Postfix 邮件服务器充当开放中继

Question 1

这对我有用：

# SASL support
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous

#RESTRICCIONES DEL REMITENTE
smtpd_sender_restrictions =
     permit_mynetworks,
     reject_unknown_sender_domain,
     permit_sasl_authenticated,
     reject_unlisted_sender

#RESTRICCIONES DEL DESTINO 
smtpd_recipient_restrictions =
     permit_mynetworks, 
     permit_sasl_authenticated,
     reject_unauth_destination,
     reject_unlisted_recipient,
     warn_if_reject reject_unknown_client

# TLS Support
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_tls_key_file = /etc/ssl/my.key
smtpd_tls_cert_file = /etc/ssl/mycert.pem
smtpd_tls_CAfile = /etc/ssl/cacert.pem

Answer

这对我有用：

# SASL support
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous

#RESTRICCIONES DEL REMITENTE
smtpd_sender_restrictions =
     permit_mynetworks,
     reject_unknown_sender_domain,
     permit_sasl_authenticated,
     reject_unlisted_sender

#RESTRICCIONES DEL DESTINO 
smtpd_recipient_restrictions =
     permit_mynetworks, 
     permit_sasl_authenticated,
     reject_unauth_destination,
     reject_unlisted_recipient,
     warn_if_reject reject_unknown_client

# TLS Support
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_tls_key_file = /etc/ssl/my.key
smtpd_tls_cert_file = /etc/ssl/mycert.pem
smtpd_tls_CAfile = /etc/ssl/cacert.pem

Question 2

适用smtpd_client_restrictions于全部连接到服务器的客户端，不仅仅是尝试通过邮件服务器中继邮件的客户端，还包括本地投递的客户端。要让邮件服务器接受所有客户端的邮件进行本地投递，但要求进行中继身份验证，您必须指定该smtpd_recipient_restrictions选项。

我有以下配置：

mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 10.100.0.11/32 10.100.2.11/32 [2001:470:xxxx::11]/128 [2001:470:xxxx:4::11]/128
[...]
smtpd_recipient_restrictions = permit_mynetworks,
                               check_relay_domains,
                               reject_unauth_pipelining,
                               reject_non_fqdn_recipient,
                               reject_unknown_recipient_domain,
                               permit_sasl_authenticated,
                               reject_unauth_destination,
                               reject_rbl_client sbl-xbl.spamhaus.org,
                               check_policy_service unix:private/spfcheck,
                               permit
[...]
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
smtpd_tls_auth_only = yes
broken_sasl_auth_clients = yes

（我没有smtpd_client_restrictions部分）

Answer

适用smtpd_client_restrictions于全部连接到服务器的客户端，不仅仅是尝试通过邮件服务器中继邮件的客户端，还包括本地投递的客户端。要让邮件服务器接受所有客户端的邮件进行本地投递，但要求进行中继身份验证，您必须指定该smtpd_recipient_restrictions选项。

我有以下配置：

mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 10.100.0.11/32 10.100.2.11/32 [2001:470:xxxx::11]/128 [2001:470:xxxx:4::11]/128
[...]
smtpd_recipient_restrictions = permit_mynetworks,
                               check_relay_domains,
                               reject_unauth_pipelining,
                               reject_non_fqdn_recipient,
                               reject_unknown_recipient_domain,
                               permit_sasl_authenticated,
                               reject_unauth_destination,
                               reject_rbl_client sbl-xbl.spamhaus.org,
                               check_policy_service unix:private/spfcheck,
                               permit
[...]
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
smtpd_tls_auth_only = yes
broken_sasl_auth_clients = yes

（我没有smtpd_client_restrictions部分）

Postfix 邮件服务器充当开放中继

答案1

答案2

相关内容