我最近尝试设置一个邮件服务器,尝试托管一些邮件列表。顺便说一句,我确实添加了 DMARC、DKIM 和 SPF 记录。
最近,我发现我的服务器发送了大量(非常多)垃圾邮件(队列增长到数千封,电子邮件被发送到许多随机电子邮件地址)。有什么办法可以只允许 mailman 从我的服务器发送邮件吗?我希望能够向任何服务器发送电子邮件,但我想只有 mailman 才应该负责发送?如果我没有理解它的工作原理,请告诉我。
我的配置在这里:
# File /etc/exim4/conf.d/main/00_local_macros
DKIM_DOMAIN = lists.domain.name
DKIM_SELECTOR = default
DKIM_PRIVATE_KEY = /etc/exim4/dkim/privatekey.pem
DKIM_CANON = relaxed
#-------
# File /etc/exim4/conf.d/main/25_mm3_macros
domainlist mm3_domains=lists.domain.name
MM3_LMTP_HOST=172.25.195.2
MM3_LMTP_PORT=8024
MM3_HOME=/opt/mailman/core/var
################################################################
# The configuration below is boilerplate:
# you should not need to change it.
# The path to the list receipt (used as the required file when
# matching list addresses)
MM3_LISTCHK=MM3_HOME/lists/${local_part}.${domain}
# Place this file at
# /etc/exim4/conf.d/router/455_mm3_router
mailman3_router:
driver = accept
domains = +mm3_domains
require_files = MM3_LISTCHK
local_part_suffix_optional
local_part_suffix = -admin : \
-bounces : -bounces+* : \
-confirm : -confirm+* : \
-join : -leave : \
-owner : -request : \
-subscribe : -unsubscribe
transport = mailman3_transport
# Place this file at
#-------
# File /etc/exim4/conf.d/transport/55_mm3_transport
mailman3_transport:
debug_print = "Email for mailman"
driver = smtp
protocol = lmtp
allow_localhost
hosts = MM3_LMTP_HOST
port = MM3_LMTP_PORT
rcpt_include_affixes = true
#-------
# File /etc/exim4/update-exim4.conf.conf
#
# Edit this file and /etc/mailname by hand and execute update-exim4.conf
# yourself or use 'dpkg-reconfigure exim4-config'
#
# Please note that this is _not_ a dpkg-conffile and that automatic changes
# to this file might happen. The code handling this will honor your local
# changes, so this is usually fine, but will break local schemes that mess
# around with multiple versions of the file.
#
# update-exim4.conf uses this file to determine variable values to generate
# exim configuration macros for the configuration file.
#
# Most settings found in here do have corresponding questions in the
# Debconf configuration, but not all of them.
#
# This is a Debian specific file
dc_eximconfig_configtype='internet'
dc_other_hostnames=''
dc_local_interfaces='0.0.0.0 ; ::0'
dc_readhost=''
dc_relay_domains=''
dc_minimaldns='false'
dc_relay_nets='0.0.0.0/0'
dc_smarthost=''
CFILEMODE='644'
dc_use_split_config='true'
dc_hide_mailname=''
dc_mailname_in_oh='true'
dc_localdelivery='mail_spool'
IGNORE_SMTP_LINE_LENGTH_LIMIT='true'
我的邮递员配置:
[mta]
incoming: mailman.mta.exim4.LMTP
outgoing: mailman.mta.deliver.deliver
lmtp_host: 172.25.195.2
lmtp_port: 8024
smtp_host: 172.25.195.4
smtp_port: 25
configuration: python:mailman.config.exim4
[mailman]
# This address is the "site owner" address. Certain messages which must be
# delivered to a human, but which can't be delivered to a list owner (e.g. a
# bounce from a list owner), will be sent to this address. It should point to
# a human.
site_owner: [email protected]
答案1
允许dc_relay_nets='0.0.0.0/0'从任何 IP 地址进行中继,从而使您的邮件服务器成为开放中继. 您应该将其限制在您的内部/受信任的网络中。
SPF/DKIM/DMARC 无法保护您免受内部配置错误的影响。最糟糕的情况是服务器 DKIM 会签署未经授权的邮件。最终您的 IP 地址会被列入黑名单。
答案2
正如 Esa 指出的那样,dc_relay_nets问题就在这里。运行dpkg-reconfigure exim4-config配置向导并再次更改值,或者编辑文件并重新加载 Exim 以将其重新处理为新的 Exim 配置文件。
Exim 有一个方便的exim4 -d -bh 1.2.3.4命令,可以模拟 SMTP 会话并详细显示如何处理 ACL,从而导致所有邮件被接受进行中继或本地交付或被拒绝。每当您想询问 Exim“为什么允许(或拒绝)这样做”时,它都是一个非常有用的工具。