我想在后期使用python实现高级内容过滤。 我已经从http://www.postfix.org/FILTER_README.htmlfind了实现。 但还有一个问题,在从python脚本过滤我需要中继到需要使用TLS的亚马逊。 问题是,如果我使用TLSconfiguration后缀,postfix-python脚本将会出错,如果我不使用TLS postfix-Amazon SES将会报错。 有任何想法解决这个问题?
来自亚马逊SES的错误:
Sep 29 07:09:41 mail postfix/qmgr[1935]: 4AC65C533B2: from=<[email protected]>, size=663, nrcpt=1 (queue active) Sep 29 07:09:41 mail postfix/error[2229]: 4AC65C533B2: to=<[email protected]>, relay=none, delay=8999, delays=8999/0.01/0/0.01, dsn=4.0.0, status=deferred (delivery temporarily suspended: SASL authentication failed; server email-smtp.us-west-2.amazonaws.com[34.211.81.29] said: 530 Must issue a STARTTLS command first) Main.cfconfiguration:
queue_directory = /var/spool/postfix daemon_directory = /usr/libexec/postfix mail_owner = postfix myhostname = xmail.xample.id mydomain = xmail.xample.id myorigin = $mydomain inet_protocols = all mydestination = $myhostname, localhost.$mydomain, localhost, mydomain mynetworks_style = host alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 sendmail_path = /usr/sbin/sendmail.postfix newaliases_path = /usr/bin/newaliases.postfix mailq_path = /usr/bin/mailq.postfix setgid_group = postdrop html_directory = no manpage_directory = /usr/share/man sample_directory = /usr/share/doc/postfix-2.10.1/samples readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtp_sasl_auth_enable = yes smtp_sasl_security_options = noanonymous smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd relayhost = [email-smtp.us-west-2.amazonaws.com]:587 smtpd_sasl_local_domain = $myhostname #smtp_use_tls = yes #smtp_tls_security_level = encrypt #smtp_tls_note_starttls_offer = yes content_filter = scan:localhost:10025 receive_override_options = no_address_mappings
Master.cf:
# # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: "man 5 master"). # # Do not forget to execute "postfix reload" after editing this file. # # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== smtp inet n - n - - smtpd #628 inet n - n - - qmqpd pickup unix n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr unix n - n 300 1 qmgr #qmgr unix n - n 300 1 oqmgr tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - n - - smtp relay unix - - n - - smtp # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - n - - showq error unix - - n - - error retry unix - - n - - error discard unix - - n - - discard local unix - nn - - local virtual unix - nn - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache scan unix - - n - 10 smtp -o smtp_send_xforward_command=yes -o disable_mime_output_conversion=yes localhost:10026 inet n - n - 10 smtpd -o content_filter= -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters -o smtpd_authorized_xforward_hosts=127.0.0.0/8
在谷歌search后,我find了一种方法。 即使不是针对某些特定的中继主机。 它在后缀中使用configuration,所以后缀不需要使用ssl。 该configuration位于main.cf中,使用以下行:
smtp_tls_security_level = may