我有一个邮件服务器运行在Debian 7.8configuration后缀2.9.6。
我的限制是这些:
smtpd_sender_restrictions = reject_sender_login_mismatch, reject_unknown_sender_domain, reject_non_fqdn_sender, reject_unlisted_sender, permit_sasl_authenticated, reject_unauth_destination, permit_mynetworks #smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, check_helo_access pcre:/etc/postfix/helo_access.pcre smtpd_client_restrictions = permit_sasl_authenticated, permit_mynetworks smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unauth_destination 问题是别名电子邮件可以发送邮件给内部用户没有authentication
示例(所有请求都是在客户端进行的,而不是从本地主机进行的):
[email protected] -> [email protected] --> Mail sent [email protected] -> [email protected] --> Mail sent [email protected] -> [email protected] --> Mail sent [email protected] -> [email protected] --> Mail sent [email protected] -> [email protected] --> Sender address rejected: not logged in [email protected] -> [email protected] --> Sender address rejected: not logged in [email protected] -> [email protected] --> Relay access denied [email protected] -> [email protected] --> Relay access denied
邮箱是数据库中的任何虚拟用户
任何想法? 谢谢!
编辑:阅读reject_unverified_sender可能会导致黑名单我已经删除身份证,现在的问题是
我想我已经解决了这个限制:
smtpd_client_restrictions = permit_sasl_authenticated, permit_mynetworks #smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, check_helo_access pcre:/etc/postfix/helo_access.pcre smtpd_sender_restrictions = permit_sasl_authenticated, reject_unverified_sender, reject_sender_login_mismatch, reject_unknown_sender_domain, reject_non_fqdn_sender, reject_unlisted_sender, reject_unauth_destination, permit_mynetworks smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unauth_destination
我错过的选项是reject_unverified_sender,我在permit_sasl_authenticated后添加了,所以我仍然可以用别名发送邮件。