我正在尝试使postfix不要授权端口25上的用户,而只能在587上使用STARTTLS。 我已经尝试了可能不同的confs,但迄今为止没有成功。
main.cf:
...
smtpd_sasl_auth_enable =是
smtpd_sasl_authenticated_header =是
smtpd_sasl_local_domain = $ myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
broken_sasl_auth_clients =是
smtpd_sasl_path = private / auth
allow_mail_to_commands =别名
allow_mail_to_files =别名
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_helo_required =是
smtpd_sender_restrictions = permit_sasl_authenticated
smtpd_recipient_restrictions =
reject_non_fqdn_sender,
reject_non_fqdn_helo_hostname,
reject_unknown_recipient_domain,
reject_non_fqdn_recipient,
reject_invalid_hostname,
permit_sasl_authenticated,
reject_unauth_destination
smtpd_use_tls =是
smtp_use_tls =是
#smtpd_tls_security_level = may
#smtp_tls_security_level =encryption
smtpd_tls_auth_only =是
smtpd_tls_mandatory_protocols =!SSLv3,!SSLv2
smtp_tls_note_starttls_offer =是
smtpd_tls_key_file = /etc/ssl/postfix/smtpd.pem
smtpd_tls_cert_file = /etc/ssl/postfix/smtpd.pem
smtpd_tls_CAfile = /etc/ssl/postfix/smtpd.pem
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_loglevel = 1
smtpd_tls_received_header =是
tls_random_source = dev:/ dev / urandom
...
主:
#服务typesprivate unpriv chroot唤醒maxproc命令+ args
(是)(是)(是)(从不)(100)
#================================================= =========================
smtp inet n - n - - smtpd
#-o smtp_sasl_auth_enable =是
提交inet n - n - - smtpd
#-o content_filter = spamassassin
-o smtpd_tls_security_level =encryption
#user = spamd argv = / usr / local / bin / spamc -f -e / usr / local / libexec / dovecot / deliver -f $ {sender} -d $ {recipient}
#-o smtpd_enforce_tls =是
#-o syslog_name =后缀/提交
-o smtpd_sasl_auth_enable =是
#-o smtpd_reject_unlisted_recipient = no
#-o smtpd_client_restrictions = $ mua_client_restrictions
-o smtpd_client_restrictions = permit_sasl_authenticated,拒绝
#-o smtpd_helo_restrictions = $ mua_helo_restrictions
#-o smtpd_sender_restrictions = $ mua_sender_restrictions
#-o smtpd_recipient_restrictions = permit_sasl_authenticated,拒绝
#-o smtpd_relay_restrictions = permit_sasl_authenticated,拒绝
#-o milter_macro_daemon_name = ORIGINATING
#smtps inet n - n - - smtpd
#-o syslog_name =后缀/ smtps
#-o smtpd_tls_security_level =encryption
#-o smtpd_tls_wrappermode =是
#-o smtpd_sasl_auth_enable =是
#-o smtpd_client_restrictions = permit_sasl_authenticated,拒绝
#-o smtpd_reject_unlisted_recipient = no
#-o smtpd_client_restrictions = $ mua_client_restrictions
#-o smtpd_helo_restrictions = $ mua_helo_restrictions
#-o smtpd_sender_restrictions = $ mua_sender_restrictions
#-o smtpd_recipient_restrictions =
#-o smtpd_relay_restrictions = permit_sasl_authenticated,拒绝
#-o milter_macro_daemon_name = ORIGINATING
#628 inet n - n - - qmqpd
皮卡unix n - n 60 1皮卡
...
也许,我想念什么..谢谢
在你的master.cfjoin这个:
submission inet n - - - - smtpd -o smtpd_sasl_auth_enable=yes ...
并从main.cf删除smtpd_sasl_auth_enable = yes ,保留默认的no 。
在/etc/postfix/main.cf中你会添加/更改
smtpd_tls_security_level = encrypt
这将强制使用TLS,以便Postfix SMTP服务器通告STARTTLS,并且不接受没有TLSencryption的邮件
然后,在你的/etc/postfix/master.cf中,你可以通过覆盖参数来覆盖端口587(提交端口):
submission inet n - n - - smtpd -o smtpd_tls_security_level=encrypt
这需要所有提交(端口587)连接的TLS。