Postfix 在用户未知别名(“|exit 67”)上反弹,而不是拒绝邮件

Postfix 在用户未知别名(“|exit 67”)上反弹,而不是拒绝邮件

我有一个小型的 postfix 服务器,用于我自己的几个域(与 mydestination = pcre:/etc/postfix/mydestinations 匹配)。我设置了一些非虚拟别名

alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases

在这个文件中我定义了通用别名

generic: someuser

现在,recipient_delimiter = -我可以将 用作[email protected]一次性电子邮件地址。由于其中一些通用地址会收到垃圾邮件,因此我可以丢弃所有电子邮件根据别名

generic-spammed: /dev/null

效果很好,但这意味着我必须继续接受这些电子邮件。相反,我想拒绝它们。阅读别名文档,似乎我应该能够执行以下操作来拒绝带有“用户未知”错误的电子邮件

generic-spammed:    |"exit 67"

不幸的是,电子邮件被退回而不是被拒绝,导致邮件被反向散射。这意味着它们最初被接受,然后250 OK返回给发件人,然后才被退回。

这类似于这个问题,但我使用的是本地目的地,而不是虚拟目的地。我默认smtpd_reject_unlisted_recipient开启,我怀疑我的问题是由于以下句子来自文档

The recipient domain matches $mydestination, $inet_interfaces or $proxy_interfaces, but the recipient is not listed in $local_recipient_maps, and $local_recipient_maps is not null. 

问题是收件人完全被列出吗?有没有办法拒绝这些电子邮件而不是将其退回?

postconf -n返回以下内容:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
home_mailbox = Maildir/
inet_interfaces = all
mailbox_size_limit = 0
milter_default_action = accept
milter_protocol = 2
mua_client_restrictions = permit_sasl_authenticated, reject
mua_helo_restrictions = permit
mua_sender_restrictions = permit
mydestination = pcre:/etc/postfix/mydestinations
mydomain = xavasite.net
myhostname = dent.xavasite.net
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 185.26.124.183 [2001:4b98:dc2:47:216:3eff:fe3f:43d3]
myorigin = /etc/mailname
non_smtpd_milters = local:/var/run/opendkim/opendkim.sock
policy-spf_time_limit = 3600s
readme_directory = no
recipient_delimiter = -
relayhost =
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_junk_command_limit = 1
smtpd_milters = local:/var/run/opendkim/opendkim.sock
smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_policy_service unix:private/policy-spf, reject_rbl_client bl.spamcop.net, reject_rbl_client psbl.surriel.com, reject_rbl_client cbl.abuseat.org, reject_rbl_client zen.spamhaus.org,
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/dovecot-auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = reject_unknown_sender_domain
smtpd_tls_CAfile = /etc/ssl/2015/GandiStandardSSLCA2.pem
smtpd_tls_cert_file = /etc/ssl/2015/xavier.robin.name.crt
smtpd_tls_key_file = /etc/ssl/2015/xavier.robin.name.key
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_exclude_ciphers = RC4
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes

答案1

我认为你在别名文件中引用不正确

generic-spammed:    |"exit 67"

它应该是

generic-spammed:    "|exit 67"

此外,默认情况下,postfix 将不允许传递“|命令”,因此您还需要包含以下内容

allow_mail_to_commands = alias,forward,include

http://www.postfix.org/postconf.5.html#allow_mail_to_commands

答案2

我找到了一种解决方法,可以使用check_recipient_access配置。它允许创建一个包含特定电子邮件地址的 REJECT 语句的哈希数据库文件。

/etc/postfix/alias_disable我创建了一个名为以下内​​容的文件:

[email protected]     REJECT

然后我运行并在范围内postmap alias_disable添加了一行:main.cfsmtpd_recipient_restrictions

smtpd_recipient_restrictions =
        [...]
       **check_recipient_access hash:/etc/postfix/alias_disable**

现在电子邮件已被拒绝,并且没有被退回:

554 5.7.1 <[email protected]>: Recipient address rejected: Access denied;

显然应该可以自定义拒绝消息,包括几个后缀操作但我还没尝试过。

相关内容