配置SMTP认证
zimbra邮件系统安装完成后开启的是TLS认证功能,没有开始postfix的SMTP认证功能。open relay对公网上所有的用户开放,意味着垃圾邮件制造者可以使用我们的邮件服务器做中转站达到发送垃圾邮件的目的,我们的邮件服务器有可能会被反垃圾邮件联盟组织列入黑名单,导致互联网上的邮件服务器拒收我们的邮件,因此我们需要关闭服务器的open relay功能,启用SMTP认证,只给通过认证的用户进行邮件的转发。
测试服务器是否开始SMTP认证,在CMD命令行执行telnet 命令 如下:
[d:\~]$ telnet 192.168.3.26 25 Connecting to 192.168.3.26:25... Connection established. To escape to local shell, press 'Ctrl+Alt+]' . 220 weyeenet.net ESMTP Postfix ehlo weyeenet.net 250-weyeenet.net 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN quit221 2.0.0 Bye |
在以上命令结果中,没有看到任何有关AUTH认证的参数,表明服务器是没有开启SMTP认证功能的。
[zimbra@mail root]$ zmprov modifyServer mail.weyeenet.net zimbraMtaTlsAuthOnly FALSE [zimbra@mail root]$ zmcontrol restart |
查看调整以后的参数结果
[zimbra@mail root]$ zmprov getServer mail.weyeenet.net | grep Auth zimbraAuthTokenNotificationInterval: 60000 zimbraLowestSupportedAuthVersion: 2 zimbraMtaAuthEnabled: TRUE zimbraMtaAuthHost: weyeenet.net zimbraMtaAuthTarget: TRUE zimbraMtaAuthURL: https: //weyeenet .net:8443 /service/soap/ zimbraMtaBrokenSaslAuthClients: yes zimbraMtaSaslAuthEnable: yes zimbraMtaSmtpSaslAuthEnable: no zimbraMtaSmtpdSaslAuthenticatedHeader: no zimbraMtaTlsAuthOnly: FALSE zimbraShareNotificationMtaAuthRequired: FALSE |
再次测试SMTP开始是否成功
[d:\~]$ telnet 192.168.3.26 25 Connecting to 192.168.3.26:25... Connection established. To escape to local shell, press 'Ctrl+Alt+]' . 220 weyeenet.net ESMTP Postfix ehlo weyeenet.net 250-weyeenet.net 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH LOGIN PLAIN 250-AUTH=LOGIN PLAIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN quit221 2.0.0 Bye |
配置zimbra用户只能在指定的域内发送邮件
可参考http://wenku.baidu.com/link?url=T4o0MMnVX9oJDPtJy26IzcLfcJnG4Tbl4MxZNnkelAfjO9jOrcvrYshPSxUI1C8Af1rIRkTst9Ps6Flq9oH9JbLqQFvUip2orVAjnMfJOIK
可参考http://wiki.zimbra.com/wiki/Restrict_users_to_certain_domain
[zimbra@mail root]$
head
-1
/opt/zimbra/conf/zmconfigd/smtpd_recipient_restrictions
.cf
check_sender_access
hash
:
/opt/zimbra/postfix/conf/restricted_senders
[zimbra@mail root]$ vim
/opt/zimbra/conf/zmconfigd
.cf
SECTION mta DEPENDS amavis
POSTCONF smtpd_restriction_classes local_only
POSTCONF local_only FILE postfix_check_recipient_access.cf
[zimbra@mail root]$
cat
/opt/zimbra/conf/postfix_check_recipient_access
.cf
check_recipient_access
hash
:
/opt/zimbra/postfix/conf/local_domains
, reject
[zimbra@mail root]$
cat
/opt/zimbra/postfix/conf/restricted_senders
weyee@weyeenet.net local_only
[zimbra@mail root]$
cat
/opt/zimbra/postfix/conf/local_domains
weyeenet.net OK
[zimbra@mail root]$ postmap
/opt/zimbra/postfix/conf/restricted_senders
[zimbra@mail root]$ postmap
/opt/zimbra/postfix/conf/local_domains
[zimbra@mail root]$ zmmtactl stop
/postfix-script
: stopping the Postfix mail system
Stopping saslauthd...
done
.
[zimbra@mail root]$ zmmtactl start
Rewriting configuration files...
done
.
Starting saslauthd...
done
.
/postfix-script
: starting the Postfix mail system
发表评论: