Hallo
Auf meinem OpenSuSE 11.1 habe ich postfix mit sasl konfiguriert, sowie mit clamd und amavis. Das Resultat war, dass ich einen offenen Relay-Server erstellt habe und mein Provider danach meinen Mailausgang kurz sperrte...! Obwohl ich meine, alle Restrictions eingebaut zu haben, suche ich verzweifelt nach der Nadel im Heuhaufen. Auf meiner Firewall habe ich nun Port 25 von aussen dichtgemacht.
Ich poste hier mal die Konfig-Dateien, in der Hoffnung, dass ich hier Hilfe finde! Beim Einrichten hat mir mein Buch "Linux Kochbuch" von o'Reilly 2005 nicht wirklich viel geholfen, da vieles veraltet war und nicht SuSE bezogen.
(Meine Domain nenne ich hier zum Schutz 'vvvvvv.com')
Mein telnet-Test ergibt folgendes:
dvweb01:/etc/sasl2 # telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 dvweb01.vvvvvv.com ESMTP Postfix
ehlo dvweb01.vvvvvv.com
250-dvweb01.vvvvvv.com
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
main.cf
queue_directory=/var/spool/postfix
daemon_directory=/usr/lib/postfix
command_directory=/usr/sbin
mail_owner=postfix
default_privs = nobody
mydomain = vvvvvv.com
myhostname=dvweb01.vvvvvv.com
myorigin = $mydomain
alias_maps=hash:/etc/aliases
alias_database = hash:/etc/aliases
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain $mydomain
mynetworks_style = subnet
# iiiiii hier im Forum anstatt wirklicher Name
relayhost = mail.iiiiii.ch
#
home_mailbox = Maildir/
mail_spool_directory = /var/mail
mtpd_banner = $myhostname ESMTP $mail_name
mailbox_size_limit = 0
recipient_delimiter = +
#
message_size_limit=10240000
setgid_group=maildrop
#
smtpd_sasl_auth_enable = yes
smtpd_sasl2_auth_enable = yes
smtpd_sasl_security_options =noanonymous
broken_sasl_auth_clients = yes
#smtpd_sasl_local_domain =$myhostname
smtpd_sasl_local_domain = $mydomain
#
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
#
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_tls_key_file = /etc/ssl/servercerts/serverkey.pem
smtpd_tls_cert_file = /etc/ssl/servercerts/servercert.pem
#smtpd_tls_CAfile =
smtpd_tls_CApath = /etc/ssl/certs
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
#
smtpd_helo_required = yes
disable_vrfy_command = yesmaster.cf:
master.cf:
#
# Postfix master process configuration file. For details on the format
# of the file, see the Postfix master(5) manual page.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - 5 smtpd
-o content_filter=smtp:[127.0.0.1]:10024
#submission inet n - n - - smtpd
# -o smtpd_etrn_restrictions=reject
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#smtps inet n - n - 10 smtpd -o smtpd_tls_wrappermode=yes -o content_filter=smtp:[127.0.0.1]:10024
# -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#submission inet n - n - - smtpd
# -o smtpd_etrn_restrictions=reject
# -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - n - - smtp
-o fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
localhost:10025 inet n - n - - smtpd
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_address_mappings
-o content_filter=
scache unix - - n - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(
delivery
# agent. See the pipe( man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
cyrus unix - n n - - pipe
user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
procmail unix - n n - - pipe
flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc ${sender} ${recipient}
retry unix - - n - - error
proxywrite unix - - n - 1 proxymap
devau Gast |
