Relay aberto para emails do domíno

**Jaltemar** · 14-12-2006, 18:44

Olá galera, estou com problema no meu servidor de email a algum tempo, e não tenho conseguido muito sucesso, tenho serviço de postfix+dovecot+saslauth rodando no meu servidor, o problema é que se alguem usa o meu smtp para enviar emails para usuarios do meu domínio esta passando sem exigir autenticação, para outros domínios ele exige autenticação.
se alguem puder me dar uma luz.

##main.cf##
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
myhostname = mail.dominio.com.br
mydomain = dominio.com.br
myorigin = $mydomain
mailbox_size_limit = 51200000
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
unknown_local_recipient_reject_code = 550
mynetworks_style = subnet
mynetworks = 127.0.0.0/8
relay_domains = dominio.com.br
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mail_spool_directory = /var/spool/mail
mailbox_command = /usr/bin/procmail
smtpd_banner = $myhostname ESMTP $mail_name
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.2.8/samples
message_size_limit = 10240000
readme_directory = /usr/share/doc/postfix-2.2.8/README_FILES
maps_rbl_domains = relays.ordb.org, dev.null.dk, opm.blitzed.org, sbl.spamhaus.org, dnsbl.sorbs.net
smtpd_client_restrictions = reject_maps_rbl
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, check_relay_domains, reject_unauth_destination, reject
smtpd_helo_required = yes
smtpd_sender_restrictions = reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining
strict_rfc821_envelopes = yes
smtpd_helo_restrictions=reject_invalid_hostname, reject_unknown_hostname, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unauth_pipelining
smtpd_timeout=300
smtp_connect_timeout=0
smtp_helo_timeout=300
smtp_mail_timeout=300
smtp_rcpt_timeout=300
smtp_data_init_timeout=120
smtp_data_xfer_timeout=180
smtp_data_done_timeout=600
smtp_quit_timeout=300
smtpd_recipient_limit=100

**Vampayre** · 15-12-2006, 00:14

amigo, passei pelo mesmo problema

muda isso

smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtp_sasl_security_options = noanonymous

seja feliz

**cldn** · 20-12-2006, 15:51

Experimente deixar a macro smtpd_recipient_restrictions dessa maneira:

smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unauth_destination, reject

good lucky

**Jaltemar** · 20-12-2006, 16:42

Postado originalmente por Vampayre

amigo, passei pelo mesmo problema

muda isso

smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtp_sasl_security_options = noanonymous

seja feliz

quando eu coloco desta forma, o postfix rejeita os email enviados, pode ser algum problema de DNS reverso, o meu reverso quem responde é a Embratel.

###retorno####
This is the Postfix program at host bungunia.hst.terra.com.br.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to <postmaster>

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

The Postfix program

<[email protected]>: host mail.meudominio.com.br[200.XXX.XXX.XXX]
said: 554 <[email protected]>: Recipient address rejected: Access
denied (in reply to RCPT TO command)

**Duca** · 20-12-2006, 17:07

Esse é meu main.cf de um server de teste que eu fiz a um tempo atrás, ainda bem que tinha uma cópia dele no meu e-mail, vê se pode te ajudar em algum coisa:

Código :

# See /usr/share/postfix/main.cf.dist for a commented, more complete version
 
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
 
# appending .domain is the MUA's job.
append_dot_mydomain = no
 
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
 
myhostname = dominio.com.br
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = dominio.com.br, localhost.dominio.com.br,localhost
relayhost =
mynetworks = 192.168.0.0/24, 127.0.0.0/8
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
inet_interfaces = all
 
disable_vrfy_command=yes
append_dot_mydomain=no
 
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
 
#Permite Clientes fora do RFC rodarem (Outlook por exemplo):
broken_sasl_auth_clients = yes
permit_sasl_authenticated, reject_unauth_destination, check_relay_domains
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
 
 
#---------------------
# SSL
#---------------------
smtpd_tls_security_level = may
smtpd_use_tls = yes
smtpd_tls_key_file = /etc/postfix/certs/smtp-key.pem
smtpd_tls_cert_file = /etc/postfix/certs/smtp-cert.pem
smtpd_tls_CAfile = /etc/postfix/certs/cacert.pem
smtpd_tls_loglevel = 2
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
tls_daemon_random_source = dev:/dev/urandom
 
content_filter = smtp-amavis:[127.0.0.1]:10024

Olha como estão as opções do sasl.

Ab, Duca.

Relay aberto para emails do domíno

Ferramentas de Tópicos

Relay aberto para emails do domíno