我们运行 Postfix 邮件服务器。它是 postfix + spamassasin + cyrus + MailScanner +MySQL。主邮件服务器由一个域 (example.com) 使用(总共两个域)。Postfix 使用 MySQL 作为虚拟域和用户。我还将一个域重写example.com为example.biz。
服务器大约在 7 年前设置(配置)。以下是后配置-n
问题是,在日志文件中,我看到了一些random recipients虚拟域。我读到Postfix 反向散射方法和这个问题。此时服务器正在向发件人发送回传递状态通知。我尝试了各种配置,但没有成功。以下是 smtp 日志的输出
postfix/smtpd[29764]: >>> CHECKING RECIPIENT MAPS <<<
postfix/smtpd[29764]: ctable_locate: leave existing entry key [email protected]
postfix/smtpd[29764]: maps_find: recipient_canonical_maps: [email protected]: not found
postfix/smtpd[29764]: match_string: example.com ~? mysql:/etc/postfix/mysql-mydestination.cf(0,lock|fold_fix)
postfix/smtpd[29764]: dict_mysql_get_active: attempting to connect to host unix:/var/run/mysqld/mysqld.sock
postfix/smtpd[29764]: dict_mysql: successful connection to host unix:/var/run/mysqld/mysqld.sock
postfix/smtpd[29764]: dict_mysql: successful query from host unix:/var/run/mysqld/mysqld.sock
postfix/smtpd[29764]: dict_mysql_lookup: retrieved 0 rows
postfix/smtpd[29764]: match_list_match: example.com: no match
postfix/smtpd[29764]: maps_find: recipient_canonical_maps: hash:/etc/postfix/myrecipientmap(0,lock|fold_fix): @example.com = @example.biz
postfix/smtpd[29764]: mail_addr_find: [email protected] -> @example.biz
postfix/smtpd[29764]: smtpd_check_rewrite: trying: permit_inet_interfaces
postfix/smtpd[29764]: permit_inet_interfaces: mail-lf0-f51.google.com 209.85.215.51
postfix/smtpd[29764]: before input_transp_cleanup: cleanup flags = enable_header_body_filter enable_automatic_bcc enable_address_mapp
postfix/smtpd[29764]: after input_transp_cleanup: cleanup flags = enable_header_body_filter enable_automatic_bcc enable_address_mappi
postfix/smtpd[29764]: connect to subsystem public/cleanup
postfix/smtpd[29764]: public/cleanup socket: wanted attribute: queue_id
postfix/smtpd[29764]: input attribute name: queue_id
postfix/smtpd[29764]: input attribute value: 6564E15F890
postfix/smtpd[29764]: public/cleanup socket: wanted attribute: (list terminator)
postfix/smtpd[29764]: input attribute name: (end)
postfix/smtpd[29764]: send attr flags = 50
postfix/smtpd[29764]: 6564E15F890: client=mail-lf0-f51.google.com[209.85.215.51]
postfix/smtpd[29764]: > mail-lf0-f51.google.com[209.85.215.51]: 250 2.1.5 Ok
postfix/smtpd[29764]: < mail-lf0-f51.google.com[209.85.215.51]: DATA
在日志中我看到,数据库中未找到随机用户dict_mysql_lookup: retrieved 0 rows。所以,这是正确的。但它并没有在 SMTP 级别被拒绝。显然有些问题我的配置。
smtpd_recipient_restrictions我尝试在指令中添加虚拟用户查找并进行permit更改reject,但没有成功。
然后我想要做的是改变 postfix 的行为,这样,在 SMTP 事务期间拒绝邮件,而不是生成来自 MAILER-DAEMON 的退回电子邮件。
答案1
好吧,看起来虽然您在 mysql 中的虚拟域下没有这样的帐户,但实际上由于某种原因您为该域设置了规范映射:
postfix/smtpd[29764]: maps_find: recipient_canonical_maps: hash:/etc/postfix/myrecipientmap(0,lock|fold_fix): @example.com = @example.biz
Canonical(5) 手册明确指出:
@domain address
Replace other addresses in domain by address. This form has the
lowest precedence.
Note: @domain is a wild-card. When this form is applied to
recipient addresses, the Postfix SMTP server accepts mail for
any recipient in domain, regardless of whether that recipient
exists. This may turn your mail system into a backscatter
source: Postfix first accepts mail for non-existent recipients
and then tries to return that mail as "undeliverable" to the
often forged sender address.
简而言之,您应该停止在规范映射中使用这种形式的别名,并为此目的使用虚拟别名映射。