服务器 Gind.cn
  1. 服务器 Gind.cn
  3. 虚拟别名的Postfix限制类
Intereting Posts
允许“邮件”读取后缀虚拟创build的帐户? 在没有VPN的情况下公开暴露开发/团队工具是否安全? 英特尔网卡:VMDc或VMDq? LAMP堆栈,只读/写访问特定的目录 谁在托pipe它? 在Mac OS X上无法启动MySQL获取mysql.sock连接错误 我如何安装Rake(Ruby on Rails)? 我应该什么时候去做Varnish / Nginx或者Lighttd? 什么可能导致RAID 10的所有硬盘同时崩溃? 获取HTTP / 2在Apache上工作 rsync – 只保留10个备份文件夹 如何在Linux CentOS服务器上通过yum安装easy_install 无法在设置Bacula时通过端口9102远程login到Windows 7客户端 可以创buildvpc请求主机 是否有0.0.0.0 IP地址的“官方”名称?

虚拟别名的Postfix限制类

嘿,我们使用postfix作为Mailsystem和configuration包含虚拟别名表进行地址validation。 我们也使用一个简单的列表pipe理使用。 该列表在/ etc / postfix / virtual中写为“[email protected] userxy”

列表和用户映射工作正常,但问题是,我们只想保护一些地方内部使用的地址。 所以我添加以下几行到main.cf 

smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/protected_destinations, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_restriction_classes = insiders_only insiders_only = check_sender_access hash:/etc/postfix/insiders, reject

文件protected_destinations包含: 

 [email protected] insiders_only

文件内部人员包含: 

 domain.tld DUNNO

从postconf输出-n: 

 alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes config_directory = /etc/postfix inet_interfaces = all mailbox_size_limit = 0 mailbox_transport = cyrus message_size_limit = 0 mydestination = domain.tld,domain2.tld myhostname = domain.tld mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.100.0/24 myorigin = /etc/mailname recipient_delimiter = + relay_domains = domain.tld relayhost = [xxxx] smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, hash:/etc/postfix/access, hash:/etc/postfix/virtual-user_access smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_path = smtpd smtpd_sasl_security_options = noanonymous virtual_alias_domains = /etc/postfix/virtual-domains virtual_alias_maps = hash:/etc/postfix/virtual virtual_mailbox_limit = 0

但它dosent工作,我可以发送邮件从外部地址[email protected]任何人都可以解释我做错了什么?

这是一个关于从外部邮件到[email protected]的日志文件: 

 Apr 19 16:57:34 serverx postfix/smtpd[15963]: 777A51762F1: client=smarthost.host[192.168.100.xy], sasl_method=LOGIN, sasl_username=userxy Apr 19 16:57:34 serverx postfix/cleanup[15966]: 777A51762F1: message-id=<[email protected]> Apr 19 16:57:34 serverx postfix/qmgr[15959]: 777A51762F1: from=<[email protected]>, size=1720, nrcpt=2 (queue active) Apr 19 16:57:34 serverx postfix/pipe[15972]: 777A51762F1: to=<[email protected]>, orig_to=<[email protected]>, relay=cyrus, delay=0.24, delays=0.06/0.01/0/0.17, dsn=2.0.0, status=sent (delivered via cyrus service) Apr 19 16:57:34 serverx postfix/pipe[15969]: 777A51762F1: to=<[email protected]>, orig_to=<[email protected]>, relay=cyrus, delay=0.24, delays=0.06/0/0/0.18, dsn=2.0.0, status=sent (delivered via cyrus service) Apr 19 16:57:34 serverx postfix/qmgr[15959]: 777A51762F1: removed

为了限制访问内部列表,我们有以下几点: 

 smtpd_recipient_restrictions = hash:/etc/postfix/access hash:/etc/postfix/virtual-users_access

然后在/ etc / postfix / acccess映射中我们有类似的东西 

 all@ permit_mynetworks,reject list2@ permit_mynetworks,reject

并在虚拟users_access的东西 

 anonymous@domain permit_mynetworks,reject user1@domain permit_mynetworks,reject user2@domain permit_mynetworks,reject