如何配置 Postfix 检查外部黑名单?

如何配置 Postfix 检查外部黑名单?

如何配置 Postfix 使用外部黑名单(如 SPAMHAUS 和 BARRACUDA)来阻止垃圾邮件?

这是我的 main.cf

virtual_alias_domains = 
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /var/vmail
virtual_uid_maps = mysql:/etc/postfix/mysql-virtual_uids.cf
virtual_gid_maps = mysql:/etc/postfix/mysql-virtual_gids.cf
sender_bcc_maps = proxy:mysql:/etc/postfix/mysql-virtual_outgoing_bcc.cf
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_restriction_classes = greylisting
greylisting = check_policy_service inet:127.0.0.1:10023
smtpd_recipient_restrictions =
    check_policy_service inet:127.0.0.1:10031,
    permit_mynetworks,
    permit_sasl_authenticated,
    reject_unauth_destination,
    check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf,
    reject_rbl_client zen.spamhaus.org,
    check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10031
smtpd_use_tls = yes
smtpd_tls_security_level = may
smtpd_tls_cert_file = /etc/postfix/ssl/server.example.com.crt
smtpd_tls_key_file = /etc/postfix/ssl/server.example.com.key
smtpd_tls_CAfile = /etc/postfix/ssl/server.example.com.ca-bundle
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender_login_maps.cf
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps
smtpd_helo_required = yes
smtpd_helo_restrictions =
    permit_sasl_authenticated,
    permit_mynetworks,
    check_helo_access regexp:/etc/postfix/helo_access,
    reject_invalid_hostname,
    reject_non_fqdn_hostname,
    check_helo_access regexp:/etc/postfix/blacklist_helo
smtpd_sender_restrictions =
    check_sender_access regexp:/etc/postfix/tag_as_originating.re,
    permit_mynetworks,
    permit_sasl_authenticated,
    check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf,
    check_sender_access regexp:/etc/postfix/tag_as_foreign.re
smtpd_client_restrictions =
    check_client_access mysql:/etc/postfix/mysql-virtual_client.cf
smtpd_client_message_rate_limit = 100
maildrop_destination_concurrency_limit = 1
maildrop_destination_recipient_limit = 1
virtual_transport = dovecot
mime_header_checks = regexp:/etc/postfix/mime_header_checks
nested_header_checks = regexp:/etc/postfix/nested_header_checks
body_checks = regexp:/etc/postfix/body_checks
smtp_tls_security_level = may
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2,!SSLv3
smtp_tls_protocols = !SSLv2,!SSLv3
smtpd_tls_exclude_ciphers = RC4, aNULL
smtp_tls_exclude_ciphers = RC4, aNULL
myhostname = server.example.com
mynetworks = 127.0.0.0/8 [::1]/128
dovecot_destination_recipient_limit = 1
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
content_filter = amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings
bounce_template_file = /etc/postfix/bounce.cf
mailbox_size_limit = 0
message_size_limit = 0

答案1

您可以通过在 main.cf 中的 smtpd_recipient_restrictions 下的允许之前末尾添加以下内容来实现:

smtpd_recipient_restrictions
.....
reject_rbl_client bl.spamcop.net,
reject_rbl_client zen.spamhaus.org,
permit

我是这样设置的:

smtpd_recipient_restrictions =
   permit_mynetworks,
   permit_sasl_authenticated,
   warn_if_reject check_policy_service inet:localhost:12340
   reject_unauth_pipelining,
   reject_unauth_destination,
   reject_rbl_client bl.spamcop.net,
   reject_rbl_client zen.spamhaus.org,
   permit

还可以尝试添加以下内容,以便您可以收到错误/通知消息:

error_notice_recipient = [email protected]
delay_notice_recipient = $error_notice_recipient
bounce_notice_recipient = $error_notice_recipient
2bounce_notice_recipient = $error_notice_recipient
#The list of error classes that are reported to the postmaster
notify_classes = resource,software,bounce,2bounce,delay,policy,protocol

答案2

我发现了问题所在。我的服务器配置为使用 Google Public DNS 解析域名,但与 SPAMHAUS 配合使用效果不佳(https://www.spamhaus.org/faq/section/DNSBL%20Usage#261)。我将我的服务器配置为使用 OpenDNS 解析域名,现在它可以正常工作了。

相关内容