Permitir SMTP AUTH somente de mynetworks

Navegue suas respostas
3

É possível permitir SMTP AUTH somente de IPs em mynetworks? Eu testei um monte de opções, mas ninguém trabalhou. Aqui está o estado real do meu main.cf: 

smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = mx1.domain.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = mail.domain.com, localhost.domain.com, localhost
relayhost =
mynetworks = 172.20.1.0/24 172.18.1.0/24 192.168.0.0/24 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_tls_security_level = may
smtpd_tls_auth_only = no

smtpd_recipient_restrictions = 
    check_recipient_access mysql:/etc/postfix/blocked-recipients.cf,
    permit_mynetworks,
    permit_sasl_authenticated,
    reject_unauth_destination,
    check_sender_access hash:/etc/postfix/sender_access

message_size_limit = 409600000
    
por Maikel 13.10.2015 / 21:32

2 respostas

2

Obrigado @ 84104. Sua resposta me levou a encontrar este tópico que resolveu o meu problema.

smtpd_sasl_exceptions_networks does not announce AUTH support but still allows AUTH from any IP.

This feature was donated to prevent certain network clients from messing up when the server announces AUTH support but the client has no login information. With smtpd_sasl_exceptions_networks, those clients would not try to authenticate and all was well.

smtpd_sasl_exceptions_networks is obsoleted by smtpd_discard_ehlo_keywords and smtpd_discard_ehlo_keyword_address_maps. The latter two prevent Postfix from accepting AUTH commands.

smtpd_sasl_exceptions_networks should probably be deprecated and eventually removed from documentation.

    
por 14.10.2015 / 14:04
3

Você provavelmente vai querer usar smtpd_sasl_exceptions_networks .

    
por 14.10.2015 / 01:50

Tags

Taxa de transferência Max SAS de uma pilha de discos? configuração de rede (ponte) proxmox