因此,现在我正试图通过 来设置外发邮件黑名单smtpd_recipient_restrictions。
我遇到的问题是,当我预计系统会拒绝我的测试电子邮件时,它们却被发送了。
这是/etc/postfix/main.cf
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
smtpd_recipient_restrictions =
reject_unknown_recipient_domain,
reject_unauth_destination,
check_recipient_access hash:/etc/postfix/recipient_block
myhostname = hostname.domain.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = hostname.domain.com, hostname.domain.com, , localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
我的/etc/postfix/recipient_block(这是后来通过 postmap 运行的)
[email protected] REJECT
然后,我将像这样发送测试电子邮件:
$ echo test | mail -s "test email, please ignore" [email protected]
Postfix 的配置已经重新加载,并且重新启动了几次以尝试排除故障,但都无济于事。
文件尾部的一部分/var/log/mail.log内容如下:
Sep 25 02:27:17 antares postfix/master[3024]: reload -- version 2.7.0, configuration /etc/postfix
Sep 25 02:27:27 antares postfix/pickup[3104]: C723018770: uid=1001 from=<obsidian>
Sep 25 02:27:27 antares postfix/cleanup[3110]: C723018770: message-id=<[email protected]>
Sep 25 02:27:27 antares postfix/qmgr[3105]: C723018770: from=<[email protected]>, size=388, nrcpt=1 (queue active)
Sep 25 02:27:28 antares postfix/smtp[3112]: C723018770: to=<[email protected]>, relay=ASPMX.L.GOOGLE.COM[74.125.47.26]:25, delay=0.35, delays=0.01/0.01/0.12/0.21, dsn=2.0.0, status=sent (250 2.0.0 OK 1316942848 j50si8227610yhe.128)
Sep 25 02:27:28 antares postfix/qmgr[3105]: C723018770: removed
...所以,我很困惑。我不明白为什么这封电子邮件不是被拒绝。
答案1
问题在于邮件是通过服务发送的pickup(通过 sendmail 接口),因此它是一封“外发”邮件。对于外发邮件,这些smtpd_*_restrictions限制不适用。这些限制仅适用于通过 SMTP 发送的“传入”邮件。
编辑 Victor Duchovni(Postfix 维护者)甚至提供了一个解决方案:http://marc.info/?l=postfix-users&m=120155612332393&w=1
答案2
正如 @mailq 所说,“邮件”程序不会通过 SMTP 注入消息,“smtpd_recipient_restrictions”仅适用于通过 SMTP 接收的消息。因此,例如,如果您运行此程序,您应该会看到它显示拒绝:
printf 'ehlo hostname.domain.com\nmail from: <[email protected]>\nrcpt to:' \
'<[email protected]>\nquit\n' | nc localhost 25
这将通过“netcat”(通常称为“nc”)建立 SMTP 连接,并应证明阻止是确实到位。
也许这就足够了?如果还不够,我能想到的拒绝这个远程地址的唯一方法是设置一个拒绝发送给它的消息的传输,然后在传输表中列出该地址以与拒绝的传输相关联。