Postfix从不存在的电子邮件地址发送邮件

时间:2022-06-01 18:06:53

I recently migrated from Courier to Dovecot. The main guide I followed for configuring Postfix + MySQL + Dovecot was this one: https://library.linode.com/email/postfix/postfix2.9.6-dovecot2.0.19-mysql

我最近从Courier迁移到了Dovecot。我配置Postfix + MySQL + Dovecot的主要指南就是这个:https://library.linode.com/email/postfix/postfix2.9.6-dovecot2.0.19-mysql

Everything works perfect, but when I change the mail address in the mail client, leaving the correct login and password for the servers, and send an email with that fake mail (and domain) address, Postfix just sends it, without verifying if that email address existed in the database and without verifying if that email address was even mine.

一切都很完美,但当我更改邮件客户端中的邮件地址,保留服务器的正确登录名和密码,并发送带有该假邮件(和域)地址的电子邮件时,Postfix只发送它,而不验证该电子邮件地址存在于数据库中,无需验证该电子邮件地址是否是我的。

So, there must be something wrong with my SMTP configuration. This is my actual configuration:

因此,我的SMTP配置一定有问题。这是我的实际配置:

# Requirements for the sender details
smtpd_reject_unlisted_sender = yes
smtpd_reject_unlisted_recipient = yes

smtpd_sender_restrictions =
        warn_if_reject,
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_non_fqdn_sender,
        reject_unknown_sender_domain,
        reject_unauth_pipelining,
        reject_unlisted_sender,
        reject_unverified_sender,
        permit

# Requirements for the connecting server
smtpd_client_restrictions =
        reject_rbl_client zen.spamhaus.org,
        reject_rbl_client blackholes.easynet.nl,
        reject_rbl_client bl.spamcop.net,
        permit

# Requirement for the recipient address
smtpd_recipient_restrictions =
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_unauth_pipelining,
        reject_non_fqdn_recipient,
        reject_unknown_recipient_domain,
        reject_unauth_destination,
        reject_unlisted_recipient,
        reject_unverified_recipient,
        check_policy_service inet:127.0.0.1:10023,
        permit

smtpd_data_restrictions =
        reject_unauth_pipelining

# require proper helo at connections
smtpd_helo_required = yes
# waste spammers time before rejecting them
smtpd_delay_reject = yes
isable_vrfy_command = yes

Anyone?

1 个解决方案

#1


2  

The reject_unlisted_sender restriction listed in smtpd_sender_restrictions is listed after permit_mynetworks and permit_sasl_authenticated. Postfix traverses the restriction list in order and terminates when it hits the first permit/reject and hence never reaches reject_unlisted_sender. Since your message wasn't rejected by reject_unauth_destination it must've been accepted because of permit_mynetworks or permit_sasl_authenticated.

smtpd_sender_restrictions中列出的reject_unlisted_sender限制列在permit_mynetworks和permit_sasl_authenticated之后。 Postfix按顺序遍历限制列表,并在遇到第一个允许/拒绝时终止,因此永远不会到达reject_unlisted_sender。由于您的邮件未被reject_unauth_destination拒绝,因此必须已接受,因为permit_mynetworks或permit_sasl_authenticated。

Additionally, unless the sender address you used had a domain part that was actually "owned" by Postfix (i.e. listed in mydestination, virtual_mailbox_domains, virtual_alias_domains, or relay_domains), it can't be validated and reject_unlisted_sender won't work. See details in the postconf(5) man page.

此外,除非您使用的发件人地址具有Postfix实际“拥有”的域部分(即列在mydestination,virtual_mailbox_domains,virtual_alias_domains或relay_domains中),否则无法验证它并且reject_unlisted_sender将无效。请参阅postconf(5)手册页中的详细信息。

Other observations:

  • The warn_if_reject restriction is placed before permit_mynetworks. Because the latter never rejects anything the warn_if_reject restriction serves no purpose.
  • warn_if_reject限制放在permit_mynetworks之前。因为后者从不拒绝任何东西,所以warn_if_reject限制没有用处。

  • Since you explicitly use reject_unlisted_recipient and reject_unlisted_sender, setting smtpd_reject_unlisted_sender and smtpd_reject_unlisted_recipient isn't necessary.
  • 由于您明确使用了reject_unlisted_recipient和reject_unlisted_sender,因此无需设置smtpd_reject_unlisted_sender和smtpd_reject_unlisted_recipient。

  • The final permit at the end of (nearly) every list is implicit and can be dropped.
  • (几乎)每个列表末尾的最终许可是隐含的,可以删除。

  • Unless it's a copy/paste mistake, you've misspelled disable_vrfy_command.
  • 除非它是复制/粘贴错误,否则你拼错了disable_vrfy_command。

  • I'd suggest you merge the client and sender restriction lists into smtpd_recipient_restrictions. With smtpd_delay_reject enabled all restrictions will be evaluated at the recipient stage anyway, and a single list usually makes the configuration easier to understand.
  • 我建议您将客户端和发件人限制列表合并到smtpd_recipient_restrictions中。启用smtpd_delay_reject后,无论如何都将在收件人阶段评估所有限制,并且单个列表通常使配置更容易理解。

#1


2  

The reject_unlisted_sender restriction listed in smtpd_sender_restrictions is listed after permit_mynetworks and permit_sasl_authenticated. Postfix traverses the restriction list in order and terminates when it hits the first permit/reject and hence never reaches reject_unlisted_sender. Since your message wasn't rejected by reject_unauth_destination it must've been accepted because of permit_mynetworks or permit_sasl_authenticated.

smtpd_sender_restrictions中列出的reject_unlisted_sender限制列在permit_mynetworks和permit_sasl_authenticated之后。 Postfix按顺序遍历限制列表,并在遇到第一个允许/拒绝时终止,因此永远不会到达reject_unlisted_sender。由于您的邮件未被reject_unauth_destination拒绝,因此必须已接受,因为permit_mynetworks或permit_sasl_authenticated。

Additionally, unless the sender address you used had a domain part that was actually "owned" by Postfix (i.e. listed in mydestination, virtual_mailbox_domains, virtual_alias_domains, or relay_domains), it can't be validated and reject_unlisted_sender won't work. See details in the postconf(5) man page.

此外,除非您使用的发件人地址具有Postfix实际“拥有”的域部分(即列在mydestination,virtual_mailbox_domains,virtual_alias_domains或relay_domains中),否则无法验证它并且reject_unlisted_sender将无效。请参阅postconf(5)手册页中的详细信息。

Other observations:

  • The warn_if_reject restriction is placed before permit_mynetworks. Because the latter never rejects anything the warn_if_reject restriction serves no purpose.
  • warn_if_reject限制放在permit_mynetworks之前。因为后者从不拒绝任何东西,所以warn_if_reject限制没有用处。

  • Since you explicitly use reject_unlisted_recipient and reject_unlisted_sender, setting smtpd_reject_unlisted_sender and smtpd_reject_unlisted_recipient isn't necessary.
  • 由于您明确使用了reject_unlisted_recipient和reject_unlisted_sender,因此无需设置smtpd_reject_unlisted_sender和smtpd_reject_unlisted_recipient。

  • The final permit at the end of (nearly) every list is implicit and can be dropped.
  • (几乎)每个列表末尾的最终许可是隐含的,可以删除。

  • Unless it's a copy/paste mistake, you've misspelled disable_vrfy_command.
  • 除非它是复制/粘贴错误,否则你拼错了disable_vrfy_command。

  • I'd suggest you merge the client and sender restriction lists into smtpd_recipient_restrictions. With smtpd_delay_reject enabled all restrictions will be evaluated at the recipient stage anyway, and a single list usually makes the configuration easier to understand.
  • 我建议您将客户端和发件人限制列表合并到smtpd_recipient_restrictions中。启用smtpd_delay_reject后,无论如何都将在收件人阶段评估所有限制,并且单个列表通常使配置更容易理解。