我已经阅读了数以百计的互联网上的post,我找不到任何解决我的问题。 所以我决定写这个post,希望有人能帮助我。 首先我要为我的坏英语道歉,希望你明白我的意思,如果不是不要麻烦的提问。
问题:
我有限制saslauthentication的用户发送邮件只是从后缀configuration的问题。 我知道这可以通过使用postfix main.cf中的“reject_sender_login_mismatch”和“smtpd_sender_login_maps”标签来完成。
但问题接缝,后缀不匹配的邮件字段对smtpd_sender_login_maps相反,它匹配sasl用户名(在我的情况下,也是一个电子邮件地址)。 清楚的是,这个条件总是成立的,因为sasl用户名不存在真正写在FROM字段中的东西。
当我打开debugging(debug_peer_list = client ip )时,我注意到了这一点,并从Thunderbird的欺骗地址any_other@any_other.xy发送邮件到[email protected]。 我没有在mail.log中看到真正的FROM字段,而是将sasllogin名([email protected])解释为FROM地址。
解压缩表格/var/log/mail.log:
.... postfix/smtps/smtpd[3525]: watchdog_pat: 0xXXXXXXXXX postfix/smtps/smtpd[3525]: < unknown[XXXXXXXXX]: AUTH PLAIN XXXXXXXXX postfix/smtps/smtpd[3525]: query milter states for other event postfix/smtps/smtpd[3525]: milter8_other_event: milter local:/opendkim/opendkim.sock postfix/smtps/smtpd[3525]: xsasl_dovecot_server_first: sasl_method PLAIN, init_response XXXXXXXXX postfix/smtps/smtpd[3525]: xsasl_dovecot_handle_reply: auth reply: [email protected]? postfix/smtps/smtpd[3525]: > unknown[XXXXXXXXX]: 235 2.7.0 Authentication successful postfix/smtps/smtpd[3525]: watchdog_pat: 0xXXXXXXXXX postfix/smtps/smtpd[3525]: < unknown[XXXXXXXXX]: MAIL FROM:<[email protected]> BODY=8BITMIME SIZE=443 postfix/smtps/smtpd[3525]: extract_addr: input: <[email protected]> postfix/smtps/smtpd[3525]: smtpd_check_addr: [email protected] postfix/smtps/smtpd[3525]: connect to subsystem private/rewrite postfix/smtps/smtpd[3525]: send attr request = rewrite postfix/smtps/smtpd[3525]: send attr rule = local postfix/smtps/smtpd[3525]: send attr address = "" .... 当我grep了真正的FROM地址syslog和mail.log没有发现任何东西:
root@XXXXXX:/etc/postfix# cat /var/log/syslog /var/log/mail.log |grep -i any_other@any_other.xy
configuration:
root @ XXXXXX:/ etc / postfix#postconf -n
alias_database = hash:/etc/aliases alias_maps = append_dot_mydomain = no biff = no broken_sasl_auth_clients = yes content_filter = smtp-amavis:[127.0.0.1]:10024 delay_warning_time = 3h disable_vrfy_command = yes dovecot_destination_recipient_limit = 1 inet_interfaces = all inet_protocols = ipv4, ipv6 local_transport = error:Local Transport Disabled luser_relay = webmaster@XXXXXX mailbox_size_limit = 0 message_size_limit = 20480000 milter_default_action = accept milter_protocol = 6 mydestination = XXXXXX, localhost, localhost.localdomain, localhost, autoreply.XXXXXX mydomain = XXXXXX myhostname = XXXXXX mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 XXXXXX/24 myorigin = /etc/mailname non_smtpd_milters = local:/opendkim/opendkim.sock policyd-spf_time_limit = 3600 postscreen_greet_action = enforce readme_directory = no recipient_delimiter = + relayhost = smtpd_banner = $myhostname ESMTP XXXXXX (Linux) smtpd_client_new_tls_session_rate_limit = 10 smtpd_client_restrictions = check_client_access cidr:/etc/postfix/drop.cidr smtpd_data_restrictions = reject_multi_recipient_bounce smtpd_delay_reject = no smtpd_helo_required = yes smtpd_helo_restrictions = reject_invalid_hostname smtpd_milters = local:/opendkim/opendkim.sock smtpd_recipient_restrictions = reject_sender_login_mismatch permit_mynetworks reject_unknown_recipient_domain check_policy_service inet:127.0.0.1:12340 reject_unauth_destination check_policy_service unix:private/policyd-spf permit_sasl_authenticated check_sender_ns_access cidr:/etc/postfix/drop.cidr check_sender_mx_access cidr:/etc/postfix/drop.cidr check_policy_service inet:127.0.0.1:10023 reject_rbl_client ix.dnsbl.manitu.net reject_rbl_client bl.spamcop.net reject_rbl_client pbl.spamhaus.org reject_rbl_client xbl.spamhaus.org reject_rbl_client zen.spamhaus.org reject_rbl_client sbl.spamhaus.org reject_rbl_client b.barracudacentral.org reject_rbl_client bl.spamcannibal.org permit smtpd_reject_footer = For assistance, write webmaster@XXXXXX. Please provide the following information in your problem report: time ($localtime), client ($client_address) client Port ($client_port) and server ($server_name). smtpd_relay_restrictions = reject_non_fqdn_recipient reject_authenticated_sender_login_mismatch reject_unknown_recipient_domain permit_mynetworks permit_sasl_authenticated check_sender_ns_access cidr:/etc/postfix/drop.cidr check_sender_mx_access cidr:/etc/postfix/drop.cidr check_policy_service inet:127.0.0.1:10023 reject_rbl_client ix.dnsbl.manitu.net reject_unauth_destination permit smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_sender_login_maps = ldap:/etc/postfix/ldap_user_maps.cf smtpd_sender_restrictions = reject_unknown_sender_domain, reject_non_fqdn_sender, reject_authenticated_sender_login_mismatch, reject_unlisted_sender, reject_unauth_pipelining, smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/postfix/sslcert/server.crt smtpd_tls_dh1024_param_file = ${config_directory}/certs/dh_1024.pem smtpd_tls_dh512_param_file = ${config_directory}/certs/dh_512.pem smtpd_tls_eecdh_grade = strong smtpd_tls_key_file = /etc/postfix/sslcert/server.key smtpd_tls_loglevel = 0 smtpd_tls_mandatory_ciphers = high smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5 , DES, ADH, RC4, PSD, SRP, 3DES, eNULL smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_protocols = !SSLv2, !SSLv3 smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_session_cache smtpd_use_tls = yes soft_bounce = yes tls_preempt_cipherlist = yes tls_random_source = dev:/dev/urandom transport_maps = hash:/etc/postfix/transports virtual_alias_maps = ldap:/etc/postfix/ldap_virtual_alias_maps-vacation.cf ldap:/etc/postfix/ldap-virtual_alias_maps-forward.cf proxy:ldap:/etc/postfix/ldap_virtual_aliases.cf ldap:/etc/postfix/ldap_virtual_mail_distribution.cf ldap:/etc/postfix/ldap_virtual_mail_redirect.cf virtual_mailbox_domains = hash:/etc/postfix/virtual_domains virtual_mailbox_maps = proxy:ldap:/etc/postfix/ldap_virtual_recipients.cf virtual_transport = dovecot
猫/etc/postfix/master.cf
... ... smtp inet n - - - - smtpd -o smtpd_tls_security_level=may #smtp inet n - - - 1 postscreen #smtpd pass - - - - - smtpd #dnsblog unix - - - - 0 dnsblog #tlsproxy unix - - - - 0 tlsproxy submission inet n - - - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_tls_security_level=encrypt smtps inet n - - - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_tls_security_level=encrypt ...
cat /etc/postfix/ldap_user_maps.cf
bind = yes bind_dn = xxxx bind_pw = xxxx server_host = ldaps://domain.xy:636 search_base = dc=xxxx,dc=xxxx query_filter = (&(mail=%s)) result_attribute = mail, uid, AlternateAddress
来自欺骗性邮件的源代码
Return-Path: <[email protected]> X-Original-To: [email protected] Delivered-To: [email protected] Received: from localhost (XXXXXXXXXXXXXXX [127.0.0.1]) by XXXXXXXXXXXXXXX (Postfix) with ESMTP id XXXXXXXXXXXXXXX for <[email protected]>; Thu, 10 Aug 2017 20:15:39 +0000 (UTC) Received: from XXXXXXXXXXXXXXX ([127.0.0.1]) by localhost (XXXXXXXXXXXXXXX [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XXXXXX-XXXXXX for <[email protected]>; Thu, 10 Aug 2017 20:15:39 +0000 (UTC) Received-SPF: Softfail (mailfrom) identity=mailfrom; client-ip=XXXXXXXXXXXXXXX; helo=[XXXXXXXXXXXXXXX]; [email protected]; receiver=<UNKNOWN> Received: from [XXXXXXXXXXXXXXX] (unknown [XXXXXXXXXXXXXXX]) (Authenticated sender: [email protected]) by XXXXXXXXXXXXXXX (Postfix) with ESMTPSA id XXXXXXXX for <[email protected]>; Thu, 10 Aug 2017 20:15:38 +0000 (UTC) To: Recipient <[email protected]> From: Any other user <any_other@any_other.xy> Subject: sdfsdf Message-ID: <6xxx5ab6-7x1c-4x3b-55x6-ab8ba3xxxx1@XXXXXXXXXXXXXXX> Date: Thu, 10 Aug 2017 22:15:36 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:51.2) Gecko/20100101 Thunderbird/51.8.16 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US
如果你需要更多的信息,不要打扰问。 谢谢你的帮助
标题字段From:和MAIL FROM:命令之间有区别。
正如你在你的例子中从头域Return-Path中看到的那样:它是从<[email protected]>发送的,postfix检查它。
如果From:字段对应于MAIL FROM: – 它可能并不总是有利的(比较合法的原因SMTP“MAIL FROM:”将不匹配“From:”DATA中的标题 )。
同样为了确保真实性,让您的用户使用通过S / MIME或OpenPGP的邮件encryption/签名可能会更好。 (参见https://technet.microsoft.com/en-us/library/aa995740(v=exchg.65).aspx )