Hallo alle zusammen und Mahlzeit, ich bin seit gestern auf der Suche nach einer Möglichkeit Postfix dazu zu bringen email für unbekannte Benutzer abzulehnen. Postfix selbst nimmt nur die Email entgegen und übergibt das an den dovecot LDA. Es ist ein virtual multidomain Setup mit mysql. Im Moment nimmt Postfix jede Emails entgegen, auch wenn es den benutzer nicht gibt, und sendet dann eine 5.1.1 User unknown email an den Absender. wenn der Absender dann allerdings geforged wurde, beschwert sich der Serverbetreiber des Absenders, das er von meiner Maschine mit der Rückantwort vollgespammt wird.
Ich habe mal meine config files angehängt. Vielleicht hat jemand von euch eine Idee wie ich bei geforgeden Absender Adressen die Rückantwort oder besser, das engegennehmen der Mail unterbinden kann. grüße Henrik
## Dovecot configuration file
base_dir = /var/run/dovecot/
# imap imaps pop3 pop3s (use imaps and pop3s if configured for SSL)
protocols = imap pop3 imaps pop3s managesieve
log_timestamp = .%Y-%m-%d %H:%M:%S .
syslog_facility = mail
# Uncomment these if using SSL
ssl_cert_file = /etc/ssl/certs/server.crt
ssl_key_file = /etc/ssl/private/private.key
ssl_parameters_regenerate = 168
# Where the mailboxes are located
mail_location = maildir:/home/vmail/%d/%n
#mail_extra_groups = mail
mail_access_groups = mail
#mail_privileged_group mail
first_valid_uid = 61
last_valid_uid = 61
maildir_copy_with_hardlinks = yes
auth_verbose = no
auth_debug = no
auth_debug_passwords = no
mail_debug = no
verbose_ssl = no
protocol imap {
login_executable = /usr/libexec/dovecot/imap-login
mail_executable = /usr/libexec/dovecot/imap
imap_max_line_length = 65536
listen = *:143
ssl_listen = *:993
mail_plugins = acl imap_acl #quota imap_quota trash
imap_client_workarounds = outlook-idle delay-newmail tb-extra-mailbox-sep
}
protocol pop3 {
login_executable = /usr/libexec/dovecot/pop3-login
mail_executable = /usr/libexec/dovecot/pop3
pop3_uidl_format = %08Xu%08Xv
listen = *:110
ssl_listen = *:995
mail_plugins = #quota
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
}
protocol lda {
postmaster_address = ad...@fibrolux.com
mail_plugins = sieve acl #quota
sendmail_path = /usr/sbin/sendmail
auth_socket_path = /var/run/dovecot/auth-master
}
protocol managesieve {
managesieve_implementation_string = dovecot
}
auth default {
mechanisms = plain login
passdb sql {
args = /etc/dovecot/dovecot-sql.conf
}
userdb sql {
args = /etc/dovecot/dovecot-sql.conf
}
user = nobody
socket listen {
master {
path = /var/run/dovecot/auth-master
mode = 0660
user = vmail
group = mail
}
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
##If you want client certificates, use these lines
#ssl_require_client_cert = yes
#ssl_username_from_cert = yes
}
plugin {
## todo
# quota = dict:user::proxy::quota
# quota_rule = Trash:ignore
# quota_rule2 = Spam:storage=10%%
# quota_rule3 = *:storage=1000M:messages=10000
# acl = vfile:
# acl_shared_dict = file:/var/lib/dovecot/sharedmailboxes
# acl_shared_dict = proxy::acl
# trash = /etc/dovecot/trash.conf
sieve = /home/vmail/%d/%n/.dovecot-sieve
sieve_dir = /home/vmail/%d/%n/.sieve
}
#--------------- Postfix Config ---------------
#--------------- Basic Settings ---------------
smtpd_banner = $myhostname ESMTP $mail_name (The X)
biff = no
append_dot_mydomain = no
#delay_warning_time = 4h
myhostname = mail.xxxx.xx
myorigin = xxxx.xx
mydestination = localhost
relayhost =
mynetworks_style = host
#mynetworks = 127.0.0.0/8
mynetworks = xxx.xxx.xxx.xxx, 127.0.0.1
mailbox_size_limit = 0
recipient_delimiter = +
inet_interface = all
#-------------- Virtual Settings ---------------
virtual_mailbox_domains =
proxy:mysql:$config_directory/mysql_virtual_domains_maps.cf
virtual_mailbox_base = /home/vmail
virtual_mailbox_maps =
proxy:mysql:$config_directory/mysql_virtual_mailbox_maps.cf
virtual_alias_maps =
proxy:mysql:$config_directory/mysql_virtual_alias_maps.cf
virtual_minimum_uid = 61
virtual_uid_maps = static:61
virtual_gid_maps = static:12
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
# SASL Authentication
smtpd_sasl_auth_enable = yes
smtpd_sasl_exceptions_networks = $mynetworks
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
#--------------- HELO Restrictions --------------
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_tls_clientcerts
permit_sasl_authenticated
permit_mynetworks
reject_invalid_hostname
reject_non_fqdn_hostname
reject_unauth_pipelining
#--------------- Sender Restrictions ------------
smtpd_sender_restrictions =
permit_mynetworks
permit_tls_clientcerts
permit_sasl_authenticated
reject_unknown_sender_domain
reject_non_fqdn_sender
reject_unauth_pipelining
reject_sender_login_mismatch
reject_rhsbl_sender dsn.rfc-ignorant.org,
#--------------- Client Restrictions ------------
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_unknown_sender_domain,
reject_unauth_destination,
reject_unauth_pipelining,
reject_invalid_hostname,
permit
# reject
smtpd_data_restrictions=
reject_unauth_pipelining,
reject_multi_recipient_bounce,
permit
#--------------- SSL ----------------------
smtpd_tls_cert_file = /etc/ssl/certs/server.crt
smtpd_tls_key_file = /etc/ssl/private/private.key
smtpd_tls_session_cache_database =
btree:/var/spool/postfix/smtpd_tls_session_cache
smtpd_tls_security_level = may
#smtpd_tls_security_level = encrypted
smtpd_tls_auth_only = yes
smtpd_tls_received_header = no
smtpd_tls_loglevel = 0
smtpd_tls_always_issue_session_ids = no
tls_random_source = dev:/dev/urandom
#--------------- MISC ----------------------
#soft_bounce = no
receive_override_options = no_address_mappings
message_size_limit = 80960000
signature.asc
Description: OpenPGP digital signature
-- ---------------------------------------------------------------------------- PUG - Penguin User Group Wiesbaden - http://www.pug.org
