本來今個月諗住忙d都launch左佢唔好再拖,好彩一時心血來潮試一試,一試之後就發現中左招,唔知點解唔work.
個case係佢收到email但係sent唔出,睇個/var/log/maillog就見佢係咁鬧” postfix/qmgr[4096]: warning: connect to transport smtp: Connection refused”,上google search都見到好多post,但係無一個可以solve到我個問題,我當然已經唔理三七二十一全部都跟住嚟做.
比佢玩左一日突然間腦部震盪,叮一聲記起我自己仲有另外一隻行梗無問題嘅MTA,於是就梗係馬上login睇下兩邊個config有d咩唔同啦.一睇之下就馬上發現原來我上次比人slide嘅時候亂咁改過d config去試吓係咩問題,當然試左一日都係無發現啦,後來咪知係比人slide左一獲勁架囉,唉!但係都係自己衰,唔記得backup起d config先玩,搞到衰左都唔知,唔知衰d咩果吓慘吖嗎.
Anyway,最後發現係/etc/postfix/master.cf入面有兩行smtp都比我remark左(無錯,係兩行).unremark左之後梗係work返啦.得返之後又比我見到/var/log/maillog入面有d怪message"postfix/smtpd[8152]: connect from unknown[123.123.123.123]",我份人就係咁,見到d唔想見或者係唔知係咩嘅嘢就好想整左佢,呢d唔知係唔係叫排除異己呢?
但係google左一輪都無發現,最後唯有放棄.之後就再browse http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt去再harden個MTA多d,其實已經做左一定嘅UCE measure,但係還掂有時間,所以想再做多d,睇完哂之後就做左下面嘅measure.
smtpd_client_restrictions加左reject_unknown_reverse_client_hostname同埋reject_unknown_client_hostname
加呢兩個setting係想防止accept email from Unknown嘅host,包括無reverse PTR Record嘅server.但係點知加完之後,我用另外一部work緊嘅MTA send email去呢個新嘅MTA就點都唔得,/var/log/maillog就見”postfix/smtpd[8152]: NOQUEUE: reject: RCPT from unknown[123.123.123.123]: 450 4.7.1 Client host rejected: cannot find your hostname, [123.123.123.123]; from=<me@OKMTA.com> to=<me@newMTA.com> proto=SMTP helo=
諗來諗去都唔知點解,明明我部MTA果d DNS Record應該好齊吓架,有A, PTR同TXT(for SPF)嘅record,再者,我都無enable到SPF Checking.Google左好一陣,終於都比我搵到有人http://archives.neohapsis.com/archives/postfix/1999-q4/0199.html有d suggestion,佢話resolver唔一定搵bind,咁咪即係有機會要check吓/etc/nsswitch.conf.一睇之吓就發現"hosts: files dns".哈哈,Resolvr果然係睇host,咁我咪試下改成"hosts: dns files”,改完咩都唔洗restart就得左.
雖然都知會對其他program有影響,好彩呢部係真係一部pure MTA所以應該無問題.而改完呢個setting仲搞掂埋"postfix/smtpd[8152]: connect from unknown[123.123.123.123]"添,其實果個post係唔關事架,但係睇吓睇吓又比我搵到d關聯.所以有時有問題不妨退一步,或者行開一吓,因為可能會比見到嘅所謂fact影響左,比佢帶完玩遊花園都未知架.
