所以,现在我正在设法通过smtpd_recipient_restrictions设置一个传出邮件黑名单。
我遇到的问题是,当我预期他们被系统拒绝时,我的testing电子邮件正在交付。
这是/etc/postfix/main.cf
# See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = no # TLS parameters smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key smtpd_use_tls=yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. smtpd_recipient_restrictions = reject_unknown_recipient_domain, reject_unauth_destination, check_recipient_access hash:/etc/postfix/recipient_block myhostname = hostname.domain.com alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = hostname.domain.com, hostname.domain.com, , localhost relayhost = mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mailbox_command = procmail -a "$EXTENSION" mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all
我的/etc/postfix/recipient_block (这是后来通过postmap运行)
[email protected] REJECT
然后,我正在发送testing电子邮件,如下所示:
$ echo test | mail -s "test email, please ignore" [email protected]
Postfix已经重新启动,重新启动了几次尝试和排除故障,都无济于事。
尾随/var/log/mail.log文件的块读取如下所示:
Sep 25 02:27:17 antares postfix/master[3024]: reload -- version 2.7.0, configuration /etc/postfix Sep 25 02:27:27 antares postfix/pickup[3104]: C723018770: uid=1001 from=<obsidian> Sep 25 02:27:27 antares postfix/cleanup[3110]: C723018770: message-id=<[email protected]> Sep 25 02:27:27 antares postfix/qmgr[3105]: C723018770: from=<[email protected]>, size=388, nrcpt=1 (queue active) Sep 25 02:27:28 antares postfix/smtp[3112]: C723018770: to=<[email protected]>, relay=ASPMX.L.GOOGLE.COM[74.125.47.26]:25, delay=0.35, delays=0.01/0.01/0.12/0.21, dsn=2.0.0, status=sent (250 2.0.0 OK 1316942848 j50si8227610yhe.128) Sep 25 02:27:28 antares postfix/qmgr[3105]: C723018770: removed
…所以,我很难过 我不明白为什么电子邮件不被拒绝。
问题是邮件通过pickup服务(通过sendmail接口)发送,所以它是一个“外发”的邮件。 对于传出邮件, smtpd_*_restrictions不适用。 这些限制仅适用于通过SMTP发送的“传入”邮件。
编辑甚至有一个由Victor Duchovni(Postfix维护者)提供的解决scheme: http ://marc.info/?l=postfix-users&m=120155612332393&w=1
正如@mailq所说,“邮件”程序不会通过SMTP注入消息,“smtpd_recipient_restrictions”只适用于通过SMTP接收的消息。 所以,例如,如果你运行这个,你应该看到它显示拒绝:
printf 'ehlo hostname.domain.com\nmail from: <[email protected]>\nrcpt to:' \ '<[email protected]>\nquit\n' | nc localhost 25
这通过“netcat”(通常称为“nc”)进行SMTP连接,并且应该certificate该块确实就位。
也许这就够了? 如果不是这样,我可以想出拒绝这个远程地址的唯一方法是build立一个拒绝发送给它的消息的传输,然后在传输表中列出与拒绝传输关联的地址。