虚拟别名的后缀限制类

tag-icon tag-icon email postfix
虚拟别名的后缀限制类

嘿,我们使用 postfix 作为邮件系统,配置包含用于地址验证的虚拟别名表。我们还使用一个简单的列表供管理使用。该列表在 /etc/postfix/virtual 中写为“[电子邮件保护] 用户 xy”

列表和用户映射工作正常,但问题是我们想保护一些地址仅供内部使用。因此,我在 main.cf 中添加了以下几行

smtpd_recipient_restrictions = 
      check_recipient_access hash:/etc/postfix/protected_destinations,
      permit_mynetworks, 
      permit_sasl_authenticated, 
      reject_unauth_destination

smtpd_restriction_classes = insiders_only 
insiders_only = check_sender_access hash:/etc/postfix/insiders, reject

文件 protected_destinations 包含:

[email protected]             insiders_only

文件内容包括:

domain.tld        DUNNO

postconf -n 的输出:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
inet_interfaces = all
mailbox_size_limit = 0
mailbox_transport = cyrus
message_size_limit = 0
mydestination = domain.tld,domain2.tld
myhostname = domain.tld
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.100.0/24
myorigin = /etc/mailname
recipient_delimiter = +
relay_domains = domain.tld
relayhost = [x.x.x.x]
smtpd_recipient_restrictions = permit_mynetworks,        permit_sasl_authenticated,        reject_unauth_destination,   hash:/etc/postfix/access,   hash:/etc/postfix/virtual-user_access
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
virtual_alias_domains = /etc/postfix/virtual-domains
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_mailbox_limit = 0

但它不起作用,我可以从外部地址发送邮件到[电子邮件保护]谁能解释我做错了什么?

这是关于从外部人员到[电子邮件保护]

Apr 19 16:57:34 serverx postfix/smtpd[15963]: 777A51762F1: client=smarthost.host[192.168.100.xy], sasl_method=LOGIN, sasl_username=userxy
Apr 19 16:57:34 serverx postfix/cleanup[15966]: 777A51762F1: message-id=<[email protected]>
Apr 19 16:57:34 serverx postfix/qmgr[15959]: 777A51762F1: from=<[email protected]>, size=1720, nrcpt=2 (queue active)
Apr 19 16:57:34 serverx postfix/pipe[15972]: 777A51762F1: to=<[email protected]>, orig_to=<[email protected]>, relay=cyrus, delay=0.24, delays=0.06/0.01/0/0.17, dsn=2.0.0, status=sent (delivered via cyrus service)
Apr 19 16:57:34 serverx postfix/pipe[15969]: 777A51762F1: to=<[email protected]>, orig_to=<[email protected]>, relay=cyrus, delay=0.24, delays=0.06/0/0/0.18, dsn=2.0.0, status=sent (delivered via cyrus service)
Apr 19 16:57:34 serverx postfix/qmgr[15959]: 777A51762F1: removed

答案1

为了限制对内部列表的访问,我们采取以下措施:

smtpd_recipient_restrictions =
hash:/etc/postfix/access
hash:/etc/postfix/virtual-users_access

然后在 /etc/postfix/accaccess 映射中,我们有类似的东西

all@          permit_mynetworks,reject
list2@        permit_mynetworks,reject

在 virtual-users_access 中,类似

anonymous@domain     permit_mynetworks,reject
user1@domain        permit_mynetworks,reject
user2@domain        permit_mynetworks,reject

相关内容