我有一个在 Debian 7.8 上运行并配置了 postfix 2.9.6 的邮件服务器。
我的限制如下:
smtpd_sender_restrictions = reject_sender_login_mismatch, reject_unknown_sender_domain, reject_non_fqdn_sender, reject_unlisted_sender, permit_sasl_authenticated, reject_unauth_destination, permit_mynetworks
#smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, check_helo_access pcre:/etc/postfix/helo_access.pcre
smtpd_client_restrictions = permit_sasl_authenticated, permit_mynetworks
smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unauth_destination
问题是电子邮件别名可以在没有授权的情况下向内部用户发送邮件
示例(所有请求都是在客户端的身份验证关闭的情况下发出的,而不是从本地主机发出的):
[email protected] -> [email protected] --> Mail sent
[email protected] -> [email protected] --> Mail sent
[email protected] -> [email protected] --> Mail sent
[email protected] -> [email protected] --> Mail sent
[email protected] -> [email protected] --> Sender address rejected: not logged in
[email protected] -> [email protected] --> Sender address rejected: not logged in
[email protected] -> [email protected] --> Relay access denied
[email protected] -> [email protected] --> Relay access denied
其中邮箱是数据库中的任何虚拟用户
有什么想法吗?谢谢!
答案1
编辑:读到reject_unverified_sender可能导致黑名单,我已删除id,现在问题又回来了
我想我已经通过以下限制解决了这个问题:
smtpd_client_restrictions = permit_sasl_authenticated, permit_mynetworks
#smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, check_helo_access pcre:/etc/postfix/helo_access.pcre
smtpd_sender_restrictions = permit_sasl_authenticated, reject_unverified_sender, reject_sender_login_mismatch, reject_unknown_sender_domain, reject_non_fqdn_sender, reject_unlisted_sender, reject_unauth_destination, permit_mynetworks
smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unauth_destination
我缺少的选项是reject_unverified_sender,我在permit_sasl_authenticated之后添加了它,这样我仍然可以使用别名发送邮件。