Postfix 问题,(我昨天问过这个问题,但我删除了自己的帖子,而不是编辑它,对此我很抱歉)
我使用 Postfix+SASL
我得到了这些设置main.cf:
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,check_client_access hash:/var/lib/pop-before-smtp/hosts,reject_unauth_destination
并且在此服务器上我有域名 myrealdomain.com
现在,如果我使用 SMTP 测试器并使用域 fakedomain.com 作为发件人,它会被阻止,但是如果我使用 myrealdomain.com,邮件服务器就不会接受该电子邮件,它还会将其发送到我告诉它发送的任何电子邮件。
现在我希望当有人尝试从我的服务器发送电子邮件时它总是要求登录和密码,无论它是否使用邮件服务器上托管的域!
现在,只要您使用托管在邮件服务器上的域,您就可以使用我的服务器向其他人发送垃圾邮件。
postconf -n输出:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
debug_peer_level = 1
debug_peer_list =
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
mailbox_size_limit = 0
mydestination = localhost
myhostname = mail.myrealdomain.com
mynetworks = 127.0.0.0/8, 192.168.0.0/16
myorigin = /etc/mailname
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $mynetworks $virtual_mailbox_limit_maps $transport_maps
readme_directory = /usr/share/doc/postfix
receive_override_options = no_address_mappings
recipient_delimiter = +
relayhost =
sender_canonical_maps =
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = yes
smtpd_banner = mail.myrealdomain.com ESMTP FrogSMTP powered by FrogLinux
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,check_client_access hash:/var/lib/pop-before- smtp/hosts,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /home/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_uid_maps = static:5000
答案1
你的smtpd_recipient_restrictions不够严格。如果这台机器不是 MX,而是大宗交易/大宗交易那么您可能希望以 结束reject。
MSA/MTA 设置示例:
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject
这将接受来自经过身份验证的用户和以下地址的邮件mynetworks并拒绝所有其他邮件。