Postfix

Postfix 在使用者未知別名 ('|exit 67') 上退回而不是拒絕郵件

  • February 16, 2017

我有一個小型後綴伺服器,用於我自己的幾個域(與 mydestination = pcre:/etc/postfix/mydestinations 匹配)。我設置了一些非虛擬別名

alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases

在這個文件中,我定義了通用別名

generic: someuser

有了一個recipient_delimiter = -我現在可以generic-something@example.com用作一次性電子郵件地址。由於其中一些通用地址被垃圾郵件發送,我可以根據別名丟棄所有電子郵件:

generic-spammed: /dev/null

這很好用,但這意味著我會繼續接受這些電子郵件。相反,我想拒絕他們。閱讀別名文件,似乎我應該能夠執行以下操作來拒絕帶有“使用者未知”錯誤的電子郵件

generic-spammed:    |"exit 67"

不幸的是,電子郵件被退回而不是被拒絕,從而導致反向散射。這意味著它們最初被接受,並250 OK在被退回之前返回給發件人。

這類似於這個問題,除了我使用的是本地目的地,而不是虛擬目的地。我有smtpd_reject_unlisted_recipient預設設置,我懷疑我的問題是由於文件中的以下句子

The recipient domain matches $mydestination, $inet_interfaces or $proxy_interfaces, but the recipient is not listed in $local_recipient_maps, and $local_recipient_maps is not null. 

收信人是否被列出的問題?有沒有辦法拒絕這些電子郵件而不是退回它們?

postconf -n返回以下內容:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
home_mailbox = Maildir/
inet_interfaces = all
mailbox_size_limit = 0
milter_default_action = accept
milter_protocol = 2
mua_client_restrictions = permit_sasl_authenticated, reject
mua_helo_restrictions = permit
mua_sender_restrictions = permit
mydestination = pcre:/etc/postfix/mydestinations
mydomain = xavasite.net
myhostname = dent.xavasite.net
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 185.26.124.183 [2001:4b98:dc2:47:216:3eff:fe3f:43d3]
myorigin = /etc/mailname
non_smtpd_milters = local:/var/run/opendkim/opendkim.sock
policy-spf_time_limit = 3600s
readme_directory = no
recipient_delimiter = -
relayhost =
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_junk_command_limit = 1
smtpd_milters = local:/var/run/opendkim/opendkim.sock
smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_policy_service unix:private/policy-spf, reject_rbl_client bl.spamcop.net, reject_rbl_client psbl.surriel.com, reject_rbl_client cbl.abuseat.org, reject_rbl_client zen.spamhaus.org,
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/dovecot-auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = reject_unknown_sender_domain
smtpd_tls_CAfile = /etc/ssl/2015/GandiStandardSSLCA2.pem
smtpd_tls_cert_file = /etc/ssl/2015/xavier.robin.name.crt
smtpd_tls_key_file = /etc/ssl/2015/xavier.robin.name.key
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_exclude_ciphers = RC4
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes

我找到了一種解決方法,可以使用配置拒絕這些電子郵件check_recipient_access。它允許創建一個包含針對特定電子郵件地址的 REJECT 語句的雜湊數據庫文件。

我創建了一個名為/etc/postfix/alias_disable以下內容的文件:

generic-spammed@example.com     REJECT

然後我跑並在範圍內postmap alias_disable添加了一行:main.cf``smtpd_recipient_restrictions

smtpd_recipient_restrictions =
       [...]
      **check_recipient_access hash:/etc/postfix/alias_disable**

現在電子郵件被拒絕,沒有退回:

554 5.7.1 <generic-spammed@example.com>: Recipient address rejected: Access denied;

顯然應該可以自定義拒絕消息,包括幾個後綴操作,但我還沒有嘗試過。

我認為您在別名文件上的引用不正確

generic-spammed:    |"exit 67"

它應該是

generic-spammed:    "|exit 67"

此外,預設情況下,後綴將不允許傳遞到“|command”,因此您還需要包含以下內容

allow_mail_to_commands = alias,forward,include

http://www.postfix.org/postconf.5.html#allow_mail_to_commands

引用自:https://serverfault.com/questions/812137