我正在管理一个邮件服务器。该邮件服务器正在运行,配置了多个域。问题是经过身份验证的用户可以使用任何发件人电子邮件 ID,我需要阻止这种情况。我该怎么做?
示例:电子邮件发件人[email protected]正在发送邮件,发件人电子邮件地址为[email protected]
我需要阻止这种情况发生。
答案1
您可以使用配置选项来执行此操作smtpd_sender_login_maps。
它要求用户已经通过 SASL 认证。
smtpd_sender_login_maps(默认值:空)
Optional lookup table with the SASL login names that own sender (MAIL FROM) addresses. Specify zero or more "type:table" lookup tables. With lookups from indexed files such as DB or DBM, or from networked tables such as NIS, LDAP or SQL, the following search operations are done with a sender address of user@domain: 1) user@domain This table lookup is always done and has the highest precedence. 2) user This table lookup is done only when the domain part of the sender address matches $myorigin, $mydestination, $inet_interfaces or $proxy_interfaces. 3) @domain This table lookup is done last and has the lowest precedence. In all cases the result of table lookup must be either "not found" or a list of SASL login names separated by comma and/or whitespace.
然后,您将上述配置选项添加到 smtpd_sender_restrictions 选项中,例如;
smtpd_sender_restrictions = reject_authenticated_sender_login_mismatch
答案2
这适用于 Postfix 2.1+,否则,拒绝发送者登录不匹配
smtpd_sender_restrictions = reject_sender_login_mismatch
根据后缀文档
拒绝经过身份验证的发送者登录不匹配强制执行拒绝发送者登录不匹配
拒绝发送者登录不匹配:当 $smtpd_sender_login_maps 为 MAIL FROM 地址指定了所有者,但是客户端未以该 MAIL FROM 地址所有者身份(SASL)登录时,或者当客户端已(SASL)登录,但是根据 $smtpd_sender_login_maps,客户端登录名并不拥有 MAIL FROM 地址时,拒绝请求。