setcookie
29.10.06, 16:40
Hi,
ich richte gerade ein Mail Server mit Postfix und Cyrus ein.
So weit funktioniert alles, nun soll es halt auch nur Möglich sein mit auf dem Server bekannten Adressen zu versenden.
Dazu sollte ja dieser Parameter sein:
smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-sender.cf
# mysql-sender.cf
hosts = localhost
user = mail
password = secret
dbname = mail
table = virtual
select_field = access
where_field = alias
additional_conditions = and status = '1'
# SQL-Tabelle:
+------------------+--------+----------+--------+--------+
| alias | dest | username |status | access |
+-------------------+--------+----------+--------+--------+
| name@domain.net | username |username | 1 | OK |
+-------------------+---------+-----------+------+-------+
Problem ist nun nur, das ich mich via telnet auf die Kiste verbinden kann und mit ungültigen Adressen Mails versenden kann.
Wenn mir jemand sagen könnte, wie ich das unterbinden kann wäre ich dankbar.
Hier die restliche main.cf
soft_bounce = yes
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
myhostname = mail.asn
myorigin = $myhostname
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, mysql:/etc/postfix/mysql-mydestination.cf
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual.cf
sender_canonical_maps = mysql:/etc/postfix/mysql-canonical.cf
unknown_local_recipient_reject_code = 550
mailbox_transport = cyrus
#fallback_transport =
#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
debug_peer_level = 5
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/local/man
smtpd_helo_required = yes
sample_directory = /etc/postfix
# smtpd_recipient_restrictions = reject_invalid_hostname,reject_non_fqdn_sender,rej ect_non_fqdn_recipient,reject_unknown_sender_domai n,reject_unknown_recipient_domain,reject_unauth_pi pelining,reject_unauth_destination,permit_mynetwor k,permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes
smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/postfix/setcookie.is-a-geek.net.crt
smtpd_tls_key_file = /etc/postfix/setcookie.is-a-geek.net.key
smtpd_tls_auth_only = yes
smtpd_tls_loglevel = 4
smtpd_sender_restrictions = reject_unknown_address
smtpd_sender_restrictions=permit_tls_clientcerts,p ermit_sasl_authenticated,reject_unknown_sender_dom ain,reject_non_fqdn_sender,reject_unauth_pipelinin g,reject_sender_login_mismatch,permit
smtpd_sender_restrictions=check_sender_access mysql:/etc/postfix/mysql-sender.cf
# smtpd_sender_restrictions=check_sender_access mysql:/etc/postfix/mysql-sender.cf
# readme_directory: The location of the Postfix README files.
#
readme_directory = no
ich richte gerade ein Mail Server mit Postfix und Cyrus ein.
So weit funktioniert alles, nun soll es halt auch nur Möglich sein mit auf dem Server bekannten Adressen zu versenden.
Dazu sollte ja dieser Parameter sein:
smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-sender.cf
# mysql-sender.cf
hosts = localhost
user = mail
password = secret
dbname = mail
table = virtual
select_field = access
where_field = alias
additional_conditions = and status = '1'
# SQL-Tabelle:
+------------------+--------+----------+--------+--------+
| alias | dest | username |status | access |
+-------------------+--------+----------+--------+--------+
| name@domain.net | username |username | 1 | OK |
+-------------------+---------+-----------+------+-------+
Problem ist nun nur, das ich mich via telnet auf die Kiste verbinden kann und mit ungültigen Adressen Mails versenden kann.
Wenn mir jemand sagen könnte, wie ich das unterbinden kann wäre ich dankbar.
Hier die restliche main.cf
soft_bounce = yes
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
myhostname = mail.asn
myorigin = $myhostname
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, mysql:/etc/postfix/mysql-mydestination.cf
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual.cf
sender_canonical_maps = mysql:/etc/postfix/mysql-canonical.cf
unknown_local_recipient_reject_code = 550
mailbox_transport = cyrus
#fallback_transport =
#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
debug_peer_level = 5
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/local/man
smtpd_helo_required = yes
sample_directory = /etc/postfix
# smtpd_recipient_restrictions = reject_invalid_hostname,reject_non_fqdn_sender,rej ect_non_fqdn_recipient,reject_unknown_sender_domai n,reject_unknown_recipient_domain,reject_unauth_pi pelining,reject_unauth_destination,permit_mynetwor k,permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes
smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/postfix/setcookie.is-a-geek.net.crt
smtpd_tls_key_file = /etc/postfix/setcookie.is-a-geek.net.key
smtpd_tls_auth_only = yes
smtpd_tls_loglevel = 4
smtpd_sender_restrictions = reject_unknown_address
smtpd_sender_restrictions=permit_tls_clientcerts,p ermit_sasl_authenticated,reject_unknown_sender_dom ain,reject_non_fqdn_sender,reject_unauth_pipelinin g,reject_sender_login_mismatch,permit
smtpd_sender_restrictions=check_sender_access mysql:/etc/postfix/mysql-sender.cf
# smtpd_sender_restrictions=check_sender_access mysql:/etc/postfix/mysql-sender.cf
# readme_directory: The location of the Postfix README files.
#
readme_directory = no