具有身份验证设置的Postfix虚拟邮箱允许从未经身份验证的用户发送邮件

时间:2016-09-07 06:33:06

标签: linux authentication virtual postfix-mta sasl

我的postfix设置存在问题,它允许未经身份验证的用户和不存在的用户发送邮件。 Postfix配置为使用虚拟邮箱。 这就是:

telnet hostname.com 25
Connected to hostname.com.
Escape character is '^]'.
220 hostname.com ESMTP Postfix (Debian/GNU)
ehlo server
250-hostname.com
250-PIPELINING
250-SIZE 52428800
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN CRAM-MD5 LOGIN
250-AUTH=PLAIN CRAM-MD5 LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

发送邮件

telnet hostname.com 25
Connected to hostname.com.
Escape character is '^]'.
220 hostname.com ESMTP Postfix (Debian/GNU)
mail from: nonexistinguser@virtual-domain.com
250 2.1.0 Ok
rcpt to: legit-user@virtual-domain.com
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
hi this is a mail from fake account
.
250 2.0.0 Ok: queued as BE73115761D
quit
221 2.0.0 Bye
Connection closed by foreign host.

后缀配置:

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

append_dot_mydomain = no

readme_directory = no

smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_auth_only=no
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

myhostname = hostname.com
mydomain = hostname.com
myorigin=$mydomain

alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination =
relayhost =
mynetworks = 127.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all

home_mailbox = Maildir/
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes

smtpd_sender_restrictions = permit_sasl_authenticated,
    reject_unauthenticated_sender_login_mismatch

smtpd_recipient_restrictions = permit_sasl_authenticated,
    reject_unauth_destination,
    reject_unknown_sender_domain
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth-client

virtual_mailbox_domains = /etc/postfix/vhosts
virtual_mailbox_base = /home/vmail
virtual_mailbox_maps = hash:/etc/postfix/vmaps
virtual_minimum_uid = 1000
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
message_size_limit = 52428800
virtual_mailbox_limit = 0

问题是:如何在没有身份验证的情况下发送邮件?

1 个答案:

答案 0 :(得分:1)

Postfix将接受发送到本地域的邮件。可以通过mydestination中的main.cf参数的多种方式指定它们。

  

mydestination参数指定此计算机将在本地提供哪些域,而不是转发到另一台计算机。

如果您尝试使用telnet发送到非本地域,则会在发出Relay access denied命令后收到rcpt to

相关问题
最新问题