Русскоязычное Linux-сообщество's Journal
 
 [Most Recent Entries] [Calendar View]

Tuesday, October 8th, 2013

    Time Event
    9:36a
    Проблемы в связке posfix+opendkim
    Всем привет. У меня 2 проблемы:
    1. Проблема с авторизацией - позволяет отправлять с любым логином-паролем из mynetworks.
    Конфиг постфикса вот:
    [Конфиг постфикса]
    smtpd_banner = $myhostname ESMTP
    biff = no
    append_dot_mydomain = no
    readme_directory = no
    # TLS parameters
    smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem
    smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key
    smtpd_use_tls = yes
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

    myhostname = post.мойдомен.ru
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    myorigin = /etc/mailname
    mydestination = post.мойдомен.ru, localhost, localhost.localdomain,
    mynetworks = 127.0.0.0/8 + десяток моих серверов
    home_mailbox = Maildir/
    mailbox_size_limit = 0

    recipient_delimiter = +
    inet_interfaces = all
    inet_protocols = ipv4
    smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/dovecot-auth
    smtpd_sasl_local_domain = $myhostname
    smtpd_sasl_security_options = noanonymous
    broken_sasl_auth_clients = yes
    smtpd_sasl_auth_enable = yes
    smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
    smtpd_client_restrictions = permit_mynetworks

    smtp_tls_security_level = may
    smtpd_tls_security_level = may
    smtp_tls_note_starttls_offer = yes
    smtpd_tls_loglevel = 1
    smtpd_tls_received_header = yes
    smtpd_sasl_authenticated_header = yes
    smtpd_sender_restrictions = reject_unknown_sender_domain
    mailbox_command = /usr/lib/dovecot/deliver -c /etc/dovecot/conf.d/01-mail-stack-delivery.conf -m "${EXTENSION}"
    smtp_use_tls = yes
    smtpd_tls_mandatory_protocols = SSLv3, TLSv1
    smtpd_tls_mandatory_ciphers = medium
    smtpd_tls_auth_only = yes
    tls_random_source = dev:/dev/urandom

    smtpd_milters = inet:localhost:8891
    non_smtpd_milters = inet:localhost:8891
    milter_default_action = accept
    milter_protocol = 2

    queue_directory = /var/spool/postfix



    2. DKIM почему-то не подписывает письма отправляемые без TLS.


    Плз задавайте вопросы если я о чем-то не сообщил или нужен еще какой конфиг.

    UPD: в первом случае виноват параметр smtpd_recipient_restrictions = permit_mynetworks
    UPD2: smtpd_tls_auth_only = yes

    << Previous Day 2013/10/08
    [Calendar]     		Next Day >>

Русскоязычное Linux-сообщество   About LJ.Rossia.org