许多用户拥有dynamicIP,并且有足够多的IP被列入黑名单。 如何禁用只有注册用户检查后缀黑名单? 我只想拦截来自黑名单IPS的传入邮件。
我已经向smtpd_helo_restrictions添加了permit_sasl_authenticated。 现在看起来像这样
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit 不过,我还没有testing过它。
smtpd_banner = $myhostname ESMTP $mail_name biff = no append_dot_mydomain = no readme_directory = no smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = smtpd_sasl_authenticated_header = yes smtpd_tls_cert_file=/etc/postfix/sasl/mail_support.crt smtpd_tls_key_file=/etc/postfix/sasl/mail_support.key smtpd_tls_CAfile=/etc/postfix/sasl/mail_support.pem smtp_tls_note_starttls_offer = yes smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_tls_security_level = may smtp_tls_security_level = may smtpd_use_tls = yes smtpd_tls_auth_only = no unknown_local_recipient_reject_code = 450 maximal_queue_lifetime = 7d minimal_backoff_time = 1000s maximal_backoff_time = 8000s smtp_helo_timeout = 60s smtpd_recipient_limit = 16 smtpd_soft_error_limit = 3 smtpd_hard_error_limit = 12 smtpd_helo_restrictions = permit_mynetworks, **permit_sasl_authenticated**, warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit smtpd_client_restrictions = reject_rbl_client zen.spamhaus.org, reject_rbl_client blackholes.easynet.nl smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service inet:127.0.0.1:10023, permit smtpd_data_restrictions = reject_unauth_pipelining smtpd_relay_restrictions = reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service inet:127.0.0.1:10023, permit smtpd_helo_required = yes smtpd_delay_reject = yes disable_vrfy_command = yes myhostname = mail myorigin = /etc/hostname mydestination = mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all mynetworks_style = host virtual_mailbox_base = /var/vmail virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf, mysql:/etc/postfix/mysql_virtual_mailbox_domainaliases_maps.cf virtual_uid_maps = static:150 virtual_gid_maps = static:8 virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf, mysql:/etc/postfix/mysql_virtual_alias_domainaliases_maps.cf virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf virtual_transport = dovecot dovecot_destination_recipient_limit = 1 content_filter = amavis:[127.0.0.1]:10024 header_checks = regexp:/etc/postfix/header_checks enable_original_recipient = no milter_default_action = accept milter_protocol = 2 smtpd_milters = inet:localhost:8891, inet:localhost:8893 non_smtpd_milters = inet:localhost:8891, inet:localhost:8893
在permit_sasl_authenticated之前向permit_sasl_authenticated添加permit_sasl_authenticated将执行技巧。 如果用户通过SASL进行了authentication,它将终止访问检查,所以不会再应用进一步的检查( reject_rbl_client )。
由Reinaldo-Gil 10月23日18:59转换