我正在配置託管在雲端提供者上的 postfix 中繼。我希望僅允許中繼存取我公司的公共 IP 和寄件者的精確清單。這是我的 main.cf 設定:
mynetworks = 127.0.0.0/8 1.2.3.4/23 4.5.6.7/32 7.8.9.1/24
smtpd_recipient_restrictions = permit_mynetworks,
check_sender_access hash:/etc/postfix/allowed_senders,
reject_unauth_destination
allowed_senders 是這樣的:
[email protected] OK
[email protected] OK
[email protected] OK
如果我保留這些設置,則 allowed_senders 將被忽略,無論我將其放在 allowed_mynetworks 設定之前還是之後。如果我刪除permit_mynetworks,allowed_senders將正常運作。
那麼,如何透過來源 IP 位址和寄件者電子郵件地址限制對此中繼的存取?
答案1
得到了詢問 Postfix 郵件列表的答案。這是工作配置:
主文件
mynetworks = 127.0.0.0/8 1.2.3.4/23 4.5.6.7/32 7.8.9.1/24
# No relaying from untrusted networks
smtpd_relay_restrictions =
permit_mynetworks,
reject_unauth_destination
# Also, no relaying by unauthorized senders
smtp_sender_restrictions =
check_sender_access hash:/etc/postfix/allowed_senders,
reject_unauth_destination
# Apply UCE controls to remote clients
smtpd_recipient_restrictions =
permit_mynetworks,
... anti-spam rules if any ...
允許的寄件者:
# Just in case, reject relay attempts from untrusted networks
#
[email protected] permit_mynetworks, reject_unauth_destination
[email protected] permit_mynetworks, reject_unauth_destination
[email protected] permit_mynetworks, reject_unauth_destination