我想扩展我的后缀configuration,以便能够接收我的domian邮件。
目前,我已经将postfix设置为一个智能主机,它接受authentication后的邮件,并根据发件人转发到不同的服务器(如Gmail)。 这到目前为止效果很好。 我想扩展configuration,使我的域名(mydomain.com)邮件也被接受,但不需要身份validation(每个人都应该被允许发送邮件给该域名的用户)。 智能主机function应该保留。 因此Postfix应该采取以下两项任务:
当前configuration(main.cf)在下面附加。 我想我需要做的是更改“smtpd_client_restrictions”和“smtpd_receipient_restrictions”的参数,但我不确定。 如果有人能证实这一点,那已经会帮助我很多了。
main.cf:
[...] myhostname = mydomain.com mynetworks = 127.0.0.0/8 mydestination = mydomain.com localhost localhost.mydomain.com canonical_maps = regexp:/etc/postfix/canonical-redirect home_mailbox = Mail/ # POSTFIX SERVER AUTHENTICATION smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noplaintext, noanonymous smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_client_restrictions = permit_sasl_authenticated, reject smtpd_recipient_restrictions = permit_sasl_authenticated, reject smtpd_tls_security_level = encrypt # SENDER DEPENDENT RELAYs # relays smtp_sender_dependent_authentication = yes sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relay # auth smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_mechanism_filter = GSSAPI, DIGEST-MD5, CRAM-MD5, login, plain smtp_tls_security_level = encrypt smtp_sasl_security_options = noplaintext, noanonymous smtp_sasl_tls_security_options = noplaintext, noanonymous #TLS smtpd_tls_cert_file=/etc/ssl/cert.pem smtpd_tls_key_file=/etc/ssl/cert.key [...] 编辑:根据NickW的评论,我修改了权限
smtpd_client_restrictions = smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unknown_recipient_domain, permit
据我的理解,这条规则将首先允许来自已authentication用户的所有邮件,拒绝不在mydomain上的收件人的邮件,并最终允许这些邮件。 这到目前为止是正确的吗?
然而,postfix然后抱怨'致命的参数“smtpd_recipient_restrictions”:至less指定一个工作实例:check_relay_domains,reject_unauth_destination,reject,defer或defer_if_permit'。 如果我在“允许”之后放置了“拒绝”,postfix只显示一个警告(在'允许'被忽略后''限制'拒绝'),但错误没有显示出来。
因为您已将mydomain.com设置为主目录,那么您可以将permit_auth_destination设置为您的限制。
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_auth_destination, reject
正如NickW所说, smtpd_client_restrictions是多余的。 您可以删除该行。
我发布这个答案就像保持等宽格式与评论,这是我目前的设置为我的域名。
# === Incoming mail restriction ================================================ #smtpd_client_restrictions = # check_client_access hash:/etc/postfix/access smtpd_recipient_restrictions = # Whitelisting or blacklisting: # check_recipient_access proxy:mysql:/etc/postfix/mysql-virtual_recipient.cf, # Mails from our users: permit_mynetworks, # Greylist check_policy_service unix:private/postgray, # Everyone should play by the rules: reject_non_fqdn_recipient, reject_non_fqdn_sender, reject_unknown_recipient_domain, reject_unknown_sender_domain, reject_unauth_pipelining, # Allow authenticated users / 587 TLS/465 SSL permit_sasl_authenticated, # This will block mails from domains with no reverse DNS record. Will affect both spam and ham mails, but mostly spam. # reject_unknown_reverse_client_hostname, # Instead of reject_unknown_reverse_client_hostname you can also use reject_unknown_client_hostname, which is an even harder rule. # Reject ugly HELO/EHLO-hostnames (could also affect regular mails): # reject_non_fqdn_hostname, # reject_invalid_helo_hostname, # Reject everything you're not responsible for: reject_unauth_destination, # Only take mails for existing accounts: reject_unverified_recipient, # DNS lookups are "expensive", therefore should be at bottom # reject_rbl_client zen.spamhaus.org