Text only | Text with Images

OPNsense Forum

International Forums => German - Deutsch => Topic started by: Cordial on January 21, 2021, 02:42:43 PM

Title: Postfix - Adv. Helo Restrictions / Sender Restrictions
Post by: Cordial on January 21, 2021, 02:42:43 PM
Hallo zsam,

Hab das geoogelt, aber werde aus den zwei Funktionen nicht schlau. Kann mich hier jemand aufklären?

Gruss
Peter
Title: Re: Postfix - Adv. Helo Restrictions / Sender Restrictions
Post by: mimugmail on January 21, 2021, 02:56:35 PM
Die Frage ist rein aus Interesse oder du hast ein Problem was du lösen willst?
Title: Re: Postfix - Adv. Helo Restrictions / Sender Restrictions
Post by: Cordial on January 21, 2021, 02:57:53 PM
Interesse, weil ich darüber einfach nichts finde. Würde trotzdem wissen welche Auswirkungen diese zwei Punkte haben, wenn ich sie aktiviere.
Title: Re: Postfix - Adv. Helo Restrictions / Sender Restrictions
Post by: mimugmail on January 21, 2021, 03:33:46 PM
https://forum.opnsense.org/index.php?topic=15968.msg73130#msg73130


https://github.com/opnsense/plugins/pull/1723
Title: Re: Postfix - Adv. Helo Restrictions / Sender Restrictions
Post by: Cordial on January 21, 2021, 05:37:29 PM
Danke
Title: Re: Postfix - Adv. Helo Restrictions / Sender Restrictions
Post by: Cordial on January 26, 2021, 05:44:48 PM
Ich habe beim Postfix alles aktiviert und trotzdem kommt folgende Mail, zwar als Spam markiert, aber halt durch:

Code Select
2021-01-26T16:59:08 postfix/qmgr[3350] 0D11B273BD: removed
2021-01-26T16:59:08 postfix/smtp[35853] 0D11B273BD: to=<meine Mail>, relay=192.168.3.4[192.168.3.4]:25, delay=76, delays=76/0.07/0.02/0.22, dsn=2.6.0, status=sent (250 2.6.0 <58301738008888.qKvVO24LwGYUX1cKTi9zxaBem-q@3755837016805zouro.club> [InternalId=139637976727631, Hostname=MeinServer] 4692 bytes in 0.136, 33,590 KB/sec Queued mail for delivery)
2021-01-26T16:59:08 postfix/smtpd[22942] disconnect from unknown[52.170.92.229] ehlo=1 mail=1 rcpt=1 bdat=1 quit=1 commands=5
2021-01-26T16:59:08 postfix/qmgr[3350] 0D11B273BD: from=<>, size=2007, nrcpt=1 (queue active)
2021-01-26T16:57:52 postfix/cleanup[23964] 0D11B273BD: message-id=<58301738008888.qKvVO24LwGYUX1cKTi9zxaBem-q@3755837016805zouro.club>
2021-01-26T16:57:52 postfix/smtpd[22942] 0D11B273BD: client=unknown[52.170.92.229]
2021-01-26T16:57:51 postfix/smtpd[22942] connect from unknown[52.170.92.229]

Ehrlich gesagt, versteh ich es nicht. Wird nicht sowas durch den Adv. Sender Restriction verhindert? Sollte da "unkown" nicht geblockt werden?
Title: Re: Postfix - Adv. Helo Restrictions / Sender Restrictions
Post by: mimugmail on January 26, 2021, 07:28:10 PM
Poste Mal deine main.cf
Title: Re: Postfix - Adv. Helo Restrictions / Sender Restrictions
Post by: Cordial on January 26, 2021, 08:10:39 PM
Code Select
##########################
# START SYSTEM DEFAULTS
##########################
alias_database = hash:/usr/local/etc/postfix/aliases
alias_maps = hash:/usr/local/etc/postfix/aliases
compatibility_level = 2
queue_directory = /var/spool/postfix
command_directory = /usr/local/sbin
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
mail_owner = postfix
unknown_local_recipient_reject_code = 550
mynetworks_style = host
debug_peer_level = 2
debugger_command =
         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
         ddd $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/local/sbin/sendmail
newaliases_path = /usr/local/bin/newaliases
mailq_path = /usr/local/bin/mailq
setgid_group = maildrop
html_directory = no
manpage_directory = /usr/local/man
sample_directory = /usr/local/etc/postfix
readme_directory = no
inet_protocols = all
meta_directory = /usr/local/libexec/postfix
shlib_directory = /usr/local/lib/postfix
relay_domains = hash:/usr/local/etc/postfix/transport
transport_maps = hash:/usr/local/etc/postfix/transport
virtual_alias_maps = hash:/usr/local/etc/postfix/virtual
sender_bcc_maps = hash:/usr/local/etc/postfix/senderbcc
recipient_bcc_maps = hash:/usr/local/etc/postfix/recipientbcc
sender_canonical_maps = regexp:/usr/local/etc/postfix/sendercanonical
main.cf: unmodified: line 1

##########################
# START SYSTEM DEFAULTS
##########################
alias_database = hash:/usr/local/etc/postfix/aliases
alias_maps = hash:/usr/local/etc/postfix/aliases
compatibility_level = 2
queue_directory = /var/spool/postfix
command_directory = /usr/local/sbin
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
mail_owner = postfix
unknown_local_recipient_reject_code = 550
mynetworks_style = host
debug_peer_level = 2
debugger_command =
         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
         ddd $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/local/sbin/sendmail
newaliases_path = /usr/local/bin/newaliases
mailq_path = /usr/local/bin/mailq
setgid_group = maildrop
html_directory = no
manpage_directory = /usr/local/man
sample_directory = /usr/local/etc/postfix
readme_directory = no
inet_protocols = all
meta_directory = /usr/local/libexec/postfix
shlib_directory = /usr/local/lib/postfix
relay_domains = hash:/usr/local/etc/postfix/transport
transport_maps = hash:/usr/local/etc/postfix/transport
virtual_alias_maps = hash:/usr/local/etc/postfix/virtual
sender_bcc_maps = hash:/usr/local/etc/postfix/senderbcc
recipient_bcc_maps = hash:/usr/local/etc/postfix/recipientbcc
sender_canonical_maps = regexp:/usr/local/etc/postfix/sendercanonical
header_checks = regexp:/usr/local/etc/postfix/header_checks_receiving
smtp_header_checks = regexp:/usr/local/etc/postfix/header_checks_delivering
##########################
# END SYSTEM DEFAULTS
##########################

myhostname = "mein Mail Host"
mydomain = "meine AD Domain"
myorigin = $myhostname
inet_interfaces = all
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.3.4/32
smtpd_banner = "mein Mail Banner"
message_size_limit = 51200000
smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3
smtp_tls_mandatory_protocols=!SSLv2,!SSLv3
smtpd_tls_protocols=!SSLv2,!SSLv3
smtp_tls_protocols=!SSLv2,!SSLv3
smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
smtp_tls_security_level = may
smtpd_use_tls = yes
smtpd_tls_cert_file = /usr/local/etc/postfix/cert_opn.pem
smtpd_tls_CAfile = /usr/local/etc/postfix/ca_opn.pem


smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/usr/local/etc/postfix/smtp_auth
smtp_sasl_security_options =


smtpd_milters = inet:localhost:11332
non_smtpd_milters = inet:localhost:11332
milter_protocol = 6
milter_mail_macros =  i {mail_addr} {client_addr} {client_name} {auth_authen}
milter_default_action = accept

relay_recipient_maps = hash:/usr/local/etc/postfix/recipient_access


smtpd_recipient_restrictions = check_sender_access hash:/usr/local/etc/postfix/sender_access, check_recipient_access hash:/usr/local/etc/postfix/recipient_access, reject_unknown_client_hostname, reject_non_fqdn_helo_hostname, reject_inva
lid_helo_hostname, reject_unknown_helo_hostname, reject_unauth_pipelining, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, permit_mynetworks, reject_unauth_destination

smtpd_helo_required = yes

smtpd_helo_restrictions =
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_invalid_helo_hostname,
        reject_non_fqdn_hostname,
        reject_unknown_hostname
smtpd_sender_restrictions =
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_unknown_reverse_client_hostname,
        reject_unknown_sender_domain,
        reject_non_fqdn_sender
syslog_facility = mail
syslog_name = postfix

Sehe hier in der Config, dass "smtp_sasl_auth_enable = yes". Habe aber in den Web Gui Einstellungen bei "Permit SASL Authenticated" den Hacken raus genommen.

OPNsense 20.7.8
FreeBSD 12.1
Text only | Text with Images