.. 并获得了几个 BL 的 IP..
此 Postfix 服务器设置为与 Exchange 服务器之间中继邮件。
我看到很多 postmaster 或 root @mail.mydomain.com 从 postfix 发出,而不是正确的邮件地址 @mydomain.com
该服务器正在运行 SpamAssassin、Amavis、PostScreen 和 OpenDMARC。我已三次检查,除了外部 DNS(Cloudfare)和内部 DNS(Active Directory)之外,没有配置文件声明 mail.mydomain.com,原因很明显。
主机名文件是:
mydomain.com
hosts 文件是:
127.0.0.1 localhost
127.0.1.1 mydomain.com
邮件名称是:
mydomain.com
外部和内部 DNS 是:
10.2.0.6 A mail.mydomain.com
my.pbl.ip.add A mail.mydomain.com
mydomain.com MX mail.mydomain.com
我是这样定义的:
notify_classes = bounce, delay, policy, protocol, resource, software
2bounce_notice_recipient = [email protected]
bounce_notice_recipient = [email protected]
delay_notice_recipient = [email protected]
error_notice_recipient = [email protected]
我需要知道要进行哪些调整才能使其停止使用@mail.mydomain.com 发送这些邮政局长和根电子邮件,并在我进入另一个列表之前开始使用正确的@mydomain.com。
请帮忙!
先感谢您!
主配置文件
default_process_limit = 50
smtpd_banner = mail.mydomain.com
biff = no
append_dot_mydomain = no
readme_directory = no
smtpd_tls_received_header = yes
smtpd_tls_cert_file=/etc/postfix/Alpha2022.crt
smtpd_tls_key_file=/etc/postfix/Alpha2022-nocrypt.key
smtpd_tls_CApath = /etc/ssl/certs/
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_exclude_ciphers = RC4,MD5, aNULL
smtp_tls_note_starttls_offer = yes
smtp_tls_ciphers = export
smtp_tls_cert_file=/etc/postfix/Alpha2022.crt
smtp_tls_key_file = /etc/postfix/Alpha2022-nocrypt.key
smtp_tls_CApath = /etc/ssl/certs/
smtp_tls_CAfile = /etc/postfix/AlphaSSL-IL.pem
smtp_use_tls=yes
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_exclude_ciphers = RC4, MD5, aNULL
smtp_dns_support_level=dnssec
smtp_host_lookup=dns
smtp_tls_security_level = dane
smtp_tls_loglevel = 1
smtpd_tls_ask_ccert = yes
smtpd_tls_security_level = may
smtpd_tls_auth_only = yes
smtpd_tls_always_issue_session_ids = no
smtpd_tls_loglevel = 1
tls_ssl_options = NO_COMPRESSION
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2 !SSLv3
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
smtp_tls_protocols = !SSLv2 !SSLv3
smtpd_tls_mandatory_ciphers=high
tls_high_cipherlist=EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
smtpd_tls_eecdh_grade=ultra
myhostname = mydomain.com
strict_rfc821_envelopes = yes
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4, ipv6
smtp_address_preference = any
compatibility_level = 2
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, reject_non_fqdn_sender, reject_unknown_sender_domain, check_client_access hash:/etc/postfix/rbl_override, reject_unauth_pipelining, reject_unknown_sender_domain, reject_non_fqdn_sender, permit
transport_maps = hash:/etc/postfix/transport_maps
relay_domains = mydomain.com otherdomain1.com otherdomain2.local otherdomain3.email otherdomain4.us otherdomain5.net
mynetworks = 127.0.0.0/8 10.2.0.0/24 192.168.0.0/16 backup.vps.host.ip4 [::1]/128 [fe80::]/10 [my:tunnelbrokerip6:addr]/64 [backup:vps:postfix:mx2]/64
relayhost =
mydestination =
local_recipient_maps =
local_transport = error:local mail delivery is disabled
smtpd_milters = local:/var/spool/postfix/opendmarc/opendmarc.sock
smtpd_sender_restrictions = hash:/etc/postfix/access
content_filter = smtp-amavis:[127.0.0.1]:10024
postscreen_dnsbl_threshold = 3
postscreen_dnsbl_sites =
zen.spamhaus.org*3
bl.mailspike.net*3
b.barracudacentral.org*2
bl.spameatingmonkey.net
bl.spamcop.net
spamtrap.trblspam.com
dnsbl.sorbs.net=127.0.0.[2;3;6;7;10]
ix.dnsbl.manitu.net
bl.blocklist.de
#whitelist
list.dnswl.org=127.0.[0..255].0*-1
list.dnswl.org=127.0.[0..255].1*-2
list.dnswl.org=127.0.[0..255].[2..3]*-3
iadb.isipp.com=127.0.[0..255].[0..255]*-2
iadb.isipp.com=127.3.100.[6..200]*-2
wl.mailspike.net=127.0.0.[17;18]*-1
wl.mailspike.net=127.0.0.[19;20]*-2
postscreen_dnsbl_reply_map = texthash:/etc/postfix/dnsbl_reply
postscreen_dnsbl_action = enforce
postscreen_dnsbl_ttl = 1h
postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_access.cidr, cidr:/etc/postfix/postscreen_spf_whitelist.cidr
postscreen_bare_newline_action = ignore
postscreen_bare_newline_enable = yes
postscreen_bare_newline_ttl = 30d
postscreen_blacklist_action = enforce
postscreen_cache_cleanup_interval = 12h
postscreen_cache_map = btree:$data_directory/postscreen_cache
postscreen_cache_retention_time = 7d
postscreen_client_connection_count_limit = $smtpd_client_connection_count_limit
postscreen_command_count_limit = 20
postscreen_command_filter =
postscreen_command_time_limit = ${stress?10}${stress:300}s
postscreen_disable_vrfy_command = $disable_vrfy_command
postscreen_discard_ehlo_keyword_address_maps = $smtpd_discard_ehlo_keyword_address_maps
postscreen_discard_ehlo_keywords = $smtpd_discard_ehlo_keywords
postscreen_enforce_tls = $smtpd_enforce_tls
postscreen_use_tls = $smtpd_use_tls
postscreen_expansion_filter = $smtpd_expansion_filter
postscreen_forbidden_commands = $smtpd_forbidden_commands
postscreen_greet_action = enforce
postscreen_greet_banner = Please Wait for SMTP
postscreen_greet_ttl = 1d
postscreen_greet_wait = ${stress?2}${stress:6}s
postscreen_helo_required = $smtpd_helo_required
postscreen_non_smtp_command_action = enforce
postscreen_non_smtp_command_enable = yes
postscreen_non_smtp_command_ttl = 30d
postscreen_pipelining_action = enforce
postscreen_pipelining_enable = yes
postscreen_pipelining_ttl = 30d
postscreen_post_queue_limit = $default_process_limit
postscreen_pre_queue_limit = $default_process_limit
postscreen_reject_footer = $smtpd_reject_footer
postscreen_tls_security_level = $smtpd_tls_security_level
postscreen_watchdog_timeout = 10s
smtpd_recipient_limit = 100
message_size_limit = 1000000000
notify_classes = bounce, delay, policy, protocol, resource, software
2bounce_notice_recipient = [email protected]
bounce_notice_recipient = [email protected]
delay_notice_recipient = [email protected]
error_notice_recipient = [email protected]
address_verify_sender = mydomain.com
答案1
使用“newaliases”命令未更新别名。此后,它停止尝试使用@mail.mydomain.com