[Postfixbuch-users] Authentifizierungszwang schlägt fehlt
Alexander Busam
a.busam at hofmann-foerdertechnik.com
Do Mai 14 16:00:33 CEST 2009
Hallo,
habe mit
smtpd_sasl_security_options = noanonymous
versucht, dass sich jeder Mailclient beim Mailversand am Mailserver
authentifizieren muß.
Leider funktioniert dies nicht mit dem Thunderbird, mit dem ich das
getestet habe. Mails aus dem internen Netz können ohne Authentifizierung
überallhin verschickt werden.
Wenn ich das gleiche von außerhalb des privaten Netzes versuche geht
dies nicht. Ich bekomme eine "blocked using zen.spamhaus.org"-Meldung.
Liegt vermutlich daran, dass die IP des Clients wohl schon geblacklistet
ist.
Was muß ich ändern, damit sich die Clients authentifizieren müssen
(intern wie extern)?
main.cf und Screenshot im Anhang.
Gruß Alex
-------------- nächster Teil --------------
alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
allow_min_user = yes
biff = no
bounce_queue_lifetime = 3d
bounce_template_file = /etc/postfix/bounce.de-DE.cf
broken_sasl_auth_clients = yes
canonical_maps = hash:/etc/postfix/canonical
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
debug_peer_level = 2
defer_transports =
delay_warning_time = 4h
disable_dns_lookups = no
disable_mime_output_conversion = no
html_directory = /usr/share/doc/packages/postfix24/html
inet_interfaces = all
inet_protocols = all
mail_owner = postfix
mail_spool_directory = /var/mail
mailbox_command =
mailbox_size_limit = 0
mailbox_transport = dovecot
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_domains =
masquerade_exceptions = root
maximal_queue_lifetime = 3d
message_size_limit = 50000000
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
myhostname = hmmailsrv.hofmann-intern.de
mynetworks_style = subnet
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/packages/postfix24/README_FILES
relay_domains = hash:/etc/postfix/relay_domains, proxy:ldap:/etc/postfix/relay_domains-dovecot.ldap
relayhost =
relocated_maps = hash:/etc/postfix/relocated
sample_directory = /usr/share/doc/packages/postfix24/samples
sender_canonical_maps = hash:/etc/postfix/sender_canonical
sendmail_path = /usr/sbin/sendmail
setgid_group = maildrop
smtp_helo_name = mail.hofmann-foerdertechnik.com
smtp_sasl_auth_enable = no
smtp_tls_cert_file = /etc/postfix/ssl/certs/postfixcert.pem
smtp_tls_key_file = /etc/postfix/ssl/certs/postfixkey.pem
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_client_restrictions =
smtpd_enforce_tls = no
smtpd_helo_required = no
smtpd_helo_restrictions =
smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/access_recipient_roleaccounts, check_sender_access hash:/etc/postfix/access_sender_ok, check_recipient_access hash:/etc/postfix/access_recipient_ok, check_recipient_access hash:/etc/postfix/access_recipient_reject, reject_unknown_recipient_domain, permit_sasl_authenticated, permit_mynetworks, reject_rbl_client zen.spamhaus.org, reject_rbl_client ix.dnsbl.manitu.net, reject_rbl_client bl.spamcop.net, reject_rbl_client dnsbl.njabl.org, check_policy_service unix:public/postgrey reject_unauth_destination, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = noanonymous
smtpd_sender_restrictions =
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_ask_ccert = yes
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/postfix/ssl/certs/postfixcert.pem
smtpd_tls_key_file = /etc/postfix/ssl/certs/postfixkey.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_req_ccert = no
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
soft_bounce = no
strict_8bitmime = no
strict_rfc821_envelopes = no
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport, proxy:ldap:/etc/postfix/relay_domains-dovecot.ldap
unknown_local_recipient_reject_code = 550
virtual_alias_domains = hash:/etc/postfix/virtual_domains, hash:/etc/postfix/virtual_mailinglisten
virtual_alias_maps = hash:/etc/postfix/virtual, hash:/etc/postfix/virtual_mailinglisten, proxy:ldap:/etc/postfix/virtual.ldap
-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname : smtp_fehler.png
Dateityp : image/png
Dateigröße : 13331 bytes
Beschreibung: nicht verfügbar
URL : <https://listi.jpberlin.de/pipermail/postfixbuch-users/attachments/20090514/62b3f046/attachment.png>
Mehr Informationen über die Mailingliste Postfixbuch-users