Postifix:對於本機電子郵件使用 myorigin=$myhostname,對於受信任網路使用 myorigin=$mydomain

tag-icon tag-icon postfix
Postifix:對於本機電子郵件使用 myorigin=$myhostname,對於受信任網路使用 myorigin=$mydomain

我有一個配置為地址重寫的後綴實例,它允許來自標頭的規範化。

當前(必需?)配置

這是相關配置:

# Basic conf
myhostname = hostname.example.test
mydomain = example.test
mynetworks = 127.0.0.0/8,1.2.3.4/32
myorigin = $mydomain
mydestination =

# Rewrite options
append_at_myorigin = yes
local_header_rewrite_clients = permit_mynetworks
sender_canonical_classes = envelope_sender, header_sender
sender_canonical_maps = hash:/etc/postfix/sender_canonical
recipient_canonical_classes = envelope_recipient, header_recipient
recipient_canonical_maps = hash:/etc/postfix/recipient_canonical

# restrictions (redacted for readability)
smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender, permit

期望的結果

我想實現這一目標:

  1. 當從 127.0.0.1 收到電子郵件時,From: root被重寫為(即 root@$hostname)From: [email protected]
  2. 當從 1.2.3.4 收到電子郵件時,From: root被重寫為(即 root@$mydomain)From: [email protected]
  3. 當收到其他人的電子郵件時,電子郵件From: root將被拒絕(因為reject_non_fqdn_sender有限制)

問題

該變數$myorigin應該根據接收地址而不同,但我找不到這樣做的方法。到目前為止,我嘗試了很多解決方案但都失敗了。

嘗試失敗...

我嘗試創建兩個 smtp 主服務 - 127.0.0.1:smtpwithmyorigin = $myhostname192.168.1.2:smtpwith myorigin = $mydomain- 但由於 myorigin 選項與進程瑣碎重寫相關,因此它會被忽略。

canonical/的映射virtual似乎不可用,因為它們發生在執行簡單的重寫之後。

映射aliases似乎無法使用,因為它們是在訊息確定發送到 後使用的$mydestination,但此訊息在其他地方。

答案1

謝謝安克斯回饋我找到了解決方案。

解決方案

根據Postfix 官方文檔關於重寫,master進程樹如下:

smtp   --+--> cleanup --> rewrite --> [queue]
pickup --/

所以我最終創建了一個特定於本地主機的管道,如下所示:

192.168.1.2:smtp  --+--> cleanup --> rewrite ------------+--> [queue]
127.0.0.1:smtp  --+--> cleanup_local --> rewrite_local --/
pickup -----------/

配置

這是main.cf配置,代表外部 IP 配置:

#  configure the global desiderata

# Basic conf (for display purpose, use your own configuration)
# myhostname = hostname.example.test
# mydomain = example.test
# mydestination =
# mynetworks = 127.0.0.0/8,1.2.3.4/32

# Rewrite options
myorigin = $mydomain
append_at_myorigin = yes
local_header_rewrite_clients = permit_mynetworks
sender_canonical_classes = envelope_sender, header_sender
sender_canonical_maps = hash:/etc/postfix/sender_canonical
recipient_canonical_classes = envelope_recipient, header_recipient
recipient_canonical_maps = hash:/etc/postfix/recipient_canonical

# restrictions (redacted for readability)
smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender, permit

這是master.cf帶有定制管道的配置:

# add this for local smtp service
127.0.0.1:smtp      inet  n       -       n       -       -       smtpd
  -o myorigin=$myhostname
  -o cleanup_service_name=cleanup_local
  -o inet_interfaces=loopback-only
  -o local_header_rewrite_clients=permit_inet_interfaces

# edit pickup sevice with this two options
pickup    unix  n       -       n       60      1       pickup
  -o myorigin=$myhostname
  -o cleanup_service_name=cleanup_local

# add this for local email cleanup
cleanup_local   unix  n       -       n       -       0       cleanup
  -o myorigin=$myhostname
  -o rewrite_service_name=rewrite_local

# add this for local email basic rewrite
rewrite_local   unix  -       -       n       -       -       trivial-rewrite
  -o myorigin=$myhostname
  -o local_header_rewrite_clients=permit_inet_interfaces

# Then for each public IP assigned to the machine, add smtp service like this
192.168.3.85:smtp      inet  n       -       n       -       -       smtpd
# and remove default service smtp inet [..cut..] smtpd

相關內容