Postfix
如果我使用 dovecot 送出,我應該拒絕所有通過 postfix 發送的電子郵件嗎?
我在 587 埠上配置了 dovecot 送出服務,中繼是 postfix 伺服器。它們位於兩個不同的 IP 地址/機器上。
我希望發送電子郵件的唯一方法是通過埠 587,這意味著 dovecot 將處理它並將其中繼到 postfix。我不希望連接到埠 25 的人或任何東西創建新電子郵件並將它們發送給任何人。一切都必須通過 dovecot,因此所有郵件都針對 SASL/mysql 數據庫進行身份驗證。
這是否意味著在後綴中,我應該設置:
smtpd_sender_restrictions = 拒絕
因此,任何發件人都會立即被拒絕而無需任何處理,或者這會阻止 dovecot 也發送?
postconf -n
access_map_reject_code = 554 alias_maps = compatibility_level = 2 debug_peer_level = 100 disable_vrfy_command = yes inet_interfaces = all inet_protocols = all invalid_hostname_reject_code = 554 lmtp_host_lookup = native mailbox_size_limit = 0 maps_rbl_reject_code = 554 message_size_limit = 50000000 milter_default_action = accept milter_protocol = 2 multi_recipient_bounce_reject_code = 554 mydestination = mydomain = s2.__SNIP__.com myhostname = s2.__SNIP__.com mynetworks = 127.0.0.1/32 [::1]/128 10.0.0.0/8 myorigin = $mydomain mysql = mysql:${config_directory} non_fqdn_reject_code = 554 non_smtpd_milters = inet:opendkim.mail-server:8891 plaintext_reject_code = 554 postscreen_upstream_proxy_protocol = haproxy postscreen_upstream_proxy_timeout = 10s readme_directory = no recipient_delimiter = + reject_code = 554 relay_domains_reject_code = 554 smtpd_data_restrictions = reject_unauth_pipelining smtpd_delay_reject = no smtpd_error_sleep_time = 20 smtpd_hard_error_limit = 3 smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks reject_unknown_helo_hostname reject_non_fqdn_helo_hostname reject_invalid_helo_hostname smtpd_junk_command_limit = 2 smtpd_milters = inet:opendkim.mail-server:8891 smtpd_recipient_restrictions = reject_non_fqdn_recipient reject_unknown_recipient_domain permit_mynetworks reject_unknown_reverse_client_hostname reject_unknown_client_hostname permit smtpd_relay_restrictions = permit_mynetworks reject_unauth_destination smtpd_sasl_path = inet:dovecot.mail-server:24 smtpd_sasl_type = dovecot smtpd_sender_restrictions = reject_unknown_sender_domain reject_non_fqdn_sender smtpd_soft_error_limit = 1 smtpd_tls_cert_file = /etc/certs/tls.crt smtpd_tls_key_file = /etc/certs/tls.key smtpd_tls_security_level = may unknown_address_reject_code = 554 unknown_client_reject_code = 450 unknown_hostname_reject_code = 450 unknown_local_recipient_reject_code = 554 unknown_relay_recipient_reject_code = 554 unknown_virtual_alias_reject_code = 554 unknown_virtual_mailbox_reject_code = 554 unverified_recipient_reject_code = 554 unverified_recipient_reject_reason = Address lookup failure unverified_sender_reject_code = 554 virtual_alias_maps = ${mysql}/mysql_virtual_alias_maps.cf virtual_mailbox_domains = ${mysql}/mysql_virtual_mailbox_domains.cf virtual_mailbox_limit = 0 virtual_mailbox_maps = ${mysql}/mysql_virtual_mailbox_maps.cf virtual_transport = lmtp:inet:dovecot.mail-server:24
鴿子會議 -n
# doveconf -n # 2.3.4.1 (f79e8e7e4): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.4 () # OS: Linux 4.9.0-8-amd64 x86_64 Debian buster/sid ext4 # Hostname: dovecot-0.dovecot.mail-server.svc.cluster.local auth_debug = yes auth_debug_passwords = yes auth_mechanisms = plain login auth_verbose = yes auth_verbose_passwords = yes disable_plaintext_auth = no first_valid_gid = 8 first_valid_uid = 8 haproxy_timeout = 5 secs haproxy_trusted_networks = 10.0.0.0/8 hostname = s2.__SNIP__.com log_path = /dev/stderr mail_access_groups = mail mail_debug = yes mail_gid = mail mail_home = /mail/%d/%n mail_location = maildir:/mail/%d/%n mail_privileged_group = mail mail_uid = mail maildir_stat_dirs = yes namespace inbox { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } prefix = } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } postmaster_address = info@__SNIP__.com protocols = " imap lmtp pop3 submission" service auth-worker { unix_listener auth-worker { group = mail mode = 0660 user = $default_internal_user } user = mail } service auth { user = $default_internal_user } service dict { unix_listener dict { group = mail mode = 0660 } } service imap-login { inet_listener imap { haproxy = yes port = 143 } inet_listener imaps { haproxy = yes port = 993 ssl = yes } } service lmtp { inet_listener lmtp { haproxy = no port = 24 } } service pop3-login { inet_listener pop3 { haproxy = yes port = 110 } inet_listener pop3s { haproxy = yes port = 995 ssl = yes } } service submission-login { inet_listener submission { haproxy = no port = 587 } } ssl_cert = </certs/tls.crt ssl_dh = # hidden, use -P to show it ssl_key = # hidden, use -P to show it submission_relay_host = postfix.mail-server submission_relay_port = 587 userdb { driver = prefetch } userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } verbose_ssl = yes protocol !indexer-worker { mail_vsize_bg_after_count = 100 } protocol lda { mail_plugins = } protocol imap { mail_plugins = } protocol lmtp { mail_plugins = recipient_delimiter = + } protocol pop3 { mail_plugins = }
答案是不。如果您拒絕所有發件人,則來自 dovecot 的中繼電子郵件也會被拒絕。中繼就是發送。所以這只會阻止您的伺服器完全正常執行