1, 58.215.76.168 (内部接受邮件服务器)
接受邮局服务器
[[email protected] conf]# cat main.cf
alias_database = hash:/usr/prima/postfix/conf/aliases
alias_maps = hash:/usr/prima/postfix/conf/aliases
append_at_myorigin = yes
append_dot_mydomain = no
command_directory = /usr/prima/postfix/sbin
config_directory = /usr/prima/postfix/conf
daemon_directory = /usr/prima/postfix/libexec
debug_peer_level = 2
disable_vrfy_command = yes
inet_interfaces = all
local_recipient_maps = $alias_maps hash:/usr/prima/postfix/conf/virtual
mail_owner = postfix
mailbox_transport = maildrop
maildrop_checkquota = yes
# The maildrop_checkquota_all controls whether reject mail only when all
# receipts are out of quota. This should be turned off.
maildrop_checkquota_all = no
maildrop_destination_recipient_limit = 1
mailq_path = /usr/bin/mailq
manpage_directory = /usr/prima/postfix/man
maximal_backoff_time = 3600s
maximal_queue_lifetime = 5400s
minimal_backoff_time = 1800s
mydestination = $myhostname $transport_maps
myhostname = mail6.edong.com
mynetworks = 127.0.0.0/8
mynetworks_style = subnet
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
queue_run_delay = 60s
readme_directory = /usr/prima/postfix/conf/README_FILES
sample_directory = /usr/prima/postfix/conf/samples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtp_skip_4xx_greeting = no
smtpd_etrn_restrictions = reject
smtpd_helo_required = yes
smtpd_recipient_limit = 100
# freemail host checks
smtpd_restriction_classes = from_freemail_host
from_freemail_host = xheader_if_reject check_client_access hash:/usr/prima/postfix/conf/freemail_hosts,
reject
smtpd_recipient_restrictions = reject_unauth_pipelining,
permit_mynetworks,
reject_unknown_recipient_domain,
permit_sasl_authenticated,
# xheader_if_reject reject_unknown_client,
# xheader_if_reject reject_unknown_hostname,
# xheader_if_reject reject_unknown_sender_domain,
# xheader_if_reject reject_invalid_hostname,
# xheader_if_reject reject_non_fqdn_hostname,
# xheader_if_reject reject_non_fqdn_sender,
# xheader_if_reject reject_non_fqdn_recipient,
# check_sender_access hash:/usr/prima/postfix/conf/freemail_access,
reject_unauth_destination,
check_client_access hash:/usr/prima/postfix/conf/filter_server,
check_recipient_access regexp:/usr/prima/postfix/conf/mail_filter,
check_client_access hash:/usr/prima/postfix/conf/white_list_server,
reject_rbl_client zen.spamhaus.org
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
soft_bounce = no
strict_rfc821_envelopes = yes
transport_maps = hash:/usr/prima/postfix/conf/transport
virtual_alias_maps = hash:/usr/prima/postfix/conf/virtual
bounce_queue_lifetime = 0
smtpd_timeout = 60s
parent_domain_matches_subdomains =
relayhost = [gw2.edong.com]
always_bcc =
message_size_limit = 31457280
2, filter_server主要作用是接受来自如下两ip的信件。
(注:在76.168接受所有邮件后会通过mail_filter转向到gw1.edong.com及203.191.144.138上,所以在通过main.cf内check_client_access hash:/usr/prima/postfix/conf/filter_server,
check_recipient_access regexp:/usr/prima/postfix/conf/mail_filter,
的过滤后来接受来自网关的信件。这样可以过滤点一大部分垃圾邮件。)
[[email protected] conf]# cat filter_server
203.191.144.138 OK
203.191.144.137 OK
3, 接受客户发来的信件
[[email protected] conf]# cat white_list_server
58.215.76.168 OK
4, 将接受到的邮件发到网关gw1.edong.com进行过滤后再返回正常进入接受队列。
[[email protected] conf]# cat mail_filter
/techsun.com.cn/ FILTER spamfilter:[gw1.edong.com]:10025
#/[c-fC-F].*.com.cn/ FILTER spamfilter:[gw1.edong.com]:10025
/[email protected]/ FILTER spamfilter:[gw1.edong.com]:10025
#/.*/ FILTER spamfilter:[gw1.edong.com]:10025
5,
transport_maps这个参数对应的是所有目标接受方的地址。
[[email protected] conf]# cat transport
weilesci.com maildrop:
talentbright.com maildrop:
shbizun.com maildrop:
zambon.com.cn smtp:
ags.co.th smtp:
oweb.cn smtp:oweb.cn
decens.cn maildrop:
6,master.conf
spamfilter unix - - n - - smtp -o smtp_send_xforward_command=yes
需要注意的是这条,spamfilter是通过这条来对初次接收到的邮件转发到网关上去,它主要这个功能。
有些老的postfix不只能spamfilter的功能,需要|grep spamfilter,看是否有相关的rpm,如果有则支持。
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
#qmgr fifo n - n 300 1 qmgr
qmgr fifo n - n 300 1 nqmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
#
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# maildrop. See the Postfix MAILDROP_README file for details.
#
maildrop unix - n n - - pipe
flags=DORhu user=vmail argv=/usr/prima/maildrop/bin/maildrop -d ${recipient} -w 90
#
# The Cyrus deliver program has changed incompatibly, multiple times.
#
old-cyrus unix - n n - - pipe
flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
# Cyrus 2.1.5 (Amos Gouaux)
cyrus unix - n n - - pipe
user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
spamfilter unix - - n - - smtp -o smtp_send_xforward_command=yes
2009-04-28