LINUX.ORG.RU

Сообщения ds0x

 

Postfix:Как запретить отправлять письма со своего домена без авторизации?

Форум — Admin

Установлен почтовый сервер Postfix+Dovecot+Mysql. Не могу разобраться как запретить отправку писем от пользователей своего домена без авторизации. Сделать авторизацию обязательной если отправитель с моего сервера.

# postconf -n

alias_database = hash:/etc/aliases

alias_maps = hash:/etc/aliases

bounce_queue_lifetime = 1d

broken_sasl_auth_clients = yes

config_directory = /etc/postfix

content_filter = scan:127.0.0.1:10025

daemon_directory = /usr/libexec/postfix

debug_peer_level = 2

default_privs = nobody

delay_warning_time = 1h

disable_mime_input_processing = yes

header_checks = regexp:/etc/postfix/header_checks

html_directory = no

inet_interfaces = all

local_recipient_maps = proxy:unix:passwd.byname $alias_maps

mail_owner = postfix

mail_spool_directory = /var/mail

mailbox_command = /usr/lib/dovecot/deliver -d «USER»

mailbox_size_limit = 0

mailq_path = /usr/bin/mailq

manpage_directory = /usr/local/man

maximal_queue_lifetime = 2d

message_size_limit = 52428800

mydomain = mydomain.ru

myhostname = mx.mydomain.ru

mynetworks = 127.0.0.0/8

myorigin = $mydomain

queue_directory = /var/spool/postfix

receive_override_options = no_address_mappings

recipient_bcc_maps = hash:/etc/postfix/recipient_bcc

sendmail_path = /usr/sbin/sendmail

setgid_group = postdrop

smtp_tls_security_level = may

smtp_tls_session_cache_database =

btree:$data_directory/smtp_tls_session_cache

smtpd_banner = $myhostname ESMTP

smtpd_recipient_restrictions =

permit_sasl_authenticated,

reject_unauth_destination,

check_policy_service unix:/var/spool/postfix/postgrey/socket, reject_unknown_client_hostname, reject_non_fqdn_recipient,

reject_unverified_recipient,

reject_rbl_client cbl.abuseat.org, reject_rbl_client dialups.mail-abuse.org, permit

smtpd_reject_unlisted_sender = yes

smtpd_sasl_auth_enable = yes

smtpd_sasl_authenticated_header = yes

smtpd_sasl_path = /var/spool/postfix/private/dovecot-auth

smtpd_sasl_security_options = noanonymous

smtpd_sasl_tls_security_options = noanonymous

smtpd_sasl_type = dovecot

smtpd_tls_cert_file = /root/cert/mx.mydomain.ru.crt

smtpd_tls_key_file = /root/cert/mx.mydomain.ru.key

smtpd_tls_loglevel = 1

smtpd_tls_received_header = yes

smtpd_tls_security_level = may

smtpd_tls_session_cache_timeout = 3600s

smtpd_use_tls = yes

soft_bounce = no

tls_random_source = dev:/dev/urandom

unknown_local_recipient_reject_code = 550

virtual_alias_maps = mysql:$config_directory/sql/valias.cf

virtual_gid_maps = static:12

virtual_mailbox_base = /var/vmail

virtual_mailbox_domains = mysql:$config_directory/sql/vdomains.cf

virtual_mailbox_maps = mysql:$config_directory/sql/vmailbox.cf

virtual_minimum_uid = 1150

virtual_transport = dovecot

virtual_uid_maps = static:1150

Проверяю так:

# telnet mx.mydomain.ru 25

Trying 192.168.0.1...

Connected to mx.mydomain.ru.

Escape character is '^]'.

220 mx.mydomain.ru ESMTP

ehlo client.mydomain.ru

250-mx.mydomain.ru

250-PIPELINING

250-SIZE 52428800

250-VRFY

250-ETRN

250-STARTTLS

250-AUTH PLAIN LOGIN CRAM-MD5

250-AUTH=PLAIN LOGIN CRAM-MD5

250-ENHANCEDSTATUSCODES

250-8BITMIME

250 DSN

mail from:<director@mydomain.ru>

250 2.1.0 Ok

rcpt to:<admin@mydomain.ru>

250 2.1.5 Ok

data

354 End data with <CR><LF>.<CR><LF>

Вас повышают до технического директора компании! Оклад 300 000 рублей в месяц!

.

250 2.0.0 Ok: queued as DCEB5B204BC

quit

221 2.0.0 Bye

Connection closed by foreign host.

 

ds0x
()

RSS подписка на новые темы