- 追加された行はこの色です。
- 削除された行はこの色です。
#author("2022-08-02T14:08:05+09:00","default:kuji","kuji")
#author("2024-01-18T12:45:32+09:00","default:kuji","kuji")
CONTENTS
#contents
----
Lastmodified &lastmod;
----
*受信側 SPF [#g6986d65]
https://admnote.paix.jp/2022/07/postfix%E3%81%ABspf%E5%B0%8E%E5%85%A5/
** porinstall mail/py-spf-engine [#qaf04f2b]
** portinstall mail/py-spf-engine [#qaf04f2b]
**master.cf [#m75718e1]
/usr/local/etc/postfix/master.cf
policyd-spf unix - n n - 0 spawn
user=nobody argv=/usr/local/bin/policyd-spf
**main.cf [#uf0290b5]
/usr/local/etc/postfix/main.cf
smtpd_recipient_restrictions =
reject_unauth_destination
check_policy_service unix:private/policyd-spf
policyd-spf_time_limit = 3600
「smtpd_recipient_restrictions」に policyd-spf ポリシー フィルタの呼び出しが含まれるように、main.cf で Postfix ポリシー サービスを設定します。
「smtpd_recipient_restrictions」行がすでにある場合は、「reject_unauth_destination」と書かれた行の*後*のどこかに「check_policy_service」コマンドを追加できます(そうしないと、システムがオープンリレーになる可能性があります)。
**policyd-spf.conf [#k1600c40]
/usr/local/etc/python-policyd-spf/policyd-spf.conf
debugLevel = 1
TestOnly = 1
HELO_reject = False
Mail_From_reject = False
PermError_reject = False
TempError_Defer = False
skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1
**rc.conf [#e297d740]
/etc/rc.conf
pyspf_milter_enable="YES"
----
Installing py39-spf-engine-2.9.3...
===> Creating groups.
Using existing group 'pyspf-milter'.
===> Creating users
Using existing user 'pyspf-milter'.
#
# Using policyd-spf with Postfix
#
Policyd-spf must be integrated with Postfix to be effective:
1. Add to your postfix master.cf:
policyd-spf unix - n n - 0 spawn
user=nobody argv=/usr/local/bin/policyd-spf
2. Configure the Postfix policy service in your main.cf so that the
"smtpd_recipient_restrictions" includes a call to the policyd-spf policy
filter. If you already have a "smtpd_recipient_restrictions" line, you can
add the "check_policy_service" command anywhere *after* the line which
reads "reject_unauth_destination" (otherwise you're system can become an
open relay).
smtpd_recipient_restrictions =
...
reject_unauth_destination
check_policy_service unix:private/policyd-spf
...
policyd-spf_time_limit = 3600
3. Please consult the postfix documentation for more information on these and
other settings you may wish to have in the "smtpd_recipient_restrictions"
configuration.
4. Reload postfix.
#
# Automatically starting pyspf-milter at boot time.
#
Add 'pyspf_milter_enable="YES"' to /etc/rc.conf.
#
# Using pyspf-milter with Sendmail
#
Following is an example configuration line to include in your sendmail.mc.
INPUT_MAIL_FILTER(`pyspf-milter', `S=local:/var/run/pyspf-milter/pyspf-milter.sock')dnl
#
# Using pyspf-milter with Postfix
#
Integration of pyspf-milter into Postfix is like any milter (See Postfix's
README_FILES/MILTER_README). But care is required to segregate outbound mail
from inbound mail to be checked. Here is example using milter macros to keep
the mail streams segregated.
/usr/local/etc/postfix/main.cf:
smtpd_milters = unix:/var/run/pyspf-milter/pyspf-milter.sock
/usr/local/etc/postfix/master.cf:
smtp inet n - - - - smtpd
...
-o milter_macro_daemon_name=VERIFYING
...
/usr/local/etc/python-policyd-spf/policyd-spf.conf:
MacroList daemon_name|VERIFYING
===> Cleaning for py39-spf-engine-2.9.3
---> Cleaning out obsolete shared libraries
----
Total access &counter(total);:本日 &counter(today);:昨日 &counter(yesterday);
#counter([total|today|yesterday]);