可能重复:
如何阻止人们使用我的域名发送垃圾邮件?
我正在运行一个由 Ubuntu + Postfix + Maia Mailguard + Dovecot 组成的邮件服务器,一切运行良好,直到最近人们开始收到似乎从我的域发送的垃圾邮件。
例如:
From: [email protected]
To: [email protected]
Subject: Fwd: Re: Scan from a Hewlett-Packard ScanJet 1234
但返回路径是这样的:
Return-Path: <[email protected]>
(有关更多信息,请参阅下面的邮件服务器的标头和 main.cf。)
有人能给出一些建议,说明如何最好地阻止此类电子邮件吗?有些信息可能很重要,我们的一些用户远程工作,因此可以连接到运行 Dovecot 的网关并从世界任何地方接收(IMAPS)/发送(SMTP)(经过身份验证)。我不确定这是否会使阻止垃圾邮件变得更加困难。
垃圾邮件标题示例:
Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: from mail.example.com (gateway.localhost [10.0.0.1])
by mail-int (Postfix) with ESMTP id 59CC1211180
for <[email protected]>; Tue, 01 Aug 2012 12:00:00 +0100 (IST)
Received: from localhost (localhost [127.0.0.1])
by mail.example.com (Postfix) with ESMTP id 43EE4C0F5
for <[email protected]>; Tue, 01 Aug 2012 12:00:00 +0100 (IST)
Received: from mail.example.com ([127.0.0.1])
by localhost (mail.example.com [127.0.0.1]) (amavisd-maia, port 20004)
with ESMTP id 21183-01-6 for <[email protected]>;
Tue, 01 Aug 2012 12:00:00 +0100 (IST)
Received: from [xx.xx.xx.xx] (unknown [xx.xx.xx.xx])
by mail.example.com (Postfix) with ESMTP id 946DBC0EB
for <[email protected]>; Tue, 01 Aug 2012 12:00:00 +0100 (IST)
Received: from by mx1.optonline.net; Tue, 01 Aug 2012 12:00:00 +0100
Date: Tue, 01 Aug 2012 12:00:00 +0100
From: <[email protected]>
Reply-To: <[email protected]>
X-Priority: 3 (Normal)
Message-ID: <[email protected]>
To: [email protected]
Subject: Fwd: Re: Scan from a Hewlett-Packard ScanJet 8702
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----------27AF424950946E7"
X-Virus-Scanned: Maia Mailguard 1.0.2
网关上的 Postfix 的 main.cf
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
### relayhost = www.example.com
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
### from previous confing file:
soft_bounce = no
queue_directory = /var/spool/postfix
mydomain = example.com
# debug_peer_level = 2
# SPAM Processing
content_filter = amavis:[127.0.0.1]:20004
## content_filter = smtp-amavis:[127.0.0.1]:20004
##queue_minfree = 24000000
notify_classes = 2bounce,resource,software
address_verify_negative_expire_time = 30h
bounce_queue_lifetime = 48h
maximal_queue_lifetime = 50h
delay_warning_time = 20h
### new things:
alias_maps = hash:/etc/aliases
myorigin = $mydomain
myhostname = mail.example.com
mynetworks = 127.0.0.0/8, 10.0.0.0/24, xx.xx.xx.xx
message_size_limit = 20971520
local_transport = error:No local mail delivery
mydestination =
# mydestination = $myhostname, localhost.$mydomain, mail.$mydomain, local.$mydomain
local_recipient_maps =
# local_recipient_maps = hash:/etc/postfix/recipients
virtual_maps = hash:/etc/postfix/virtual
virtual_alias_maps = $virtual_maps
relay_recipient_maps = hash:/etc/postfix/relay_recipients
transport_maps = hash:/etc/postfix/transport
relay_domains = hash:/etc/postfix/relay_domains
recipient_delimiter =
smtpd_helo_required = yes
smtpd_sender_login_maps = pcre:/etc/postfix/senders_map, hash:/etc/postfix/senders_map_other
smtpd_sender_restrictions = permit_mynetworks, check_sender_access hash:/etc/postfix/sender_access, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauthenticated_se
nder_login_mismatch
## smtpd_recipient_restrictions = check_client_access, hash:/etc/postfix/relay_clients
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unauth_pipelining, reject_unknown_recipient_domain, reject_unverifie
d_recipient
smtpd_data_restrictions = reject_unauth_pipelining
### 2012-03-27
# add header for authenticated mail to strip IP
smtpd_sasl_authenticated_header = yes
header_checks = regexp:/etc/postfix/header_checks.regexp
header_checks = pcre:/etc/postfix/header_checks.pcre
body_checks = pcre:/etc/postfix/body_checks
unverified_recipient_reject_code = 550
##smtpd_client_connection_count_limit = 5
#default_process_limit = 4
disable_vrfy_command = yes
##### SASL
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
##smtpd_sasl_local_domain = $mydomain
smtpd_sasl_application_name = smtpd
#broken_sasl_auth_clients = yes
##### TLS parameters
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtpd_tls_auth_only = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtpd_tls_cert_file=/etc/ssl/private/mail_example_com.crt
smtpd_tls_key_file=/etc/ssl/private/mail_example_com.key
smtp_tls_CAfile = /etc/ssl/private/comodo-bundle.crt
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
****内部邮件服务器上的 postfix 的 main.cf ****
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
myorigin = example.com
#### mydestination = example.com, localhost
### mydestination =
mynetworks = 127.0.0.0/8, 10.0.0.0/24
myhostname = mail-int
mydomain = example.com
relayhost = 10.0.0.1
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
append_dot_mydomain = no
## Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
message_size_limit = 20971520
smtpd_helo_required = yes
## TLS parameters
#smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
#smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
#smtpd_use_tls=yes
#smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
#smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
## See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
## information on enabling SSL in the smtp client.
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
### mailbox_transport = dovecot
virtual_transport = dovecot
virtual_mailbox_base = /home/MAIL
virtual_mailbox_maps = ldap:/etc/postfix/ldap-accounts.cf
virtual_mailbox_domains = example.com
virtual_domain = example.com
virtual_minimum_uid = 30000
virtual_uid_maps = static:500
virtual_gid_maps = static:500
virtual_alias_maps = hash:/etc/postfix/aliases-virtual, ldap:/etc/postfix/ldap-aliases.cf
#allow_mail_to_files = alias
allow_mail_to_commands = alias
#alias_maps = hash:/etc/postfix/aliases
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
## Dovecot Deliver:
#mailbox_command = /usr/local/libexec/dovecot/deliver
mailbox_command = /usr/lib/dovecot/deliver
dovecot_destination_recipient_limit = 1
答案1
巧合的是,我们正在研究一个关于打击垃圾邮件的典型问题:
打击垃圾邮件 - 作为电子邮件管理员、域名所有者或用户,我能做什么?
我认为,这是通过为您的域设置 SPF 和 DKIM 来识别的垃圾邮件类型。Amavis 中的反垃圾邮件扫描程序将能够更好地将这些垃圾邮件识别为垃圾邮件,因为使用 SPF,您将仅指定特定服务器作为允许为 mydomain.com 发送邮件的服务器,并使用 DKIM 为您的域签名外发邮件。
答案2
我建议你访问我们的有关打击垃圾邮件的规范帖子有关如何改进垃圾邮件拦截功能的更多详细想法,但我建议制定一条规则,from根据接收服务器的位置过滤地址,或为您的域设置发件人策略框架,以建立域的有效邮件服务器列表。毕竟,您不应该从您的域接收电子邮件,除非它来自内部地址或网关,对吗?因此,如果它来自您的域,并由外部邮件服务器发送,则可能应为其分配更高的垃圾邮件值或拒绝它。