postfix不使用mysql_mysql – 一些虚拟用户的Postfix拒绝中继

我正在使用Postfix作为MTA和中继.希望从远程系统发送电子邮件的用户进行身份验证,Postfix将其发送给Dovecot,这很有效.但是,如何限制哪些用户可以使用SMTP身份验证,而不限制对POP或IMAP的访问？

对我来说,如果块是在Dovecot的SASL身份验证中,或者是Postfix在表中查找它并不重要.

使用Postfix 2.9.6 for SMTP,Dovecot 2.0.19用于POP,IMAP和SASL.虚拟用户存储在MySQL 5.5.40中.

root@mx1:~# postconf -n

alias_database = hash:/etc/aliases

alias_maps = hash:/etc/aliases

append_dot_mydomain = no

biff = no

config_directory = /etc/postfix

home_mailbox = Maildir/

inet_interfaces = all

mailbox_size_limit = 0

message_size_limit = 51200000

mydestination = localhost, mx1.mydomain.tld

myhostname = virtmx.mydomain.tld

mynetworks = /etc/postfix/mynetworks

myorigin = /etc/mailname

policy-spf_time_limit = 3600s

readme_directory = no

recipient_delimiter = +

relay_domains = proxy:mysql:/etc/postfix/mysql_relay_domains_maps.cf

setgid_group = vmail

smtp_tls_mandatory_ciphers = medium

smtp_tls_mandatory_protocols = !SSLv2,!SSLv3

smtp_tls_note_starttls_offer = yes

smtp_tls_protocols = !SSLv2,!SSLv3

smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

smtpd_banner = $myhostname ESMTP $mail_name

smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unauth_destination, reject_unauth_pipelining, check_policy_service unix:private/policy-spf, reject_rbl_client zen.spamhaus.org, reject_rhsbl_reverse_client dbl.spamhaus.org, reject_rhsbl_helo dbl.spamhaus.org, reject_rhsbl_sender dbl.spamhaus.org

smtpd_sasl_auth_enable = yes

smtpd_sasl_authenticated_header = yes

smtpd_sasl_local_domain = $myhostname

smtpd_sasl_path = private/auth

smtpd_sasl_security_options = noanonymous

smtpd_sasl_tls_security_options = $smtpd_sasl_security_options

smtpd_sasl_type = dovecot

smtpd_sender_restrictions = reject_unknown_sender_domain

smtpd_tls_auth_only = yes

smtpd_tls_cert_file = /etc/postfix/mydomain.tld-virtmx.pem

smtpd_tls_key_file = /etc/postfix/mydomain.tld-virtmx.key

smtpd_tls_loglevel = 1

smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3

smtpd_tls_protocols = !SSLv2,!SSLv3

smtpd_tls_received_header = yes

smtpd_tls_security_level = may

smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache

smtpd_use_tls = yes

tls_medium_cipherlist = AES128+EECDH:AES128+EDH

transport_maps = proxy:mysql:/etc/postfix/mysql_transports_maps.cf

virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf

virtual_gid_maps = static:88

virtual_mailbox_base = /srv/mailbox

virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf

virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf

virtual_minimum_uid = 999

virtual_transport = virtual

virtual_uid_maps = proxy:mysql:/etc/postfix/mysql_virtual_uid_maps.cf

如果有帮助,这些是使用的SQL查询：

mysql_mynetworks.cf

query = SELECT address FROM mailnetworks WHERE address='%s' and active='Y'

mysql_relay_domains_maps.cf

query = SELECT domain FROM maildomains WHERE domain='%s' AND backupmx = 1 AND active = 1

mysql_sender_maps.cf

query = SELECT address FROM mailsender WHERE username='%s'

mysql_transports_maps.cf

query = SELECT transport FROM maildomains WHERE domain='%s' AND transport != '' AND active=1

mysql_virtual_alias_maps.cf

query = SELECT goto FROM mailaliases AS a LEFT JOIN maildomains AS dom ON dom.domain=a.domain WHERE address='%s' AND dom.active=1 and a.active=1

mysql_virtual_domains_maps.cf

query = SELECT domain FROM maildomains WHERE domain='%s' AND backupmx='0' AND active=1

mysql_virtual_mailbox_maps.cf

query = SELECT maildir FROM mailboxes AS box LEFT JOIN maildomains AS dom ON dom.domain=box.domain WHERE username='%s' AND dom.active=1 AND box.active=1

mysql_virtual_uid_maps.cf

query = SELECT uid FROM mailboxes AS box LEFT JOIN maildomains AS dom ON box.domain=dom.domain WHERE username='%s' AND box.active=1 and dom.active=1