这是我的问题:
我的电子邮件地址例如[电子邮件保护]。
Postfix 接收地址对应的邮件时一切正常[电子邮件保护]。
但垃圾邮件发送者经常使用随机邮箱,例如[电子邮件保护]。Postfix 首先在 Amavis 垃圾邮件过滤器中检查电子邮件。然后检查数据库是否存在邮箱。当垃圾邮件发送者发送过多电子邮件时,我的服务器就会超载。我想拒绝所有不存在邮箱的电子邮件,而无需进行垃圾邮件检查。
我尝试了“队列后内容过滤器” -http://www.postfix.org/FILTER_README.html- 但没有成功。
我的配置:
/etc/postfix/main.cf:
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_alias_domains = proxy:mysql:/etc/postfix/mysql-virtual_alias_domains.cf
virtual_alias_maps =
proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf,
proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf
virtual_mailbox_limit_maps = 4096M
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname
smtpd_helo_required = yes
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination
smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, check_sender_access hash:/etc/postfix/sender_access, regexp:/etc/postfix/sender_access, reject_unknown_sender_domain, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_reverse_client_hostname, reject_unknown_client_hostname, reject_unknown_sender_domain
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
check_recipient_access hash:/etc/postfix/recipient_access,
reject_invalid_hostname,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_unlisted_recipient,
reject_unauth_destination,
reject_unauth_pipelining,
reject_non_fqdn_recipient
milter_default_action = accept
milter_protocol = 6
smtpd_milters = unix:var/run/opendkim/opendkim.sock
non_smtpd_milters = unix:var/run/opendkim/opendkim.sock
myorigin = localhost
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) (jako fakt dobry)
biff = no
append_dot_mydomain = no
delay_warning_time = 4h
readme_directory = /usr/share/doc/postfix
html_directory = /usr/share/doc/postfix/html
compatibility_level = 2
smtpd_tls_cert_file=/var/www/_ssl/...pem
smtpd_tls_key_file=/var/www/_ssl/...pem
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = domain.com
mydomain = domain.com
mydestination = localhost
mynetworks = 127.0.0.0/8 127.0.0.1 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
smtpd_sasl_auth_enable = yes
smtp_sasl_mechanism_filter = plain, login
smtp_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
broken_sasl_auth_clients = no
queue_directory = /var/spool/postfix
smtpd_tls_security_level=may
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
local_recipient_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf
debug_peer_level = 10
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
message_size_limit = 104857600
smtputf8_enable = no
/etc/postfix/master.cf:
smtp inet n - n - - smtpd
-o content_filter=amavis:[127.0.0.1]:10024
submission inet n - n - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_reject_unlisted_recipient=no
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
smtps inet n - y - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_reject_unlisted_recipient=no
-o milter_macro_daemon_name=ORIGINATING
pickup unix n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - y - - smtp
showq unix n - y - - showq
error unix - - y - - error
retry unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop}
spamassassin unix - n n - - pipe
user=debian-spamd argv=/usr/bin/spamc -f -e
/usr/sbin/sendmail -oi -f ${sender} ${recipient}
amavis unix - - y - 20 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
127.0.0.1:10025 inet n - - - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
policyd-spf unix - n n - 0 spawn
user=policyd-spf argv=/usr/bin/policyd-spf
有人知道吗?
答案1
问题解决了。
如果您遇到与我同样的问题,您必须编辑您的 SQL 查询。
现有的电子邮件地址:[电子邮件保护]
我在 /etc/postfix/mysql-virtual_mailboxes.cf 中使用了此查询:
SELECT IF(u.username!='', CONCAT('/var/mail/', u.domain, '/', u.username), f.destination) FROM forwardings f INNER JOIN users u ON CONCAT(u.username, '@', u.domain)=f.destination WHERE f.source='%s' OR SUBSTRING_INDEX(f.source, '@', -1)= '%d' LIMIT 1
例如:电子邮件用于[电子邮件保护]。MySQL 查询仅检查域 (%d)。域存在。因此 Postfix 认为一切正常。
但您可以像这样编辑此查询:
SELECT CONCAT('/var/mail/', u.username, '/', u.domain) FROM forwardings f INNER JOIN users u ON CONCAT(u.username, '@', u.domain)=f.destination WHERE f.source='%s' OR f.source='@%d' UNION ALL SELECT CONCAT('/var/mail/', domain, '/', username) FROM users WHERE CONCAT(username, '@', domain)='%s' LIMIT 1
瞧!