postfix desabilita verificação de lista negra para usuário registrado

1

Muitos usuários possuem IP dinâmico e um número suficiente desses IP está na lista negra. Como desabilitar a verificação da lista negra do Postfix somente para o usuário registrado? Quero apenas bloquear mensagens recebidas apenas de IPS na lista negra.

Eu adicionei permit_sasl_authenticated para smtpd_helo_restrictions. Agora parece com isso

smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit

No entanto, ainda não o testei.

smtpd_banner = $myhostname ESMTP $mail_name
biff = no
append_dot_mydomain = no
readme_directory = no

smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
smtpd_sasl_authenticated_header = yes

smtpd_tls_cert_file=/etc/postfix/sasl/mail_support.crt
smtpd_tls_key_file=/etc/postfix/sasl/mail_support.key
smtpd_tls_CAfile=/etc/postfix/sasl/mail_support.pem

smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

smtpd_tls_security_level = may
smtp_tls_security_level = may
smtpd_use_tls = yes
smtpd_tls_auth_only = no

unknown_local_recipient_reject_code = 450
maximal_queue_lifetime = 7d
minimal_backoff_time = 1000s
maximal_backoff_time = 8000s
smtp_helo_timeout = 60s
smtpd_recipient_limit = 16
smtpd_soft_error_limit = 3
smtpd_hard_error_limit = 12


smtpd_helo_restrictions = permit_mynetworks, **permit_sasl_authenticated**, warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit
smtpd_client_restrictions = reject_rbl_client zen.spamhaus.org, reject_rbl_client blackholes.easynet.nl

smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service inet:127.0.0.1:10023, permit
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_relay_restrictions = reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service inet:127.0.0.1:10023, permit

smtpd_helo_required = yes
smtpd_delay_reject = yes
disable_vrfy_command = yes

myhostname = mail
myorigin = /etc/hostname
mydestination =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
mynetworks_style = host

virtual_mailbox_base = /var/vmail
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf, mysql:/etc/postfix/mysql_virtual_mailbox_domainaliases_maps.cf
virtual_uid_maps = static:150
virtual_gid_maps = static:8
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf, mysql:/etc/postfix/mysql_virtual_alias_domainaliases_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf

virtual_transport = dovecot
dovecot_destination_recipient_limit = 1

content_filter = amavis:[127.0.0.1]:10024

header_checks = regexp:/etc/postfix/header_checks
enable_original_recipient = no

milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891, inet:localhost:8893
non_smtpd_milters = inet:localhost:8891, inet:localhost:8893
    
por Rostyslav Malenko 23.10.2014 / 12:14

1 resposta

1

Adicionar permit_sasl_authenticated a smtpd_client_restrictions antes que reject_rbl_content faça truques. Ele encerrará a verificação de acesso se o usuário tiver autenticado via SASL, portanto, nenhuma verificação adicional ( reject_rbl_client ) será aplicada.

convertido de comentário-por-Reinaldo-Gil 23 de outubro às 18:59

    
por 19.11.2014 / 22:05