Arch71 0 Zgłoś post Napisano Maj 17, 2018 Witajcie, no niestety przyszedł taki moment, że muszę prosić o pomoc, może ktoś zasugeruje rozwiązanie. Problem banalny, ale mimo kilku interwencji i konsultacji nadal nierozwiązany. Posiadam serwer dedykowany, UBUNTU 16.04.4, postfix + dovecot, konta vmail. MTA skonfigurowane pod smtp, smtps, submission. I teoretycznie wszystko działa jak należy, oprócz jednego drobiazgu. Okazuje się, że mam open relay w ramach skrzynek w domenach na tym serwerze. Tzn. mogę wysłać bez autoryzacji dowolny email sam do siebie, lub na dowolną skrzynkę w ramach tego serwera. Natomiast autoryzacja działa poprawnie w przypadku wysyłania emaili na zewnętrzne skrzynki. Korzystałem z różnych konfiguracji postfixa, zmieniając głównie parametry smtpd_helo_restrictions/ smtpd_sender_restrictions/ smtpd_relay_restrictions/ smtpd_recipient_restrictions ale mimo różnych efektów problemu nie udało się rozwiązać. Będę wdzięczy za sugestie. Moja obecna konfiguracja: postconf -n Cytat alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no broken_sasl_auth_clients = no compatibility_level = 2 inet_interfaces = all inet_protocols = ipv4 mailbox_size_limit = 0 mydestination = myhostname = srv03.domena.pl mynetworks = 127.0.0.0/8 myorigin = /etc/mailname readme_directory = no recipient_delimiter = + relayhost = smtpd_banner = $myhostname ESMTP $mail_name (Linux) smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unauth_destination, permit_mynetworks, smtpd_relay_restrictions = permit_sasl_authenticated, reject_unauth_destination, permit_mynetworks, defer_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_sender_restrictions = reject_unknown_sender_domain smtpd_tls_auth_only = no smtpd_tls_cert_file = /etc/ssl/certs/dovecot.pem smtpd_tls_key_file = /etc/ssl/private/dovecot.pem smtpd_use_tls = yes virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf virtual_transport = lmtp:unix:private/dovecot-lmtp master.cf Cytat # # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: "man 5 master" or # on-line: http://www.postfix.org/master.5.html). # # Do not forget to execute "postfix reload" after editing this file. # # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (no) (never) (100) # ========================================================================== smtp inet n - y - - smtpd #smtp inet n - y - 1 postscreen #smtpd pass - - y - - smtpd #dnsblog unix - - y - 0 dnsblog #tlsproxy unix - - y - 0 tlsproxy #smtps = 465 smtps inet n - y - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes submission inet n - y - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=may -o smtpd_sasl_auth_enable=yes #628 inet n - y - - qmqpd pickup unix n - y 60 1 pickup cleanup unix n - y - 0 cleanup qmgr unix n - n 300 1 qmgr #qmgr unix n - n 300 1 oqmgr tlsmgr unix - - y 1000? 1 tlsmgr rewrite unix - - y - - trivial-rewrite bounce unix - - y - 0 bounce defer unix - - y - 0 bounce trace unix - - y - 0 bounce verify unix - - y - 1 verify flush unix n - y 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - y - - smtp relay unix - - y - - smtp # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - y - - showq error unix - - y - - error retry unix - - y - - error discard unix - - y - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - y - - lmtp anvil unix - - y - 1 anvil scache unix - - y - 1 scache # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # Many of the following services use the Postfix pipe(8) delivery # agent. See the pipe(8) man page for information about ${recipient} # and other message envelope options. # ==================================================================== # # maildrop. See the Postfix MAILDROP_README file for details. # Also specify in main.cf: maildrop_destination_recipient_limit=1 # maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} # # ==================================================================== # # Recent Cyrus versions can use the existing "lmtp" master.cf entry. # # Specify in cyrus.conf: # lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4 # # Specify in main.cf one or more of the following: # mailbox_transport = lmtp:inet:localhost # virtual_transport = lmtp:inet:localhost # # ==================================================================== # # Cyrus 2.1.5 (Amos Gouaux) # Also specify in main.cf: cyrus_destination_recipient_limit=1 # #cyrus unix - n n - - pipe # user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} # # ==================================================================== # Old example of delivery via Cyrus. # #old-cyrus unix - n n - - pipe # flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} # # ==================================================================== # # See the Postfix UUCP_README file for configuration details. # uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) # # Other external delivery methods. # ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} mailman unix - n n - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user} dovecot -n Cytat # 2.2.22 (fe789d2): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.13 (7b14904) # OS: Linux 4.4.0-116-generic x86_64 Ubuntu 16.04.4 LTS ext4 auth_debug = yes auth_debug_passwords = yes auth_mechanisms = plain login auth_verbose = yes auth_verbose_passwords = yes disable_plaintext_auth = no listen = 54.38.aa.bb, 54.38.aa.cc log_path = /var/log/dovecot.log mail_debug = yes mail_location = maildir:/var/mail/vhosts/%d/%n mail_privileged_group = mail namespace inbox { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Messages" { auto = subscribe special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } prefix = } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } postmaster_address = admin@srv03.domena.pl protocols = imap lmtp service auth-worker { user = vmail } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { mode = 0600 user = vmail } user = dovecot } service imap-login { inet_listener imap { port = 143 } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } ssl_cert = </etc/ssl/certs/dovecot.pem ssl_key = </etc/ssl/private/dovecot.pem userdb { args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n driver = static } verbose_ssl = yes protocol lmtp { hostname = srv03.domena.pl postmaster_address = admin@srv03.domena.pl } Udostępnij ten post Link to postu Udostępnij na innych stronach
Therminus 0 Zgłoś post Napisano Kwiecień 11, 2023 U mnie uwierzytelnianie wewnątrz domeny działa. Poniżej wycinki z mojej konfiguracji main.cf Cytat smtpd_recipient_restrictions = permit_sasl_authenticated,reject_unauth_destination,check_policy_service unix:private/policy smtpd_sender_restrictions = reject_unknown_sender_domain,reject_non_fqdn_sender,reject_authenticated_sender_login_mismatch,permit_sasl_authenticated,permit_mynetworks smtpd_relay_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination smtpd_client_restrictions = reject_unknown_client,permit_sasl_authenticated smtpd_helo_restrictions = reject_unauth_pipelining,reject_invalid_helo_hostname,permit master.cf Cytat submission inet n - - - - smtpd -o smtpd_sasl_auth_enable=yes -o smtpd_sasl_path=smtpd -o smtpd_sasl_security_options=noanonymous -o smtpd_sasl_authenticated_header=yes -o milter_macro_daemon_name=ORIGINATING -o smtpd_client_restrictions=reject_unknown_client,permit_sasl_authenticated -o smtpd_helo_restrictions=yes -o receive_override_options=no_header_body_checks,no_address_mappings -o smtpd_sender_restrictions=reject_sender_login_mismatch,reject_unknown_sender_domain,reject_non_fqdn_sender,reject_authenticated_sender_login_mismatch,permit_sasl_authenticated,permit_mynetworks,reject -o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject_unauth_destination -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o smtpd_helo_restrictions=reject_unauth_pipelining,reject_invalid_helo_hostname,permit Udostępnij ten post Link to postu Udostępnij na innych stronach
