没办法了，怎样禁止登录用户伪造邮件地址发信？？

nullbert

试了N多次都不行，我把 main.cf  贴出来请高手看看：

[root@mail ~]# cat /etc/postfix/main.cf
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
#mydestination = $myhostname, localhost.$mydomain, localhost
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
unknown_local_recipient_reject_code = 550

# hostname
mynetworks = 127.0.0.1
myhostname = mail.sykaiqi.com
mydestination = $mynetworks $myhostname
#mydomain = sykaiqi.com
#myorigin = sykaiqi.com

# banner
mail_name = Postfix - by extmail.org
smtpd_banner = $myhostname ESMTP $mail_name

# response immediately
smtpd_error_sleep_time = 0s

# Message and return code control
message_size_limit = 52428800
mailbox_size_limit = 104857600
show_user_unknown_table_name = no

# Queue lifetime control
bounce_queue_lifetime = 1d
maximal_queue_lifetime = 1d

maildrop_destination_recipient_limit = 1

# extmail config here
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_transport = maildrop:

# smtpd related config
smtpd_recipient_restrictions =
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_non_fqdn_hostname,
        reject_non_fqdn_sender,
        reject_non_fqdn_recipient,
        reject_unauth_destination,
        reject_unauth_pipelining,
        reject_invalid_hostname,

# SMTP sender login matching config
smtpd_reject_unlisted_sender = yes
smtpd_sender_restrictions =
        permit_mynetworks,
        reject_sender_login_mismatch,
        reject_authenticated_sender_login_mismatch,
        reject_unauthenticated_sender_login_mismatch

smtpd_sender_login_maps =
        mysql:/etc/postfix/mysql_virtual_sender_maps.cf,
        mysql:/etc/postfix/mysql_virtual_alias_maps.cf
  
# SMTP AUTH config here
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous

# Content-Filter
content_filter = smtp-amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings
[root@mail ~]#

kisswen

smtpd_delay_reject = yes

nullbert

By default, this restriction is applied when the client sends the RCPT TO command. In order to have the restriction take effect as soon as possible, specify smtpd_delay_reject = no in the Postfix main.cf configuration file

The sender or recipient restrictions take effect only if smtpd_delay_reject = yes so that all restrictions are evaluated after the RCPT TO command.

very_99

试一下  在smtpd_recipient_restrictions = 中加上：reject_sender_login_mismatch,reject_authenticated_sender_login_mismatch

very_99

貌似只能确保  mail from的地址是属于邮件地址列表的

nullbert

[root@mail ~]# mailq
-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
6B8061F836F     3450 Tue Oct  8 01:00:34  MAILER-DAEMON
             (connect to zeebxovru.net[58.53.211.46]:25: Connection timed out)
                                         gssw@zeebxovru.net

621341F8363     3436 Mon Oct  7 22:28:13  MAILER-DAEMON
                   (connect to xp.info[58.53.211.47]:25: Connection timed out)
                                         itc@xp.info

95E1F1F833C     3653 Mon Oct  7 15:17:06  MAILER-DAEMON
                    (connect to bnx.org[50.57.34.52]:25: Connection timed out)
                                         ttygajdd@bnx.org

47AF81F8341     3484 Mon Oct  7 17:42:53  MAILER-DAEMON
             (connect to cn-uniview.co[58.53.211.47]:25: Connection timed out)
                                         cehntje@cn-uniview.co

4E2CE1F8379     3483 Tue Oct  8 08:20:39  MAILER-DAEMON
(conversation with postbox.fabulous.com[128.242.120.13] timed out while receiving the initial server greeting)
                                         kgcrnv@zivj.com

47CE41F8373     3580 Tue Oct  8 07:42:57  MAILER-DAEMON
(conversation with postbox.fabulous.com[128.242.120.13] timed out while receiving the initial server greeting)
                                         maxck9627@tpmtechnopark.com

C6E841F835F     3502 Tue Oct  8 11:26:36  MAILER-DAEMON
(host mailstore1.secureserver.net[72.167.238.201] refused to talk to me: 554-p3pismtp01-031.prod.phx3.secureserver.net 554 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means.)
                                         mwmdzouqi@owrp.com

CA24E1F837B     3609 Tue Oct  8 10:40:25  MAILER-DAEMON
              (connect to dzzsbuqg.com[58.53.211.46]:25: Connection timed out)
                                         swv@dzzsbuqg.com

33B1E1F8377     3651 Tue Oct  8 04:51:29  MAILER-DAEMON
                  (connect to ynyl.com[176.74.176.178]:25: Connection refused)
                                         nkuuaxj@ynyl.com

36D291F8374     3648 Tue Oct  8 07:05:08  MAILER-DAEMON
             (connect to lffqcbocf.net[58.53.211.47]:25: Connection timed out)
                                         jkxf@lffqcbocf.net

AD1C81F832B     3428 Tue Oct  8 02:53:12  MAILER-DAEMON
               (connect to kwqkzlu.com[58.53.211.46]:25: Connection timed out)
                                         qj@kwqkzlu.com

A594C1F834E     3608 Mon Oct  7 23:49:23  MAILER-DAEMON
                 (connect to lhojw.com[58.53.211.46]:25: Connection timed out)
                                         adyivrq@lhojw.com

AA2331F8349     3345 Mon Oct  7 21:40:50  MAILER-DAEMON
          (connect to bjeport.gov.cn[220.181.191.68]:25: Connection timed out)
                                         zt0xh236c@bjeport.gov.cn

AD4521F8375     3386 Tue Oct  8 05:45:20  MAILER-DAEMON
              (connect to iselect.com[203.27.227.85]:25: Connection timed out)
                                         ljtwm@iselect.com

E7E8D1F8350     3296 Mon Oct  7 15:30:09  MAILER-DAEMON
            (connect to rvltooling.com[58.53.211.46]:25: Connection timed out)
                                         Rv@rvltooling.com

DA1BA1F8342     3647 Mon Oct  7 20:12:58  MAILER-DAEMON
                (connect to xwtkrr.org[58.53.211.46]:25: Connection timed out)
                                         ublzfylja@xwtkrr.org

D51341F8365     3455 Tue Oct  8 01:50:20  MAILER-DAEMON
              (connect to kfwmuvnq.com[58.53.211.46]:25: Connection timed out)
                                         rra@kfwmuvnq.com

5AEE51F835A     3599 Mon Oct  7 20:42:26  MAILER-DAEMON
              (connect to xququcak.net[58.53.211.46]:25: Connection timed out)
                                         ml@xququcak.net

545581F837C     3633 Tue Oct  8 12:42:46  MAILER-DAEMON
                 (connect to xji.cc[202.146.217.200]:25: Connection timed out)
                                         ublbte@xji.cc

8A7EE1F8368     3519 Mon Oct  7 22:41:19  MAILER-DAEMON
              (connect to iiprtrjl.com[58.53.211.47]:25: Connection timed out)
                                         fng@iiprtrjl.com

88D561F8360     3579 Tue Oct  8 00:43:19  MAILER-DAEMON
          (connect to px2013-33.vicp.cc[14.119.70.224]:25: Connection refused)
                                         MhHDlowa@px2013-33.vicp.cc

2D9B11F8352     3622 Mon Oct  7 17:16:51  MAILER-DAEMON
               (connect to epaoage.com[58.53.211.46]:25: Connection timed out)
                                         kcpiguuit@epaoage.com

-- 90 Kbytes in 22 Requests.
[root@mail ~]#

这是咋回事？？？

woxizishen

一句話:將順序調下
smtpd_sender_restrictions =
        permit_mynetworks,
        reject_sender_login_mismatch,
        reject_authenticated_sender_login_mismatch,
        reject_unauthenticated_sender_login_mismatch


smtpd_sender_restrictions =
        reject_sender_login_mismatch,
        reject_authenticated_sender_login_mismatch,
        reject_unauthenticated_sender_login_mismatch
        permit_mynetworks,