Postfix 在 SMTP 事务期间拒绝未知收件人

Postfix 在 SMTP 事务期间拒绝未知收件人

我们运行 Postfix 邮件服务器。它是 postfix + spamassasin + cyrus + MailScanner +MySQL。主邮件服务器由一个域 (example.com) 使用(总共两个域)。Postfix 使用 MySQL 作为虚拟域和用户。我还将一个域重写example.comexample.biz

服务器大约在 7 年前设置(配置)。以下是后配置-n

问题是,在日志文件中,我看到了一些random recipients虚拟域。我读到Postfix 反向散射方法这个问题。此时服务器正在向发件人发送回传递状态通知。我尝试了各种配置,但没有成功。以下是 smtp 日志的输出

 postfix/smtpd[29764]: >>> CHECKING RECIPIENT MAPS <<<
 postfix/smtpd[29764]: ctable_locate: leave existing entry key [email protected]
 postfix/smtpd[29764]: maps_find: recipient_canonical_maps: [email protected]: not found
 postfix/smtpd[29764]: match_string: example.com ~? mysql:/etc/postfix/mysql-mydestination.cf(0,lock|fold_fix)
 postfix/smtpd[29764]: dict_mysql_get_active: attempting to connect to host unix:/var/run/mysqld/mysqld.sock
 postfix/smtpd[29764]: dict_mysql: successful connection to host unix:/var/run/mysqld/mysqld.sock
 postfix/smtpd[29764]: dict_mysql: successful query from host unix:/var/run/mysqld/mysqld.sock
 postfix/smtpd[29764]: dict_mysql_lookup: retrieved 0 rows
 postfix/smtpd[29764]: match_list_match: example.com: no match
 postfix/smtpd[29764]: maps_find: recipient_canonical_maps: hash:/etc/postfix/myrecipientmap(0,lock|fold_fix): @example.com = @example.biz
 postfix/smtpd[29764]: mail_addr_find: [email protected] -> @example.biz
 postfix/smtpd[29764]: smtpd_check_rewrite: trying: permit_inet_interfaces
 postfix/smtpd[29764]: permit_inet_interfaces: mail-lf0-f51.google.com 209.85.215.51
 postfix/smtpd[29764]: before input_transp_cleanup: cleanup flags = enable_header_body_filter enable_automatic_bcc enable_address_mapp
 postfix/smtpd[29764]: after input_transp_cleanup: cleanup flags = enable_header_body_filter enable_automatic_bcc enable_address_mappi
 postfix/smtpd[29764]: connect to subsystem public/cleanup
 postfix/smtpd[29764]: public/cleanup socket: wanted attribute: queue_id
 postfix/smtpd[29764]: input attribute name: queue_id
 postfix/smtpd[29764]: input attribute value: 6564E15F890
 postfix/smtpd[29764]: public/cleanup socket: wanted attribute: (list terminator)
 postfix/smtpd[29764]: input attribute name: (end)
 postfix/smtpd[29764]: send attr flags = 50
 postfix/smtpd[29764]: 6564E15F890: client=mail-lf0-f51.google.com[209.85.215.51]
 postfix/smtpd[29764]: > mail-lf0-f51.google.com[209.85.215.51]: 250 2.1.5 Ok
 postfix/smtpd[29764]: < mail-lf0-f51.google.com[209.85.215.51]: DATA

在日志中我看到,数据库中未找到随机用户dict_mysql_lookup: retrieved 0 rows。所以,这是正确的。但它并没有在 SMTP 级别被拒绝。显然有些问题我的配置

smtpd_recipient_restrictions我尝试在指令中添加虚拟用户查找并进行permit更改reject,但没有成功。

然后我想要做的是改变 postfix 的行为,这样,在 SMTP 事务期间拒绝邮件,而不是生成来自 MAILER-DAEMON 的退回电子邮件。

答案1

好吧,看起来虽然您在 mysql 中的虚拟域下没有这样的帐户,但实际上由于某种原因您为该域设置了规范映射:

postfix/smtpd[29764]: maps_find: recipient_canonical_maps: hash:/etc/postfix/myrecipientmap(0,lock|fold_fix): @example.com = @example.biz    

Canonical(5) 手册明确指出:

@domain address
          Replace other addresses in domain by address.  This form has the
          lowest precedence.

          Note: @domain is a wild-card.  When  this  form  is  applied  to
          recipient  addresses,  the  Postfix SMTP server accepts mail for
          any recipient in domain, regardless of  whether  that  recipient
          exists.   This  may  turn  your  mail  system into a backscatter
          source: Postfix first accepts mail for  non-existent  recipients
          and  then  tries  to  return that mail as "undeliverable" to the
          often forged sender address.

简而言之,您应该停止在规范映射中使用这种形式的别名,并为此目的使用虚拟别名映射。

相关内容