【发布时间】:2017-07-24 03:24:43
【问题描述】:
我在 ubuntu 12.04.05 LTS 上运行一个 postfix 服务器 (2.9.6),来自某个域的垃圾邮件根本不会被拒绝,尽管有一个明确的 check_client_access 列表,其中有问题的域示例。我在同一个覆盖文件中尝试了使用知名邮件服务器(gmx.net)的拒绝设置,它按预期阻止了来自该服务器的传入邮件,但出于某种原因,来自 example.com 的邮件只是通过.我检查了我是否犯了错误,并以某种方式将其列入白名单,但我找不到任何类似的东西。
main.cf中完整的blockingrule条目如下:
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname,
warn_if_reject reject_unknown_helo_hostname,
regexp:/etc/postfix/override_helo_access.regexp
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated
smtpd_sender_restrictions = check_sender_access hash:/var/spool/postfix/plesk blacklists, permit_sasl_authenticated
smtpd_recipient_restrictions =
permit_mynetworks,
reject_sender_login_mismatch,
permit_sasl_authenticated,
check_client_access hash:/etc/postfix/override_client_access,
check_sender_access hash:/etc/postfix/override_sender_access,
reject_unlisted_sender,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_unknown_reverse_client_hostname,
reject_unknown_client_hostname,
reject_unauth_pipelining,
reject_unauth_destination
smtpd_client_restrictions 和 smtpd_sender_restrictions(另一个黑名单)似乎是由 plesk 处理的,所以我没有在那里进行任何更改。
override_client_access 文件如下所示(摘录):
spamdomain.org REJECT
.spamdomain2.com REJECT
example.com REJECT
.example.com REJECT
spamdomain.net REJECT
12.12.12.12 REJECT
我确保 example.com 域和任何子域或其对应的 IP 地址在此文件中没有意外的白名单规则。
override_sender_access 文件仅列出了列入白名单的电子邮件地址:
bla@foo.de OK
foo@bla.de OK
etc@etc.de OK
这个文件只列出了很少的电子邮件,我都检查过,所以它不会成为意外列入白名单的原因。
当然,每次更新这些文件后,我都会使用postmap override_sender_access 或postmap override_client_access 命令创建新的哈希数据库,然后执行postfix reload。正如我已经提到的,我通过在 override_client_access 文件的末尾添加“.gmx.net REJECT”然后从 gmx 域向我的邮件服务器发送邮件来测试此设置,并且拒绝按预期工作。
这是几小时前最新的垃圾邮件通过时的logfile sn-p,所有相应的设置/文件几天后都没有改变:
Jul 24 00:39:35 postfix/smtpd[21873]: connect from mail.example.com[123.123.123.123]
Jul 24 00:39:36 postfix/smtpd[21873]: 0B6A7468A8E: client=mail.example.com[123.123.123.123]
Jul 24 00:39:36 postfix/cleanup[22020]: 0B6A7468A8E: message-id=<ublaqzk20871180.13462188@mail.example.com>
Jul 24 00:39:36 /usr/lib/plesk-9.0/psa-pc-remote[32672]: handlers_stderr: SKIP
Jul 24 00:39:36 /usr/lib/plesk-9.0/psa-pc-remote[32672]: SKIP during call 'limit-out' handler
Jul 24 00:39:36 /usr/lib/plesk-9.0/psa-pc-remote[32672]: handlers_stderr: SKIP
Jul 24 00:39:36 /usr/lib/plesk-9.0/psa-pc-remote[32672]: SKIP during call 'check-quota' handler
Jul 24 00:39:37 postfix/smtpd[21873]: disconnect from mail.example.com[123.123.123.123]
Jul 24 00:39:37 postfix/qmgr[13047]: 0B6A7468A8E: from=<spam@example.com>, size=362302, nrcpt=1 (queue active)
Jul 24 00:39:37 postfix-local[22026]: postfix-local: from=spam@example.com, to=myemail@address.com, dirname=/var/qmail/mailnames
Jul 24 00:39:39 spamc[22030]: skipped message, greater than max message size (256000 bytes)
Jul 24 00:39:39 dovecot: service=lda, user=myemail@address.com, ip=[]. msgid=<ublaqzk20871180.13462188@mail.example.com>: saved mail to INBOX
Jul 24 00:39:39 postfix/pipe[22025]: 0B6A7468A8E: to=<myemail@address.com>, relay=plesk_virtual, delay=3.4, delays=1.6/0.01/0/1.8, dsn=2.0.0, status=sent (delivered via plesk_virtual_service)
Jul 24 00:39:39 postfix/qmgr[13047]: 0B6A7468A8E: removed
以下是完整的 postconf -n 输出,以防有助于确定问题:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases, hash:/var/spool/postfix/plesk/aliases
append_dot_mydomain = no
biff = no
bounce_queue_lifetime = 20h
config_directory = /etc/postfix
disable_vrfy_command = yes
inet_interfaces = all
inet_protocols = all
mailbox_size_limit = 0
mailman_destination_recipient_limit = 1
maximal_queue_lifetime = 1d
message_size_limit = 536870912
mydestination = localhost.isp.net, localhost, localhost.localdomain
myhostname = mydomain.com
mynetworks = , 127.0.0.0/8, [::1]/128
myorigin = /etc/mailname
non_smtpd_milters =
plesk_virtual_destination_recipient_limit = 1
readme_directory = no
recipient_delimiter = +
relayhost =
sender_dependent_default_transport_maps = hash:/var/spool/postfix/plesk/sdd_transport_maps
smtp_send_xforward_command = yes
smtp_tls_mandatory_protocols = !SSLv2,!SSLv3
smtp_tls_protocols = !SSLv2,!SSLv3
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = no
smtpd_authorized_xforward_hosts = 127.0.0.0/8 [::1]/128
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated
smtpd_hard_error_limit = 3
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, warn_if_reject reject_unknown_helo_hostname, regexp:/etc/postfix/override_helo_access.regexp
smtpd_milters = inet:127.0.0.1:12768
smtpd_proxy_timeout = 3600s
smtpd_recipient_restrictions = check_client_access hash:/etc/postfix/override_client_access, permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated, check_sender_access hash:/etc/postfix/override_sender_access, reject_unlisted_sender, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unknown_reverse_client_hostname, reject_unknown_client_hostname, reject_unauth_pipelining, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sender_login_maps = mysql:/etc/postfix/mysql_slmaps_exceptions.cf, hash:/var/spool/postfix/plesk/virtual
smtpd_sender_restrictions = check_sender_access hash:/var/spool/postfix/plesk/blacklists, permit_sasl_authenticated
smtpd_soft_error_limit = 2
smtpd_timeout = 3600s
smtpd_tls_cert_file = /etc/postfix/postfix_default.pem
smtpd_tls_ciphers = medium
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_mandatory_protocols = TLSv1 TLSv1.1 TLSv1.2
smtpd_tls_protocols = TLSv1 TLSv1.1 TLSv1.2
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
tls_medium_cipherlist = HIGH:!aNULL:!MD5
transport_maps = , hash:/var/spool/postfix/plesk/transport
virtual_alias_maps = $virtual_maps, hash:/var/spool/postfix/plesk/virtual
virtual_gid_maps = static:31
virtual_mailbox_base = /var/qmail/mailnames
virtual_mailbox_domains = $virtual_mailbox_maps, hash:/var/spool/postfix/plesk/virtual_domains
virtual_mailbox_limit = 0
virtual_mailbox_maps = , hash:/var/spool/postfix/plesk/vmailbox
virtual_transport = plesk_virtual
virtual_uid_maps = static:110
如果有人能指出解决这个谜团的正确方向,我将不胜感激!
【问题讨论】: