Postfix 多实例仅默认工作

tag-icon tag-icon postfix email-server mx-record multiple-instances
Postfix 多实例仅默认工作

让我解释一下我在做什么以及我想从这个后缀多个实例中达到什么目的

我有域“example1.com”和“mail.example1.com”作为邮件服务器,并具有正确的 DNS MX 记录并且一切正常,现在我有另一个域“example2.com”和“mail.example2.com”作为邮件服务器,每次我从服务器发送邮件时,邮件都会进入客户端的 SPAM 文件夹,并且 smtp.mailfrom 显示“mail.example1.com”和 IP:1.1.1.1(例如)最后我在网站邮件黑名单数据库中找到了较新的域,因此我搜索了解决方案但最后看来我必须通过创建额外的 postfix 实例来使用 2 myhostname 来实现此目的并实现完全隔离。

我通过以下命令创建了另一个名为“postfix-secondary”的实例:

postmulti -e init

然后通过以下命令创建它:

postmulti -I postfix-secondary -e create

之后它通过以下方式运行:

postmulti -i postfix-secondary -p start

现在的问题是,即使禁用了默认邮件服务器,电子邮件仍然被迫通过“mail.example1.com”,我发现它一直聚集在默认队列中

我现在将列出配置(example1.com)/etc/postfix/main.cf:

smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination check_sender_access hash:/etc/postfix/mail_blacklist
myhostname = mail.example1.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = mail.example1.com, example1.com, localhost.example1.com, localhost
relayhost = 
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = 1.1.1.1
inet_protocols = ipv4

smtpd_recipient_restrictions = reject_invalid_hostname,
        reject_unknown_recipient_domain,
        reject_unauth_destination,
        reject_invalid_hostname,
        reject_non_fqdn_hostname,
        reject_non_fqdn_sender,
        reject_non_fqdn_recipient,
        reject_unknown_sender_domain,
        reject_unknown_recipient_domain,
        reject_rbl_client sbl.spamhaus.org,
        reject_rbl_client cbl.abuseat.org,
        reject_rbl_client dul.dnsbl.sorbs.net,
        permit

smtpd_helo_restrictions = reject_invalid_helo_hostname,
        reject_non_fqdn_helo_hostname,
        reject_non_fqdn_hostname,
        reject_invalid_hostname,
        reject_unknown_helo_hostname


default_process_limit = 100
smtpd_client_connection_count_limit = 10
smtpd_client_connection_rate_limit = 30
queue_minfree = 20971520
header_size_limit = 51200
message_size_limit = 10485760
smtpd_recipient_limit = 100
disable_vrfy_command= yes
smtpd_helo_required = yes
smtpd_delay_reject = yes
smtpd_error_sleep_time = 1s
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 20

(example1.com)/etc/postfix/master.cf(默认)

smtp      inet  n       -       -       -       -       smtpd

(example2.com)/etc/postfix-secondary/main.cf

unknown_local_recipient_reject_code = 550
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
debugger_command =
     PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
     ddd $daemon_directory/$process_name $process_id & sleep 5

readme_directory = no
inet_protocols = ipv4
#master_service_disable = inet
authorized_submit_users = 
queue_directory = /var/spool/postfix-secondary
multi_instance_name = postfix-secondary

myhostname = mail.example2.com
inet_interfaces = 2.2.2.2
multi_instance_enable = yes
mydestination = mail.example2.com, example2.com, localhost.example2.com, localhost



smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination check_sender_access hash:/etc/postfix/mail_blacklist
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
relayhost = 
mailbox_size_limit = 0
recipient_delimiter = +
#smtp_bind_address = 0.0.0.0


smtpd_recipient_restrictions = reject_invalid_hostname,
        reject_unknown_recipient_domain,
        reject_unauth_destination,
        reject_invalid_hostname,
        reject_non_fqdn_hostname,
        reject_non_fqdn_sender,
        reject_non_fqdn_recipient,
        reject_unknown_sender_domain,
        reject_unknown_recipient_domain,
        reject_rbl_client sbl.spamhaus.org,
        reject_rbl_client cbl.abuseat.org,
        reject_rbl_client dul.dnsbl.sorbs.net,
        permit

smtpd_helo_restrictions = reject_invalid_helo_hostname,
        reject_non_fqdn_helo_hostname,
        reject_non_fqdn_hostname,
        reject_invalid_hostname,
        reject_unknown_helo_hostname


default_process_limit = 100
smtpd_client_connection_count_limit = 10
smtpd_client_connection_rate_limit = 30
queue_minfree = 20971520
header_size_limit = 51200
message_size_limit = 10485760
smtpd_recipient_limit = 100
disable_vrfy_command= yes
smtpd_helo_required = yes
smtpd_delay_reject = yes
smtpd_error_sleep_time = 1s
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 20



append_dot_mydomain = no


smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

(example2.com)/etc/postfix-secondary/master.cf(默认)

smtp      inet  n       -       -       -       -       smtpd

(example1.com) 的 DNS 记录很好,并且与 (example2.com) 的 DNS 相同,只是域名和 IP 不同:

example2.com.   IN  MX  10 mail.example2.com.
mail.example2.com.          IN      A  2.2.2.2
example2.      IN TXT     "v=spf1 mx ip4:2.2.2.2/32 ~all"
_dmarc.example2.com.    IN  TXT "v=DMARC1; pct=100; p=none; adkim=r; aspf=r"

提前致谢

答案1

拥有一个邮件服务器(例如,mail.example.com作为不同域的外发 MTA)是完全正常的example.net。事实上,这是通常的方式;托管数百个域的服务提供商不会为每个域都设置一个新的 Postfix 实例。

忘记你正在做的事情并部署发件人策略框架防晒指数 (SPF),而是让接收 MTA 知道mail.example.com允许发送邮件example.net,或者更好的是,使用其 IP 地址引用服务器,即使用ip4机制

相关内容