后缀“邮递员”和双弹电子邮件正在引起大量的背向散射。

Question

。。得到了几个BLs的IP ..。

此后缀服务器设置为将邮件转发到Exchange服务器和从Exchange服务器中继邮件。

我看到许多邮递员或根@mail.mydomain.com从postfix出去，而不是适当的邮寄地址@mydomain.com。

服务器正在运行SpamAssassin、Amavis、PostScreen和OpenDMARC。由于明显的原因，我已经三次检查除了外部DNS (Cloudfare)和内部DNS (Active )之外，没有任何配置文件状态为mail.mydomain.com。

主机名文件是：

mydomain.com

主机文件是：

127.0.0.1 localhost
127.0.1.1 mydomain.com

邮件名称是：

mydomain.com

外部和内部DNS是：

10.2.0.6 A mail.mydomain.com
my.pbl.ip.add A mail.mydomain.com
mydomain.com MX mail.mydomain.com

我对此作了界定：

notify_classes = bounce, delay, policy, protocol, resource, software
2bounce_notice_recipient = postmaster@mydomain.com
bounce_notice_recipient = postmaster@mydomain.com
delay_notice_recipient = postmaster@mydomain.com
error_notice_recipient = postmaster@mydomain.com

我需要知道如何调整，使它停止发送这些邮件和根电子邮件与@mail.mydomain.com，并开始使用适当的@mydomain.com之前，我得到另一个名单。

请帮帮我！

提前谢谢你！

main.cf

default_process_limit = 50
smtpd_banner = mail.mydomain.com
biff = no

append_dot_mydomain = no


readme_directory = no


smtpd_tls_received_header = yes
smtpd_tls_cert_file=/etc/postfix/Alpha2022.crt
smtpd_tls_key_file=/etc/postfix/Alpha2022-nocrypt.key
smtpd_tls_CApath = /etc/ssl/certs/
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_exclude_ciphers = RC4,MD5, aNULL
smtp_tls_note_starttls_offer = yes
smtp_tls_ciphers = export
smtp_tls_cert_file=/etc/postfix/Alpha2022.crt
smtp_tls_key_file = /etc/postfix/Alpha2022-nocrypt.key
smtp_tls_CApath = /etc/ssl/certs/
smtp_tls_CAfile = /etc/postfix/AlphaSSL-IL.pem
smtp_use_tls=yes
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_exclude_ciphers = RC4, MD5, aNULL


smtp_dns_support_level=dnssec
smtp_host_lookup=dns
smtp_tls_security_level = dane

smtp_tls_loglevel = 1
smtpd_tls_ask_ccert =  yes
smtpd_tls_security_level = may
smtpd_tls_auth_only = yes
smtpd_tls_always_issue_session_ids = no
smtpd_tls_loglevel = 1

tls_ssl_options = NO_COMPRESSION

smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2 !SSLv3
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
smtp_tls_protocols = !SSLv2 !SSLv3

smtpd_tls_mandatory_ciphers=high
tls_high_cipherlist=EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA

smtpd_tls_eecdh_grade=ultra


myhostname = mydomain.com
strict_rfc821_envelopes = yes
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4, ipv6
smtp_address_preference = any
compatibility_level = 2
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, reject_non_fqdn_sender, reject_unknown_sender_domain, check_client_access  hash:/etc/postfix/rbl_override, reject_unauth_pipelining, reject_unknown_sender_domain, reject_non_fqdn_sender,  permit


transport_maps = hash:/etc/postfix/transport_maps
relay_domains = mydomain.com otherdomain1.com otherdomain2.local otherdomain3.email otherdomain4.us otherdomain5.net
mynetworks = 127.0.0.0/8 10.2.0.0/24 192.168.0.0/16  backup.vps.host.ip4 [::1]/128 [fe80::]/10 [my:tunnelbrokerip6:addr]/64 [backup:vps:postfix:mx2]/64
relayhost =


mydestination =
local_recipient_maps =
local_transport = error:local mail delivery is disabled



smtpd_milters = local:/var/spool/postfix/opendmarc/opendmarc.sock

smtpd_sender_restrictions = hash:/etc/postfix/access


content_filter = smtp-amavis:[127.0.0.1]:10024


postscreen_dnsbl_threshold = 3
postscreen_dnsbl_sites =
  zen.spamhaus.org*3
  bl.mailspike.net*3
  b.barracudacentral.org*2
  bl.spameatingmonkey.net
  bl.spamcop.net
  spamtrap.trblspam.com
  dnsbl.sorbs.net=127.0.0.[2;3;6;7;10]
  ix.dnsbl.manitu.net
  bl.blocklist.de
  #whitelist
  list.dnswl.org=127.0.[0..255].0*-1
  list.dnswl.org=127.0.[0..255].1*-2
  list.dnswl.org=127.0.[0..255].[2..3]*-3
  iadb.isipp.com=127.0.[0..255].[0..255]*-2
  iadb.isipp.com=127.3.100.[6..200]*-2
  wl.mailspike.net=127.0.0.[17;18]*-1
  wl.mailspike.net=127.0.0.[19;20]*-2
postscreen_dnsbl_reply_map = texthash:/etc/postfix/dnsbl_reply
postscreen_dnsbl_action = enforce
postscreen_dnsbl_ttl = 1h
postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_access.cidr, cidr:/etc/postfix/postscreen_spf_whitelist.cidr
postscreen_bare_newline_action = ignore
postscreen_bare_newline_enable = yes
postscreen_bare_newline_ttl = 30d
postscreen_blacklist_action = enforce
postscreen_cache_cleanup_interval = 12h
postscreen_cache_map = btree:$data_directory/postscreen_cache
postscreen_cache_retention_time = 7d
postscreen_client_connection_count_limit = $smtpd_client_connection_count_limit
postscreen_command_count_limit = 20
postscreen_command_filter =
postscreen_command_time_limit = ${stress?10}${stress:300}s
postscreen_disable_vrfy_command = $disable_vrfy_command
postscreen_discard_ehlo_keyword_address_maps = $smtpd_discard_ehlo_keyword_address_maps
postscreen_discard_ehlo_keywords = $smtpd_discard_ehlo_keywords
postscreen_enforce_tls = $smtpd_enforce_tls
postscreen_use_tls = $smtpd_use_tls
postscreen_expansion_filter = $smtpd_expansion_filter
postscreen_forbidden_commands = $smtpd_forbidden_commands
postscreen_greet_action = enforce
postscreen_greet_banner = Please Wait for SMTP
postscreen_greet_ttl = 1d
postscreen_greet_wait = ${stress?2}${stress:6}s
postscreen_helo_required = $smtpd_helo_required
postscreen_non_smtp_command_action = enforce
postscreen_non_smtp_command_enable = yes
postscreen_non_smtp_command_ttl = 30d
postscreen_pipelining_action = enforce
postscreen_pipelining_enable = yes
postscreen_pipelining_ttl = 30d
postscreen_post_queue_limit = $default_process_limit
postscreen_pre_queue_limit = $default_process_limit
postscreen_reject_footer = $smtpd_reject_footer
postscreen_tls_security_level = $smtpd_tls_security_level
postscreen_watchdog_timeout = 10s
smtpd_recipient_limit = 100
message_size_limit = 1000000000
notify_classes = bounce, delay, policy, protocol, resource, software
2bounce_notice_recipient = postmaster@mydomain.com
bounce_notice_recipient = postmaster@mydomain.com
delay_notice_recipient = postmaster@mydomain.com
error_notice_recipient = postmaster@mydomain.com


address_verify_sender = mydomain.com

Answer 1

没有使用“newaliases”命令更新别名。之后，它停止了使用@mail.mydomain.com的尝试。