服务器 Gind.cn
  1. 服务器 Gind.cn
  3. Postfix不会拒绝错误的客户端和HELO名称
Intereting Posts
python中有没有和php5-cgi等价的东西? A和MXlogging的通配符可能吗? Apache的httpd进程处于lockf状态 DNScaching策略logging太多 GPOinheritance和优先与防火墙范围 Hyper-V 2012服务器远程pipe理时的目标名称parsing错误 是我的默认文件系统ext4 如何在win7中禁用临时ipv6地址? 安装Ubuntu时需要Internet连接吗? 如何实现零宕机网站托pipe过渡? 如果您必须为AWS ELB后面的服务提供静态IP端点,那么有什么select? 有什么办法来检索从启动时使用的fstab运行的设置? 是否有导出文件系统位置的标准(文件系统层次结构标准) Apache2写访问日志但不是错误日志 FTP客户端

Postfix不会拒绝错误的客户端和HELO名称

我有一个configuration了reject_unknown_client_hostname和reject_unknown_helo_hostname的postfix服务器。 无论服务器接受来自客户端的非sasl_authenticated连接,还是不接受DNS条目的HELO名称。 用telnet和nc(用mymailserver.com取代实际的邮件服务器域)testing: 

nc mymailserver.com 25 220 mymailserver.com ESMTP Postfix (2.9.6) HELO inexistent.domain.com 250 mymailserver.com

postfix日志与debug_peer_level = 2: 

 Mar 19 16:55:23 mymailserver postfix/smtpd[4941]: connect from dslb-178-005-067-030.pools.arcor-ip.net[178.5.67.30] Mar 19 16:55:23 mymailserver postfix/smtpd[4941]: smtp_stream_setup: maxtime=300 enable_deadline=0 Mar 19 16:55:23 mymailserver postfix/smtpd[4941]: match_hostname: dslb-178-005-067-030.pools.arcor-ip.net ~? 127.0.0.0/8 Mar 19 16:55:23 mymailserver postfix/smtpd[4941]: match_hostaddr: 178.5.67.30 ~? 127.0.0.0/8 Mar 19 16:55:23 mymailserver postfix/smtpd[4941]: match_hostname: dslb-178-005-067-030.pools.arcor-ip.net ~? [::ffff:127.0.0.0]/104 Mar 19 16:55:23 mymailserver postfix/smtpd[4941]: match_hostaddr: 178.5.67.30 ~? [::ffff:127.0.0.0]/104 Mar 19 16:55:23 mymailserver postfix/smtpd[4941]: match_hostname: dslb-178-005-067-030.pools.arcor-ip.net ~? [::1]/128 Mar 19 16:55:23 mymailserver postfix/smtpd[4941]: match_hostaddr: 178.5.67.30 ~? [::1]/128 Mar 19 16:55:23 mymailserver postfix/smtpd[4941]: match_list_match: dslb-178-005-067-030.pools.arcor-ip.net: no match Mar 19 16:55:23 mymailserver postfix/smtpd[4941]: match_list_match: 178.5.67.30: no match Mar 19 16:55:23 mymailserver postfix/smtpd[4941]: auto_clnt_open: connected to private/anvil Mar 19 16:55:23 mymailserver postfix/smtpd[4941]: send attr request = connect Mar 19 16:55:23 mymailserver postfix/smtpd[4941]: send attr ident = smtp:178.5.67.30 Mar 19 16:55:23 mymailserver postfix/smtpd[4941]: private/anvil: wanted attribute: status Mar 19 16:55:23 mymailserver postfix/smtpd[4941]: input attribute name: status Mar 19 16:55:23 mymailserver postfix/smtpd[4941]: input attribute value: 0 Mar 19 16:55:23 mymailserver postfix/smtpd[4941]: private/anvil: wanted attribute: count Mar 19 16:55:23 mymailserver postfix/smtpd[4941]: input attribute name: count Mar 19 16:55:23 mymailserver postfix/smtpd[4941]: input attribute value: 1 Mar 19 16:55:23 mymailserver postfix/smtpd[4941]: private/anvil: wanted attribute: rate Mar 19 16:55:23 mymailserver postfix/smtpd[4941]: input attribute name: rate Mar 19 16:55:23 mymailserver postfix/smtpd[4941]: input attribute value: 1 Mar 19 16:55:23 mymailserver postfix/smtpd[4941]: private/anvil: wanted attribute: (list terminator) Mar 19 16:55:23 mymailserver postfix/smtpd[4941]: input attribute name: (end) Mar 19 16:55:23 mymailserver postfix/smtpd[4941]: > dslb-178-005-067-030.pools.arcor-ip.net[178.5.67.30]: 220 mymailserver.com ESMTP Postfix (2.9.6) Mar 19 16:55:23 mymailserver postfix/smtpd[4941]: watchdog_pat: 0x7f1fcb7f5aa0 Mar 19 16:55:33 mymailserver postfix/smtpd[4941]: < dslb-178-005-067-030.pools.arcor-ip.net[178.5.67.30]: HELO jksdnfsdmf.de Mar 19 16:55:33 mymailserver postfix/smtpd[4941]: > dslb-178-005-067-030.pools.arcor-ip.net[178.5.67.30]: 250 mymailserver.com Mar 19 16:55:33 mymailserver postfix/smtpd[4941]: watchdog_pat: 0x7f1fcb7f5aa0

在我的configuration中是否有错误或错过了我的东西? 还是testing用例错了?

后缀configuration: 

 smtpd_helo_required = yes smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_client_hostname smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_helo_hostname smtpd_sender_restrictions = reject_unknown_sender_domain, reject_authenticated_sender_login_mismatch, permit_sasl_authenticated, check_policy_service unix:private/policy-spf smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_data_restrictions = reject_unauth_pipelining

好的,testing用例是错误的。 分别我没有意识到默认设置为yes的smtpd_delay_reject选项。 使用此选项postifx不检查每个命令后的限制,而是等待所有检查,直到接收到HELO,MAIL FROM和RCPT TO命令。 请参阅http://www.postfix.org/postconf.5.html#smtpd_delay_reject 

 telnet mymailserver.com 25 220 mymailserver.com ESMTP Postfix (2.9.6) HELO inexistent.domain.com 250 mymailserver.com MAIL FROM: [email protected] 250 2.1.0 Ok RCPT TO: [email protected] 450 4.7.1 <inexistent.domain.com>: Helo command rejected: Host not found