我在 ubuntu 22.04 上有一个 smtp 中继服务器。配置如下:
主配置文件(Postfix 3.6.4)
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 3.6 on
# fresh installs.
compatibility_level = 3.6
# TLS parameters
smtpd_tls_cert_file=/etc/letsencrypt/live/example.com/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/example.com/privkey.pem
smtpd_tls_security_level=may
smtp_use_tls=yes
smtp_tls_CApath=/etc/ssl/certs
smtp_tls_security_level=may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
myhostname = mail.example.com
mydomain = mail.example.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = localhost.$mydomain, localhost, $myhostname
relayhost =
#relay_domains = gmail.com, google.com, mail.example.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 35.190.247.0/24 64.233.160.0/19 66.102.0.0/20 66.249.80.0/20 72.14.192.0/18 74.125.0.0/16 108.177.8.0/21 173.194.0.0/16 209.85.128.0/17 216.58.192.0/19 216.239.32.0/19 [2001:4860:4000::]/36 [2404:6800:4000::]/36 [2607:f8b0:4000::]/36 [2800:3f0:4000::]/36 [2a00:1450:4000::]/36 [2c0f:fb50:4000::]/36 172.217.0.0/19 172.217.32.0/20 172.217.128.0/19 172.217.160.0/20 172.217.192.0/19 172.253.56.0/21 172.253.112.0/20 108.177.96.0/19 35.191.0.0/16 130.211.0.0/22
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4
milter_protocol = 2
milter_default_action = accept
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
服务器配置为限制 Google 邮件服务器的子网。但是,过了一段时间,他们开始收到大量以下类型的警报:
Jun 19 15:59:27 mail postfix/smtp[1317360]: 96B363F433: host gmail-smtp-in.l.google.com[64.233.164.27] said: 452-4.2.2 The email account that you tried to reach is over quota. Please direct 452-4.2.2 the recipient to 452 4.2.2 https://support.google.com/mail/?p=OverQuotaTemp r10-20020a19ac4a000000b004f3af9f6f49si7648022lfc.477 - gsmtp (in reply to RCPT TO command)
Jun 19 15:59:27 mail postfix/smtp[1317297]: 99B5C3F424: host gmail-smtp-in.l.google.com[64.233.164.27] said: 452-4.2.2 The email account that you tried to reach is over quota. Please direct 452-4.2.2 the recipient to 452 4.2.2 https://support.google.com/mail/?p=OverQuotaTemp w11-20020ac25d4b000000b004f4cdfda284si7609404lfd.591 - gsmtp (in reply to RCPT TO command)
Jun 19 15:59:26 mail postfix/smtp[1317294]: 0C6BF3F460: to=<[email protected]>, relay=alt1.gmail-smtp-in.l.google.com[142.250.157.27]:25, delay=4084, delays=4077/3.8/2.9/0.54, dsn=4.2.2, status=deferred (host alt1.gmail-smtp-in.l.google.com[142.250.157.27] said: 452-4.2.2 The email account that you tried to reach is over quota. Please direct 452-4.2.2 the recipient to 452 4.2.2 https://support.google.com/mail/?p=OverQuotaTemp le7-20020a170902fb0700b001ac6b926624si71393plb.122 - gsmtp (in reply to RCPT TO command))
Jun 19 15:59:26 mail postfix/smtp[1317297]: 15E253F4C1: to=<[email protected]>, relay=alt1.gmail-smtp-in.l.google.com[142.250.157.27]:25, delay=4078, delays=4071/3.8/2.8/0.6, dsn=4.2.2, status=deferred (host alt1.gmail-smtp-in.l.google.com[142.250.157.27] said: 452-4.2.2 The email account that you tried to reach is over quota. Please direct 452-4.2.2 the recipient to 452 4.2.2 https://support.google.com/mail/?p=OverQuotaTemp cm2-20020a17090afa0200b0025bafac22e9si29382pjb.157 - gsmtp (in reply to RCPT TO command))
我如何才能阻止此类大规模中继请求?最好的服务是什么?是否有可能以某种方式阻止 Rayleigh 只能从公司域发出?重要的一点是,该服务器用于从 Google Workspace 发送电子邮件,因此阻止不会影响公司电子邮件的转发。非常感谢您的帮助。