Доброго времени суток.Столкнулся с тем, что Postfix пересылает письма не зависимо от того, какой адресат указывается в заголовке отправителя. Т.е. если пользователь прошел авторизацию, то он может послать письмо с любым заголовком в качестве отправителя. Очень не хочется, чтобы почтовый сервер использовался спамерами.
Return-Path: <testuserx3@other_domain.ru>
X-Original-To: test1@receiver.ru
Delivered-To: test1@receiver.ru
Received: from [192.168.250.77] (unknown [192.168.250.77])
(Authenticated sender: testuser@right_domain.ru)
by post.almanet.kz (Postfix) with ESMTP id AC0841988095
for <test1@receiver.ru>; Tue, 28 Apr 2009 11:27:04 +0400 ()
Message-ID: <49F693A8.3030400@other_domain.ru>
Date: Tue, 28 Apr 2009 11:27:04 +0400
From: "name" <testuserx3@other_domain.ru>
User-Agent: Thunderbird 2.0.0.21 (X11/20090302)
MIME-Version: 1.0
To: test1@receiver.ru
Subject: test1
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bittest
Получается очень не приятная штука, темболее что почтовый сервер намеревается эксплотироватся бесплатно с свободной регистрацией.
Как можно проверять адресс отправителя после авторизации?конфигурация сервера postfix 2.3.3:
----------------------------------------------------------------------
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost
unknown_local_recipient_reject_code = 550
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.3.3/samples
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
virtual_mailbox_base = /var/mail/vmail
virtual_mailbox_domains = proxy:pgsql:/etc/postfix/pgsql/virtual-domains.cf
virtual_mailbox_maps = proxy:pgsql:/etc/postfix/pgsql/virtual-mailbox-maps.cf
virtual_uid_maps = static:101
virtual_gid_maps = static:101
virtual_alias_maps = proxy:pgsql:/etc/postfix/pgsql/virtual-alias-maps.cf
relay_domains = proxy:pgsql:/etc/postfix/pgsql/relay-domains.cf
local_transport = virtual
local_recipient_maps = $virtual_mailbox_maps
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_sasl_authenticated reject_unauth_destination reject_unknown_sender_domain reject_rbl_client list.dsbl.org reject_rbl_client relays.ordb.org reject_rbl_client dynablock.wirehub.net reject_rbl_client blackholes.wirehub.net reject_rbl_client dnsbl.njabl.org
smtpd_recipient_limit = 40
smtpd_sasl_authenticated_header = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
data_directory = /var/lib/postfix
mailbox_size_limit = 10240000
--------------------------------------------------------------
[root@post ~]# cat /usr/lib64/sasl2/smtpd.conf
pwcheck_method: auxprop
auxprop_plugin: sql
mech_list: PLAINpassword_format: crypt
## sql_usessl: yes
sql_engine: pgsql
sql_hostnames: 81.88.145.37
sql_user: mail_almanet_user
sql_passwd: pfkegf
sql_database: mail_almanet_db
sql_select: SELECT password FROM mailbox WHERE username = '%u@%r' AND active='1' AND open_smtp='1'
log_level: 7
sql_verbose: yes[root@post ~]# cat /usr/lib64/sasl2/smtpd.conf |grep -vE "^#"\|"^$"
pwcheck_method: auxprop
auxprop_plugin: sql
mech_list: PLAIN
password_format: crypt
sql_engine: pgsql
sql_hostnames: ip address
sql_user: mail_user
sql_passwd: pass
sql_database: mail_db
sql_select: SELECT password FROM mailbox WHERE username = '%u@%r' AND active='1' AND open_smtp='1'
log_level: 7
sql_verbose: yes
Я так понимаю тебе нужно что-от типа такого?
reject_sender_login_mismatch
Reject the request when $smtpd_sender_login_maps specifies an owner for the MAIL FROM address, but the client is not (SASL) logged in as that MAIL FROM address owner; or when the client is (SASL) logged in, but the client login name doesn't own the MAIL FROM address according to $smtpd_sender_login_maps.Подробнее смотри http://www.postfix.org/postconf.5.html
grep -vEr "^$"\|"^#" /etc/postfix/main.cfqueue_directory = /var/spool/postfix
command_directory = /usr/sbin
$base = /etc/postfix
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
myhostname = post.domain.ru
mydomain = domain.ru
myorigin = $mydomain
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost
unknown_local_recipient_reject_code = 550
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
smtpd_banner = $myhostname ESMTP
debug_peer_level = 7
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.3.3/samples
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
smtpd_client_restrictions = permit_mynetworks,
permit_sasl_authenticated,
check_client_access hash:/etc/postfix/client_access,
reject_unknown_client_hostname
smtpd_helo_restrictions = check_helo_access hash:/etc/postfix/hello_access,
permit_mynetworks,
permit_sasl_authenticated,
reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname,
reject_unknown_helo_hostname
smtpd_sender_restrictions = permit_mynetworks,
check_sender_access hash:/etc/postfix/sender_access,
reject_authenticated_sender_login_mismatch,
reject_unknown_sender_domain,
reject_unlisted_sender,
reject_unverified_sender
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
check_recipient_access hash:/etc/postfix/recipient_access,
reject_unlisted_recipient,
reject_unknown_recipient_domain,
reject_non_fqdn_recipient,
reject_unverified_recipient
smtpd_etrn_restrictions = reject
smtpd_reject_unlisted_sender = yes
disable_vrfy_command = yes
strict_rfc821_envelopes = yes
show_user_unknown_table_name = no
address_verify_sender = <>
unverified_sender_reject_code = 550
smtpd_helo_required = yes
smtp_always_send_ehlo = yes
smtpd_hard_error_limit = 8
smtpd_sasl_auth_enable = yes
smtpd_sasl_application_name = smtpd
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
smtpd_sender_login_maps = proxy:pgsql:/etc/postfix/pgsql/sender.cf
virtual_alias_maps = proxy:pgsql:/etc/postfix/pgsql/virtual-alias-maps.cf
virtual_mailbox_maps = proxy:pgsql:/etc/postfix/pgsql/virtual-mailbox-maps.cf
virtual_mailbox_domains = proxy:pgsql:/etc/postfix/pgsql/virtual-domains.cf
virtual_mailbox_base = /var/mail/vmail
virtual_uid_maps = static:101
virtual_gid_maps = static:101
relay_domains = proxy:pgsql:/etc/postfix/pgsql/relay-domains.cf
local_transport = virtual
local_recipient_maps = $virtual_mailbox_maps
data_directory = /var/lib/postfix
mailbox_size_limit = 10240000
proxy_read_maps =
$local_recipient_maps
$mydestination
$virtual_alias_maps
$virtual_alias_domains
$virtual_mailbox_maps
$virtual_mailbox_domains
$relay_recipient_maps
$relay_domains
$canonical_maps
$sender_canonical_maps
$recipient_canonical_maps
$relocated_maps
$transport_maps
$mynetworks
$sender_bcc_maps
$recipient_bcc_maps
$smtp_generic_maps
$lmtp_generic_maps
$smtpd_sender_login_maps
/etc/postfix/pgsql/virtual-mailbox-maps.cf
user = user_rof_db
password = password
dbname = mail_base
hosts = localhost
query = SELECT maildir FROM mailbox WHERE username='%s' AND active = true/etc/postfix/pgsql/relay-domains.cf
user = user_rof_db
password = password
dbname = mail_base
hosts = localhost
query = SELECT domain FROM domain WHERE domain = '%s' AND backupmx = true/etc/postfix/pgsql/sender.cf
user = user_rof_db
password = password
dbname = mail_base
hosts = localhost
query = SELECT username FROM mailbox WHERE username='%s' AND active = true/etc/postfix/pgsql/virtual-access.cf
user = user_rof_db
password = password
dbname = mail_base
hosts = localhost
query = SELECT maildir FROM mailbox WHERE username='%s'/etc/postfix/pgsql/virtual-domains.cf
user = user_rof_db
password = password
dbname = mail_base
hosts = localhost
query = SELECT domain FROM domain WHERE domain='%s' AND backupmx = false AND active = true/etc/postfix/pgsql/virtual-alias-maps.cf
user = user_rof_db
password = password
dbname = mail_base
hosts = localhost
query = SELECT goto FROM alias WHERE address='%s' AND active = true/etc/postfix/pgsql/virtual-mailbox-limit-maps.cf
user = user_rof_db
password = password
dbname = mail_base
hosts = localhost
query = SELECT quota FROM mailbox WHERE username = '%s'
[root@post Server]# grep -rvE "^$"\|"^#" /usr/lib64/sasl2/smtpd.conf
pwcheck_method: auxprop
auxprop_plugin: sql
mech_list: PLAIN
password_format: crypt
sql_engine: pgsql
sql_hostnames: localhost
sql_user: user_rof_db
sql_passwd: password
sql_database: mail_base
sql_select: SELECT password FROM mailbox WHERE username = '%u@%r' AND active='1' AND open_smtp='1'
log_level: 1
sql_verbose: no
По большему счету, это работает.