[Gutl-l] RV: Re: dudas con Open-Relay

Tue, 23 Apr 2019 10:09:15 -0700 

Main.cf

biff = no

append_dot_mydomain = no

readme_directory = no

 

mydomain = ecocem.cu

myhostname = serverproxy.ecocem.cu

myorigin = /etc/mailname

mydestination = $myhostname, localhost 

 

relayhost = 

alias_maps = hash:/etc/aliases

alias_database = hash:/etc/aliases

 

local_recipient_maps = 

local_transport = error:local mail delivery is disabled

 

#mynetworks = 127.0.0.0/8, 172.18.146.0/24, 192.60.0.0/19, 192.168.3.0/24

mynetworks = 127.0.0.0/8, 172.18.146.15

relay_domains = hash:/etc/postfix/maps/relay_domains

mailbox_size_limit = 2048000

message_size_limit = 2048000

recipient_delimiter = +

inet_interfaces = all

html_directory = /usr/share/doc/postfix/html

maximal_queue_lifetime = 2d

inet_protocols = ipv4

transport_maps = hash:/etc/postfix/transport

 

#spf-policyd_time_limit = 3600s

smtp_send_xforward_command = yes

smtpd_client_connection_count_limit=100

 

header_checks = pcre:/etc/postfix/maps/header_check

body_checks = pcre:/etc/postfix/maps/body_checks

 

 

mime_header_checks = regexp:/etc/postfix/maps/mime_header_checks

 

local_destination_concurrency_limit = 2

default_destination_concurrency_limit = 20

 

disable_vrfy_command = yes

smtpd_etrn_restriction = reject

bounce_size_limit = 65536

header_size_limit = 32768

smtpd_recipient_limit = 128

smtpd_timeout = 180

 

strict_rfc821_envelopes = yes

allow_untrusted_routing = no

smtpd_soft_error_limit = 10

smtpd_hard_error_limit = 20

smtpd_error_sleep_time = 1s

 

smtpd_delay_reject = yes

smtpd_helo_required = yes

 

smtpd_helo_restrictions =

        #permit_mynetworks,

        reject_non_fqdn_hostname,

        reject_invalid_hostname,

        reject_unknown_helo_hostname,

        permit

 

smtpd_sender_restrictions =

        reject_unknown_sender_domain,

        check_sender_access hash:/etc/postfix/maps/sender_ok

 

smtpd_restriction_classes =

        rule_eval_from_with_ipinet

        rule_eval_from_with_ipecocem

        rule_eval_rcpt_with_ipecocem_fromecocem

        rule_grant_rcpt_ecocemcu

 

smtpd_client_restrictions =

        #permit_mynetworks,

        reject_invalid_hostname,

        reject_non_fqdn_hostname,

        reject_non_fqdn_sender,

        reject_non_fqdn_recipient,

        reject_unknown_sender_domain,

        reject_unknown_recipient_domain,

        reject_unknown_client_hostname,

        reject_rbl_client zen.spamhaus.org,

        rule_eval_from_with_ipinet

 

 

smtpd_recipient_restrictions =

        #permit_mynetworks,

        permit_sasl_authenticated,

        reject_unauth_destination,

        check_policy_service unix:private/policy-spf,

        reject_invalid_helo_hostname,

        reject_unknown_recipient_domain,

        reject_multi_recipient_bounce,

        reject_unauth_pipelining,

        reject_rbl_client sbl.spamhaus.org,

        reject_rbl_client cbl.abuseat.org,

        reject_rbl_client dul.dnsbl.sorbs.net,

        check_recipient_access hash:/etc/postfix/maps/recipient_ok,

        check_sender_access hash:/etc/postfix/maps/idiots,

        check_recipient_access hash:/etc/postfix/maps/idiots

 

rule_eval_from_with_ipinet = check_sender_access 
pcre:/etc/postfix/maps/eval_from_with_ipinet

rule_eval_from_with_ipecocem = check_sender_access 
pcre:/etc/postfix/maps/eval_from_with_ipecocem

rule_eval_rcpt_with_ipecocem_fromecocem = check_recipient_access 
pcre:/etc/postfix/maps/eval_rcpt_with_ipecocem_fromecocem

rule_grant_rcpt_ecocemcu = check_recipient_access 
pcre:/etc/postfix/maps/grant_rcpt_ecocemcu

 

 

#content_filter = amavis:[127.0.0.1]:10024

#receive_override_options = no_address_mappings

content_filter = amavis:[127.0.0.1]:10024

receive_override_options = no_address_mappings

 

 

smtpd_use_tls = yes

smtpd_tls_cert_file = /etc/ssl/private/server.crt

smtpd_tls_key_file = /etc/ssl/private/server.key

smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache

smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

 

policy-spf_time_limit = 3600s

 

#DKIM

smtpd_milters = inet:localhost:8891

non_smtpd_milters = inet:localhost:8891

 

 

Lic. Joel Enriquez Moya

Esp. P de Informática y Comunicación

Empresa Comercial del Cemento

Telf: 7-2614346-9022 (ext 102)

Movil: 5-2863973

Correo:  <mailto:j...@ecocem.cu> j...@ecocem.cu

 

 

De: Andy Lucena Hernández [mailto:andylh.i...@nauta.cu] 
Enviado el: martes, 23 de abril de 2019 01:47
Para: Lista cubana de soporte técnico en Tecnologias Libres 
<gutl-l@listas.jovenclub.cu <mailto:gutl-l@listas.jovenclub.cu> >
Asunto: [Gutl-l] Re: dudas con Open-Relay

 

Sería bueno dieras más info. Por ejemplo si tienes smtp auth y si pudieras una 
copia de tu main.cf, etc.

 

Saludos

 

Andy

 

 

En 23 de abril de 2019 10:20:13 a. m. "Joel Enriquez Moya" < 
<mailto:j...@ecocem.cu> j...@ecocem.cu> escribió:

Buenos dias

Estoy desde hace dias, buscando documentación y implementando procedimientos 
para eliminar que mi postfix permita open-relay y sin éxito.

Necesito un poco de ayuda de los que han tenido éxito.

Uso un postfix de MTA el cual hace de pasarela para el server de correo zimbra.

Slds

 

Lic. Joel Enriquez Moya

Esp. P de Informática y Comunicación

Empresa Comercial del Cemento

Telf: 7-2614346-9022 (ext 102)

Movil: 5-2863973

Correo:  <mailto:j...@ecocem.cu> j...@ecocem.cu

 

_______________________________________________

Gutl-l mailing list --  <mailto:gutl-l%40listas.jovenclub.cu> 
gutl-l@listas.jovenclub.cu

To unsubscribe send an email to  <mailto:gutl-l-leave%40listas.jovenclub.cu> 
gutl-l-le...@listas.jovenclub.cu

 

 


_______________________________________________
Gutl-l mailing list -- gutl-l@listas.jovenclub.cu
To unsubscribe send an email to gutl-l-le...@listas.jovenclub.cu

Responder a