问题:
几天前,我们面临来自外部 IP 的垃圾邮件攻击,该攻击使用真实的外部域向不同的外部域(如 yahoo、hotmail、gmail 等)发送了大约 7k 封电子邮件,我不得不手动通过防火墙阻止该 IP,
- 如何仅允许我的“域”mysql 数据库中定义的域并拒绝其他域(即使它们确实具有 MX 和 A 记录)就像
reject_unlisted_sender参数行为一样
配置:
-/etc/postfix/main.cf
.....
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access, reject_unlisted_sender, permit_sasl_authenticated, reject_unknown_sender_domain
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
...........
- /etc/postfix/master.cf
smtp inet n - - - - smtpd
smtps inet n - - - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
......
127.0.0.1:10025 inet n - - - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
# -o smtpd_bind_address=127.0.0.1
版本:
我的邮件服务器运行在“Ubuntu 12.04、postfix 2.9.6、courier”上