Postfix:Как запретить отправлять письма со своего домена без авторизации?
Установлен почтовый сервер Postfix+Dovecot+Mysql. Не могу разобраться как запретить отправку писем от пользователей своего домена без авторизации. Сделать авторизацию обязательной если отправитель с моего сервера.
# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
bounce_queue_lifetime = 1d
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
content_filter = scan:127.0.0.1:10025
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
default_privs = nobody
delay_warning_time = 1h
disable_mime_input_processing = yes
header_checks = regexp:/etc/postfix/header_checks
html_directory = no
inet_interfaces = all
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
mail_owner = postfix
mail_spool_directory = /var/mail
mailbox_command = /usr/lib/dovecot/deliver -d «USER»
mailbox_size_limit = 0
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
maximal_queue_lifetime = 2d
message_size_limit = 52428800
mydomain = mydomain.ru
myhostname = mx.mydomain.ru
mynetworks = 127.0.0.0/8
myorigin = $mydomain
queue_directory = /var/spool/postfix
receive_override_options = no_address_mappings
recipient_bcc_maps = hash:/etc/postfix/recipient_bcc
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtp_tls_security_level = may
smtp_tls_session_cache_database =
btree:$data_directory/smtp_tls_session_cache
smtpd_banner = $myhostname ESMTP
smtpd_recipient_restrictions =
permit_sasl_authenticated,
reject_unauth_destination,
check_policy_service unix:/var/spool/postfix/postgrey/socket, reject_unknown_client_hostname, reject_non_fqdn_recipient,
reject_unverified_recipient,
reject_rbl_client cbl.abuseat.org, reject_rbl_client dialups.mail-abuse.org, permit
smtpd_reject_unlisted_sender = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = /var/spool/postfix/private/dovecot-auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_cert_file = /root/cert/mx.mydomain.ru.crt
smtpd_tls_key_file = /root/cert/mx.mydomain.ru.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
soft_bounce = no
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_alias_maps = mysql:$config_directory/sql/valias.cf
virtual_gid_maps = static:12
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = mysql:$config_directory/sql/vdomains.cf
virtual_mailbox_maps = mysql:$config_directory/sql/vmailbox.cf
virtual_minimum_uid = 1150
virtual_transport = dovecot
virtual_uid_maps = static:1150
Проверяю так:
# telnet mx.mydomain.ru 25
Trying 192.168.0.1...
Connected to mx.mydomain.ru.
Escape character is '^]'.
220 mx.mydomain.ru ESMTP
ehlo client.mydomain.ru
250-mx.mydomain.ru
250-PIPELINING
250-SIZE 52428800
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN CRAM-MD5
250-AUTH=PLAIN LOGIN CRAM-MD5
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from:<director@mydomain.ru>
250 2.1.0 Ok
rcpt to:<admin@mydomain.ru>
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
Вас повышают до технического директора компании! Оклад 300 000 рублей в месяц!
.
250 2.0.0 Ok: queued as DCEB5B204BC
quit
221 2.0.0 Bye
Connection closed by foreign host.