后缀:只允许来自经过身份验证的MTA的入站中继 [英] Postfix: allow inbound relaying from only authenticated MTAs
问题描述
我想验证我们的客户'的MTA(交易所在大多数情况下,指着我们作为其智能主机),以我们的中继服务器(后缀2.11.3,CentOS的6.6)和只有通过身份验证的MTA的邮件。
I want to authenticate our customers' MTAs (Exchange for the most part, pointing to us as its smart host) to our relay server (Postfix 2.11.3, CentOS 6.6) and accept mail from only those authenticated MTAs.
我看着SASL,但据我所知,它的使用情况是用于验证入站MUA的站或出站的MTA。
I've looked into SASL, but as far as I can tell, its use case is for authenticating inbound MUAs or outbound MTAs.
一个人如何可以验证使用Postfix的MTA的入站?
How does one authenticate inbound MTAs using Postfix?
谢谢,
内森
编辑:
从我的main.cf:
From my main.cf:
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtpd_relay_restrictions = permit_sasl_authenticated, reject_unauth_destination
其他有用的信息:
postconf -a
赛勒斯
达夫科特
Other useful info: postconf -a cyrus dovecot
VIM /etc/dovecot/conf.d/10-auth.conf
auth_mechanisms =普通登录
vim /etc/dovecot/conf.d/10-auth.conf auth_mechanisms = plain login
master.cf是处女
master.cf is virginal
推荐答案
SASL是要走的路。后缀并不特别在意它是一个MUA或MTA连接到它。如果你使用 smtpd_sasl_auth_enable (连同 smtpd_relay_restrictions = permit_sasl_authenticated 和适当的SASL配置),只有经过身份验证的连接将能够使用你的服务器作为智能主机继电器。 Exchange支持这样的事情,它应该是你想要的。
SASL is the way to go. Postfix doesn't particularly care of it's an MUA or MTA connecting to it. If you use smtpd_sasl_auth_enable (along with smtpd_relay_restrictions = permit_sasl_authenticated and a proper SASL configuration), only authenticated connections will be able to use your server as a smarthost relay. Exchange supports this sort of thing, and it should be what you want.
这篇关于后缀:只允许来自经过身份验证的MTA的入站中继的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
