提问人:Francesco 提问时间:10/13/2023 更新时间:10/13/2023 访问量:17
如何避免策略跟踪未发送的电子邮件
How avoid policyd track non-sent emails
问:
我有一个带有后缀的设置,saslauthd 用于身份验证和策略,一切正常,但这个问题:当我尝试访问多个收件人时(例如,限制 50 个,我尝试发送到 55 个 dest)policyd 实际上跟踪所有电子邮件(带有跟踪的策略),在第 51 封电子邮件中,我收到错误“收件人太多”。smtpd_recipient_limitSASLUsername
实际上没有发送电子邮件,计数器现在为 50 封电子邮件/发送。
Oct 13 17:49:43 sasl2023.shellrent.com postfix/smtps/smtpd[4151248]: connect from host-X.Y.Z.W.business.telco.org[X.Y.Z.W]
Oct 13 17:49:43 sasl2023.shellrent.com cbpolicyd[4150292]: module=Accounting, mode=update, host=X.Y.Z.W, helo=[192.168.1.199], [email protected], [email protected], reason=accounting_update, policy=1001, accounting=2001, track=SASLUsername:[email protected], period=2023-10-13, count=1/200 (26.0%), size=/-
...
...
...
Oct 13 17:49:43 sasl2023.shellrent.com postfix/smtps/smtpd[4151248]: 510B79E480: client=host-X.Y.Z.W.business.telco.org[X.Y.Z.W], sasl_method=PLAIN, [email protected]
Oct 13 17:49:43 sasl2023.shellrent.com cbpolicyd[4150292]: module=Accounting, mode=update, host=X.Y.Z.W, helo=[192.168.1.199], [email protected], [email protected], reason=accounting_update, policy=1001, accounting=2001, track=SASLUsername:[email protected], period=2023-10-13, count=51/200 (26.5%), size=/-
Oct 13 17:49:48 sasl2023.shellrent.com postfix/smtps/smtpd[4151248]: lost connection after RCPT from host-X.Y.Z.W.business.telco.org[X.Y.Z.W]
Oct 13 17:49:48 sasl2023.shellrent.com postfix/smtps/smtpd[4151248]: disconnect from host-X.Y.Z.W.business.telco.org[X.Y.Z.W] ehlo=1 auth=1 mail=1 rcpt=51 commands=54
我该如何防止这种情况?我已经尝试过在 cluebriger.conf 文件中使用自定义模块,但没有运气。
这里是 main.cf、master.cf 和 cluebringer.conf:
main.cf
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs.
compatibility_level = 2
# TLS parameters
smtpd_tls_cert_file = /etc/ssl/certs/cert.pem
smtpd_tls_key_file = /etc/ssl/private/cert.key
smtpd_tls_security_level = may
smtp_tls_CApath=/etc/ssl/certs
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = smtp.server.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, smtp.server.com, smtp.server.com, smtp.server.ip.addr, localhost, 127.0.0.1
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 smtp.server.com smtp.server.com smtp.server.ip.addr smtp.server.com
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4
smtpd_recipient_restrictions =
permit_mynetworks,
check_policy_service inet:127.0.0.1:10031,
permit_sasl_authenticated,
permit_mynetworks,
# standard-restrictions-BEGIN ANSIBLE MANAGED BLOCK
reject_unauth_destination,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unauth_pipelining,
reject_invalid_hostname,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_unknown_reverse_client_hostname,
reject_unlisted_recipient,
# standard-restrictions-END ANSIBLE MANAGED BLOCK
# additional-restrictions-BEGIN ANSIBLE MANAGED BLOCK
# reject_rbl_client bl.spamcop.net,
reject_rbl_client psbl.surriel.com,
# reject_rbl_client hostkarma.junkemailfilter.com=127.0.0.2,
reject_rbl_client zen.spamhaus.org,
reject_rhsbl_helo dbl.spamhaus.org
# additional-restrictions-END ANSIBLE MANAGED BLOCK
message_size_limit = 40960000
maximal_queue_lifetime = 24h
bounce_queue_lifetime = 3h
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtp_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2, !SSLv3
smtp_tls_note_starttls_offer = yes
smtpd_tls_received_header = yes
postscreen_dnsbl_ttl = 1h
disable_vrfy_command = yes
smtpd_helo_required = yes
strict_rfc821_envelopes = yes
virtual_mailbox_limit = 0
default_process_limit = 100
default_destination_concurrency_limit = 20
default_destination_rate_delay = 0s
default_destination_recipient_limit = 50
smtpd_tls_dh1024_param_file = /etc/ssl/certs/dh1024.pem
smtpd_tls_dh512_param_file = /etc/ssl/certs/dh512.pem
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_limit = 50
smtpd_end_of_data_restrictions =
permit_mynetworks,
check_policy_service inet:127.0.0.1:10031
# BEGIN Ansible anvil rate limit
anvil_rate_time_unit = 1h
smtpd_client_event_limit_exceptions = $mynetworks
smtpd_client_message_rate_limit = 50
# END Ansible anvil rate limit
smtputf8_enable = no
tls_server_sni_maps = hash:/etc/postfix/vmail_ssl.map
smtpd_sender_login_maps = mysql:/etc/postfix/sql/smtpd_sender_login_maps.cf
smtpd_sender_restrictions =
permit_mynetworks,
reject_unknown_sender_domain,
reject_sender_login_mismatch,
non_smtpd_milters = inet:127.0.0.1:10026, inet:dkim.server.com:12345
smtpd_milters = inet:127.0.0.1:10026, inet:dkim.server.com:12345
milter_default_action = accept
milter_protocol = 6
master.cf
smtp inet n - n - - smtpd
587 inet n - n - - smtpd
465 inet n - n - - smtpd
6525 inet n - n - - smtpd
smtps inet n - n - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
pickup unix n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp
relay unix - - y - - smtp
-o syslog_name=postfix/$service_name
showq unix n - y - - showq
error unix - - y - - error
retry unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
postlog unix-dgram n - n - 1 postlogd
maildrop unix - n n - - pipe
flags=DRXhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}
smtp-amavis unix - - n - 15 smtp
-o smtp_data_done_timeout=2400
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=40
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks_style=host
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings
cluebringer.conf
[server]
protocols=<<EOT
Postfix
Bizanga
EOT
modules=<<EOT
Core
AccessControl
Accounting
Amavis
CheckHelo
CheckSPF
Greylisting
Quotas
EOT
user=cbpolicyd
group=cbpolicyd
min_servers=8
min_spare_servers=8
max_spare_servers=8
max_servers=100
max_requests=200
log_level=4
log_mail=maillog
[database]
DSN=DBI:mysql:database=policyd;host=localhost
Username=***************
Password=****************
bypass_mode=pass
bypass_timeout=30
[AccessControl]
enable=1
[Accounting]
enable=1
[Amavis]
enable=0 # Disabled by default
[CheckHelo]
enable=0
[CheckSPF]
enable=0
[Greylisting]
enable=1
training_mode=0
[Quotas]
enable=0
感谢您抽出宝贵时间接受采访。
由于缺乏文档,尝试使用自定义规则和后缀配置,但没有运气。
答: 暂无答案
评论