我運行自己的 postfix/dovecot 電子郵件伺服器。最近,大量具有相同寄件者和收件者欄位(即我的電子郵件地址)的垃圾郵件湧入我的收件匣。我添加check_policy_service unix:private/policy了smtpd_recipient_restrictions,但它並沒有阻止以我自己的電子郵件地址作為寄件者的垃圾郵件氾濫。我想知道postfix配置中是否還有其他需要注意的地方。
我在 dns 中設定了 spf:
$ nslookup -type=txt mydomain.com
mydomain.com text = "v=spf1 mx a ptr include:mail.myemaildomain.com -all"
以下是一封垃圾郵件的標頭範例,其中刪除了一些非常長的編碼標頭。假設我的電子郵件是[email protected],我的郵件伺服器是mail.myemaildomain.com。
Return-Path: <>
Delivered-To: [email protected]
Received: from mail.myemaildomain.com
by mail.myemaildomain.com with LMTP
id 0KJAM+e2oGM0TgAAheIUKw
(envelope-from <>)
for <[email protected]>; Mon, 19 Dec 2022 19:09:27 +0000
Received: by mail.myemaildomain.com (Postfix, from userid 182)
id CEFE8C6409; Mon, 19 Dec 2022 19:09:27 +0000 (UTC)
Received-SPF: none (qwwj.em.jennycraig.com: No applicable sender policy available) receiver=mail.myemaildomain.com; identity=helo; helo=qwwj.em.jennycraig.com; client-ip=103.198.26.226
Received: from qwwj.em.jennycraig.com (unknown [103.198.26.226])
by mail.myemaildomain.com (Postfix) with ESMTP id 42098C6407
for <[email protected]>; Mon, 19 Dec 2022 19:09:27 +0000 (UTC)
Received: from 10.226.14.104
by atlas114.aol.mail.ne1.yahoo.com pod-id NONE with HTTPS; Thu, 15 Dec 2030 13:36:39 +0000
X-Originating-Ip: [209.85.218.45]
Received-SPF: pass (domain of gmail.com designates 209.85.218.45 as permitted sender)
Authentication-Results: atlas114.aol.mail.ne1.yahoo.com;
dkim=pass [email protected] header.s=20210112;
spf=pass smtp.mailfrom=gmail.com;
dmarc=pass(p=NONE,sp=QUARANTINE) header.from=gmail.com;
X-Apparently-To: [email protected]; Thu, 15 Dec 2030 13:36:39 +0000
Received: from 209.85.218.45 (EHLO mail-ej1-f45.google.com)
by 10.226.14.104 with SMTPs
(version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256);
Thu, 15 Dec 2030 13:36:39 +0000
Received: by mail-ej1-f45.google.com with SMTP id n20so52313294ejh.0
for <[email protected]>; Thu, 15 Dec 2030 05:36:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20210112;
h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
:date:message-id:reply-to;
bh=TJRpkbHmfqiYQcSzQM9QyAcKyxwfgZJL1vLIP4WWyzY=;
b=PU/nv5+QLQUtFFhUFU6EkFLDEIAN0MjTP0TDPeoWc6O/rXu53+DCp7cua72BLe3k8Y
SpiPuVwH02uo87V3rs+L6KMLQaqA8V1D7vjU+3K5T9yP35DOf/bgtp3Nrb2d0Ejik0Bv
U9ePCaf7UM8R1Gze97qvGeJv5o3nhtNuvCAFqcuHZVC14JxQMLALg2wyPF68X/CP6vUu
EBMTPaudBc4bafJ8bJEkZgHCHIICpI9ZRYujIHcMxcm9EPlK+xTwhHDELRK8hwRPz1CC
JdtoPMWBl6NY3if9ZiV2O9NuvAJdeht/PezOU3kJPmbul8jRATFI/aJfA4eaUu7SisJr
FL8A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=to:subject:message-id:date:from:mime-version:x-gm-message-state
:from:to:cc:subject:date:message-id:reply-to;
bh=TJRpkbHmfqiYQcSzQM9QyAcKyxwfgZJL1vLIP4WWyzY=;
b=Xpo6Y73U27SLGh/HdXMGsR4X+ieN29ZLuTsnzxhavjS0nXbm8HuTIcZr4cni14HL7h
qWXZLePK0vYJUHMHb2R57WgKNWJnBFBH9lmiJSf35OusIK2Z5iSk6BmmHVjl8niG9EmD
XOL6EqVwmTl2BS9V80osHuJ7wIXzcAoq4Y+yZnVxPZogv2FjJ2tET9I9wQPVxM4ugXS3
9KKQgBoFPHUfergCHZxWt5mESf1Ie7VLsH1nztjHRkyipCAaZ3rvb6aHz3TogId5QuaS
yfOgSZQkCmStFywDTgxNuYwmYuOl+LBllaaB60bulStuwNKfkXU+vOAp9M8XcyTVhngV
xGcw==
X-Gm-Message-State: ANoB5plygnE1J5uqPqvPqvpUDDb3uZ/3D5Q4+2HkJz9l2WUbBA1VD+OM
48tFT8K/KxTy/bIun6chTilzwv3waaMeJ5EOu4SyvL3C
X-Google-Smtp-Source: AA0mqf6T7Vhk2yyHuKIYdn3h79y5dlZlN2Ix0VIGDvfU1s3z9grZ7sF2CkltwXmtFE8dsR3mTX53KHhoFnxtStqiZSs=
X-Received: by 2002:a17:906:f14:b0:7c1:4e5d:5543 with SMTP id
z20-20020a1709060f1400b007c14e5d5543mr2799821eji.654.1671111399150; Thu, 15
Dec 2030 05:36:39 -0800 (PST)
List-Unsubscribe: <https://rdir-agn.freenet.de/uq.html?uid=5ZQLJGH67TVWNMOX1LEGP4PK7PH1CI>,<mailto:[email protected]?subject=unsubscribe:5ZQLJGH67TVWNMOX1LEGP4PK7PH1CI>
X-tdResult: [email protected]
MIME-Version: 1.0
From: SAMS CLUB Stores<[email protected]>
Date: Thu, 15 Dec 2030 14:36:30 +0100
Message-ID: <q1RHyAoOuu2eraF=2mdqDgli8XJ5uM9dQNV6ANEdZER-DpL8i13n@mail.gmail.com>
Subject: Surprise in your inbox (for Shoppers Only)
To: me <[email protected]>
答案1
完全在 Postfix 的設定中
如果您已將電子郵件提交配置為單獨的 SMTP 實例,則應該,你可以使用header_checks。這需要 Postfix 的PCRE支持待安裝。
由於您只想將其用於在連接埠 25 上運行的實例,因此您應該輸入master.cf:
smtp inet n - y - - smtpd
-o header_checks=pcre:/etc/postfix/access/header_checks
example.com以及用於拒絕標頭中使用的消息的 PCRE 映射(到該文件)From:
/^From: .*@example\.com/ REJECT You are not me; example.com in From header.
然而,考慮到電子郵件轉發、郵件清單等,這可能過於嚴格。
實施 DMARC 和 DKIM
更好、更標準的方法是為您的網域和傳入郵件實施 DMARC、DKIM 和 SPF。這樣,從您允許的任何郵件基礎架構(在您的 SPF 原則中或由您網域的 DNS 中找到的 DKIM 金鑰簽署)發送的郵件都可以到達您的 SMTP 伺服器。
- 使用 OpenDKIM milter 檢查 DKIM 簽章。
- 使用 postfix-policyd-spf-python 檢查 SPF:
check_policy_serviceunix:private/policy-spf - 使用 OpenDMARC milter 檢查 DMARC 策略。
- 使用 OpenDKIM milter 簽署您的訊息。
~all使用(或)發布 SPF 策略-all。- 使用 發布 DMARC 策略
p=reject。