Hallo alle zusammen und Mahlzeit, ich bin seit gestern auf der Suche nach einer Möglichkeit Postfix dazu zu bringen email für unbekannte Benutzer abzulehnen. Postfix selbst nimmt nur die Email entgegen und übergibt das an den dovecot LDA. Es ist ein virtual multidomain Setup mit mysql. Im Moment nimmt Postfix jede Emails entgegen, auch wenn es den benutzer nicht gibt, und sendet dann eine 5.1.1 User unknown email an den Absender. wenn der Absender dann allerdings geforged wurde, beschwert sich der Serverbetreiber des Absenders, das er von meiner Maschine mit der Rückantwort vollgespammt wird.
Ich habe mal meine config files angehängt. Vielleicht hat jemand von euch eine Idee wie ich bei geforgeden Absender Adressen die Rückantwort oder besser, das engegennehmen der Mail unterbinden kann. grüße Henrik
## Dovecot configuration file base_dir = /var/run/dovecot/ # imap imaps pop3 pop3s (use imaps and pop3s if configured for SSL) protocols = imap pop3 imaps pop3s managesieve log_timestamp = .%Y-%m-%d %H:%M:%S . syslog_facility = mail # Uncomment these if using SSL ssl_cert_file = /etc/ssl/certs/server.crt ssl_key_file = /etc/ssl/private/private.key ssl_parameters_regenerate = 168 # Where the mailboxes are located mail_location = maildir:/home/vmail/%d/%n #mail_extra_groups = mail mail_access_groups = mail #mail_privileged_group mail first_valid_uid = 61 last_valid_uid = 61 maildir_copy_with_hardlinks = yes auth_verbose = no auth_debug = no auth_debug_passwords = no mail_debug = no verbose_ssl = no protocol imap { login_executable = /usr/libexec/dovecot/imap-login mail_executable = /usr/libexec/dovecot/imap imap_max_line_length = 65536 listen = *:143 ssl_listen = *:993 mail_plugins = acl imap_acl #quota imap_quota trash imap_client_workarounds = outlook-idle delay-newmail tb-extra-mailbox-sep } protocol pop3 { login_executable = /usr/libexec/dovecot/pop3-login mail_executable = /usr/libexec/dovecot/pop3 pop3_uidl_format = %08Xu%08Xv listen = *:110 ssl_listen = *:995 mail_plugins = #quota pop3_client_workarounds = outlook-no-nuls oe-ns-eoh } protocol lda { postmaster_address = ad...@fibrolux.com mail_plugins = sieve acl #quota sendmail_path = /usr/sbin/sendmail auth_socket_path = /var/run/dovecot/auth-master } protocol managesieve { managesieve_implementation_string = dovecot } auth default { mechanisms = plain login passdb sql { args = /etc/dovecot/dovecot-sql.conf } userdb sql { args = /etc/dovecot/dovecot-sql.conf } user = nobody socket listen { master { path = /var/run/dovecot/auth-master mode = 0660 user = vmail group = mail } client { path = /var/spool/postfix/private/auth mode = 0660 user = postfix group = postfix } } ##If you want client certificates, use these lines #ssl_require_client_cert = yes #ssl_username_from_cert = yes } plugin { ## todo # quota = dict:user::proxy::quota # quota_rule = Trash:ignore # quota_rule2 = Spam:storage=10%% # quota_rule3 = *:storage=1000M:messages=10000 # acl = vfile: # acl_shared_dict = file:/var/lib/dovecot/sharedmailboxes # acl_shared_dict = proxy::acl # trash = /etc/dovecot/trash.conf sieve = /home/vmail/%d/%n/.dovecot-sieve sieve_dir = /home/vmail/%d/%n/.sieve }
#--------------- Postfix Config --------------- #--------------- Basic Settings --------------- smtpd_banner = $myhostname ESMTP $mail_name (The X) biff = no append_dot_mydomain = no #delay_warning_time = 4h myhostname = mail.xxxx.xx myorigin = xxxx.xx mydestination = localhost relayhost = mynetworks_style = host #mynetworks = 127.0.0.0/8 mynetworks = xxx.xxx.xxx.xxx, 127.0.0.1 mailbox_size_limit = 0 recipient_delimiter = + inet_interface = all #-------------- Virtual Settings --------------- virtual_mailbox_domains = proxy:mysql:$config_directory/mysql_virtual_domains_maps.cf virtual_mailbox_base = /home/vmail virtual_mailbox_maps = proxy:mysql:$config_directory/mysql_virtual_mailbox_maps.cf virtual_alias_maps = proxy:mysql:$config_directory/mysql_virtual_alias_maps.cf virtual_minimum_uid = 61 virtual_uid_maps = static:61 virtual_gid_maps = static:12 virtual_transport = dovecot dovecot_destination_recipient_limit = 1 # SASL Authentication smtpd_sasl_auth_enable = yes smtpd_sasl_exceptions_networks = $mynetworks smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth #--------------- HELO Restrictions -------------- smtpd_helo_required = yes smtpd_helo_restrictions = permit_tls_clientcerts permit_sasl_authenticated permit_mynetworks reject_invalid_hostname reject_non_fqdn_hostname reject_unauth_pipelining #--------------- Sender Restrictions ------------ smtpd_sender_restrictions = permit_mynetworks permit_tls_clientcerts permit_sasl_authenticated reject_unknown_sender_domain reject_non_fqdn_sender reject_unauth_pipelining reject_sender_login_mismatch reject_rhsbl_sender dsn.rfc-ignorant.org, #--------------- Client Restrictions ------------ smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unknown_sender_domain, reject_unauth_destination, reject_unauth_pipelining, reject_invalid_hostname, permit # reject smtpd_data_restrictions= reject_unauth_pipelining, reject_multi_recipient_bounce, permit #--------------- SSL ---------------------- smtpd_tls_cert_file = /etc/ssl/certs/server.crt smtpd_tls_key_file = /etc/ssl/private/private.key smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_session_cache smtpd_tls_security_level = may #smtpd_tls_security_level = encrypted smtpd_tls_auth_only = yes smtpd_tls_received_header = no smtpd_tls_loglevel = 0 smtpd_tls_always_issue_session_ids = no tls_random_source = dev:/dev/urandom #--------------- MISC ---------------------- #soft_bounce = no receive_override_options = no_address_mappings message_size_limit = 80960000
signature.asc
Description: OpenPGP digital signature
-- ---------------------------------------------------------------------------- PUG - Penguin User Group Wiesbaden - http://www.pug.org