https://www.0niu.cn/tags/postfix/Recent content in Postfix on HiDaHugo -- gohugo.iozhFri, 27 May 2022 00:11:09 +0800https://www.0niu.cn/posts/postfix-reject-emails-with-a-specified-recipient-address/Fri, 27 May 2022 00:11:09 +0800https://www.0niu.cn/posts/postfix-reject-emails-with-a-specified-recipient-address/<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#75715e"># 编辑黑名单</span> </span></span><span style="display:flex;"><span>cat /etc/postfix/recipient_blocklist </span></span><span style="display:flex;"><span>wf@x.yz REJECT </span></span><span style="display:flex;"><span>cy@x.yz REJECT </span></span></code></pre></div><div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#75715e"># 编辑黑名单</span> </span></span><span style="display:flex;"><span>cat /etc/postfix/recipient_blocklist </span></span><span style="display:flex;"><span>wf@x.yz REJECT </span></span><span style="display:flex;"><span>cy@x.yz REJECT </span></span></code></pre></div><div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-gdscript3" data-lang="gdscript3"><span style="display:flex;"><span><span style="color:#75715e"># smtpd_recipient_restrictions 下方添加 check_recipient_access hash:/etc/postfix/recipient_blocklist</span> </span></span><span style="display:flex;"><span>cat <span style="color:#f92672">/</span>etc<span style="color:#f92672">/</span>postfix<span style="color:#f92672">/</span>main<span style="color:#f92672">.</span>cf </span></span><span style="display:flex;"><span><span style="color:#f92672">...</span> </span></span><span style="display:flex;"><span>smtpd_recipient_restrictions <span style="color:#f92672">=</span> </span></span><span style="display:flex;"><span> reject_non_fqdn_recipient </span></span><span style="display:flex;"><span> reject_unlisted_recipient </span></span><span style="display:flex;"><span> check_recipient_access hash:<span style="color:#f92672">/</span>etc<span style="color:#f92672">/</span>postfix<span style="color:#f92672">/</span>recipient_blocklist </span></span><span style="display:flex;"><span> check_policy_service inet:<span style="color:#ae81ff">127.0</span><span style="color:#f92672">.</span><span style="color:#ae81ff">0.1</span>:<span style="color:#ae81ff">7777</span> </span></span><span style="display:flex;"><span> permit_mynetworks </span></span><span style="display:flex;"><span> permit_sasl_authenticated </span></span><span style="display:flex;"><span> reject_unauth_destination </span></span><span style="display:flex;"><span> check_policy_service inet:<span style="color:#ae81ff">127.0</span><span style="color:#f92672">.</span><span style="color:#ae81ff">0.1</span>:<span style="color:#ae81ff">12340</span> </span></span><span style="display:flex;"><span><span style="color:#f92672">...</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>sudo postmap <span style="color:#f92672">/</span>etc<span style="color:#f92672">/</span>postfix<span style="color:#f92672">/</span>recipient_blocklist </span></span><span style="display:flex;"><span>sudo systemctl reload postfix </span></span></code></pre></div>https://www.0niu.cn/posts/iredmail%E9%85%8D%E7%BD%AE%E9%9D%99%E6%80%81%E8%B7%AF%E7%94%B1/Wed, 25 May 2022 22:44:57 +0800https://www.0niu.cn/posts/iredmail%E9%85%8D%E7%BD%AE%E9%9D%99%E6%80%81%E8%B7%AF%E7%94%B1/背景 邮箱默认 MX 记录指向梭子鱼邮件网关，所有外部邮件先经过网关过滤再投递到邮箱服务器。同时在 O365 上配置了 Connector，允许直接投递到网关。<h2 id="背景">背景</h2> <p>邮箱默认 MX 记录指向梭子鱼邮件网关，所有外部邮件先经过网关过滤再投递到邮箱服务器。同时在 O365 上配置了 Connector，允许直接投递到网关。</p> <p>需要将特定域的邮件通过静态路由（transport map）转发到指定地址，绕过默认投递逻辑。</p> <h2 id="配置步骤">配置步骤</h2> <h3 id="1-新建路由表文件">1. 新建路由表文件</h3> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo touch /etc/postfix/staticroute </span></span></code></pre></div><h3 id="2-编辑路由规则">2. 编辑路由规则</h3> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo vi /etc/postfix/staticroute </span></span></code></pre></div><p>格式为 <code>目标域/收件人 转发目标</code>：</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span># 整个域转发 </span></span><span style="display:flex;"><span>example.com smtp:[mail-gateway.example.com] </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># 特定用户转发 </span></span><span style="display:flex;"><span>user@example.com smtp:[internal-server.example.com] </span></span></code></pre></div><blockquote> <p><strong>注意</strong>：<code>[]</code> 表示直接使用 IP/主机名解析，不查找 MX 记录。</p> </blockquote> <h3 id="3-注册-transport_maps">3. 注册 transport_maps</h3> <p>编辑 <code>/etc/postfix/main.cf</code>，找到 <code>transport_maps</code> 行，在其下方添加：</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>transport_maps = hash:/etc/postfix/transport </span></span><span style="display:flex;"><span> hash:/etc/postfix/staticroute </span></span></code></pre></div><p>如果文件中已有 <code>transport_maps</code>，在末尾追加即可（多个映射源用空格分隔）。</p> <h3 id="4-生成哈希文件并重载">4. 生成哈希文件并重载</h3> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo postmap /etc/postfix/staticroute </span></span><span style="display:flex;"><span>sudo systemctl reload postfix </span></span></code></pre></div><h3 id="5-验证">5. 验证</h3> <p>查看当前路由是否生效：</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>postmap -q example.com /etc/postfix/staticroute </span></span></code></pre></div><p>发送测试邮件，检查 maillog：</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>tail -f /var/log/mail.log | grep <span style="color:#e6db74">&#39;staticroute&#39;</span> </span></span></code></pre></div><h2 id="排查">排查</h2> <ul> <li><strong>修改路由后不生效</strong> → 确认执行了 <code>postmap</code> 生成 <code>.db</code> 文件</li> <li><strong>转发目标不可达</strong> → 检查目标服务器是否开放 25 端口，防火墙是否放行</li> <li><strong>格式错误</strong> → <code>postfix check</code> 可检查配置语法</li> </ul> <h3 id="参考文档">参考文档</h3> <p><a href="https://www.linuxbabe.com/mail-server/postfix-transport-map-relay-map-flexible-email-delivery">Postfix Transport Map - Flexible Email Delivery</a></p>https://www.0niu.cn/posts/use-postfix-to-forward-emails-to-new-domain/Mon, 28 May 2018 00:44:41 +0800https://www.0niu.cn/posts/use-postfix-to-forward-emails-to-new-domain/<p>公司换了新的域名和邮件系统，但临时无法把旧域名绑定到新的邮件系统。两套系统邮箱地址前缀相同，后缀不同，于是想到了用postfix做邮件转发。</p> <ol> <li>新建<code>/etc/postfix/virtual</code>，内容为<code>/^([^@]*)@olddomain/ $(1)@newdomain</code></li> <li>编辑<code>main.cf</code>，在<code>virtual_alias_maps =</code> 后添加 <code>regexp:/etc/postfix/virtual</code></li> <li><code>sudo systemctl reload postfix</code></li> </ol><p>公司换了新的域名和邮件系统，但临时无法把旧域名绑定到新的邮件系统。两套系统邮箱地址前缀相同，后缀不同，于是想到了用postfix做邮件转发。</p> <ol> <li>新建<code>/etc/postfix/virtual</code>，内容为<code>/^([^@]*)@olddomain/ $(1)@newdomain</code></li> <li>编辑<code>main.cf</code>，在<code>virtual_alias_maps =</code> 后添加 <code>regexp:/etc/postfix/virtual</code></li> <li><code>sudo systemctl reload postfix</code></li> </ol> <h3 id="参考文档">参考文档</h3> <p><a href="https://serverfault.com/questions/313050/use-postfix-to-forward-mail-to-a-domain-to-the-same-address-at-a-different-domai">https://serverfault.com/questions/313050/use-postfix-to-forward-mail-to-a-domain-to-the-same-address-at-a-different-domai</a></p>