Sono settimane che sto sbattendo la testa su un problema con postfix e non riesco ad uscirne: ho un server di posta configurato con postfix e dovecot con STARTTLS, tutto funziona alla grande, a parte il fatto che non riesco a proteggere le email in uscita sulla porta 25 con indirizzi email non esistenti.
Mi spiego meglio:
inviando email tramite telnet da un indirizzo esistente (su porta 25) verso un indirizzo esistente di uno dei miei domini, devo per forza autenticarmi (e fin qui tutto bene!):
Codice: Seleziona tutto
telnet smtp.mydomain.com 25
Trying XXX.XXX.XXX.XXX...
Connected to smtp.mydomain.com.
Escape character is '^]'.
220 smtp.mydomain.com ESMTP Postfix
EHLO smtp.mydomain.com
250-smtp.mydomain.com
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250 8BITMIME
mail from:<myaddress@mydomain.com>
250 2.1.0 Ok
rcpt to:<myotheraddress@mydomain.com>
453 4.7.1 <myaddress@mydomain.com>: Sender address rejected: not logged in
quit
Connection closed by foreign host.
Codice: Seleziona tutto
telnet smtp.mydomain.com 25
Trying XXX.XXX.XXX.XXX...
Connected to smtp.mydomain.com.
Escape character is '^]'.
220 smtp.mydomain.com ESMTP Postfix
EHLO smtp.mydomain.com
250-smtp.mydomain.com
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250 8BITMIME
mail from:<hello@hello.com>
250 2.1.0 Ok
rcpt to:<myaddress@mydomain.com>
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
Subject: test
Hello
.
250 2.0.0 Ok: queued as 94DC2150BCA
quit
221 2.0.0 Bye
Codice: Seleziona tutto
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/postfix/virtual
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5
delay_warning_time = 4
disable_vrfy_command = no
dovecot_destination_recipient_limit = 1
html_directory = no
inet_interfaces = all
inet_protocols = all
mail_owner = postfix
mailbox_size_limit = 0
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 52428800
milter_default_action = accept
milter_protocol = 2
mydomain = smtp.mydomain.com
myhostname = smtp.mydomain.com
mynetworks = 127.0.0.0/8
myorigin = /etc/mailname
newaliases_path = /usr/bin/newaliases.postfix
non_smtpd_milters = inet:localhost:8891
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.2.2/README_FILES
recipient_delimiter = +
relay_domains = proxy:mysql:/etc/zpanel/configs/postfix/mysql-relay_domains_maps.cf
relayhost =
sample_directory = /usr/share/doc/postfix-2.2.2/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_client_restrictions =
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_helo_required = yes
smtpd_helo_restrictions =
smtpd_milters = inet:localhost:8891
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination,reject_unknown_sender_domain
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = proxy:mysql:/etc/zpanel/configs/postfix/mysql-virtual_sender_login_maps
smtpd_sender_restrictions = reject_sender_login_mismatch, reject_unknown_sender_domain, reject_unlisted_sender, reject_unauthenticated_sender_login_mismatch, permit_sasl_authenticated, permit_mynetworks, reject_unverified_sender
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/smtp.mydomain.com/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/smtp.mydomain.com/privkey.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
soft_bounce = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_alias_maps = proxy:mysql:/etc/zpanel/configs/postfix/mysql-virtual_alias_maps.cf, regexp:/etc/zpanel/configs/postfix/virtual_regexp, hash:/etc/postfix/virtual
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/zpanel/vmail
virtual_mailbox_domains = proxy:mysql:/etc/zpanel/configs/postfix/mysql-virtual_domains_maps.cf
virtual_mailbox_maps = proxy:mysql:/etc/zpanel/configs/postfix/mysql-virtual_mailbox_maps.cf
virtual_minimum_uid = 150
virtual_transport = dovecot
virtual_uid_maps = static:5000
Purtroppo per via di compatibilità (poichè questo server è utilizzato da parecchie persone) non posso disabilitare la porta 25
In pratica vorrei che ogni volta che si invia un messaggio tramite telnet (su qualsiasi porta, ma in particolare sulla 25), sia necessaria l'autenticazione da parte del mittente
Qualcuno ha avuto questo problema?? Sapreste aiutarmi?
Grazie in anticipo a tutti!!