沒辦法了,怎樣禁止登錄用戶偽造郵件地址發信??
試了N多次都不行,我把 main.cf 貼出來請高手看看:
# cat /etc/postfix/main.cf
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
#mydestination = $myhostname, localhost.$mydomain, localhost
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
unknown_local_recipient_reject_code = 550
# hostname
mynetworks = 127.0.0.1
myhostname = mail.sykaiqi.com
mydestination = $mynetworks $myhostname
#mydomain = sykaiqi.com
#myorigin = sykaiqi.com
# banner
mail_name = Postfix - by extmail.org
smtpd_banner = $myhostname ESMTP $mail_name
# response immediately
smtpd_error_sleep_time = 0s
# Message and return code control
message_size_limit = 52428800
mailbox_size_limit = 104857600
show_user_unknown_table_name = no
# Queue lifetime control
bounce_queue_lifetime = 1d
maximal_queue_lifetime = 1d
maildrop_destination_recipient_limit = 1
# extmail config here
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_transport = maildrop:
# smtpd related config
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unauth_destination,
reject_unauth_pipelining,
reject_invalid_hostname,
# SMTP sender login matching config
smtpd_reject_unlisted_sender = yes
smtpd_sender_restrictions =
permit_mynetworks,
reject_sender_login_mismatch,
reject_authenticated_sender_login_mismatch,
reject_unauthenticated_sender_login_mismatch
smtpd_sender_login_maps =
mysql:/etc/postfix/mysql_virtual_sender_maps.cf,
mysql:/etc/postfix/mysql_virtual_alias_maps.cf
# SMTP AUTH config here
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
# Content-Filter
content_filter = smtp-amavis::10024
receive_override_options = no_address_mappings
#
《解決方案》
smtpd_delay_reject = yes
《解決方案》
By default, this restriction is applied when the client sends the RCPT TO command. In order to have the restriction take effect as soon as possible, specify smtpd_delay_reject = no in the Postfix main.cf configuration file
The sender or recipient restrictions take effect only if smtpd_delay_reject = yes so that all restrictions are evaluated after the RCPT TO command.
《解決方案》
試一下 在smtpd_recipient_restrictions = 中加上:reject_sender_login_mismatch,reject_authenticated_sender_login_mismatch
《解決方案》
貌似只能確保 mail from的地址是屬於郵件地址列表的
《解決方案》
# mailq
-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
6B8061F836F 3450 Tue Oct 8 01:00:34 MAILER-DAEMON
(connect to zeebxovru.net:25: Connection timed out)
gssw@zeebxovru.net
621341F8363 3436 Mon Oct 7 22:28:13 MAILER-DAEMON
(connect to xp.info:25: Connection timed out)
itc@xp.info
95E1F1F833C 3653 Mon Oct 7 15:17:06 MAILER-DAEMON
(connect to bnx.org:25: Connection timed out)
ttygajdd@bnx.org
47AF81F8341 3484 Mon Oct 7 17:42:53 MAILER-DAEMON
(connect to cn-uniview.co:25: Connection timed out)
cehntje@cn-uniview.co
4E2CE1F8379 3483 Tue Oct 8 08:20:39 MAILER-DAEMON
(conversation with postbox.fabulous.com timed out while receiving the initial server greeting)
kgcrnv@zivj.com
47CE41F8373 3580 Tue Oct 8 07:42:57 MAILER-DAEMON
(conversation with postbox.fabulous.com timed out while receiving the initial server greeting)
maxck9627@tpmtechnopark.com
C6E841F835F 3502 Tue Oct 8 11:26:36 MAILER-DAEMON
(host mailstore1.secureserver.net refused to talk to me: 554-p3pismtp01-031.prod.phx3.secureserver.net 554 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means.)
mwmdzouqi@owrp.com
CA24E1F837B 3609 Tue Oct 8 10:40:25 MAILER-DAEMON
(connect to dzzsbuqg.com:25: Connection timed out)
swv@dzzsbuqg.com
33B1E1F8377 3651 Tue Oct 8 04:51:29 MAILER-DAEMON
(connect to ynyl.com:25: Connection refused)
nkuuaxj@ynyl.com
36D291F8374 3648 Tue Oct 8 07:05:08 MAILER-DAEMON
(connect to lffqcbocf.net:25: Connection timed out)
jkxf@lffqcbocf.net
AD1C81F832B 3428 Tue Oct 8 02:53:12 MAILER-DAEMON
(connect to kwqkzlu.com:25: Connection timed out)
qj@kwqkzlu.com
A594C1F834E 3608 Mon Oct 7 23:49:23 MAILER-DAEMON
(connect to lhojw.com:25: Connection timed out)
adyivrq@lhojw.com
AA2331F8349 3345 Mon Oct 7 21:40:50 MAILER-DAEMON
(connect to bjeport.gov.cn:25: Connection timed out)
zt0xh236c@bjeport.gov.cn
AD4521F8375 3386 Tue Oct 8 05:45:20 MAILER-DAEMON
(connect to iselect.com:25: Connection timed out)
ljtwm@iselect.com
E7E8D1F8350 3296 Mon Oct 7 15:30:09 MAILER-DAEMON
(connect to rvltooling.com:25: Connection timed out)
Rv@rvltooling.com
DA1BA1F8342 3647 Mon Oct 7 20:12:58 MAILER-DAEMON
(connect to xwtkrr.org:25: Connection timed out)
ublzfylja@xwtkrr.org
D51341F8365 3455 Tue Oct 8 01:50:20 MAILER-DAEMON
(connect to kfwmuvnq.com:25: Connection timed out)
rra@kfwmuvnq.com
5AEE51F835A 3599 Mon Oct 7 20:42:26 MAILER-DAEMON
(connect to xququcak.net:25: Connection timed out)
ml@xququcak.net
545581F837C 3633 Tue Oct 8 12:42:46 MAILER-DAEMON
(connect to xji.cc:25: Connection timed out)
ublbte@xji.cc
8A7EE1F8368 3519 Mon Oct 7 22:41:19 MAILER-DAEMON
(connect to iiprtrjl.com:25: Connection timed out)
fng@iiprtrjl.com
88D561F8360 3579 Tue Oct 8 00:43:19 MAILER-DAEMON
(connect to px2013-33.vicp.cc:25: Connection refused)
MhHDlowa@px2013-33.vicp.cc
2D9B11F8352 3622 Mon Oct 7 17:16:51 MAILER-DAEMON
(connect to epaoage.com:25: Connection timed out)
kcpiguuit@epaoage.com
-- 90 Kbytes in 22 Requests.
#
這是咋回事???
《解決方案》
一句話:將順序調下
smtpd_sender_restrictions =
permit_mynetworks,
reject_sender_login_mismatch,
reject_authenticated_sender_login_mismatch,
reject_unauthenticated_sender_login_mismatch
smtpd_sender_restrictions =
reject_sender_login_mismatch,
reject_authenticated_sender_login_mismatch,
reject_unauthenticated_sender_login_mismatch
permit_mynetworks,