forum.opennet.ru - "postfix, как отключить релей если mail from не пользователя?..." (2)

форумы

помощь

поиск

регистрация

майллист

вход/выход

слежка

"postfix, как отключить релей если mail from не пользователя?..."

Форумы OpenNET: Виртуальная конференция (Public)
Вариант для распечатки		Пред. тема \| След. тема
Изначальное сообщение		[ Отслеживать ]

"postfix, как отключить релей если mail from не пользователя?..."
Сообщение от aescook (ok) on 28-Апр-09, 13:53
Доброго времени суток. Столкнулся с тем, что Postfix пересылает письма не зависимо от того, какой адресат указывается в заголовке отправителя. Т.е. если пользователь прошел авторизацию, то он может послать письмо с любым заголовком в качестве отправителя. Очень не хочется, чтобы почтовый сервер использовался спамерами. Return-Path: <testuserx3@other_domain.ru> X-Original-To: test1@receiver.ru Delivered-To: test1@receiver.ru Received: from [192.168.250.77] (unknown [192.168.250.77]) (Authenticated sender: testuser@right_domain.ru) by post.almanet.kz (Postfix) with ESMTP id AC0841988095 for <test1@receiver.ru>; Tue, 28 Apr 2009 11:27:04 +0400 () Message-ID: <49F693A8.3030400@other_domain.ru> Date: Tue, 28 Apr 2009 11:27:04 +0400 From: "name" <testuserx3@other_domain.ru> User-Agent: Thunderbird 2.0.0.21 (X11/20090302) MIME-Version: 1.0 To: test1@receiver.ru Subject: test1 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit test Получается очень не приятная штука, темболее что почтовый сервер намеревается эксплотироватся бесплатно с свободной регистрацией. Как можно проверять адресс отправителя после авторизации? конфигурация сервера postfix 2.3.3: ---------------------------------------------------------------------- queue_directory = /var/spool/postfix command_directory = /usr/sbin daemon_directory = /usr/libexec/postfix mail_owner = postfix inet_interfaces = all mydestination = $myhostname, localhost.$mydomain, localhost unknown_local_recipient_reject_code = 550 alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5 sendmail_path = /usr/sbin/sendmail.postfix newaliases_path = /usr/bin/newaliases.postfix mailq_path = /usr/bin/mailq.postfix setgid_group = postdrop html_directory = no manpage_directory = /usr/share/man sample_directory = /usr/share/doc/postfix-2.3.3/samples readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES virtual_mailbox_base = /var/mail/vmail virtual_mailbox_domains = proxy:pgsql:/etc/postfix/pgsql/virtual-domains.cf virtual_mailbox_maps = proxy:pgsql:/etc/postfix/pgsql/virtual-mailbox-maps.cf virtual_uid_maps = static:101 virtual_gid_maps = static:101 virtual_alias_maps = proxy:pgsql:/etc/postfix/pgsql/virtual-alias-maps.cf relay_domains = proxy:pgsql:/etc/postfix/pgsql/relay-domains.cf local_transport = virtual local_recipient_maps = $virtual_mailbox_maps smtpd_helo_required = yes smtpd_recipient_restrictions = permit_sasl_authenticated reject_unauth_destination reject_unknown_sender_domain reject_rbl_client list.dsbl.org reject_rbl_client relays.ordb.org reject_rbl_client dynablock.wirehub.net reject_rbl_client blackholes.wirehub.net reject_rbl_client dnsbl.njabl.org smtpd_recipient_limit = 40 smtpd_sasl_authenticated_header = yes smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes data_directory = /var/lib/postfix mailbox_size_limit = 10240000 -------------------------------------------------------------- [root@post ~]# cat /usr/lib64/sasl2/smtpd.conf pwcheck_method: auxprop auxprop_plugin: sql mech_list: PLAIN password_format: crypt ## sql_usessl: yes sql_engine: pgsql sql_hostnames: 81.88.145.37 sql_user: mail_almanet_user sql_passwd: pfkegf sql_database: mail_almanet_db sql_select: SELECT password FROM mailbox WHERE username = '%u@%r' AND active='1' AND open_smtp='1' log_level: 7 sql_verbose: yes [root@post ~]# cat /usr/lib64/sasl2/smtpd.conf \|grep -vE "^#"\\|"^$" pwcheck_method: auxprop auxprop_plugin: sql mech_list: PLAIN password_format: crypt sql_engine: pgsql sql_hostnames: ip address sql_user: mail_user sql_passwd: pass sql_database: mail_db sql_select: SELECT password FROM mailbox WHERE username = '%u@%r' AND active='1' AND open_smtp='1' log_level: 7 sql_verbose: yes
Высказать мнение \| Ответить \| Правка \| Cообщить модератору

Оглавление

postfix, как отключить релей если mail from не пользователя?..., GloryS, 15:07 , 29-Апр-09, (1)
postfix, как отключить релей если mail from не пользователя?..., aescook, 12:19 , 30-Апр-09, (2)

Сообщения по теме [Сортировка по времени | RSS]

1. "postfix, как отключить релей если mail from не пользователя?..."

Сообщение от GloryS (??) on 29-Апр-09, 15:07

Я так понимаю тебе нужно что-от типа такого?
reject_sender_login_mismatch
Reject the request when $smtpd_sender_login_maps specifies an owner for the MAIL FROM address, but the client is not (SASL) logged in as that MAIL FROM address owner; or when the client is (SASL) logged in, but the client login name doesn't own the MAIL FROM address according to $smtpd_sender_login_maps.
Подробнее смотри http://www.postfix.org/postconf.5.html

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

2. "postfix, как отключить релей если mail from не пользователя?..."

Сообщение от aescook (??) on 30-Апр-09, 12:19

grep -vEr "^$"\|"^#" /etc/postfix/main.cf
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
$base = /etc/postfix
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
myhostname = post.domain.ru
mydomain = domain.ru
myorigin = $mydomain
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost
unknown_local_recipient_reject_code = 550
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
smtpd_banner = $myhostname ESMTP
debug_peer_level = 7
debugger_command =
         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
         xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.3.3/samples
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
smtpd_client_restrictions =  permit_mynetworks,
                             permit_sasl_authenticated,
                             check_client_access hash:/etc/postfix/client_access,
                             reject_unknown_client_hostname
smtpd_helo_restrictions =       check_helo_access hash:/etc/postfix/hello_access,
                                permit_mynetworks,
                                permit_sasl_authenticated,
                                reject_invalid_helo_hostname,
                                reject_non_fqdn_helo_hostname,
                                reject_unknown_helo_hostname
smtpd_sender_restrictions =     permit_mynetworks,
                                check_sender_access hash:/etc/postfix/sender_access,
                                reject_authenticated_sender_login_mismatch,
                                reject_unknown_sender_domain,
                                reject_unlisted_sender,
                                reject_unverified_sender
smtpd_recipient_restrictions =  permit_mynetworks,
                                permit_sasl_authenticated,
                                reject_unauth_destination,
                                check_recipient_access hash:/etc/postfix/recipient_access,
                                reject_unlisted_recipient,
                                reject_unknown_recipient_domain,
                                reject_non_fqdn_recipient,
                                reject_unverified_recipient
smtpd_etrn_restrictions = reject
smtpd_reject_unlisted_sender = yes
disable_vrfy_command = yes
strict_rfc821_envelopes = yes
show_user_unknown_table_name = no
address_verify_sender = <>
unverified_sender_reject_code = 550
smtpd_helo_required = yes
smtp_always_send_ehlo = yes
smtpd_hard_error_limit = 8
smtpd_sasl_auth_enable = yes
smtpd_sasl_application_name = smtpd
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
smtpd_sender_login_maps = proxy:pgsql:/etc/postfix/pgsql/sender.cf
virtual_alias_maps = proxy:pgsql:/etc/postfix/pgsql/virtual-alias-maps.cf
virtual_mailbox_maps = proxy:pgsql:/etc/postfix/pgsql/virtual-mailbox-maps.cf
virtual_mailbox_domains = proxy:pgsql:/etc/postfix/pgsql/virtual-domains.cf
virtual_mailbox_base = /var/mail/vmail
virtual_uid_maps = static:101
virtual_gid_maps = static:101
relay_domains = proxy:pgsql:/etc/postfix/pgsql/relay-domains.cf
local_transport = virtual
local_recipient_maps = $virtual_mailbox_maps
data_directory = /var/lib/postfix
mailbox_size_limit = 10240000
proxy_read_maps =
$local_recipient_maps
$mydestination
$virtual_alias_maps
$virtual_alias_domains
$virtual_mailbox_maps
$virtual_mailbox_domains
$relay_recipient_maps
$relay_domains
$canonical_maps
$sender_canonical_maps
$recipient_canonical_maps
$relocated_maps
$transport_maps
$mynetworks
$sender_bcc_maps
$recipient_bcc_maps
$smtp_generic_maps
$lmtp_generic_maps
$smtpd_sender_login_maps

/etc/postfix/pgsql/virtual-mailbox-maps.cf
user = user_rof_db
password = password
dbname = mail_base
hosts = localhost
query = SELECT maildir FROM mailbox WHERE username='%s' AND active = true
/etc/postfix/pgsql/relay-domains.cf
user = user_rof_db
password = password
dbname = mail_base
hosts = localhost
query = SELECT domain FROM domain WHERE domain = '%s' AND backupmx = true
/etc/postfix/pgsql/sender.cf
user = user_rof_db
password = password
dbname = mail_base
hosts = localhost
query = SELECT username FROM mailbox WHERE username='%s' AND active = true
/etc/postfix/pgsql/virtual-access.cf
user = user_rof_db
password = password
dbname = mail_base
hosts = localhost
query = SELECT maildir FROM mailbox WHERE username='%s'
/etc/postfix/pgsql/virtual-domains.cf
user = user_rof_db
password = password
dbname = mail_base
hosts = localhost
query = SELECT domain FROM domain WHERE domain='%s' AND backupmx = false AND active = true
/etc/postfix/pgsql/virtual-alias-maps.cf
user = user_rof_db
password = password
dbname = mail_base
hosts = localhost
query = SELECT goto FROM alias WHERE address='%s' AND active = true
/etc/postfix/pgsql/virtual-mailbox-limit-maps.cf
user = user_rof_db
password = password
dbname = mail_base
hosts = localhost
query = SELECT quota FROM mailbox WHERE username = '%s'

[root@post Server]# grep -rvE "^$"\|"^#" /usr/lib64/sasl2/smtpd.conf
pwcheck_method: auxprop
auxprop_plugin: sql
mech_list: PLAIN
password_format: crypt
sql_engine: pgsql
sql_hostnames: localhost
sql_user: user_rof_db
sql_passwd: password
sql_database: mail_base
sql_select: SELECT password FROM mailbox WHERE username = '%u@%r' AND active='1' AND open_smtp='1'
log_level: 1
sql_verbose: no

По большему счету, это работает.

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

Архив | Удалить

Индекс форумов | Темы | Пред. тема | След. тема

Оцените тред (1=ужас, 5=супер)? [ 1 | 2 | 3 | 4 | 5 ] [Рекомендовать для помещения в FAQ]

Партнёры:

Хостинг:

Закладки на сайте
Проследить за страницей

Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру

1. "postfix, как отключить релей если mail from не пользователя?..."
Сообщение от GloryS (??) on 29-Апр-09, 15:07
Я так понимаю тебе нужно что-от типа такого? reject_sender_login_mismatch Reject the request when $smtpd_sender_login_maps specifies an owner for the MAIL FROM address, but the client is not (SASL) logged in as that MAIL FROM address owner; or when the client is (SASL) logged in, but the client login name doesn't own the MAIL FROM address according to $smtpd_sender_login_maps. Подробнее смотри http://www.postfix.org/postconf.5.html
Высказать мнение \| Ответить \| Правка \| Наверх \| Cообщить модератору

2. "postfix, как отключить релей если mail from не пользователя?..."
Сообщение от aescook (??) on 30-Апр-09, 12:19
grep -vEr "^$"\\|"^#" /etc/postfix/main.cf queue_directory = /var/spool/postfix command_directory = /usr/sbin $base = /etc/postfix daemon_directory = /usr/libexec/postfix mail_owner = postfix myhostname = post.domain.ru mydomain = domain.ru myorigin = $mydomain inet_interfaces = all mydestination = $myhostname, localhost.$mydomain, localhost unknown_local_recipient_reject_code = 550 alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases smtpd_banner = $myhostname ESMTP debug_peer_level = 7 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5 sendmail_path = /usr/sbin/sendmail.postfix newaliases_path = /usr/bin/newaliases.postfix mailq_path = /usr/bin/mailq.postfix setgid_group = postdrop html_directory = no manpage_directory = /usr/share/man sample_directory = /usr/share/doc/postfix-2.3.3/samples readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, check_client_access hash:/etc/postfix/client_access, reject_unknown_client_hostname smtpd_helo_restrictions = check_helo_access hash:/etc/postfix/hello_access, permit_mynetworks, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname smtpd_sender_restrictions = permit_mynetworks, check_sender_access hash:/etc/postfix/sender_access, reject_authenticated_sender_login_mismatch, reject_unknown_sender_domain, reject_unlisted_sender, reject_unverified_sender smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access hash:/etc/postfix/recipient_access, reject_unlisted_recipient, reject_unknown_recipient_domain, reject_non_fqdn_recipient, reject_unverified_recipient smtpd_etrn_restrictions = reject smtpd_reject_unlisted_sender = yes disable_vrfy_command = yes strict_rfc821_envelopes = yes show_user_unknown_table_name = no address_verify_sender = <> unverified_sender_reject_code = 550 smtpd_helo_required = yes smtp_always_send_ehlo = yes smtpd_hard_error_limit = 8 smtpd_sasl_auth_enable = yes smtpd_sasl_application_name = smtpd broken_sasl_auth_clients = yes smtpd_sasl_security_options = noanonymous smtpd_sender_login_maps = proxy:pgsql:/etc/postfix/pgsql/sender.cf virtual_alias_maps = proxy:pgsql:/etc/postfix/pgsql/virtual-alias-maps.cf virtual_mailbox_maps = proxy:pgsql:/etc/postfix/pgsql/virtual-mailbox-maps.cf virtual_mailbox_domains = proxy:pgsql:/etc/postfix/pgsql/virtual-domains.cf virtual_mailbox_base = /var/mail/vmail virtual_uid_maps = static:101 virtual_gid_maps = static:101 relay_domains = proxy:pgsql:/etc/postfix/pgsql/relay-domains.cf local_transport = virtual local_recipient_maps = $virtual_mailbox_maps data_directory = /var/lib/postfix mailbox_size_limit = 10240000 proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps $smtpd_sender_login_maps /etc/postfix/pgsql/virtual-mailbox-maps.cf user = user_rof_db password = password dbname = mail_base hosts = localhost query = SELECT maildir FROM mailbox WHERE username='%s' AND active = true /etc/postfix/pgsql/relay-domains.cf user = user_rof_db password = password dbname = mail_base hosts = localhost query = SELECT domain FROM domain WHERE domain = '%s' AND backupmx = true /etc/postfix/pgsql/sender.cf user = user_rof_db password = password dbname = mail_base hosts = localhost query = SELECT username FROM mailbox WHERE username='%s' AND active = true /etc/postfix/pgsql/virtual-access.cf user = user_rof_db password = password dbname = mail_base hosts = localhost query = SELECT maildir FROM mailbox WHERE username='%s' /etc/postfix/pgsql/virtual-domains.cf user = user_rof_db password = password dbname = mail_base hosts = localhost query = SELECT domain FROM domain WHERE domain='%s' AND backupmx = false AND active = true /etc/postfix/pgsql/virtual-alias-maps.cf user = user_rof_db password = password dbname = mail_base hosts = localhost query = SELECT goto FROM alias WHERE address='%s' AND active = true /etc/postfix/pgsql/virtual-mailbox-limit-maps.cf user = user_rof_db password = password dbname = mail_base hosts = localhost query = SELECT quota FROM mailbox WHERE username = '%s' [root@post Server]# grep -rvE "^$"\\|"^#" /usr/lib64/sasl2/smtpd.conf pwcheck_method: auxprop auxprop_plugin: sql mech_list: PLAIN password_format: crypt sql_engine: pgsql sql_hostnames: localhost sql_user: user_rof_db sql_passwd: password sql_database: mail_base sql_select: SELECT password FROM mailbox WHERE username = '%u@%r' AND active='1' AND open_smtp='1' log_level: 1 sql_verbose: no По большему счету, это работает.
Высказать мнение \| Ответить \| Правка \| Наверх \| Cообщить модератору

Архив \| Удалить	Индекс форумов \| Темы \| Пред. тема \| След. тема
Оцените тред (1=ужас, 5=супер)? [ 1 \| 2 \| 3 \| 4 \| 5 ] [Рекомендовать для помещения в FAQ]