用过sockd 的人都知道,slockd 并不是十分理想,白名单只能靠本地的,所以常常导至邮件不能正常接收,网上有很多postfix policy server,目前发现只有postfwd 十分强大,于是产生了用postfwd取代slockd 的想法,事实证明,postfwd 配置十分灵活,效果很理想,但是少了一个灰名单功能。
下面把我当前的配置文件展示一下:
# local white list //本地白名单,含机器名,IP,发件人
id=WL_001 ;action=OK ;client_name=file:/etc/postfwd/client_name_whitelist
id=WL_002 ;action=OK ;client_address=file:/etc/postfwd/client_address_whitelist
id=WL_003 ;action=OK ;sender=file:/etc/postfwd/sender_whitelist
# local back list //本地黑名单
id=BL_001 ;action=REJECT list on local client_name_backlist;client_name=file:/etc/postfwd/client_name_backlist
id=BL_002 ;action=REJECT list on local client_address_backlist;client_address=file:/etc/postfwd/client_address_backlist
id=BL_003 ;action=REJECT list on local sender_backlist ;sender=file:/etc/postfwd/sender_backlist
# limit rate //未知发件地址,限制发邮件数量
id=RATE_001; client_name==unknown; action=rate(client_address/5/300/450 4.7.1 only 5 recipients per 5 minutes allowed)
# Check HELO and reverse DNS //对EHLO 和DNS 过滤,有效过虑大部分ADSL 地址
id=SET_HELO;helo_name=^(\[|[^.]+$|.*?[0-9.-]{8});action=set(HIT_helo=1)
id=SET_NODNS;client_name=^unknown$;action=set(HIT_nodns=1)
id=REJECT_HELO_NODNS;HIT_helo==1; HIT_nodns==1;action=REJECT Blocked - Suspicious HELO [$$helo_name] and missing reverse DNS [$$client_address]
# dns white list //使用下面两个DNS 白名单,国内外大部分邮件运营商都可以快速通过
id=DNSWL_01; rbl=list.dnswl.org/^127/43200; action=OK
id=DNSWL_02; rbl=cml.anti-spam.org.cn/^127/43200; action=OK
# DNS RBL //国内的RBL 具体看 www.anti-spam.org.cn
id=RBL_001;rbl=cblplus.anti-spam.org.cn;action=REJECT Blocked on cblplus.anti-spam.org.cn
# 外国DNS黑名单,只要匹配两个地址以上,就拒绝,其实匹配一个想弄成灰名单的,,后来没有搞。
&&DNSBLS{
rbl=zen.spamhaus.org
rbl=bl.spamcop.net
rbl=dnsbl.sorbs.net
}
id=RBL_002;&&DNSBLS;rblcount=all;action=set(HIT_rbls=$$rblcount,HIT_dtxt=$$dnsbltext)
id=RBL_003;HIT_rbls>=2;action=REJECT Blocked on Multiple DNSBLs [$$HIT_dtxt]
启动方法
./postfwd-1.35 -f postfwd.cf -u vuser -g vgroup -d
参考资料:http://hege.li/howto/spam/etc/postfwd/postfwd.conf
http://www.postfix.org/SMTPD_POLICY_README.html
另外对extman功能作了些扩展。
转载请注明:爱开源 » 用postfwd取代extmail 的slockd