我的 postfix 服务器配置为根据 spamhaus 和 spamcop 管理的几个垃圾邮件阻止列表拒绝电子邮件。
注意到最近收到的垃圾邮件比平时多后,我从日志中发现,上一次因为这两种服务的积极结果而拒绝电子邮件是在一周前。我有一段时间没有更改我的 postfix 配置了,所以服务器上应该没有任何变化。
我已经在这里进行了测试 -https://blt.spamhaus.com/并且它们都通过了,这证实了电子邮件没有被拒绝。另外,我检查了我收到的几封垃圾邮件的发件域的阻止列表,发现它们确实存在,因此应该被拒绝。
我有点不知道该如何进一步排除故障。Postfix 日志中似乎没有任何内容表明“我没有检查此阻止列表,因为...”我如何才能找到此问题的根本原因?
我的 smtp 收件人限制如下:
smtpd_recipient_restrictions =
permit_mynetworks
check_sender_access
hash:/etc/postfix/sender_access
reject_unauth_destination
reject_unauth_pipelining
reject_invalid_hostname
reject_non_fqdn_sender
reject_unknown_sender_domain
reject_non_fqdn_recipient
reject_unknown_recipient_domain
reject_rbl_client bl.spamcop.net
reject_rbl_client zen.spamhaus.org
reject_rbl_client dul.dnsbl.sorbs.net
permit
smtpd_reject_unlisted_sender = yes
postconf -n 的输出:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
biff = no
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix/sbin
disable_vrfy_command = yes
home_mailbox = Mail/
mailbox_command = /usr/lib/dovecot/deliver
mailbox_size_limit = 0
message_size_limit = 20480000
mydestination = b3.localdomain, localhost.localdomain, localhost, /etc/postfix/bubbadomains, $myhostname
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
recipient_delimiter = +
relayhost = smtp.gmail.com
sender_bcc_maps = hash:/etc/postfix/sender_bcc
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_discard_ehlo_keywords = silent-discard, dsn
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_mynetworks check_sender_access hash:/etc/postfix/sender_access reject_unauth_destination reject_unauth_pipelining reject_invalid_hostname reject_non_fqdn_sender reject_unknown_sender_domain reject_non_fqdn_recipient reject_unknown_recipient_domain reject_rbl_client bl.spamcop.net reject_rbl_client zen.spamhaus.org reject_rbl_client dul.dnsbl.sorbs.net permit
smtpd_reject_unlisted_sender = yes
smtpd_relay_restrictions = permit_mynetworks check_sender_access hash:/etc/postfix/sender_access reject_unauth_destination reject_unauth_pipelining reject_invalid_hostname reject_non_fqdn_sender reject_unknown_sender_domain reject_non_fqdn_recipient reject_unknown_recipient_domain reject_rbl_client bl.spamcop.net reject_rbl_client zen.spamhaus.org reject_rbl_client dul.dnsbl.sorbs.net permit
smtpd_tls_cert_file = /etc/letsencrypt/live/mydomain.co.uk/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/mydomain.co.uk/privkey.pem
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtpd_use_tls = yes
unknown_local_recipient_reject_code = 550
答案1
因此,尽管 dig 请求(例如dig @localhost a 185.176.220.75.zen.spamhaus.org)返回了预期结果,导致我假设没有网络/DNS 问题,但我在 OpenDNS 仪表板中确实发现了 spamhaus 和 spamcop DNS 请求被阻止的证据。没有给出任何原因,并且在检查时没有与它们相关的类别,因此这可能是一个会自行纠正的暂时性问题。不过,为了避免碰运气,我专门将这些域列入了白名单。几分钟后,我再次运行了 spamhaus 的电子邮件测试,我预计会被阻止的那些确实被阻止了。