 different servers.

On your Nr. 1, it not an return message that the person gets, but a page error at the top of squirrelmail. So all I get in the exim_mainlog is :
2014-06-05 14:14:16 SMTP connection from [::1]:43096 (TCP/IP connection count = 6)
2014-06-05 14:14:16 SMTP connection from (http://www.redacted.com) [::1]:43096 lost

Has anybody else tried this yet?
dieter
Junior Member
Posts: 11
Joined: 18 Mar 2011, 05:36

Re: SMTPAUTH_RESTRICT

Post by dieter »

When I look at the log when sending via webmail, there is no host IP, but it authenticates, so I think that would be the problem:
2014-06-05 15:05:16 1WsXM4-0006TY-JI <= test@xyz.com H=(http://www.xyz.com) [::1]:50615 P=esmtpa A=dovecot_login:test@xyz.com S=753 id=1a66167ab980730eb88bdc7434ab2ff9.squirrel@www.xyz.com T="" for dieter@yyy.com

Is there anyway to get the host passed not as the domain but as the IP when using webmail on the server?
ForumAdmin
Moderator
Posts: 1523
Joined: 01 Oct 2008, 09:24

Re: SMTPAUTH_RESTRICT

Post by ForumAdmin »

The [::1] is actually an IPv6 address - it's the equivalent to the 127.0.0.1 IPv4 address. You could try simply disabling IPv6 in exim by adding the following line using the same method you used to add the other line to the exim configuration:

Code: Select all

disable_ipv6 = true
It should then use IPv4 to send the webmail.
dieter
Junior Member
Posts: 11
Joined: 18 Mar 2011, 05:36

Re: SMTPAUTH_RESTRICT

Post by dieter »

Working!! Thank you very much.
csurgi
Junior Member
Posts: 6
Joined: 16 Jul 2014, 13:52

Re: SMTPAUTH_RESTRICT

Post by csurgi »

Hi,
I have a related issue about IPv6 and SMTPAUTH_RESTRICT

When I try to add IPv6 addresses to /etc/csf/csf.smtpauth and reloading csf (csf -r) its regenerates the /etc/exim.smtpauth file but, it has a problem.

Exim's iplsearch function is working well with IPv4 addresses, but it's needs IPv6 addresses in a qoute. CSF generates these without quote. :-(

snippet from exim org/exim-html-current/doc/html/spec_html/ch-file_and_database_lookups.html

1.2.3.4: data for 1.2.3.4
192.168.0.0/16: data for 192.168.0.0/16
"abcd::cdab": data for abcd::cdab
"abcd:abcd::/32" data for abcd:abcd::/32
ForumAdmin
Moderator
Posts: 1523
Joined: 01 Oct 2008, 09:24

Re: SMTPAUTH_RESTRICT

Post by ForumAdmin »

Thank you for reporting that. We'll have a fix for it in the next release.
Post Reply