Is there any way to control which hosts are permitted to connect to the cleanup daemon over TCP?
Our 'master.cf' contains:
2526 inet n - - - 0 cleanup
This is necessary because we have a cluster of SMTP servers running custom code, and they can all inject mail to the centralized postfix server via the cleanup daemon.
However, we want to allow only our authorized servers to connect to the cleanup daemon. The current configuration allows any host to connect to port 2526.
Clearly we can use iptables to restrict access, but is there a way to do this within postfix itself?
据我所知,清理守护进程没有任何身份验证控件。您可以尝试编写一个非 smtp milter,但功能非常有限,我不确定它是否会有帮助。
更好的选择可能是公开qmqpd。它应该直接通过管道进行清理,但允许您进行简单的控制。qmqpd_authorized_clients将是在那里处理它的方法。我怀疑如果你走这条路,你需要重写一些代码。
| 归档时间: |
|
| 查看次数: |
450 次 |
| 最近记录: |