centos – Postfix,如何拒绝来自未知IP的垃圾邮件(无DNS)

CentOS 前端之家
前端之家收集整理的这篇文章主要介绍了centos – Postfix,如何拒绝来自未知IP的垃圾邮件(无DNS)前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
尽管我已经尽力过滤垃圾邮件,但即使在我将main.cf设置为不允许它并检查DNS等之后,我仍然会收到来自未知的垃圾邮件.即使在添加了一个pcre:到REJECT /.unknown./之后他们仍然通过,我不明白为什么!这是我的日志文件.第一个块是好的,它被拒绝了,它来自未知.第二个块是相同的,来自未知但它通过而不被拒绝.我希望拒绝所有“来自未知的联系”而不仅仅是其中一些. Centos上的postfix v2.8.4.我有什么想法我做错了吗?谢谢.

该块被拒绝

Nov 24 12:00:30 sof postfix/smtpd[4632]: connect from unknown[91.99.51.137]
Nov 24 12:00:30 sof postfix/smtpd[4632]: connect from unknown[91.99.51.137]
Nov 24 12:00:31 sof postfix/smtpd[4632]: NOQUEUE: reject: RCPT from unknown[91.99.51.137]: 450 4.7.1 <91.99.51.137.parsonline.net>: Helo command rejected: Host not found; from=<emailsend@urbangroup.kz> to=<name@domain.com> proto=ESMTP helo=<91.99.51.137.parsonline.net>
Nov 24 12:00:31 sof postfix/smtpd[4632]: NOQUEUE: reject: RCPT from unknown[91.99.51.137]: 450 4.7.1 <91.99.51.137.parsonline.net>: Helo command rejected: Host not found; from=<emailsend@urbangroup.kz> to=<name@domain.com> proto=ESMTP helo=<91.99.51.137.parsonline.net>
Nov 24 12:00:31 sof /usr/lib64/plesk-9.0/psa-pc-remote[678]: Message aborted.
Nov 24 12:00:31 sof /usr/lib64/plesk-9.0/psa-pc-remote[678]: Message aborted.
Nov 24 12:00:31 sof /usr/lib64/plesk-9.0/psa-pc-remote[678]: Message aborted.
Nov 24 12:00:31 sof postfix/smtpd[4632]: disconnect from unknown[91.99.51.137]
Nov 24 12:00:31 sof /usr/lib64/plesk-9.0/psa-pc-remote[678]: Message aborted.
Nov 24 12:00:31 sof postfix/smtpd[4632]: disconnect from unknown[91.99.51.137]

此块不会被拒绝

Nov 24 14:16:09 sof postfix/smtpd[8221]: connect from unknown[190.237.252.197]
Nov 24 14:16:09 sof postfix/smtpd[8221]: connect from unknown[190.237.252.197]
Nov 24 14:16:18 sof postfix/smtpd[8221]: 9467B848368A: client=unknown[190.237.252.197]
Nov 24 14:16:18 sof postfix/smtpd[8221]: 9467B848368A: client=unknown[190.237.252.197]
Nov 24 14:16:23 sof postfix/cleanup[8428]: 9467B848368A: message-id=<9186950014.574880.74670.SendMail@domain.com>
Nov 24 14:16:23 sof postfix/cleanup[8428]: 9467B848368A: message-id=<9186950014.574880.74670.SendMail@domain.com>
Nov 24 14:16:25 sof /usr/lib64/plesk-9.0/psa-pc-remote[678]: handlers_stderr: SKIP
Nov 24 14:16:25 sof /usr/lib64/plesk-9.0/psa-pc-remote[678]: handlers_stderr: SKIP
Nov 24 14:16:25 sof /usr/lib64/plesk-9.0/psa-pc-remote[678]: SKIP during call 'check-quota' handler
Nov 24 14:16:25 sof /usr/lib64/plesk-9.0/psa-pc-remote[678]: SKIP during call 'check-quota' handler
Nov 24 14:16:25 sof postfix/qmgr[19747]: 9467B848368A: from=<Garcia.Ryan@iter.ru>,size=5285,nrcpt=1 (queue active)
Nov 24 14:16:25 sof postfix/qmgr[19747]: 9467B848368A: from=<Garcia.Ryan@iter.ru>,nrcpt=1 (queue active)
Nov 24 14:16:25 sof postfix-local[8481]: postfix-local: from=Garcia.Ryan@iter.ru,to=name@domain.com,dirname=/var/qmail/mailnames
Nov 24 14:16:25 sof postfix-local[8481]: postfix-local: from=Garcia.Ryan@iter.ru,dirname=/var/qmail/mailnames
Nov 24 14:16:25 sof spamc[8483]: connect(AF_UNIX) to spamd /tmp/spamd_full.sock Failed: No such file or directory
Nov 24 14:16:25 sof spamc[8483]: connect(AF_UNIX) to spamd /tmp/spamd_full.sock Failed: No such file or directory
Nov 24 14:16:25 sof postfix-local[8481]: handlers_stderr: PASS
Nov 24 14:16:25 sof postfix-local[8481]: handlers_stderr: PASS
Nov 24 14:16:25 sof postfix-local[8481]: PASS during call 'spam' handler
Nov 24 14:16:25 sof postfix-local[8481]: PASS during call 'spam' handler
Nov 24 14:16:25 sof postfix/pipe[8435]: 9467B848368A: to=<name@domain.com>,orig_to=<name@domain.com>,relay=plesk_virtual,delay=7.9,delays=7.9/0/0/0.02,dsn=2.0.0,status=sent (delivered via plesk_virtual service)
Nov 24 14:16:25 sof postfix/pipe[8435]: 9467B848368A: to=<name@domain.com>,status=sent (delivered via plesk_virtual service)
Nov 24 14:16:25 sof postfix/qmgr[19747]: 9467B848368A: removed
Nov 24 14:16:25 sof postfix/qmgr[19747]: 9467B848368A: removed
Nov 24 14:16:27 sof postfix/smtpd[8221]: disconnect from unknown[190.237.252.197]
Nov 24 14:16:27 sof postfix/smtpd[8221]: disconnect from unknown[190.237.252.197]

这是我的main.cf文件的一部分

smtpd_tls_cert_file = /etc/postfix/domain.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_security_level = may
smtpd_use_tls = yes
smtp_tls_security_level = may
smtp_use_tls = no
smtpd_timeout = 3600s
smtpd_proxy_timeout = 3600s
disable_vrfy_command = yes
smtpd_helo_required = yes

smtpd_sender_restrictions =
        permit_mynetworks,permit_sasl_authenticated,check_sender_access pcre:/etc/postfix/rejected_domains,reject_non_fqdn_sender,reject_unknown_sender_domain,reject_unlisted_sender,permit

smtpd_helo_restrictions =
        permit_mynetworks,reject_non_fqdn_helo_hostname,reject_invalid_helo_hostname,reject_unknown_helo_hostname,permit

smtpd_recipient_restrictions =
        permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_mynetworks,reject_rbl_client regexp:/etc/postfix/postfix_client_blacklist,reject_unauth_destination,check_client_access hash:/etc/postfix/rbl_whitelist,check_client_access pcre:/var/spool/postfix/plesk/no_relay.re,reject_rbl_client bl.spamcop.net,permit

这是postfix_client_blacklist文件

/^.*unknown.*$/         REJECT FCrDNS # I tried all kinds of ways found on the Internet.
你在找 reject_unknown_client_hostname.

documentation开始:

reject_unknown_client_hostname (with Postfix < 2.3:
reject_unknown_client)
Reject the request when 1) the client IP
address->name mapping fails,2) the name->address mapping fails,or 3)
the name->address mapping does not match the client IP address. This
is a stronger restriction than the
reject_unknown_reverse_client_hostname feature,which triggers only
under condition 1) above. The unknown_client_reject_code parameter
specifies the response code for rejected requests (default: 450). The
reply is always 450 in case the address->name or name->address lookup
Failed due to a temporary problem.

示例用法:(在我的实时邮件服务器上看到)

smtpd_client_restrictions =
        permit_mynetworks,reject_unauth_pipelining,reject_unknown_client_hostname,permit
原文链接:https://www.f2er.com/centos/373829.html

猜你在找的CentOS相关文章

Centos7离线安装gcc4.8
有时候CentOS工作在无互联网的环境下,需要在离线环境下安装一些组件,这次实现的是模拟在...
CentOS7离线安装devtoolset-9并编译redis6.0.5
首先参照https://www.cnblogs.com/wdw984/p/13330074.html,来进行如何安装Centos和离线下...
使用Nginx在80端口上代理多个.NET CORE网站
有两个.NET CORE3.1网站部署在CentOS7上(内网IP是192.168.2.32),现在想实现访问http://...
CentOS7中配置vsftpd
1、yum -y install vsftpd 安装vsftpd 2、配置vsftpd的配置文件(/etc/vsftpd/vsftpd.conf...
CentOS7离线安装Mysql8.0
首先去mysql官网下载mysql的离线rpm安装包(https://downloads.mysql.com/archives/commun...
CentOS中增加网络连接数的方法
CentOS默认对外访问,发起的TCP链接总数小于28232个。 可以通过以下命令的结果计算出来 $ ...
VMware安装Centos7虚拟机
首先安装虚拟机很简单,所以呢,具体的安装过程就引用别人的博客,这篇文字很详细,引用之...
[Linux] 解决CentOS下Requires: libjson-c.so错误
当安装某些rpm包的时候 , 会爆出这个错误 Requires: libjson-c.so json-c是c语言下的json库...
阿里云centos7安装mysql8数据库
linux系统安装mysql8
centos安装mysql
一、安装 二、修改密码 三、修改远程连接权限(为了使用navicat)
LinuxWindowsCentOSUbuntuNginxWebServiceScalaMemcacheApacheRedisDockerBashAzureTomcatLNMPShell数据结构服务器运维网络安全
xebugnodemondocker-copydcoselasticsearcwindows-contdocker-windodocker-awsamazon-cloudenvoyproxyhashicorp-vaswisscomdevkafka-pythonzscalerphoton-osdocker-swarmkamongoogle-cloudconcoursewso2-ampersistent-vapi-managerprocess-manamanjarojenkins-workhypriotremoteapikeystonejsbitcoindbitcoin-test