[Postfixadmin-devel] postfixadmin with helo restrictions
Brought to you by:
christian_boltz,
gingerdog
Menu
▾
▴
[Postfixadmin-devel] postfixadmin with helo restrictions
|
From: Cesar P. <br...@cl...> - 2016-06-22 12:57:15
|
Hi to all I have a problem with postfixadmin (not the latest version) The problem is that if i use some security directives in the "main.cf" file of postfix for protect to the mail server of telnet connections to ports smtp and smpts (the helo restrictions), when i create a email account with postfixadmin, the mail of welcome is not sent, and maybe i will have the same problem with the option of "vacation" of postfixadmin. My restrictions of "helo" works well when i have it enabled, so my email server is protected of attacks of spammers by telnet conections, but my problem is with postfixadmin, so at this moment, i have disabled the restrictions of helo. This are my directives that i have configured for enable the helo restrictions in the "main.cf" file and "helo_access" file: # About mynetworks: mynetworks = 127.0.0.1/32 # About sender restrictions: smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_destination # About recipient restrictions: smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_pipelining, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_non_fqdn_recipient, reject_unknown_recipient_domain # About the hello restrictions: smtpd_delay_reject = yes smtpd_helo_required = yes smtpd_helo_restrictions = check_helo_access hash:/etc/postfix/helo_access, permit_sasl_authenticated, permit_mynetworks, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, reject_unlisted_recipient, reject_unlisted_sender, permit # My "helo_access" file: mail.mydomain.com REJECT mail.mydomain2.com REJECT mail.mydomain3.com REJECT Note: In addition, I have enabled "fail2ban", but i don't believe that this program can help me a lot since that the email adresses can be constructed correctly by the attacker. My Question: What can i do for correct this problem and be protected of the telnet attacks? Best Regards Cesar |
