IT博客汇 | Postfix中转投递和收件简单方案

Postfix中转投递和收件简单方案

YY.K发表于 2025-04-17 06:48:00

Postfix核心服务器设置

# -----------------------------
# 配置 Postfix 使用边缘服务器代理
# -----------------------------
echo "==> 配置 Postfix 使用边缘服务器代理发件"

# 登录到 MIAB，并设置 relayhost
sudo postconf -e "relayhost = [relay.example.com]:2525"
sudo postconf -e "smtp_use_tls = yes"
sudo postconf -e "smtp_tls_security_level = may"
sudo postfix reload

Postfix边缘服务器

#!/bin/bash

# -----------------------------
# Postfix 实际私网地址
MIAB_IP="10.0.0.2"
# -----------------------------

echo "==> 安装 Postfix 和相关邮件服务"

# 更新包列表并安装所需的软件
apt update
DEBIAN_FRONTEND=noninteractive apt install -y postfix

# 备份原配置
cp /etc/postfix/main.cf /etc/postfix/main.cf.bak.$(date +%s)

# -----------------------------
# 配置 Postfix 作为邮件代理
# -----------------------------
cat > /etc/postfix/main.cf <<EOF
myhostname = relay.example.com
myorigin = /etc/mailname
inet_interfaces = all
inet_protocols = all
mydestination =
relay_domains = *
transport_maps = hash:/etc/postfix/transport
smtpd_banner = relay.example.com ESMTP Proxy
disable_vrfy_command = yes

# 接受外部连接（可以根据需要更改限制）
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
mynetworks = 0.0.0.0/0

# 邮件转发到 MIAB（接收邮件）
local_recipient_maps =
mailbox_command =
EOF

# 添加 transport 映射
cat > /etc/postfix/transport <<EOF
* smtp:[${MIAB_IP}]
EOF

postmap /etc/postfix/transport

# 确保 Postfix 不加头部
# 创建 header_checks 文件
cat >/etc/postfix/header_checks <<EOF
/^Received:/ IGNORE
EOF

# 编译 header_checks
postmap /etc/postfix/header_checks

# 在 main.cf 中添加 header_checks 设置（如果不存在）
POSTFIX_MAIN_CF="/etc/postfix/main.cf"
if ! grep -q "^header_checks" "$POSTFIX_MAIN_CF"; then
    echo "header_checks = pcre:/etc/postfix/header_checks" >> "$POSTFIX_MAIN_CF"
else
    sed -i '/^header_checks/s|=.*|= pcre:/etc/postfix/header_checks|' "$POSTFIX_MAIN_CF"
fi
echo "[+] Postfix 已配置忽略 Received: 头部"


# -----------------------------
# 配置 Postfix 代理外发邮件
# -----------------------------
cat >> /etc/postfix/master.cf <<EOF

# 外发专用端口
2525     inet  n       -       n       -       -       smtpd
  -o smtpd_authorized_xforward_hosts=${MIAB_IP}
  -o smtpd_client_restrictions=permit_mynetworks,reject
  -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
  -o local_recipient_maps=
  -o relay_domains=
  -o smtpd_relay_restrictions=permit_mynetworks,reject
EOF

systemctl restart postfix

# -----------------------------
# 防火墙配置
# -----------------------------
ufw allow 25
ufw allow 2525
ufw --force enable

echo "✅ 边缘服务器已配置为邮件代理服务"
echo "    - 25/2525 用于 SMTP 转发"
echo "    - MIAB 完全不暴露"
echo "    - 防火墙已配置，允许邮件端口访问"
echo "🚀 配置完成！"