SMTP authentification

ehcp is great. It's really great.

Unfortunately, I found a minor problem that may prevent me from using it. Mail works really well. However, anyone can use my smtp server, with no authentification at all! This is a major problem since anyone could use ehcp domains to spam people.

Is the author of this great product considering changing this? I'd really appreciate it if some information on how to fix this is goven here.

Best,

lanlan

I received this feature request before too, from a few people,
You are absolutely right.

This feature will be available with newer version of ehcp, which will be 0.29.10.
I will release it soon, within a few days or 1-2 weeks.
I am testing now.
if you wish, you may also test it by downloading from: www.ehcp.net/ehcp_yeni.tgz

i suggest you to re-install this new (yeni) testing version.
if you have an existing installatin, to upgrade on it, do as follows:
* backup your existing ehcp db,
* perform a normal installation with new files, (use same passwords as before)
* restore you ehcp db, logout, login to ehcp gui
* go to options, set default template to z7

Let me know if the testing succesful, or anything went wrong...

Other new features with this upcoming version:
* many small bugfixes, code cleanups,
* new ftp setup scenarios, or new ftp options:
- add ftp with subdomain
- add ftp under your domain, any dir
- add ftp under your ftp, any dir
(most people wanted those ftp operations.)

* new default template of z7, with more clear and understandable links, i hope you like this more...
* Guides you by showing you similar operations while you add domain, do mysql stuff, ftp, email etc.

Coming more:
* domain aliases,
* add dns only hosting with paneluser, so that, paneluser can login and change his/her domain settings... (currently only admin)

ehcpdeveloper I've tried.

Installation went fine. However, now I'm unable to send e-mails at all :-)

This is what Mail.app returns:
Mail was unable to connect to server “mail.XXXX.com” using SSL on the default ports. Verify that this server supports SSL and that your account settings are correct.

And this is what I get in /var/log/syslog

Jun 20 17:14:35 Debian-50-lenny-64-LAMP postfix/smtpd[7805]: connect from XXXX
Jun 20 17:14:36 Debian-50-lenny-64-LAMP postfix/smtpd[7805]: setting up TLS connection from XXX
Jun 20 17:14:36 Debian-50-lenny-64-LAMP postfix/smtpd[7805]: SSL_accept error from XXX
Jun 20 17:14:36 Debian-50-lenny-64-LAMP postfix/smtpd[7805]: lost connection after STARTTLS from XXX
Jun 20 17:14:36 Debian-50-lenny-64-LAMP postfix/smtpd[7805]: disconnect from XXX

Any hints whats wrong?

Thanks!!!

Mail client says: "Verify that this server supports SSL"

The new default installation, i think, does not configure to run it using ssl, but tls and smtp authentication.

So, in your mail client, don't turn on the ssl thnig, rather, use tls and smtp auth.

Try that way, if you wish, connect me on gtalk ehcpdeveloper, or msn: info@ehcp.net

I see. I disabled SSL and then I could send mails but I still cand send them without password.

Hi ehcpdeveloper,

I managed to make it work.

Instead of

smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,check_client_access hash:/var/lib/pop-before-smtp/hosts,reject_unauth_destination

What I now have is:

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject

I belive that the reject (***not reject_unauth_destination***) is what finally made the trick.

BTW, I'm going to do a clean debian installation before installing ehcp. What version of ehcp do you recommend at this point? The beta or your last stable version?

Best!

PS: I insterted this comment in another thread of the forum by error. I delete the contents so that it is not duplicated.

Now, I cannot send mails to any of my accounts :-(

Mails are bounced. This is what gmail got:

Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 554 554 5.7.1 : Recipient address rejected: Access denied (state 14).

And this is what I get in the postfix logs:

Jun 21 16:57:47 Debian-50-lenny-64-LAMP postfix/smtpd[6677]: connect from mail-fx0-f226.google.com[209.85.220.226]
Jun 21 16:57:47 Debian-50-lenny-64-LAMP postfix/smtpd[6677]: NOQUEUE: reject: RCPT from mail-fx0-f226.google.com[209.85.220.226]: 554 5.7.1 : Recipient address rejected: Access denied; from= to= proto=ESMTP helo=
Jun 21 16:57:47 Debian-50-lenny-64-LAMP postfix/smtpd[6677]: disconnect from mail-fx0-f226.google.com[209.85.220.226]

i solved mail issue with my server.
So, you may download ehcp_yeni.tgz (this info is old, use latest ehcp) from ehcp.net,
install it again,
it will work i think.

if you cannot do, i will have a look at your server..

now, my server does smtp auth,
i did as:
postconf -e 'smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination'

i still recomend newer version of 0.29.10, which is under development and testing..

i will work about smtp authentication.

I'm still using 29.07 but just managed to enable smtp-auth pretty easily.
just add user postfix to sasl group
"adduser postfix sasl"

Now I just have to close unathorized connections.

Any suggestions?

Kenneth