.. 그리고 몇 개의 BL에서 IP를 얻었습니다..
이 postfix 서버는 Exchange 서버와 메일을 릴레이하도록 설정되어 있습니다.
올바른 우편 주소 @mydomain.com이 아닌 postfix에서 나가는 postmaster 또는 루트 @mail.mydomain.com이 많이 보입니다.
서버는 SpamAssassin, Amavis, PostScreen 및 OpenDMARC를 실행하고 있습니다. 나는 명백한 이유로 외부 DNS(Cloudfare) 및 내부 DNS(Active Directory)를 제외하고 mail.mydomain.com을 명시하는 구성 파일이 없음을 세 번 확인했습니다.
호스트 이름 파일은 다음과 같습니다:
mydomain.com
호스트 파일은 다음과 같습니다
127.0.0.1 localhost
127.0.1.1 mydomain.com
메일 이름은 다음과 같습니다:
mydomain.com
외부 및 내부 DNS는 다음과 같습니다.
10.2.0.6 A mail.mydomain.com
my.pbl.ip.add A mail.mydomain.com
mydomain.com MX mail.mydomain.com
나는 이것을 다음과 같이 정의했습니다.
notify_classes = bounce, delay, policy, protocol, resource, software
2bounce_notice_recipient = [email protected]
bounce_notice_recipient = [email protected]
delay_notice_recipient = [email protected]
error_notice_recipient = [email protected]
@mail.mydomain.com을 사용하여 이러한 포스트마스터 및 루트 이메일 전송을 중단하고 다른 목록에 오르기 전에 적절한 @mydomain.com을 사용하기 시작하려면 무엇을 조정해야 하는지 알아야 합니다.
도와주세요!
미리 감사드립니다!
main.cf
default_process_limit = 50
smtpd_banner = mail.mydomain.com
biff = no
append_dot_mydomain = no
readme_directory = no
smtpd_tls_received_header = yes
smtpd_tls_cert_file=/etc/postfix/Alpha2022.crt
smtpd_tls_key_file=/etc/postfix/Alpha2022-nocrypt.key
smtpd_tls_CApath = /etc/ssl/certs/
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_exclude_ciphers = RC4,MD5, aNULL
smtp_tls_note_starttls_offer = yes
smtp_tls_ciphers = export
smtp_tls_cert_file=/etc/postfix/Alpha2022.crt
smtp_tls_key_file = /etc/postfix/Alpha2022-nocrypt.key
smtp_tls_CApath = /etc/ssl/certs/
smtp_tls_CAfile = /etc/postfix/AlphaSSL-IL.pem
smtp_use_tls=yes
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_exclude_ciphers = RC4, MD5, aNULL
smtp_dns_support_level=dnssec
smtp_host_lookup=dns
smtp_tls_security_level = dane
smtp_tls_loglevel = 1
smtpd_tls_ask_ccert = yes
smtpd_tls_security_level = may
smtpd_tls_auth_only = yes
smtpd_tls_always_issue_session_ids = no
smtpd_tls_loglevel = 1
tls_ssl_options = NO_COMPRESSION
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2 !SSLv3
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
smtp_tls_protocols = !SSLv2 !SSLv3
smtpd_tls_mandatory_ciphers=high
tls_high_cipherlist=EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
smtpd_tls_eecdh_grade=ultra
myhostname = mydomain.com
strict_rfc821_envelopes = yes
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4, ipv6
smtp_address_preference = any
compatibility_level = 2
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, reject_non_fqdn_sender, reject_unknown_sender_domain, check_client_access hash:/etc/postfix/rbl_override, reject_unauth_pipelining, reject_unknown_sender_domain, reject_non_fqdn_sender, permit
transport_maps = hash:/etc/postfix/transport_maps
relay_domains = mydomain.com otherdomain1.com otherdomain2.local otherdomain3.email otherdomain4.us otherdomain5.net
mynetworks = 127.0.0.0/8 10.2.0.0/24 192.168.0.0/16 backup.vps.host.ip4 [::1]/128 [fe80::]/10 [my:tunnelbrokerip6:addr]/64 [backup:vps:postfix:mx2]/64
relayhost =
mydestination =
local_recipient_maps =
local_transport = error:local mail delivery is disabled
smtpd_milters = local:/var/spool/postfix/opendmarc/opendmarc.sock
smtpd_sender_restrictions = hash:/etc/postfix/access
content_filter = smtp-amavis:[127.0.0.1]:10024
postscreen_dnsbl_threshold = 3
postscreen_dnsbl_sites =
zen.spamhaus.org*3
bl.mailspike.net*3
b.barracudacentral.org*2
bl.spameatingmonkey.net
bl.spamcop.net
spamtrap.trblspam.com
dnsbl.sorbs.net=127.0.0.[2;3;6;7;10]
ix.dnsbl.manitu.net
bl.blocklist.de
#whitelist
list.dnswl.org=127.0.[0..255].0*-1
list.dnswl.org=127.0.[0..255].1*-2
list.dnswl.org=127.0.[0..255].[2..3]*-3
iadb.isipp.com=127.0.[0..255].[0..255]*-2
iadb.isipp.com=127.3.100.[6..200]*-2
wl.mailspike.net=127.0.0.[17;18]*-1
wl.mailspike.net=127.0.0.[19;20]*-2
postscreen_dnsbl_reply_map = texthash:/etc/postfix/dnsbl_reply
postscreen_dnsbl_action = enforce
postscreen_dnsbl_ttl = 1h
postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_access.cidr, cidr:/etc/postfix/postscreen_spf_whitelist.cidr
postscreen_bare_newline_action = ignore
postscreen_bare_newline_enable = yes
postscreen_bare_newline_ttl = 30d
postscreen_blacklist_action = enforce
postscreen_cache_cleanup_interval = 12h
postscreen_cache_map = btree:$data_directory/postscreen_cache
postscreen_cache_retention_time = 7d
postscreen_client_connection_count_limit = $smtpd_client_connection_count_limit
postscreen_command_count_limit = 20
postscreen_command_filter =
postscreen_command_time_limit = ${stress?10}${stress:300}s
postscreen_disable_vrfy_command = $disable_vrfy_command
postscreen_discard_ehlo_keyword_address_maps = $smtpd_discard_ehlo_keyword_address_maps
postscreen_discard_ehlo_keywords = $smtpd_discard_ehlo_keywords
postscreen_enforce_tls = $smtpd_enforce_tls
postscreen_use_tls = $smtpd_use_tls
postscreen_expansion_filter = $smtpd_expansion_filter
postscreen_forbidden_commands = $smtpd_forbidden_commands
postscreen_greet_action = enforce
postscreen_greet_banner = Please Wait for SMTP
postscreen_greet_ttl = 1d
postscreen_greet_wait = ${stress?2}${stress:6}s
postscreen_helo_required = $smtpd_helo_required
postscreen_non_smtp_command_action = enforce
postscreen_non_smtp_command_enable = yes
postscreen_non_smtp_command_ttl = 30d
postscreen_pipelining_action = enforce
postscreen_pipelining_enable = yes
postscreen_pipelining_ttl = 30d
postscreen_post_queue_limit = $default_process_limit
postscreen_pre_queue_limit = $default_process_limit
postscreen_reject_footer = $smtpd_reject_footer
postscreen_tls_security_level = $smtpd_tls_security_level
postscreen_watchdog_timeout = 10s
smtpd_recipient_limit = 100
message_size_limit = 1000000000
notify_classes = bounce, delay, policy, protocol, resource, software
2bounce_notice_recipient = [email protected]
bounce_notice_recipient = [email protected]
delay_notice_recipient = [email protected]
error_notice_recipient = [email protected]
address_verify_sender = mydomain.com
답변1
'newaliases' 명령을 사용하여 별칭이 업데이트되지 않았습니다. 그 후 @mail.mydomain.com 사용 시도가 중단되었습니다.