День добрый.
Конфиг main.cf ниже
#soft_bounce = no
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
#default_privs = nobody
# INTERNET HOST AND DOMAIN NAMES
myhostname = mx.mydomain.ru
mydomain = mydomain.ru
# SENDING MAIL
myorigin = $mydomain
# RECEIVING MAIL
inet_interfaces = all
mydestination = $myhostname, localhost, $mydomain
delay_warning_time = 4h
local_recipient_maps =
local_transport = error:local mail delivery is disable
unknown_local_recipient_reject_code = 550
message_size_limit = 30485760
mailbox_size_limit = 1048576
#maps_rbl_reject_code = 550
# TRUST AND RELAY CONTROL
mynetworks_style = subnet
mynetworks = 10.0.0.0/16, 127.0.0.0/8
relay_domains = hash:/etc/postfix/relay_domains
relay_recipient_maps = hash:/etc/postfix/relay_recipients
virtual_alias_maps = hash:/etc/postfix/virtual
transport_maps = hash:/etc/postfix/transport
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
#smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
#recipient_bcc_maps = hash:/etc/postfix/recipients_bcc
#sender_bcc_maps = hash:/etc/postfix/senders_bcc
#Архивация всей почты в этот ящик
always_bcc = backupl@backup.ru
unknown_address_reject_code = 554
unknown_hostname_reject_code = 554
unknown_client_reject_code = 554
unverified_sender_reject_code = 554
strict_rfc821_envelopes = yes
smtpd_hard_error_limit = 8
smtpd_helo_required = yes
smtp_always_send_ehlo = yes
disable_vrfy_command = yes
strict_mime_encoding_domain = no
smtpd_delay_reject = no
smtpd_reject_unlisted_sender = yes
show_user_unknown_table_name = no
address_verify_sender = <>
smtpd_timeout = 120s
smtp_helo_timeout = 60s
smtp_mail_timeout = 120s
smtp_rcpt_timeout = 90s
smtpd_error_sleep_time = 10s
smtpd_soft_error_limit = 8
smtpd_restriction_classes =
must_be_good_sender,
greylisting
must_be_good_sender =
check_sender_access hash:/etc/postfix/good_senders,
reject
greylisting = check_policy_service inet:127.0.0.1:10024
smtpd_etrn_restrictions = reject
smtpd_client_restrictions = permit_mynetworks,
sleep 5,
reject_unauth_pipelining
smtpd_helo_restrictions =
smtpd_sender_restrictions =
smtpd_recipient_restrictions =
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
permit_mynetworks,
permit_sasl_authenticated,
reject_unlisted_recipient,
reject_unauth_destination,
check_helo_access hash:/etc/postfix/helo_access,
check_client_access hash:/etc/postfix/access,
check_sender_access hash:/etc/postfix/bad_senders,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_unknown_reverse_client_hostname,
reject_rbl_client zen.spamhaus.org
# reject_rbl_client safe.dnsbl.sorbs.net
reject_rhsbl_sender dsn.rfc-ignorant.org
## check_client_access pcre:/etc/postfix/frequently_forged_senders.pcre,
## check_client_access pcre:/etc/postfix/dialups.pcre,
## reject_unlisted_sender,
## reject_unknown_client
## reject_unknown_hostname,
permit
smtpd_data_restrictions = reject_unauth_pipelining,
reject_multi_recipient_bounce,
permit
### Transport Layer Security ###
# Server side TLS
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_tls_key_file = /etc/postfix/ssl/mydomain.key
smtpd_tls_cert_file = /etc/postfix/ssl/mydomain.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.crt
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
# SASL
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_security_options = noanonymous
# Client side TLS
smtp_use_tls = yes
smtp_tls_key_file = /etc/postfix/ssl/mydomain.key
smtp_tls_cert_file = /etc/postfix/ssl/mydomain.crt
smtp_tls_CAfile = /etc/postfix/ssl/cacert.crt
smtp_tls_security_level = may
smtp_tls_note_starttls_offer = yes
# Misc TLS
tls_random_source = dev:/dev/urandom
# DELIVERY TO MAILBOX
#
#home_mailbox = Mailbox
#home_mailbox = Maildir/
mail_spool_directory = /var/spool/mail
#mailbox_command = /some/where/procmail
#mailbox_command = /some/where/procmail -a "$EXTENSION"
#mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
# JUNK MAIL CONTROLS
#header_checks = regexp:/etc/postfix/header_checks
# FAST ETRN SERVICE
#fast_flush_domains = $relay_domains
# SHOW SOFTWARE VERSION OR NOT
#smtpd_banner = $myhostname ESMTP $mail_name
#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
smtpd_banner = $myhostname Microsoft ESMTP MAIL Service, Version: 6.0.3790.1830
# PARALLEL DELIVERY TO THE SAME DESTINATION
#local_destination_concurrency_limit = 2
#default_destination_concurrency_limit = 20
# DEBUGGING CONTROL
#
debug_peer_level = 2
#debug_peer_list = 127.0.0.1
#debug_peer_list = some.domain
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
# INSTALL-TIME CONFIGURATION INFORMATION
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.3.3/samples
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
######################################
### ADDED BY MAILD-POSTFIX INSTALL ###
######################################
content_filter = scan:127.0.0.1:8025
receive_override_options = no_address_mappings
Интересует класс smtpd_restriction_classes. Там добавлено ограничение must_be_good_sender - в котором используется проверка отправителя.
Не совсем пойму - must_be_good_sender нигде больше в конфиге не используется, однако в карту good_senders заносились надежные отправители если postfix их рубил. Не я просто настраивал и не хотелось бы так с ходу ломать - разве check_sender_access с картой good_senders или must_be_good_sender (в качестве вставки в какую то еще карту) не должно использоваться где нибудь в smtpd_sender_restrictions или в smtpd_recipient_restrictions? Как бы в smtpd_recipient_restrictions есть check_sender_access с картой bad_senders - но в ней всего одна запись с параметром ОК.
У меня такой подозрение, что карта good_senders не работает...
Не просветите?
Спасибо.
