我正在使用dovecot和postgresql为虚拟用户配置exim4,我遇到了一个无法解决的问题,情况是这样的:
我需要当'localdomain'用户尝试向另一个'localdomain'用户或外国用户发送电子邮件时,需要进行身份验证,否则拒绝操作。
实际上我正试图避免任何类型的smtp开放中继。
实际上smtp工作正常,只需要设置该要求,我找不到正确的方法来正确配置exim以获得此行为(是一个acl或路由或传输规则?)
我如何定义此配置?
示例:
220 my-server ESMTP Exim 4.84 Thu, 31 Mar 2016 22:26:28 +0000 ehlo localhost 250-my-server Hello localhost [192.168.1.X] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-AUTH PLAIN LOGIN 250 HELP mail from: a@my-server.com 250 OK rcpt to: b@my-server.com 250 Accepted data 354 Enter message, ending with "." on a line by itself this must not happen, the user 'a@my-server.com' is not authenticated, he must not be able to send any message yet until of use of 'auth login' or 'auth plain' because is a user of local domains. . 250 OK id=1all3Q-0004l2-V4
示例2
220 my-server ESMTP Exim 4.84 Thu, 31 Mar 2016 22:58:56 +0000 ehlo localhost 250-my-server Hello localhost [192.168.1.X] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-AUTH PLAIN LOGIN 250 HELP mail from: a@anotherserver.com 250 OK rcpt to: user@my-server.com 250 Accepted data 354 Enter message, ending with "." on a line by itself this is already valid. . 250 OK id=1allZR-00050E-Sq
ACL配置文件:
acl_check_rcpt:
accept
hosts = :
control = dkim_disable_verify
.ifdef CHECK_RCPT_LOCAL_LOCALPARTS
deny
domains = +local_domains
local_parts = CHECK_RCPT_LOCAL_LOCALPARTS
message = restricted characters in address
.endif
deny
domains = !+local_domains
local_parts = CHECK_RCPT_REMOTE_LOCALPARTS
message = restricted characters in address
.endif
accept
.ifndef CHECK_RCPT_POSTMASTER
local_parts = postmaster
.else
local_parts = CHECK_RCPT_POSTMASTER
.endif
domains = +local_domains : +relay_to_domains
.ifdef CHECK_RCPT_VERIFY_SENDER
deny
message = Failed!
!acl = acl_local_deny_exceptions
!verify = sender
.endif
deny
!acl = acl_local_deny_exceptions
senders = ${if exists{CONFDIR/local_sender_callout}\
{CONFDIR/local_sender_callout}\
{}}
!verify = sender/callout
accept
hosts = +relay_from_hosts
control = submission/sender_retain
control = dkim_disable_verify
accept
authenticated = *
control = submission/sender_retain
control = dkim_disable_verify
require
message = Relay denied!
domains = +local_domains : +relay_to_domains
require
verify = recipient
deny
!acl = acl_local_deny_exceptions
recipients = ${if exists{CONFDIR/local_rcpt_callout}\
{CONFDIR/local_rcpt_callout}\
{}}
!verify = recipient/callout
deny
message = sender envelope address $sender_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
!acl = acl_local_deny_exceptions
senders = ${if exists{CONFDIR/local_sender_blacklist}\
{CONFDIR/local_sender_blacklist}\
{}}
deny
message = sender IP address $sender_host_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
!acl = acl_local_deny_exceptions
hosts = ${if exists{CONFDIR/local_host_blacklist}\
{CONFDIR/local_host_blacklist}\
{}}
accept
domains = +relay_to_domains
endpass
verify = recipient
accept