Postfix禁止转发伪造发件人邮件
Postfix内网用户在转发邮件时可以任意填写发件人邮箱,给管理带来诸多不便,可以使用账号登录匹配发件人邮箱进行限制。编辑Postfix配置文件:
1
2
3
4
5
6
7
8
#http://www.haiyun.me
cat /etc/postfix/main.cf
smtpd_sender_login_maps = hash:/etc/postfix/sasl_sender #用户与邮件账号匹配表
smtpd_sender_restrictions =
reject_sender_login_mismatch #拒绝发送邮件与登录用户不匹配的邮件
smtpd_recipient_restrictions =
# permit_mynetworks,#去除网络区域认证
permit_sasl_authenticated #用户认证模式 新建用户与账号匹配表:
1
2
cat /etc/postfix/sasl_sender
root@www.haiyun.me root 生成hash数据库:
1
postmap /etc/postfix/sasl_sender 伪造发件人发送邮件测试:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
sendEmail -v -f test@www.haiyun.me -t mail@www.haiyun.me -s smtp.www.haiyun.me -u "test" -m "测试sendemail" -xu root -xp passwd
Feb 29 11:08:00 centos5 sendEmail: DEBUG => Connecting to smtp.www.haiyun.me:25
Feb 29 11:08:01 centos5 sendEmail: DEBUG => My IP address is: 192.168.1.3
Feb 29 11:08:01 centos5 sendEmail: SUCCESS => Received:220 mail.www.haiyun.me ESMTP "ONOVPS Mail Server"
Feb 29 11:08:01 centos5 sendEmail: INFO => Sending:EHLO centos5.7-x86
Feb 29 11:08:01 centos5 sendEmail: DEBUG => SMTP-AUTH: Using LOGIN authentication method
Feb 29 11:08:01 centos5 sendEmail: INFO => Sending:AUTH LOGIN
Feb 29 11:08:01 centos5 sendEmail: SUCCESS => Received:235 2.0.0 Authentication successful
Feb 29 11:08:01 centos5 sendEmail: DEBUG => User authentication was successful (Method: LOGIN)
Feb 29 11:08:01 centos5 sendEmail: INFO => Sending:MAIL FROM:<test@www.haiyun.me>
Feb 29 11:08:01 centos5 sendEmail: SUCCESS => Received:250 2.1.0 Ok
Feb 29 11:08:01 centos5 sendEmail: INFO => Sending:RCPT TO:<mail@www.haiyun.me>
Feb 29 11:08:01 centos5 sendEmail: WARNING => The recipient <mail@www.haiyun.me> was rejected by the mail server, error follows:
Feb 29 11:08:01 centos5 sendEmail: WARNING => Received:553 5.7.1 <test@www.haiyun.me>: Sender address rejected: not owned by user root
Feb 29 11:08:01 centos5 sendEmail: ERROR => Exiting. No recipients were accepted for delivery by the mail server.
页:
[1]