osnipassos
(usa Debian)
Enviado em 16/02/2008 - 13:01h
Olá pessoal,
Instalei e configurei o Postfix no Ubuntu-Server conforme o tutorial Postfix pantaneiro (Postfix Pantaneiro - gutocarvalho.net ).
Está funcionando perfeitamente, a não ser por um único problema: Ele permite enviar e-mails sem autenticar, por isso os spamers estão fazendo uma festa no meu servidor.
Como faço para que ele só permita o envio de e-mails com autenticação?
Meu main.cf está abaixo:
smtpd_banner = $myhostname ESMTP $mail_name (ubuntu)
biff = no
append_dot_mydomain = no
myhostname = mail.exemplo.com.br
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = mail.exemplo.com.br, localhost.localdomain, localhost
relayhost =
#mynetworks = 127.0.0.0/8 192.168.0.0/24 0.0.0.0
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
delay_warning_time_hours = 1h
unknown_local_recipient_reject_code = 450
maximal_queue_lifetime = 30m
minimal_backoff_time = 1000s
maximal_backoff_time = 8000s
smtp_helo_timeout = 60s
smtpd_recipient_limit = 16
smtpd_soft_error_limit = 3
smtpd_hard_error_limit = 12
virtual_alias_maps = mysql:/etc/postfix/mysql/mysql_virtual_alias_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql/mysql_virtual_domains_maps.cf
virtual_mailbox_base = /home/vmail/
virtual_mailbox_maps = mysql:/etc/postfix/mysql/mysql_virtual_mailbox_maps.cf
virtual_mailbox_limit = 51200000
virtual_minimum_uid = 5000
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
virtual_transport = virtual
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the your maildir has overdrawn your diskspace quota, please free up some of spaces of your mailbox try again.
virtual_overquota_bounce = yes
smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/postfix/tls/postfix.cert
smtpd_tls_key_file = /etc/postfix/tls/postfix.key
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
smtpd_helo_required = yes
disable_vrfy_command = yes
smtpd_delay_reject = yes
strict_rfc821_envelopes = yes
command_time_limit = 1h
smtpd_helo_restrictions =
permit_mynetworks,
warn_if_reject,
reject_invalid_hostname,
reject_unauth_pipelining,
permit
smtpd_sender_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
warn_if_reject,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_unauth_pipelining,
permit
smtpd_client_restrictions =
permit_mynetworks,
permit
smtpd_recipient_restrictions =
reject_unauth_pipelining,
permit_mynetworks,
reject_non_fqdn_recipient,
reject_unauth_destination,
permit_sasl_authenticated,
# spf check
check_policy_service unix:private/policy
#postgrey
check_policy_service inet:127.0.0.1:60000
permit