服务器 Gind.cn
  1. 服务器 Gind.cn
  3. Postfix检查传出邮件的垃圾邮件
Intereting Posts
如何在Exchange 2010中设置根公用文件夹权限 安装Ubuntu时需要Internet连接吗? DNS故障 – 缺less条目 SQL Server 2005维护计划成功,但报告失败 由于安全问题,无法在远程Windows计算机上pipe理服务 保护NFS文件共享而不访问导出文件 SQL Server 2000 – 恢复.MDF使用sp_attach_single_file_db失败,错误 apache2 ServerAlias显示奇怪的行为 针对Windows域的Samba auth:需要/etc/nsswitch.conf吗? 邮件服务器无法复制Active Directory用户 Dockerfile php-fpm unmetdedeniced RDIMM RAM能否在UDIMM专用的主板上使用? 有关证书,域和服务器的广泛的SSL问题 如何在不使用SDK的情况下查询NetAPP ONTAP API? Mysql 5.6客户端无法显示UTF8字符

Postfix检查传出邮件的垃圾邮件

我如何强制postfix检查(并logging/标记/ etc)所有外发邮件的垃圾邮件

只是想确保我在我的服务器上做我的一部分。

编辑后缀configuration,按要求。

main.cf 

# See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = no # TLS parameters smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key smtpd_use_tls=yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. alias_maps = hash:/etc/aliases myhostname = example.com myorigin = /etc/mailname mydestination = localhost, localhost.localdomain, localhost relayhost = mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mailbox_command = procmail -a "$EXTENSION" mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all content_filter = smtp-amavis:[127.0.0.1]:10024 transport_maps = mysql:/etc/postfix/mysql/transport_maps.cf virtual_mailbox_domains = mysql:/etc/postfix/mysql/virtual_alias_domains.cf virtual_alias_maps = mysql:/etc/postfix/mysql/virtual_alias_maps.cf virtual_mailbox_base = /var/mail virtual_mailbox_maps = mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf virtual_minimum_uid = 100 virtual_uid_maps = static:5000 virtual_gid_maps = static:5000 dovecot_destination_recipient_limit = 1

master.cf 

 # # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: "man 5 master"). # # Do not forget to execute "postfix reload" after editing this file. # # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== smtp inet n - - - - smtpd submission inet n - - - - smtpd # -o smtpd_tls_security_level=encrypt # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #smtps inet n - - - - smtpd # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #628 inet n - - - - qmqpd pickup fifo n - - 60 1 pickup cleanup unix n - - - 0 cleanup qmgr fifo n - n 300 1 qmgr #qmgr fifo n - - 300 1 oqmgr tlsmgr unix - - - 1000? 1 tlsmgr rewrite unix - - - - - trivial-rewrite bounce unix - - - - 0 bounce defer unix - - - - 0 bounce trace unix - - - - 0 bounce verify unix - - - - 1 verify flush unix n - - 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - - - - smtp # When relaying mail as backup MX, disable fallback_relay to avoid MX loops relay unix - - - - - smtp -o smtp_fallback_relay= # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - - - - showq error unix - - - - - error retry unix - - - - - error discard unix - - - - - discard local unix - nn - - local virtual unix - nn - - virtual lmtp unix - - - - - lmtp anvil unix - - - - 1 anvil scache unix - - - - 1 scache 127.0.0.1:10025 inet n - y - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=100 smtp-amavis unix - - y - 2 smtp -o smtp_data_done_timeout=1200 -o disable_dns_lookups=yes # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # Many of the following services use the Postfix pipe(8) delivery # agent. See the pipe(8) man page for information about ${recipient} # and other message envelope options. # ==================================================================== # # maildrop. See the Postfix MAILDROP_README file for details. # Also specify in main.cf: maildrop_destination_recipient_limit=1 # maildrop unix - nn - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} # # See the Postfix UUCP_README file for configuration details. # uucp unix - nn - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) # # Other external delivery methods. # ifmail unix - nn - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - nn - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient scalemail-backend unix - nn - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} mailman unix - nn - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user} dovecot unix - nn - - pipe flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}

MySQL的/ transport_maps.cf 

 user = user password = password hosts = 127.0.0.1 dbname = postfix query = SELECT target FROM transports WHERE hostname = '%d' AND active = 1

MySQL的/ virtual_alias_domains.cf 

 user = user password = password hosts = 127.0.0.1 dbname = postfix select_field = domain table = domains where_field = domain additional_conditions = AND active = 1

MySQL的/ virtual_alias_maps.cf 

 user = user password = password hosts = 127.0.0.1 dbname = postfix select_field = forward table = aliases where_field = source additional_conditions = AND active = 1

MySQL的/ virtual_mailbox_maps.cf 

 user = user password = password hosts = 127.0.0.1 dbname = postfix query = SELECT mailbox_path FROM users WHERE address = '%s' AND active = 1

下面是一个configuration“存根”也用于检查传出的消息。

在main.cf中: 

 smtpd_sender_restrictions = check_client_access cidr:/etc/postfix/internal_clients_filter

和:/ etc / postfix / internal_clients_filter 

 192.168.0.0/24 FILTER smtp:[127.0.0.1]:12501 10.0.0.0/24 FILTER smtp:[127.0.0.1]:12501

(你也可以通过其他方式来login用户,ip等等)。

在Amavisd-new中使用policybank: 

 $interface_policy{'12501'} = 'INTERNAL'; $policy_bank{'INTERNAL'} = { # mail originating from clients in cidr:/etc/postfix/internal_clients_filter bypass_spam_checks_maps => [0], # spam-check outgoing mail bypass_banned_checks_maps => [0], # banned-check outgoing mail bypass_header_checks_maps => [0], # header-check outgoing mail forward_method => 'smtp:[127.0.0.1]:12502', # relay to Postfix listener on port 12502 };

而后缀中的重新注入path: 

 127.0.0.1:12502 inet n - n - - smtpd -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o mynetworks=127.0.0.0/8 -o smtpd_data_restrictions -o smtpd_end_of_data_restrictions= -o local_header_rewrite_clients= -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o smtpd_milters= -o local_recipient_maps= -o relay_recipient_maps= -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings

这是一个老问题,但我想我会分享一些允许使用出站Procmailfilter的configuration。 首先,在master.cf

 submission inet n - n - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=may -o smtpd_sasl_auth_enable=yes -o broken_sasl_auth_clients=yes -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination -o content_filter=procmail-outbound procmail-outbound unix - nn - - pipe flags=Rq user=mail argv=/usr/bin/procmail -t -m SENDER=${sender} RECIPIENT=${recipient} /etc/procmail/outbound.rc

然后你可以在outbound.rc运行你需要的任何procmail配方,然后像sendmail那样用sendmail处理已处理的消息: 

 # Send mail :0 w | /usr/bin/sendmail -G -i -f $SENDER $RECIPIENT

(请注意,该示例接受提交服务(端口587)上的邮件,而不是用于中继和发送的smtp服务。)

您的客户使用smtp服务器发送邮件 – 大概是这个postfix服务器。

发送的邮件通过Postfix的smtp传输,上面的configuration通过amazond通过content_filter传递 – 所以我认为你的出站邮件已经得到处理。

我build议你testing是否满足自己是否是这样的情况。

如果服务器不是很忙,你可以使用你的maillog,并且看看当你发送包含GTUBEstring( XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X )。 Amavisd / spamassassin应该能够收到消息。 如果是这样,那么你知道你的邮件正在扫描的路上。