我有一个正在运行的 Postfix 服务器,但在 main.cf 中添加了几行以期阻止一些常见的垃圾邮件。
我添加的行如下:
smtpd_helo_required = yes
smtpd_recipient_restrictions =
reject_invalid_hostname,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_rbl_client multi.uribl.com,
reject_rbl_client dsn.rfc-ignorant.org,
reject_rbl_client dul.dnsbl.sorbs.net,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client dnsbl.sorbs.net,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client ix.dnsbl.manitu.net,
reject_rbl_client combined.rbl.msrbl.net,
reject_rbl_client rabl.nuclearelephant.com,
permit
看来我的 postfix 现在可以正常接收普通电子邮件,并阻止垃圾邮件。但是,当我尝试自己使用此服务器向远程域发送邮件(不在我的服务器上的邮件)时,邮件会被退回,邮件日志显示如下内容:
Nov 12 06:19:36 srv postfix/smtpd[11756]: NOQUEUE: reject: RCPT from
unknown[xx.xx.x.xxx]: 450 4.1.2 <[email protected]>: Recipient address
rejected: Domain not found; from=<[email protected]>
to=<[email protected]> proto=ESMTP helo=<[192.168.1.100]>
gmail.com 是否显示“未找到域名”?为什么该收件人地址被拒绝?
我的 postconf-n 的输出是:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = all
inet_protocols = all
mail_owner = postfix
mailbox_size_limit = 0
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydomain = primarydomain.net
myhostname = mail.primarydomain.net
myorigin = $myhostname
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
relay_domains = $mydestination, primarydomain.net, secondarydomain.org
sample_directory = /usr/share/doc/postfix-2.6.6/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_client_restrictions = permit_sasl_authenticated
smtpd_helo_required = yes
smtpd_recipient_restrictions = reject_invalid_hostname, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client multi.uribl.com, reject_rbl_client dsn.rfc-ignorant.org, reject_rbl_client dul.dnsbl.sorbs.net, reject_rbl_client list.dsbl.org, reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client dnsbl.sorbs.net, reject_rbl_client cbl.abuseat.org, reject_rbl_client ix.dnsbl.manitu.net, reject_rbl_client combined.rbl.msrbl.net, reject_rbl_client rabl.nuclearelephant.com, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = reject_unknown_sender_domain
soft_bounce = no
unknown_local_recipient_reject_code = 550
virtual_alias_domains = mail.secondarydomain.org
virtual_alias_maps = hash:/etc/postfix/virtual
非常感谢任何见解。
编辑:这是来自服务器的 dig mx gmail.com:
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> mx gmail.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31766
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 4, ADDITIONAL: 14
;; QUESTION SECTION:
;gmail.com. IN MX
;; ANSWER SECTION:
gmail.com. 1207 IN MX 5 gmail-smtp-in.l.google.com.
gmail.com. 1207 IN MX 30 alt3.gmail-smtp-in.l.google.com.
gmail.com. 1207 IN MX 20 alt2.gmail-smtp-in.l.google.com.
gmail.com. 1207 IN MX 40 alt4.gmail-smtp-in.l.google.com.
gmail.com. 1207 IN MX 10 alt1.gmail-smtp-in.l.google.com.
;; AUTHORITY SECTION:
gmail.com. 109168 IN NS ns1.google.com.
gmail.com. 109168 IN NS ns4.google.com.
gmail.com. 109168 IN NS ns3.google.com.
gmail.com. 109168 IN NS ns2.google.com.
;; ADDITIONAL SECTION:
alt1.gmail-smtp-in.l.google.com. 207 IN A 173.194.70.27
alt1.gmail-smtp-in.l.google.com. 248 IN AAAA 2a00:1450:4001:c02::1b
gmail-smtp-in.l.google.com. 200 IN A 173.194.67.26
gmail-smtp-in.l.google.com. 248 IN AAAA 2a00:1450:400c:c05::1b
alt3.gmail-smtp-in.l.google.com. 207 IN A 74.125.143.27
alt3.gmail-smtp-in.l.google.com. 249 IN AAAA 2a00:1450:400c:c05::1b
alt2.gmail-smtp-in.l.google.com. 207 IN A 173.194.69.27
alt2.gmail-smtp-in.l.google.com. 248 IN AAAA 2a00:1450:4008:c01::1b
alt4.gmail-smtp-in.l.google.com. 207 IN A 173.194.79.27
alt4.gmail-smtp-in.l.google.com. 249 IN AAAA 2607:f8b0:400e:c01::1a
ns2.google.com. 281970 IN A 216.239.34.10
ns3.google.com. 281970 IN A 216.239.36.10
ns4.google.com. 281970 IN A 216.239.38.10
ns1.google.com. 281970 IN A 216.239.32.10
答案1
你真的应该把这两行放在你的smtpd_recipient_restrictions =
允许我的网络,
允许 sasl 身份验证,
因为这些应该是自动的(请确保也设置 mynetworks)发件人有效性标记。该smtpd_recipient_restrictions
选项有三个选项,是、否或不知道。是或否表示停止处理,不知道表示转到下一个选项。您希望短路经过身份验证的发件人和本地受信任网络中的人员。您甚至可以将第一个选项放在第一位permit_sasl_authenticated
。