{"id":3124,"date":"2024-12-02T11:46:45","date_gmt":"2024-12-02T03:46:45","guid":{"rendered":"https:\/\/jir.idv.tw\/wordpress\/?p=3124"},"modified":"2025-08-07T13:56:44","modified_gmt":"2025-08-07T05:56:44","slug":"mail%e4%bc%ba%e6%9c%8d%e5%99%a8%e5%a6%82%e4%bd%95%e8%ae%93%e5%a4%96%e9%83%a8%e4%bf%a1%e4%bb%bb%e4%b8%bb%e6%a9%9f%ef%bc%8c%e7%9b%b8%e9%97%9c%e6%b8%ac%e8%a9%a6%e9%a9%97%e8%ad%89%e5%92%8c%e8%a8%ad","status":"publish","type":"post","link":"https:\/\/jir.idv.tw\/wordpress\/?p=3124","title":{"rendered":"MAIL\u4f3a\u670d\u5668Dovecot + Postfix + Mailscanner\u5b89\u88dd\uff0c\u7d00\u9304&#038;\u66f4\u65b0"},"content":{"rendered":"<p>\u7248\u672c\uff1a20241210-1<\/p>\n<p>\u79c1\u7db2\u6709\u67b6\u8a2d\u4e00\u500b\u4e00\u76f4\u4e0d\u5c0d\u5916\u4f7f\u7528\u7684\u79c1\u4eba\u90f5\u4ef6\u4f3a\u670d\u5668\uff0c\u4f46\u4e0d\u5e38\u614b\u4f7f\u7528\u7684\u539f\u56e0\u4e3b\u8981\u662f\u8003\u91cf\u55ae\u7d14\u500b\u4eba\u7814\u7a76\u7528\u4ee5\u5916\u3001\u5c0d\u65bc\u7ba1\u7406\u3001\u5b89\u5168\u6027\u548c\u53ef\u9760\u5ea6\u7d55\u5c0d\u4e0d\u53ca\u4e00\u822c\u5927\u773e\u719f\u77e5\u4f7f\u7528\u7684GMAIL\u3001YAHOO\u6216HOTMAIL\u670d\u52d9\u5546\u3002<br \/>\n\u76f8\u5b89\u5169\u7121\u4e8b\u7684\u597d\u9663\u5b50\u7684\u7136\u800c\u5ffd\u7136\u67d0\u5929\u958b\u59cb\uff0c\u4e00\u76f4\u56fa\u5b9a\u6703\u51fa\u73fe\u5947\u602a\u7684\u91e3\u9b5a\u4fe1\u4ef6(\u6050\u5687\u4fe1\u4ef6)\uff0c\u82b1\u4e86\u4e00\u9ede\u6642\u9593\u53cd\u67e5\u9ede\u6aa2\u76f8\u95dc\u8a2d\u5099\u96fb\u8166\u5011\u3001\u9678\u7e8c\u7559\u610f\u5230logwatch\u5176\u5be6\u883b\u591a\u5947\u602a\u7684\u5617\u8a66\u7834\u9580\u800c\u5165\u7684\u4e0d\u901f\u4e4b\u5ba2\u75d5\u8de1\u3002<br \/>\n\u5f8c\u4f86\u9678\u7e8c\u628afail2ban\u7684\u76e3\u7344\u76e3\u63a7\u6a21\u5f0f\u3001\u9632\u706b\u7246\u548c\u5c0d\u5916\u958b\u653e\u57e0\u91cd\u5be9\u3001VPN\u5167\u7db2\u5316\u5de5\u4f5c\uff0c\u4e5f\u8a66\u8457\u8abf\u6574\u6539\u5584\u9632\u5835\u5b8c\u6574\u3002<br \/>\n\u5269\u4e0b\u90f5\u4ef6\u4f3a\u670d\u5668\uff0c\u662f\u5fc5\u9808\u66b4\u9732\u5728\u5916\u7d66\u4eba\u4e82\u69cd\u6253\u9ce5\u5bc4\u5783\u573e\u4fe1\u548c\u91e3\u9b5a\u4fe1\uff0c\u9072\u65e9\u6703\u88ab\u9019\u4e9b\u7121\u804a\u4eba\u58eb\u767c\u73fe\u3001\u9678\u7e8c\u5bc4\u9001\u9019\u53f0\u79c1\u7db2\u90f5\u4ef6\u4e3b\u6a5f(\u7e31\u4f7f\u6211\u5167\u90e8\u7684\u90f5\u4ef6\u5730\u5740\u90fd\u9084\u6c92\u62ff\u53bb\u5916\u9762\u7528\u904e)\u3002<br \/>\n\u4e00\u8def\u7814\u7a76\u554f\u984c\u548c\u76f8\u95dc\u4e3b\u6a5f\u670d\u52d9\u7684\u8a2d\u5b9a\u4fee\u4fee\u6539\u6539\uff0c\u82b1\u5f88\u9577\u6642\u9593\u800c\u50ac\u751f\u51fa\u9019\u7bc7\u6574\u7406\u7684\u6587\u7ae0\u5f8c\u8a18\u3002<br \/>\n\u9806\u4fbf\u4e5f\u7d66\u81ea\u5df1\u56de\u9867\u548c\u8a18\u9304\u4e00\u4e0b\u76f8\u95dc\u7684\u67b6\u8a2d\u8a2d\u5b9a\uff0c\u7562\u7adf\u4e3b\u6a5f\u4e0a\u6b21\u4fee\u5fa9\u91cd\u704c\u5f8c\uff0c\u5e74\u9f61\u4e5f\u5df2\u7d93\u662f\u7d2f\u8a08\u8d77\u4f86\u3002<br \/>\n\u54ea\u5929\u8981\u518d\u91cd\u65b0\u5347\u7d1a\u6216\u5168\u65b0\u5b89\u88dd\uff0c\u81f3\u5c11\u9084\u8981\u6709\u500b\u7d00\u9304\u8b93\u6211\u80fd\u6700\u5feb\u901f\u7684\u53c3\u8003\u53bb\u5fa9\u539f&#8230;\u3002<br \/>\n<!--more--><\/p>\n<p><strong>\u7531\u65bc\u8003\u91cf\u5230\u9019\u662f\u5c6c\u65bc\u5f8c\u7e8c\u81ea\u5df1\u7de8\u4fee\u7684\uff0c\u800c\u4e14\u6709\u4e9b\u662f\u81ea\u5df1\u4e3b\u6a5f\u5728\u7528\u7684\u65b9\u5f0f\u548c\u505a\u6cd5\u3002<br \/>\n\u5982\u679c\u5404\u65b9\u597d\u53cb\u770b\u5230\u9019\u908a\u6587\u7ae0\u6709\u7591\u554f\u3001\u5efa\u8b70\u3001\u6216\u8005\u9069\u7528\u6027\uff0c\u8acb\u518d\u7559\u610f\u5f7c\u6b64\u7684\u5dee\u5225\u548c\u9700\u6c42\u505a\u8abf\u6574\u3002<br \/>\n\u6211\u9019\u908a\u76e1\u91cf\u628a\u61c2\u5f97\u548c\u53ef\u4ee5\u5448\u73fe\u7684\uff0c\u6574\u7406\u5728\u63a5\u8457\u7684\u8aaa\u660e\u689d\u5217\u3002<br \/>\n(\u56e0\u70ba\u6211\u4e5f\u82b1\u597d\u591a\u6642\u9593\u770b\u5225\u4eba\u7684\u8a2d\u5b9a\uff0c\u4f3c\u4e4e\u6700\u5f8c\u90fd\u6703\u6709\u81ea\u5df1\u5c08\u7528\u7684\u5ba2\u88fd\u5316\u8a2d\u5b9a\u9805\u76ee\u548c\u74b0\u5883\u61c9\u7528\uff0cXD)<\/strong><\/p>\n<p>\u56e0\u70ba\u6211\u7684idv.tw\u7db2\u57df\u548cDNS\u6b63\u53cd\u89e3\u90fd\u662f\u5916\u90e8\u8a17\u7ba1\u7684\uff0c\u4ee5\u4e0b\u5c31\u4e0d\u592a\u8b1b\u5230\u90a3\u908a\u7684\u90e8\u5206\uff0c\u91cd\u9ede\u5728\u95dc\u65bc\u81ea\u5df1\u4e3b\u6a5f\u958b\u653e\u670d\u52d9\uff0c\u4e3b\u984c\u5927\u6982\u5206\u9019\u6a23\uff1a<br \/>\n1.Postfix\u90f5\u4ef6\u4e3b\u6a5f<br \/>\n2.Mailscanner\u6574\u5408Clamav\u9632\u6bd2\u548cSpamassassin\u64cb\u5ee3\u544a\u8f14\u52a9\u90f5\u4ef6\u4e3b\u6a5f<br \/>\n3.Mailwatch\u8f14\u52a9\u5224\u8b80\u90f5\u4ef6\u4e3b\u6a5f+MS\u7684\u5de5\u4f5c\u72c0\u614b<\/p>\n<p><strong>1.dovecot POP3\/IMAP\u548cPostfix MTA\u90f5\u4ef6\u4e3b\u6a5f\u6536\u767c\u7cfb\u7d71<\/strong><br \/>\n\u5b89\u88dd\u76f8\u95dc\u7684\u5957\u4ef6<br \/>\n<code>sudo apt install postfix postfix-mysql postfix-policyd-spf-python dovecot-core dovecot-imapd dovecot-pop3d<\/code><br \/>\n\u7b2c\u4e00\u6b21\u5b89\u88dd\u7684\u8a71\uff0c\u53ef\u4ee5\u57f7\u884c\u9019\u500b\u7c21\u55ae\u7684\u5c0d\u8a71\u5f0f\u8a2d\u5b9a<br \/>\n<code>sudo dpkg-reconfigure postfix<\/code><\/p>\n<p>\u7136\u5f8c\u4f9d\u7167\u9700\u6c42\uff0c\u4fee\u6539<strong>\/etc\/postfix\/main.cf<\/strong>\u9019\u500b\u6a94\u6848\u3002<br \/>\n<code>sudo cp \/etc\/postfix\/main.cf \/etc\/postfix\/main.cf.origin<br \/>\nsudo nano \/etc\/postfix\/main.cf<\/p>\n<p>###<br \/>\n#mail_owner = postfix<br \/>\nmail_owner = postfix<br \/>\n#smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)<br \/>\nsmtpd_banner = $myhostname ESMTP<br \/>\nbiff = no<br \/>\n# appending .domain is the MUA's job.<br \/>\nappend_dot_mydomain = no<br \/>\nreadme_directory = no<br \/>\ncompatibility_level = 2<br \/>\n# TLS parameters\uff0c\u5229\u7528certbot\u5957\u4ef6\u751f\u6210\u7684SSL\u7c3d\u7ae0\uff0c\u6a94\u6848\u9023\u7d50\u9019\u88e1\u5229\u7528\u653e\u7f6e\u3002<br \/>\nsmtpd_tls_cert_file = \/etc\/letsencrypt\/live\/xxx.xxx.xxx.xxx\/fullchain.pem<br \/>\nsmtpd_tls_key_file = \/etc\/letsencrypt\/live\/xxx.xxx.xxx.xxx\/privkey.pem<br \/>\nsmtpd_tls_session_cache_database = btree:${data_directory}\/smtpd_scache<br \/>\nsmtpd_tls_security_level = may<br \/>\nsmtpd_tls_loglevel = 1<br \/>\n#Enable TLS Encryption when Postfix sends outgoing emails<br \/>\nsmtp_tls_security_level = may<br \/>\nsmtp_tls_loglevel = 1<br \/>\nsmtp_tls_session_cache_database = btree:${data_directory}\/smtp_scache<br \/>\n#Enforce TLSv1.3 or TLSv1.2<br \/>\nsmtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1<br \/>\nsmtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1<br \/>\nsmtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1<br \/>\nsmtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1<br \/>\n#<br \/>\nmyhostname = xxx.xxx.xxx.xxx<br \/>\nalias_maps = hash:\/etc\/aliases<br \/>\nalias_database = hash:\/etc\/aliases<br \/>\nmyorigin = \/etc\/mailname<br \/>\nmydestination = $myhostname, xxx.xxx.xxx.xxx, localhost<br \/>\n### RELAY to send mail out\u56e0\u7db2\u8def\u8d70\u4e2d\u83ef\u96fb\u4fe1\u7684\u7dda\u8def\uff0c\u4e2d\u7e7c\u90f5\u4ef6\u8d70HINET\u4e3b\u6a5f\u8f49\u5bc4\uff0c\u76ee\u7684\u662f\u964d\u4f4e\u88ab\u8aa4\u5224\u5783\u573e\u90f5\u4ef6\u3002<br \/>\n#relayhost =<br \/>\nrelayhost = [msa.hinet.net]<br \/>\n#<br \/>\nmynetworks = all<br \/>\nmailbox_size_limit = 0<br \/>\nrecipient_delimiter = +<br \/>\ninet_interfaces = all<br \/>\ninet_protocols = all<br \/>\n#<br \/>\nvirtual_alias_maps = hash:\/etc\/postfix\/virtual<br \/>\ntransport_maps = hash:\/etc\/postfix\/transport<br \/>\nrelay_recipient_maps = hash:\/etc\/postfix\/relay_recipients<br \/>\n#<br \/>\nsmtputf8_enable = no<br \/>\ndisable_vrfy_command = yes<br \/>\n### Rules from my server to receiver<br \/>\nsmtpd_recipient_restrictions =<br \/>\n   permit_mynetworks,<br \/>\n   permit_sasl_authenticated,<br \/>\n   reject_unauth_destination,<br \/>\n   reject_invalid_helo_hostname,<br \/>\n   reject_unknown_sender_domain,<br \/>\n   reject_unknown_recipient_domain,<br \/>\n   reject_unverified_sender,<br \/>\n   reject_non_fqdn_hostname,<br \/>\n   reject_non_fqdn_sender,<br \/>\n   reject_non_fqdn_recipient<br \/>\n### openDKIM + OpenDMARC<br \/>\nmilter_default_action = accept<br \/>\nmilter_protocol = 6<br \/>\nsmtpd_milters = inet:localhost:8891, local:opendmarc\/opendmarc.sock<br \/>\nnon_smtpd_milters = $smtpd_milters<br \/>\n### Using Dovecot to Deliver Email to Message Store<br \/>\nmailbox_transport = lmtp:unix:private\/dovecot-lmtp<br \/>\n### 1. Basical spam filter via regexp<br \/>\n### 2. Mailscanner function active<br \/>\nheader_checks = regexp:\/etc\/postfix\/header_checks<br \/>\n#body_checks = regexp:\/etc\/postfix\/body_checks<br \/>\n###<\/code><\/p>\n<p>\u63a5\u8457\u4f9d\u7167\u9700\u6c42\uff0c\u4fee\u6539<strong>\/etc\/postfix\/master.cf<\/strong>\u9019\u500b\u6a94\u6848\u3002<br \/>\n<code>sudo cp \/etc\/postfix\/master.cf \/etc\/postfix\/master.cf.origin<br \/>\nsudo nano \/etc\/postfix\/master.cf<\/p>\n<p>(...\u4ee5\u4e0a\u7565...)<br \/>\n#submission inet n       -       y       -       -       smtpd<br \/>\n#  -o syslog_name=postfix\/submission<br \/>\n#  -o smtpd_tls_security_level=encrypt<br \/>\n#  -o smtpd_sasl_auth_enable=yes<br \/>\n#  -o smtpd_tls_auth_only=yes<br \/>\n#  -o smtpd_reject_unlisted_recipient=no<br \/>\n#  -o smtpd_client_restrictions=$mua_client_restrictions<br \/>\n#  -o smtpd_helo_restrictions=$mua_helo_restrictions<br \/>\n#  -o smtpd_sender_restrictions=$mua_sender_restrictions<br \/>\n#  -o smtpd_recipient_restrictions=<br \/>\n#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject<br \/>\n#  -o milter_macro_daemon_name=ORIGINATING<br \/>\n### to open and secure port 587:<br \/>\nsubmission inet n       -       y       -       -       smtpd<br \/>\n  -o syslog_name=postfix\/submission<br \/>\n  -o smtpd_tls_security_level=may<br \/>\n  -o smtpd_sasl_auth_enable=yes<br \/>\n  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject<br \/>\n  -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject<br \/>\n  -o smtpd_sasl_type=dovecot<br \/>\n  -o smtpd_sasl_path=private\/auth<br \/>\n  -o smtpd_tls_wrappermode=no<\/p>\n<p>(...\u4e2d\u7565...)<br \/>\n#smtps     inet  n       -       y       -       -       smtpd<br \/>\n#  -o syslog_name=postfix\/smtps<br \/>\n#  -o smtpd_tls_wrappermode=yes<br \/>\n#  -o smtpd_sasl_auth_enable=yes<br \/>\n#  -o smtpd_reject_unlisted_recipient=no<br \/>\n#  -o smtpd_client_restrictions=$mua_client_restrictions<br \/>\n#  -o smtpd_helo_restrictions=$mua_helo_restrictions<br \/>\n#  -o smtpd_sender_restrictions=$mua_sender_restrictions<br \/>\n#  -o smtpd_recipient_restrictions=<br \/>\n#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject<br \/>\n#  -o milter_macro_daemon_name=ORIGINATING<br \/>\n### to open and secure port 465:<br \/>\nsmtps     inet  n       -       y       -       -       smtpd<br \/>\n  -o syslog_name=postfix\/smtps<br \/>\n  -o smtpd_tls_wrappermode=yes<br \/>\n  -o smtpd_tls_security_level=may<br \/>\n  -o smtpd_sasl_auth_enable=yes<br \/>\n  -o smtpd_sasl_type=dovecot<br \/>\n  -o smtpd_sasl_path=private\/auth<br \/>\n  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject<br \/>\n  -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject<br \/>\n  -o smtpd_tls_auth_only=yes<\/p>\n<p>(...\u4e2d\u7565...)<br \/>\nproxywrite unix -       -       n       -       1       proxymap<br \/>\nsmtp      unix  -       -       y       -       -       smtp<br \/>\nrelay     unix  -       -       y       -       -       smtp<br \/>\n### LOG\u591a\u7d00\u9304RELAY\u72c0\u614b\u7684\u8a0a\u606f\u3002<br \/>\n        -o syslog_name=postfix\/$service_name<br \/>\nshowq     unix  n       -       y       -       -       showq<br \/>\nerror     unix  -       -       y       -       -       error<br \/>\nretry     unix  -       -       y       -       -       error<\/p>\n<p>(...\u4ee5\u4e0b\u7565...)<\/code><\/p>\n<p>\u56e0\u5728main.cf\u6709\u5b9a\u7fa9\u4e00\u4e9b\u9805\u76ee\uff0c\u6240\u4ee5\u8981\u65b0\u589e\u548c\u4fee\u6539\u3002<br \/>\n<code>sudo touch \/etc\/postfix\/virtual<br \/>\nsudo touch \/etc\/postfix\/transport<br \/>\nsudo touch \/etc\/postfix\/relay_recipients<br \/>\nsudo touch \/etc\/postfix\/header_checks<br \/>\nsudo touch \/etc\/postfix\/body_checks<\/p>\n<p>sudo nano \/etc\/postfix\/virtual<br \/>\n### \u9019\u500b\u6a94\u6848\u662f\u6307\u5b9a\u67d0\u500b\u7cfb\u7d71\u4fe1\u4ef6\uff0c\u70ba\u8ab0\u4ee3\u7406\u7e3d\u63a5\u6536<br \/>\n# (\u4fe1\u7bb1)   (\u5e33\u865f)<br \/>\nadmin@xxx.xxx.xxx.xxx   OOO<br \/>\ndmarc-reports@xxx.xxx.xxx.xxx   OOO<br \/>\nwww-data@xxx.xxx.xxx.xxx   OOO<\/p>\n<p>sudo nano \/etc\/postfix\/header_checks<br \/>\n### Mailscanner function working<br \/>\n\/^Received:\/ HOLD<br \/>\n<\/code><\/p>\n<p>\u63a5\u8457\u662f\u4fee\u6539Dovecot\u7684\u670d\u52d9\u8a2d\u5b9a\uff0c\u6709\u5e7e\u500b\u6a94\u6848\u8981\u8abf\u6574\u4fee\u6539\u3002<br \/>\n<strong>\/etc\/dovecot\/dovecot.conf<\/strong><br \/>\n<code>sudo nano \/etc\/dovecot\/dovecot.conf<br \/>\n# Enable installed protocols<br \/>\n!include_try \/usr\/share\/dovecot\/protocols.d\/*.protocol<br \/>\n### added if need\uff0c\u56e0\u70ba\u6211\u6709\u8981\u67e5\u4fee\uff0c\u6240\u4ee5\u6703\u958b\u555f\u8a2d\u5b9aYES\u3002<br \/>\nmail_debug = yes<br \/>\n### added for LMTP\u5167\u7db2\u5e33\u865f\u7684\u529f\u80fd\u4fe1\u4ef6\u50b3\u905e\uff0c\u7136\u5f8c\u9810\u8a2d\u7684IMAP\u548cPOP3\u5f37\u5236\u8dd1\u52a0\u5bc6\u6a21\u5f0f<br \/>\n#protocols = imaps pop3s<br \/>\nprotocols = imap pop3 lmtp<\/p>\n<p># A comma separated list of IPs or hosts where to listen in for connections.<br \/>\n# \"*\" listens in all IPv4 interfaces, \"::\" listens in all IPv6 interfaces.<\/code><\/p>\n<p><strong>\/etc\/dovecot\/conf.d\/10-auth.conf<\/strong><br \/>\n<code>sudo nano \/etc\/dovecot\/conf.d\/10-auth.conf<br \/>\n(...\u4ee5\u4e0a\u7565...)<br \/>\n#disable_plaintext_auth = yes<br \/>\ndisable_plaintext_auth = yes<br \/>\n(...\u4e2d\u7565...)<br \/>\n#auth_username_format = %Lu<br \/>\nauth_username_format = %n<br \/>\n(...\u4e2d\u7565...)<br \/>\n#auth_mechanisms = plain<br \/>\nauth_mechanisms = plain login<br \/>\n(...\u4ee5\u4e0b\u7565...)<\/code><\/p>\n<p><strong>\/etc\/dovecot\/conf.d\/10-master.conf<\/strong><br \/>\n<code>sudo nano \/etc\/dovecot\/conf.d\/10-master.conf<br \/>\n(...\u4ee5\u4e0a\u7565...)<br \/>\nservice imap-login {<br \/>\n  inet_listener imap {<br \/>\n    #port = 143<br \/>\n    #port = 0<br \/>\n  }<br \/>\n  inet_listener imaps {<br \/>\n    port = 993<br \/>\n    ssl = yes<br \/>\n  }<br \/>\n(...\u4e2d\u7565...)<br \/>\nservice pop3-login {<br \/>\n  inet_listener pop3 {<br \/>\n    #port = 110<br \/>\n    #port = 0<br \/>\n  }<br \/>\n  inet_listener pop3s {<br \/>\n    port = 995<br \/>\n    ssl = yes<br \/>\n  }<br \/>\n}<br \/>\n(...\u4e2d\u7565...)<br \/>\nservice lmtp {<br \/>\n#  unix_listener lmtp {<br \/>\n    #mode = 0666<br \/>\n  unix_listener \/var\/spool\/postfix\/private\/dovecot-lmtp {<br \/>\n    mode = 0600<br \/>\n    user = postfix<br \/>\n    group = postfix<br \/>\n  }<\/p>\n<p>  # Create inet listener only if you can't use the above UNIX socket<br \/>\n  #inet_listener lmtp {<br \/>\n    # Avoid making LMTP visible for the entire internet<br \/>\n    #address =<br \/>\n    #port =<br \/>\n  #}<br \/>\n}<br \/>\n(...\u4e2d\u7565...)<br \/>\nservice auth {<br \/>\n  # auth_socket_path points to this userdb socket by default. It's typically<br \/>\n    (...\u4e2d\u7565...)<br \/>\n  # Postfix smtp-auth<br \/>\n  unix_listener \/var\/spool\/postfix\/private\/auth {<br \/>\n    #mode = 0666<br \/>\n    mode = 0660<br \/>\n    user = postfix<br \/>\n    #group = postdrop<br \/>\n    group = postfix<br \/>\n  }<br \/>\n    (...\u4e2d\u7565...)<br \/>\n}<br \/>\n(...\u4ee5\u4e0b\u7565...)<\/code><\/p>\n<p><strong>\/etc\/dovecot\/conf.d\/10-ssl.conf<\/strong><br \/>\n<code>sudo nano \/etc\/dovecot\/conf.d\/10-ssl.conf<br \/>\n(...\u4ee5\u4e0a\u7565...)<br \/>\n#ssl = required<br \/>\nssl = yes<br \/>\n(...\u4e2d\u7565...)<br \/>\n#ssl_cert = <\/etc\/dovecot\/private\/dovecot.pem\n#ssl_key = <\/etc\/dovecot\/private\/dovecot.key\nssl_cert = <\/etc\/letsencrypt\/live\/xxx.xxx.xxx.xxx\/fullchain.pem\nssl_key = <\/etc\/letsencrypt\/live\/xxx.xxx.xxx.xxx\/privkey.pem\n(...\u4e2d\u7565...)\n# Prefer the server's order of ciphers over client's.\n#ssl_prefer_server_ciphers = no\n#ssl_protocols = !SSLv3 !TLSv1 !TLSv1.1\nssl_prefer_server_ciphers = yes\nssl_min_protocol = TLSv1.2\n(...\u4ee5\u4e0b\u7565...)<\/code><\/p>\n<p><strong>\/etc\/dovecot\/conf.d\/20-imap.conf<\/strong><br \/>\n<code>sudo nano \/etc\/dovecot\/conf.d\/20-imap.conf<br \/>\n(...\u4ee5\u4e0a\u7565...)<br \/>\nprotocol imap {<br \/>\n  # Space separated list of plugins to load (default is global mail_plugins).<br \/>\n  #mail_plugins = $mail_plugins<\/p>\n<p>  # Maximum number of IMAP connections allowed for a user from each IP address.<br \/>\n  # NOTE: The username is compared case-sensitively.<br \/>\n  #mail_max_userip_connections = 10<br \/>\n}<br \/>\n#### added<br \/>\nmail_plugins = $mail_plugins<br \/>\nmailbox_list_index=yes<br \/>\nnamespace inbox {<br \/>\n#prefix<br \/>\nmailbox Trash {<br \/>\nauto = no<br \/>\nspecial_use = \\Trash<br \/>\n}<br \/>\nmailbox Drafts {<br \/>\nauto = no<br \/>\nspecial_use = \\Drafts<br \/>\n}<br \/>\nmailbox Sent {<br \/>\nauto = subscribe #autocreate<br \/>\nspecial_use = \\Sent<br \/>\n}<br \/>\nmailbox \"Sent Messages\" {<br \/>\nauto = no<br \/>\nspecial_use = \\Sent<br \/>\n}<br \/>\nmailbox Spam {<br \/>\nauto = create #auto creat but not subscribe<br \/>\nspecial_use = \\Junk<br \/>\n}<br \/>\nmailbox virtual\/All { #if a virtual message<br \/>\nauto = no<br \/>\nspecial_use = \\All<br \/>\n}<br \/>\n}<br \/>\n<\/code><\/p>\n<p><strong>2.Mailscanner\u6574\u5408Clamav\u9632\u6bd2\u548cSpamassassin\u64cb\u5ee3\u544a\u8f14\u52a9\u90f5\u4ef6\u4e3b\u6a5f<\/strong><br \/>\n\u5b89\u88ddMAILSCANNER\u5957\u4ef6(\u4ee5\u4e0b\u5c07\u6703\u7c21\u7a31\"MS\")\u4e4b\u524d\uff0c\u5148\u5b89\u88dd\u597d\u9632\u6bd2\u548c\u64cb\u5783\u573e\u4fe1\u7684\u5957\u4ef6\uff0c\u4e0d\u7136\u6703\u9047\u5230\u5b89\u88dd\u597dMAILSCANNER\u7d50\u679c\u4e0d\u6b63\u5e38\u529f\u80fd\uff0c\u67e5\u4fee\u627e\u539f\u56e0\u6703\u8017\u5728\u9019\u908a\u627e\u4e0d\u5230\u554f\u984c\u5594\u3002<br \/>\n<code>sudo apt install spamassassin clamav clamav-daemon<\/code><br \/>\n\u5148\u628a\u9632\u6bd2\u529f\u80fd\u958b\u6a5f\u555f\u7528\u548c\u4f7f\u7528\u3002<br \/>\n<code>sudo systemctl enable clamav-daemon<br \/>\nsudo systemctl enable clamav-freshclam<br \/>\nsudo systemctl start clamav-daemon <\/code><\/p>\n<p>\u5982\u679c\u8981\u52a0\u88dd\u984d\u5916\u7684\u75c5\u6bd2\u78bc\u652f\u63f4\uff0c\u53ef\u4ee5\u5230\u9019\u500b\u7db2\u7ad9\u8a3b\u518a\uff0c\u514d\u8cbb\u7684\u5e33\u865f\u6703\u63d0\u4f9b\u5e7e\u500b\u7db2\u5740\u4f7f\u7528\u66f4\u65b0\u75c5\u6bd2\u78bc\uff0c\u4f46\u662f\u770b\u8d77\u4f86\u50c5\u63d0\u4f9b\u4e00\u53f0\u4e3b\u6a5f\uff0c\u4ee5\u4e0a\u7684\u5c31\u8981\u4ed8\u8cbb\u3001\u800c\u4e14\u4ed8\u8cbb\u9084\u6703\u591a\u984d\u5916\u7684\u75c5\u6bd2\u78bc\u7db2\u5740\u3002<br \/>\n<a href=\"https:\/\/www.securiteinfo.com\/clamav-antivirus\/improve-detection-rate-of-zero-day-malwares-for-clamav.shtml?lg=en\" target=\"_blank\" rel=\"noopener\">https:\/\/www.securiteinfo.com\/clamav-antivirus\/improve-detection-rate-of-zero-day-malwares-for-clamav.shtml?lg=en<\/a><\/p>\n<p>\u7136\u5f8c\u5230\u5b98\u7db2\u6293\u6700\u65b0\u7684MAILSCANNER\uff1a<a href=\"https:\/\/github.com\/MailScanner\/v5\/releases\/\" target=\"_blank\" rel=\"noopener\">https:\/\/github.com\/MailScanner\/v5\/releases\/<\/a>\u3002<br \/>\n\u76ee\u524d\u6700\u65b0\u7684\u7248\u672c\uff1av5.5.3-2 Release\uff0c\u7136\u5f8c\u6211\u7684\u7cfb\u7d71\u662fUBUNTU\uff0c\u5247\u8981\u6293.deb\u7684\u6a94\u6848\u4f86\u5b89\u88dd\u524d\u5c0e\u7a0b\u5f0f\u3002<br \/>\n<code>cd ~\/Download\/<br \/>\nwget https:\/\/github.com\/MailScanner\/v5\/releases\/download\/5.5.3-2\/MailScanner-5.5.3-2.noarch.deb<br \/>\nsudo apt -y install .\/MailScanner-5.3.4-3.noarch.deb<\/code><\/p>\n<p>\u5b89\u88dd\u597dMAILSCANNER\u524d\u5c0e\u7a0b\u5f0f\u4ee5\u5f8c\uff0c\u5c31\u53ef\u4ee5\u6309\u7167\u5b83\u7684\u63d0\u9192\uff0c\u57f7\u884c\u5b89\u88dd\u6216\u66f4\u65b0\u3002<br \/>\n\u7b2c\u4e00\u6b21\u4e7e\u6de8\u7684\u7cfb\u7d71\uff0c\u5b83\u6703\u82b1\u883b\u591a\u6642\u9593\u5728\u4e0b\u8f09\u5b89\u88dd\u76f8\u95dc\u5fc5\u8981\u7684\u7a0b\u5f0f\u548c\u5957\u4ef6(Clamav\u548cSpamassassin\u8981\u81ea\u5df1\u5148\u5b89\u88dd\u5b8c\u6210)\u3002<br \/>\n\u6240\u4ee5\u8981\u8010\u5fc3\u7b49\u5f85\u4e0b\u8f09\u548c\u7de8\u8b6f\u3002<br \/>\n<code>sudo \/usr\/sbin\/ms-configure<\/code><\/p>\n<p>\u61c9\u8a72\u6703\u7b49\u597d\u4e00\u9663\u5b50\u624d\u6703\u5b8c\u6210MS\u5b89\u88dd\uff0c\u4e0d\u904e\u5148\u66ab\u6642\u95dc\u9589\u670d\u52d9\u3002<br \/>\n<code>sudo systemctl disable mailscanner<\/code><\/p>\n<p>\u7136\u5f8c\u8981\u4fee\u6539apparmor\u63a7\u5236\u7684\u6b0a\u9650\u9805\u76ee\uff0c\u627e\u500b\u9069\u5408\u7684\u4f4d\u7f6e\u52a0\u5165\u9019\u5169\u884c\u5b9a\u7fa9Mailscanner\u7684\u8b80\u5beb\u6b0a\u9650\u3002<br \/>\n<code>sudo nano \/etc\/apparmor.d\/usr.sbin.clamd<br \/>\n(...\u4ee5\u4e0a\u7565...)<br \/>\n  \/var\/spool\/qpsmtpd\/* r,<br \/>\n  \/var\/spool\/p3scan\/children\/** r,<br \/>\n  \/var\/spool\/havp\/** r,<\/p>\n<p>  # For use with MailScanner  added<br \/>\n  \/var\/spool\/MailScanner\/** rw,<br \/>\n  \/var\/spool\/MailScanner\/incoming\/** rw,<\/p>\n<p>  # For amavisd-new integration<br \/>\n  \/var\/lib\/amavis\/tmp\/** r,<br \/>\n  # For mimedefang integration<br \/>\n  \/var\/spool\/MIMEDefang\/mdefang-*\/Work\/ r,<br \/>\n  \/var\/spool\/MIMEDefang\/mdefang-*\/Work\/** r,<br \/>\n(...\u4ee5\u4e0b\u7565...)<\/code><\/p>\n<p>\u7136\u5f8c\u91cd\u65b0\u555f\u7528\u670d\u52d9\uff0c\u5916\u9762\u7684\u5206\u4eab\u6587\u7ae0\u770b\u5230\u8aaa\u660e\u662f\u91cd\u958b\u6a5f\u4e00\u6b21\u3002\u4f46\u662f\u6211\u7684\u4e3b\u6a5f\u5728\u6c92\u91cd\u958b\u6a5f\u7684\u60c5\u5f62\uff0c\u9019\u500b\u670d\u52d9\u662f\u80fd\u6b63\u5e38\u91cd\u65b0\u555f\u52d5\u7684\u4f7f\u7528\u3002<br \/>\n<code>sudo systemctl restart apparmor<\/code><\/p>\n<p>\u7136\u5f8c\uff0cPOSTFIX\u89f8\u767cmailscanner\u6709\u5169\u7a2e\u505a\u6cd5\uff1a<br \/>\n1. \/etc\/postfix\/header_checks\u52a0\u5165\u5f37\u5236HOLD\u6307\u4ee4\uff0c\u8b93Clamav\u548cSpamassassin\u6709\u6642\u9593\u53bb\u6383\u63cf\u548c\u91cb\u653e\u5230incoming\u767c\u9001\u3002\u4e5f\u662f\u6211\u9019\u908a\u6587\u7ae0\u8aaa\u660e\u7684\u4f5c\u6cd5\u3002<br \/>\n\/^Received:\/ HOLD<br \/>\n2. <a href=\"https:\/\/www.mailscanner.info\/postfix\/\" target=\"_blank\" rel=\"noopener\">\u5b98\u65b9<\/a>\u7684\u5b89\u88dd\u65b9\u5f0f\uff0c\u662f\u7528milter\u7684\u547c\u53ebQMQP port: 628\u3002\u4f46\u662f\u5f8c\u4f86\u6210\u529f\u555f\u7528\u5f8c\uff0c\u5c31\u61f6\u5f97\u5728\u5be6\u9a57\u9019\u500b\u662f\u4e0d\u662f\u4e5f\u4e00\u4e26\u6062\u5fa9\u6b63\u5e38\u3002<br \/>\n\u4ee5\u4e0a\u5169\u7a2e\u65b9\u5f0f\u90fd\u53ef\u4ee5\uff0c\u4f46\u662f\u547c\u53eb\u7684in\/out\u8cc7\u6599\u593e\u548c\u4f7f\u7528\u8005\/\u7fa4\u7d44\u6b0a\u9650\u8981\u7559\u610f\uff0c\u6709\u9ede\u4e0d\u540c\u3002<\/p>\n<p>\u518d\u4f86\uff0c\u8981\u628a\u4e00\u4e9b\u76f8\u95dc\u4fc2\u7684\u8cc7\u6599\u593e\u548c\u6b0a\u9650\u8a2d\u5b9a\u597d\u3002<br \/>\n<code>sudo mkdir \/var\/spool\/postfix\/hold<br \/>\nsudo mkdir \/var\/spool\/postfix\/incoming<\/p>\n<p>sudo chown postfix. \/var\/spool\/postfix\/hold<br \/>\nsudo chown postfix. \/var\/spool\/postfix\/incoming<\/p>\n<p>sudo chown postfix. \/var\/spool\/MailScanner\/incoming<br \/>\nsudo chown postfix. \/var\/spool\/MailScanner\/quarantine<\/p>\n<p>sudo mkdir \/var\/spool\/MailScanner\/spamassassin<br \/>\nsudo chown postfix.postfix \/var\/spool\/MailScanner\/spamassassin<\/code><\/p>\n<p>\u7136\u5f8c\uff0cpostfix\u8cc7\u6599\u593e\u8981map\u6a94\u6848\u66f4\u65b0\u8a2d\u5b9a\uff0c\u53ef\u4ee5\u5beb\u4e00\u500b.sh\u57f7\u884c\u64cb\u4f86\u7c21\u6613\u64cd\u4f5c\u3002<br \/>\n<code>sudo nano \/usr\/local\/etc\/postfix-db<br \/>\nsudo chmod a+x  \/usr\/local\/etc\/postfix-db<br \/>\nsudo \/usr\/local\/etc\/postfix-db<\/code><br \/>\n\u5167\u5bb9\u70ba\uff1a<br \/>\n<code>#!\/bin\/sh<br \/>\ncd \/etc\/postfix<br \/>\nnewaliases<br \/>\n\/usr\/sbin\/postmap \/etc\/postfix\/virtual<br \/>\n\/usr\/sbin\/postmap \/etc\/postfix\/transport<br \/>\n\/usr\/sbin\/postmap \/etc\/postfix\/access<br \/>\n\/usr\/sbin\/postmap \/etc\/postfix\/relay_recipients<\/code><\/p>\n<p>\u8a2d\u5b9a\u5230\u9019\u88e1\uff0c\u5e7e\u4e4e\u5feb\u8981\u5b8c\u6210\u5168\u90e8\u67b6\u8a2d\u4e86\u5594!<br \/>\n\u518d\u4f86\u53bbMS\u8a2d\u5b9a\/etc\/MailScanner\/MailScanner.conf\u53c3\u6578\u503c\u3002<br \/>\n\u9019\u5e7e\u884c\u4fee\u6539\u9019\u6a23\uff1a<br \/>\n<code>sudo nano \/etc\/MailScanner\/MailScanner.conf<br \/>\n#<br \/>\nRun As User = postfix<br \/>\nRun As Group = postfix<br \/>\nIncoming Queue Dir = \/var\/spool\/postfix\/hold<br \/>\nOutgoing Queue Dir = \/var\/spool\/postfix\/incoming<br \/>\nMTA = postfix<br \/>\nClamd Socket = \/var\/run\/clamav\/clamd.ctl<br \/>\nSpamAssassin User State Dir = \/var\/spool\/MailScanner\/spamassassin<br \/>\nMultiple Headers = add<br \/>\nPlace New Headers At Top Of Message = yes<br \/>\n<\/code><\/p>\n<p>\u7136\u5f8cCLAMAV\u9632\u6bd2\u8a2d\u5b9a\u6a94\u8981\u518d\u8abf\u6574\u5e7e\u500b\u53c3\u6578\u503c\u3002<br \/>\n<code>sudo nano \/etc\/clamav\/clamd.conf<br \/>\n#<br \/>\nLocalSocketGroup mtagroup<\/code><\/p>\n<p>\u76f8\u95dc\u7684\u6b0a\u9650\u4e5f\u8981\u8abf\u6574\uff1a<br \/>\n<code>sudo chown -R postfix.mtagroup  \/etc\/clamav\/<br \/>\nsudo usermod -a -G mtagroup postfix<br \/>\nsudo usermod -a -G mtagroup clamav<\/code><\/p>\n<p>\u8b93MS\u9810\u8a2d\u555f\u52d5\u3002<br \/>\n<code>sudo nano \/etc\/MailScanner\/defaults<br \/>\n#<br \/>\nrun_mailscanner = 1<\/code><\/p>\n<p>\u555f\u52d5\u9810\u8a2d\u958b\u6a5f\u548c\u958b\u59cb\u4f7f\u7528\u3002<br \/>\n<code>sudo systemctl enable postfix spamassassin dovecot clamav-daemon opendkim mailscanner<br \/>\nsudo systemctl restart postfix spamassassin dovecot clamav-daemon opendkim mailscanner<\/code><\/p>\n<p>\u7406\u8ad6\u4e0a\u61c9\u8a72\u8981\u80fd\u6b63\u5e38\u958b\u59cb\u4f7f\u7528\u3002<br \/>\n\u800c\u4e14\u6e2c\u8a66\u8f38\u51fa\u6aa2\u67e5\u61c9\u8a72\u6703\u6a21\u64ec\u6383\u5230\u75c5\u6bd2\u7684\u6210\u529f\u901a\u77e5\u3002<br \/>\n<code>sudo MailScanner --lint<\/code><\/p>\n<p>\u7136\u5f8c\uff0c\u9019\u6b21\u7684\u904e\u7a0b\u4e2d\u6240\u6478\u7d22\u51fa\u5de5\u4f5c\u65b9\u5f0f\uff0c\u662f\u628aDOVECOT\u63a5\u6536\u5230\u7684\u4fe1\u4ef6\uff0c\u653e\u5230\/var\/spool\/postfix\/hold\u3002<br \/>\nMS\u7684\u914d\u7f6e\uff0c\/var\/spool\/postfix\/hold\u5167\u7684\u6a94\u6848\uff0c\u6703\u6709\u653e\u7f6e\u8655\u7406\u6642\u9593\u8b93Clamav\u6383\u6bd2\u548cSpamassassin\u6383\u5783\u573e\u4fe1\u3002<br \/>\n\u7b49\u5b89\u5168\u6392\u9664\u653e\u884c\u5f8c\uff0c\u5c31\u628a\u76f8\u95dc\u4fe1\u4ef6\u8f49\u79fb\u5230\/var\/spool\/postfix\/incoming\uff0cPOSTFIX\u5c31\u6703\u53d6\u4ef6\u9001\u9054\u5230\u5404\u500b\u4f7f\u7528\u8005\u5e33\u865f\u7684\u9580\u724c\u5730\u5740\u3002<br \/>\nMS\u7684\u6383\u7784\u4f5c\u696d\u6642\u9593\uff0c\u6709\u9577\u6709\u77ed\uff0c\u770b\u7576\u4e0b\u8a2d\u5099\u7684\u5de5\u4f5c\u6392\u7a0b\uff0c\u4e0d\u904e\u9019\u5e7e\u6b21\u7684\u7d93\u9a57\u61c9\u8a72\u6709<5\u5206\u9418\u7684\u5dee\u7570\u6027\u3002\n\u5982\u679c\u6015\u907a\u6f0f\u4ec0\u9ebc\uff0c\u6216\u662f\u529f\u80fd\u9664\u932f\u4e0d\u7406\u89e3\u662f\u54ea\u4e00\u6bb5\u6709\u7570\u5e38(\u50cf\u6211\u800d\u7b28\u597d\u9663\u5b50\u5728\u627e\u539f\u56e0\u70ba\u4ec0\u9ebc\u4fe1\u6709\u9032\u4f86\uff0c\u90fd\u5bc4\u4e0d\u51fa\u53bb)\u3002\n\u53ef\u4ee5\u8a66\u8457\u52a0\u88dd<a href=\"https:\/\/github.com\/mailwatch\/MailWatch\" target=\"_blank\" rel=\"noopener\">MailWatch (https:\/\/github.com\/mailwatch\/MailWatch)<\/a>\u9019\u500b\u5957\u4ef6\u4f86\u8f14\u52a9\u53ef\u8996\u5316\u7ba1\u7406\u548c\u770b\u72c0\u614b\u3002<br \/>\n\u56e0\u70ba\u9019\u500b\u662f\u8dd1\u7db2\u9801\u548cSQL\u7684\u904b\u4f5c\uff0c\u6240\u4ee5\u8a18\u5f97\u505a\u597d\u5167\u7db2\u672c\u6a5f\u700f\u89bd\u9650\u5b9a\uff0c\u4ee5\u53ca\u7368\u7acb\u4e00\u7d44\u5e33\u865f\u5bc6\u78bc\u7ba1\u7406\u3002\u6e1b\u5c11\u88ab\u5916\u90e8\u7121\u804a\u4eba\u58eb\u53bb\u591a\u500b\u6a5f\u6703\u8e39\u5f8c\u9580\u3002<br \/>\n\u5b89\u88dd\u7684\u6559\u5b78\u53ef\u4ee5\u53c3\u8003\u9019\u7bc7\uff1a<a href=\"https:\/\/docs.mailwatch.org\/install\/installing.html\" target=\"_blank\" rel=\"noopener\">https:\/\/docs.mailwatch.org\/install\/installing.html<\/a>\uff0cSQL\u7684\u65b0\u5efa\u5e33\u865f\u6307\u4ee4\u6709\u4e00\u4e9b\u65b0\u7248\u8abf\u6574\u7684\u6307\u4ee4\u8a9e\u6cd5\uff0c\u8981\u7559\u610f\u3002<\/p>\n<p><strong>2025.08.07 UPDATED:<\/strong><br \/>\n\u932f\u8aa4\u8a0a\u606f\uff1a<br \/>\n<code>0.00 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http:\/\/wiki.apache.org\/spamassassin\/DnsBlocklists\\#dnsbl-block for more information.<br \/>\n0.00 URIBL_DBL_BLOCKED_OPENDNS ADMINISTRATOR NOTICE: The query to dbl.spamhaus.org was blocked due to usage of an open resolver. See https:\/\/www.spamhaus.org\/returnc\/pub\/<\/code><\/p>\n<p>Mailscanner\u5b89\u88dd\u7684SpamAssassin\u6383\u5ee3\u544a\u91e3\u9b5a\u7684\u5957\u4ef6\uff0c\u6703\u8981\u6c42\u90f5\u4ef6\u4f3a\u670d\u5668\u8981\u6709\u5167\u89e3\u7684DNS\u624d\u80fd\u53bb\u67e5\u8a62\u7db2\u8def\u7684Spamhaus\u9019\u985e\u670d\u52d9\u5546\u53cd\u5783\u573e\u90f5\u4ef6\u6e05\u55ae\u3002<br \/>\n\u4f46\u662f\u81ea\u5df1\u7684\u4e3b\u6a5f\u6709\u53ef\u80fd\u4e26\u6c92\u6709DNS\u53cd\u89e3\u7684\u529f\u80fd(\u56e0\u70ba\u6211\u90fd\u639b\u5916\u90e8\u7684DNS\u4e3b\u6a5f\u4e86)<br \/>\n\u89e3\u6cd5\u53ef\u4ee5\u9019\u6a23\u5617\u8a66\uff1a<br \/>\nsudo apt-get update<br \/>\nsudo apt-get install unbound<br \/>\nnano \/etc\/systemd\/resolved.conf<br \/>\n\u628aDNS\u90a3\u6b04\u6539\u6210\u81ea\u5df1\u7684\u672c\u6a5fIP\u505a\u67e5\u8a62<br \/>\n[Resolve]<br \/>\n#DNS=192.168.0.2 192.168.0.113 1.1.1.1 8.8.8.8 168.95.192.1<br \/>\nDNS=127.0.0.1<\/p>\n<p>\u5b58\u6a94\uff0c\u91cd\u65b0\u555f\u7528\u670d\u52d9<br \/>\nsudo systemctl restart systemd-resolved<\/p>\n<p>\u9019\u6642\u5019\u6307\u4ee4\u67e5\u7db2\u5740\uff0c\u61c9\u8a72\u8981\u80fd\u6b63\u5e38\u89e3\u78bc\u51faIP\u503c\u3002<br \/>\nnslookup google.com<br \/>\nServer: 127.0.0.1<br \/>\nAddress: 127.0.0.1#53<br \/>\nNon-authoritative answer:<br \/>\nName: google.com<br \/>\nAddress: 142.250.204.46<br \/>\nName: google.com<br \/>\nAddress: 2404:6800:4012:7::200e<\/p>\n<p>\u67e5\u8a62DNS\u768453 PORT\uff0c\u61c9\u8a72\u6703\u770b\u5230\u9019\u500b\u3002<br \/>\nsudo netstat -tulpn | grep 53<br \/>\ntcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      2841456\/unbound<br \/>\ntcp6       0      0 ::1:53                  :::*                    LISTEN      2841456\/unbound<br \/>\nudp6       0      0 ::1:53                  :::*                                2841456\/unbound<br \/>\nudp6       0      0 ::1:53                  :::*                                2841456\/unbound <\/p>\n<p>\u9019\u6a23\u7684\u72c0\u614b\uff0c\u61c9\u8a72\u53ef\u4ee5\u770b\u5230mailwatch\u5c31\u4e0d\u6703\u6709\u67e5\u8a62\u7684\u932f\u8aa4\u4e86\u3002<\/p>\n<p>\u5176\u4ed6\u53c3\u8003\u6587\u7ae0\uff1a<br \/>\n<strong>DNS\u3001MAIL\u4f3a\u670d\u5668\u67b6\u8a2d\u5f8c\uff0c\u9a57\u8b49\u662f\u5426\u7b26\u5408\u76f8\u95dc\u898f\u7bc4\u7684\u529f\u80fd\u6e2c\u8a66\u7db2\u7ad9\uff1a<\/strong><br \/>\n<a href=\"https:\/\/www.checktls.com\/TestReceiver\" target=\"_blank\" rel=\"noopener\">https:\/\/www.checktls.com\/TestReceiver<\/a><br \/>\n<a href=\"https:\/\/www.mail-tester.com\/\" target=\"_blank\" rel=\"noopener\">https:\/\/www.mail-tester.com\/<\/a> PS.\u6709\u4e00\u5929\u4e09\u6b21\u7684\u514d\u8cbb\u9650\u5236<br \/>\n<a href=\"https:\/\/dkimvalidator.com\/\" target=\"_blank\" rel=\"noopener\">https:\/\/dkimvalidator.com\/<\/a><br \/>\n<a href=\"https:\/\/mxtoolbox.com\/\" target=\"_blank\" rel=\"noopener\">https:\/\/mxtoolbox.com\/<\/a><br \/>\n<a href=\"https:\/\/toolbox.googleapps.com\/apps\/checkmx\" target=\"_blank\" rel=\"noopener\">https:\/\/toolbox.googleapps.com\/apps\/checkmx<\/a><br \/>\n<a href=\"https:\/\/www.kitterman.com\/spf\/validate.html\" target=\"_blank\" rel=\"noopener\">https:\/\/www.kitterman.com\/spf\/validate.html<\/a><br \/>\n<a href=\"https:\/\/openresolver.com\/\" target=\"_blank\" rel=\"noopener\">https:\/\/openresolver.com\/<\/a><\/p>\n<p><strong>\u95dc\u65bcPOSTFIX\u4f3a\u670d\u5668\u7684\u76f8\u95dc\u8a2d\u5b9a\u6587\u7ae0\uff1a<\/strong><br \/>\n<a href=\"https:\/\/ubuntu.com\/server\/docs\/install-and-configure-postfix\" target=\"_blank\" rel=\"noopener\">https:\/\/ubuntu.com\/server\/docs\/install-and-configure-postfix<\/a><br \/>\n<a href=\"https:\/\/ubuntu.com\/server\/docs\/install-and-configure-dovecot\" target=\"_blank\" rel=\"noopener\">https:\/\/ubuntu.com\/server\/docs\/install-and-configure-dovecot<\/a><br \/>\n<a href=\"https:\/\/www.ztabox.com\/knowledgebase_article.php?id=87\" target=\"_blank\" rel=\"noopener\">\u5728 Postfix\/Dovecot \u90f5\u4ef6\u4f3a\u670d\u5668\u4e0a\u5b89\u88dd\u4e26\u8a2d\u5b9a SSL<\/a><br \/>\n<a href=\"https:\/\/www.tuxnoob.com\/posts\/Install-and-Configure-Mail-Server-ubuntu-part1\/\" target=\"_blank\" rel=\"noopener\">https:\/\/www.tuxnoob.com\/posts\/Install-and-Configure-Mail-Server-ubuntu-part1\/<\/a><br \/>\n<a href=\"https:\/\/www.tuxnoob.com\/posts\/Install-and-Configure-Mail-Server-ubuntu-part2\/\" target=\"_blank\" rel=\"noopener\">https:\/\/www.tuxnoob.com\/posts\/Install-and-Configure-Mail-Server-ubuntu-part2\/<\/a><\/p>\n<p><strong>\u555f\u7528\u8a2d\u5b9aSPF\u3001DKIM\u3001DMARC\u7684\u53c3\u8003\u8aaa\u660e\uff1a<\/strong><br \/>\n<a href=\"https:\/\/wiki.debian.org\/opendkim\" target=\"_blank\" rel=\"noopener\">https:\/\/wiki.debian.org\/opendkim<\/a><br \/>\n<a href=\"https:\/\/www.linuxbabe.com\/mail-server\/opendmarc-postfix-ubuntu\" target=\"_blank\" rel=\"noopener\">https:\/\/www.linuxbabe.com\/mail-server\/opendmarc-postfix-ubuntu<\/a><br \/>\n<a href=\"https:\/\/www.richesinfo.com.tw\/index.php\/mxmail\/mxmail-faq\/267-dkim-dmarc\" target=\"_blank\" rel=\"noopener\">https:\/\/www.richesinfo.com.tw\/index.php\/mxmail\/mxmail-faq\/267-dkim-dmarc<\/a><br \/>\n<a href=\"https:\/\/makeityourway.de\/enabling-spf-sender-policy-framework-checking-on-postfix\/\" target=\"_blank\" rel=\"noopener\">https:\/\/makeityourway.de\/enabling-spf-sender-policy-framework-checking-on-postfix\/<\/a><\/p>\n<p><strong>\u95dc\u65bcMAILSCANNER\u8f14\u52a9\u90f5\u4ef6\u4f3a\u670d\u5668\u76f8\u95dc\u7684\u8a2d\u5b9a\u6587\u7ae0\uff1a<\/strong><br \/>\n<a href=\"https:\/\/reintech.io\/blog\/configure-secure-email-gateway-mailscanner-ubuntu\" target=\"_blank\" rel=\"noopener\">https:\/\/reintech.io\/blog\/configure-secure-email-gateway-mailscanner-ubuntu<\/a><br \/>\n<a href=\"https:\/\/blog.pmail.idv.tw\/?p=14396\" target=\"_blank\" rel=\"noopener\">https:\/\/blog.pmail.idv.tw\/?p=14396<\/a><br \/>\n<a href=\"https:\/\/vanderboon.net\/2021\/06\/01\/installing-mailscanner-5-3-with-postfix-on-ubuntu-20-04-lts\/\" target=\"_blank\" rel=\"noopener\">https:\/\/vanderboon.net\/2021\/06\/01\/installing-mailscanner-5-3-with-postfix-on-ubuntu-20-04-lts\/<\/a><br \/>\n<a href=\"https:\/\/github.com\/MailScanner\/v5\/issues\/529\" target=\"_blank\" rel=\"noopener\">https:\/\/github.com\/MailScanner\/v5\/issues\/529<\/a><br \/>\n<a href=\"https:\/\/www.mailscanner.info\/postfix\/\" target=\"_blank\" rel=\"noopener\">https:\/\/www.mailscanner.info\/postfix\/<\/a><\/p>\n<p><strong>\u5176\u4ed6\u53ef\u80fd\u6703\u7528\u5230\u7684\u53c3\u8003\uff1a<\/strong><br \/>\n<a href=\"https:\/\/bobcares.com\/blog\/clamav-postfix\/\" target=\"_blank\" rel=\"noopener\">https:\/\/bobcares.com\/blog\/clamav-postfix\/<\/a><br \/>\n<a href=\"https:\/\/help.ubuntu.com\/community\/PostfixAmavisNew\" target=\"_blank\" rel=\"noopener\">https:\/\/help.ubuntu.com\/community\/PostfixAmavisNew<\/a><br \/>\n<a href=\"https:\/\/docs.vultr.com\/how-to-install-spamassassin-with-postfix-on-ubuntu\" target=\"_blank\" rel=\"noopener\">https:\/\/docs.vultr.com\/how-to-install-spamassassin-with-postfix-on-ubuntu<\/a><br \/>\n<a href=\"https:\/\/kafeiou.pw\/2022\/10\/27\/4351\/%E5%9C%8B%E9%9A%9B%E6%93%8B%E5%BB%A3%E5%91%8A%E7%B5%84%E7%B9%94spamhaus-%E6%8F%90%E4%BE%9B-dqs-%E6%9C%8D%E5%8B%99\/\" target=\"_blank\" rel=\"noopener\">https:\/\/kafeiou.pw\/2022\/10\/27\/4351\/%E5%9C%8B%E9%9A%9B%E6%93%8B%E5%BB%A3%E5%91%8A%E7%B5%84%E7%B9%94spamhaus-%E6%8F%90%E4%BE%9B-dqs-%E6%9C%8D%E5%8B%99\/<\/a>  PS.\u4ed8\u8cbb\u7684\u6a94\u4fe1\u670d\u52d9<br \/>\n<a href=\"https:\/\/think.unblog.ch\/en\/how-to-use-sender-policy-framework-on-debian-server\/\" target=\"_blank\" rel=\"noopener\">https:\/\/think.unblog.ch\/en\/how-to-use-sender-policy-framework-on-debian-server\/<\/a>  PS.\u4ed8\u8cbb\u7684\u6a94\u4fe1\u670d\u52d9<br \/>\n<a href=\"https:\/\/aprilsoftware.github.io\/personal-cloud\/debian\/bullseye\/email\/howto.html\" target=\"_blank\" rel=\"noopener\">https:\/\/aprilsoftware.github.io\/personal-cloud\/debian\/bullseye\/email\/howto.html<\/a>  PS. spamass-milter<br \/>\n<a href=\"https:\/\/github.com\/andybalholm\/spamass-milter\/issues\/9\" target=\"_blank\" rel=\"noopener\">https:\/\/github.com\/andybalholm\/spamass-milter\/issues\/9<\/a>  PS. spamass-milter + POSTFIX\u8981\u4fee\u6b63\u7684\u8ffd\u52a0\u6558\u8ff0(spamass-milter: Could not retrieve sendmail macro i  Please add it to confMILTER_MACROS_ENVFROM for better spamassassin results)<\/p>\n<p><strong>\u628apostfix\u9810\u8a2d\u653embox\u7684\u820a\u6a94\u6848\uff0c\u6539\u6210maildir\u5230\u500b\u4eba\u4fe1\u7bb1\u7684\u65b9\u6cd5\uff1a<\/strong><br \/>\n<a href=\"https:\/\/danielpocock.com\/converting-from-unix-mbox-mailbox-to-maildir\/\" target=\"_blank\" rel=\"noopener\">https:\/\/danielpocock.com\/converting-from-unix-mbox-mailbox-to-maildir\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u7248\u672c\uff1a20241210-1 \u79c1\u7db2\u6709\u67b6\u8a2d\u4e00\u500b\u4e00\u76f4\u4e0d\u5c0d\u5916\u4f7f\u7528\u7684\u79c1\u4eba\u90f5\u4ef6\u4f3a\u670d\u5668\uff0c\u4f46\u4e0d\u5e38\u614b\u4f7f\u7528\u7684\u539f\u56e0\u4e3b\u8981\u662f\u8003\u91cf\u55ae\u7d14\u500b\u4eba\u7814\u7a76\u7528\u4ee5\u5916\u3001\u5c0d\u65bc\u7ba1\u7406\u3001\u5b89\u5168\u6027\u548c\u53ef\u9760\u5ea6\u7d55\u5c0d\u4e0d\u53ca\u4e00\u822c\u5927\u773e\u719f\u77e5\u4f7f\u7528\u7684GMAIL\u3001YAHOO\u6216HOTMAIL\u670d\u52d9\u5546\u3002 \u76f8\u5b89\u5169\u7121\u4e8b\u7684\u597d\u9663\u5b50\u7684\u7136\u800c\u5ffd\u7136\u67d0\u5929\u958b\u59cb\uff0c\u4e00\u76f4\u56fa\u5b9a\u6703\u51fa\u73fe\u5947\u602a\u7684\u91e3\u9b5a\u4fe1\u4ef6(\u6050\u5687\u4fe1\u4ef6)\uff0c\u82b1\u4e86\u4e00\u9ede\u6642\u9593\u53cd\u67e5\u9ede\u6aa2\u76f8\u95dc\u8a2d\u5099\u96fb\u8166\u5011\u3001\u9678\u7e8c\u7559\u610f\u5230logwatch\u5176\u5be6\u883b\u591a\u5947\u602a\u7684\u5617\u8a66\u7834\u9580\u800c\u5165\u7684\u4e0d\u901f\u4e4b\u5ba2\u75d5\u8de1\u3002 \u5f8c\u4f86\u9678\u7e8c\u628afail2ban\u7684\u76e3\u7344\u76e3\u63a7\u6a21\u5f0f\u3001\u9632\u706b\u7246\u548c\u5c0d\u5916\u958b\u653e\u57e0\u91cd\u5be9\u3001VPN\u5167\u7db2\u5316\u5de5\u4f5c\uff0c\u4e5f\u8a66\u8457\u8abf\u6574\u6539\u5584\u9632\u5835\u5b8c\u6574\u3002 \u5269\u4e0b\u90f5\u4ef6\u4f3a\u670d\u5668\uff0c\u662f\u5fc5\u9808\u66b4\u9732\u5728\u5916\u7d66\u4eba\u4e82\u69cd\u6253\u9ce5\u5bc4\u5783\u573e\u4fe1\u548c\u91e3\u9b5a\u4fe1\uff0c\u9072\u65e9\u6703\u88ab\u9019\u4e9b\u7121\u804a\u4eba\u58eb\u767c\u73fe\u3001\u9678\u7e8c\u5bc4\u9001\u9019\u53f0\u79c1\u7db2\u90f5\u4ef6\u4e3b\u6a5f(\u7e31\u4f7f\u6211\u5167\u90e8\u7684\u90f5\u4ef6\u5730\u5740\u90fd\u9084\u6c92\u62ff\u53bb\u5916\u9762\u7528\u904e)\u3002 \u4e00\u8def\u7814\u7a76\u554f\u984c\u548c\u76f8\u95dc\u4e3b\u6a5f\u670d\u52d9\u7684\u8a2d\u5b9a\u4fee\u4fee\u6539\u6539\uff0c\u82b1\u5f88\u9577\u6642\u9593\u800c\u50ac\u751f\u51fa\u9019\u7bc7\u6574\u7406\u7684\u6587\u7ae0\u5f8c\u8a18\u3002 \u9806\u4fbf\u4e5f\u7d66\u81ea\u5df1\u56de\u9867\u548c\u8a18\u9304\u4e00\u4e0b\u76f8\u95dc\u7684\u67b6\u8a2d\u8a2d\u5b9a\uff0c\u7562\u7adf\u4e3b\u6a5f\u4e0a\u6b21\u4fee\u5fa9\u91cd\u704c\u5f8c\uff0c\u5e74\u9f61\u4e5f\u5df2\u7d93\u662f\u7d2f\u8a08\u8d77\u4f86\u3002 \u54ea\u5929\u8981\u518d\u91cd\u65b0\u5347\u7d1a\u6216\u5168\u65b0\u5b89\u88dd\uff0c\u81f3\u5c11\u9084\u8981\u6709\u500b\u7d00\u9304\u8b93\u6211\u80fd\u6700\u5feb\u901f\u7684\u53c3\u8003\u53bb\u5fa9\u539f&#8230;\u3002<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_post_was_ever_published":false},"categories":[4],"tags":[],"class_list":["post-3124","post","type-post","status-publish","format-standard","hentry","category-4"],"jetpack_featured_media_url":"","jetpack-related-posts":[],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/jir.idv.tw\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/3124","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jir.idv.tw\/wordpress\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jir.idv.tw\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jir.idv.tw\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jir.idv.tw\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3124"}],"version-history":[{"count":33,"href":"https:\/\/jir.idv.tw\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/3124\/revisions"}],"predecessor-version":[{"id":3256,"href":"https:\/\/jir.idv.tw\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/3124\/revisions\/3256"}],"wp:attachment":[{"href":"https:\/\/jir.idv.tw\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3124"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jir.idv.tw\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3124"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jir.idv.tw\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3124"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}