Hola Gente:
Después de estar un tanto ocupado en algunas cuestiones programáticas, he vuelto a la carga con la administración.
He descubierto por medio de un amigo una posible falla de Postfix. El tema es el siguiente.
Si yo hago un telnet al puerto 25 de mi server desde una pc con dns resuelto FQDN real y comprobable e intento enviar a una cuenta interna de mi serve, diciendole que soy un usuario determinado; mi postfix lo envia perfectamente.
Ej: [root@infernus postfix]# telnet algun.mail.com 25 Trying 201.217.51.105... Connected to algun.mail.com. Escape character is '^]'. 220 algun.mail.com ESMTP Postfix helo mail.otrofqdn.com 250 algun.mail.com mail from:user@mail.com 250 2.1.0 Ok rcpt to: user@mail.com 250 2.1.5 Ok data 354 End data with <CR><LF>.<CR><LF> . 250 2.0.0 Ok: queued as 8BD741CE0164 quit 221 2.0.0 Bye Connection closed by foreign host.
Como ven en la conversación el correo fue encolado. A pesar de tener supuesta autenticación en el servidor.
Ahora mi pregunta va a si esto es posible de frenar. Paso mi conf.
queue_directory = /var/spool/postfix command_directory = /usr/sbin daemon_directory = /usr/libexec/postfix mail_owner = postfix myhostname = server.mail.com.py mydomain = mail.com.py myorigin = $mydomain inet_interfaces = all mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain unknown_local_recipient_reject_code = 550 mynetworks = 192.168.30.0/24, 127.0.0.0/8 relay_domains = $mydestination alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases recipient_delimiter = + smtpd_banner = $myhostname ESMTP $mail_name local_destination_concurrency_limit = 2 default_destination_concurrency_limit = 20 debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5 sendmail_path = /usr/sbin/sendmail.postfix newaliases_path = /usr/bin/newaliases.postfix mailq_path = /usr/bin/mailq.postfix setgid_group = postdrop html_directory = no manpage_directory = /usr/share/man sample_directory = /usr/share/doc/postfix-2.3.3/samples readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
smtpd_tls_security_level = may smtpd_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt smtpd_tls_key_file = /etc/pki/tls/private/timbo.key smtpd_tls_cert_file = /etc/pki/tls/certs/timbo.crt smtpd_tls_auth_only = no smtp_use_tls = yes smtpd_use_tls = yes smtp_tls_note_starttls_offer = yes smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom
smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_invalid_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unknown_sender_domain, reject_unauth_pipelining
smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, permit smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, permit
mailbox_size_limit = 0 message_size_limit = 0
content_filter=amavisfeed:[127.0.0.1]:10024