Postfix中转投递和收件简单方案
Postfix核心服务器设置
# -----------------------------
# 配置 Postfix 使用边缘服务器代理
# -----------------------------
echo "==> 配置 Postfix 使用边缘服务器代理发件"
# 登录到 MIAB,并设置 relayhost
sudo postconf -e "relayhost = [relay.example.com]:2525"
sudo postconf -e "smtp_use_tls = yes"
sudo postconf -e "smtp_tls_security_level = may"
sudo postfix reload
Postfix边缘服务器
#!/bin/bash
# -----------------------------
# Postfix 实际私网地址
MIAB_IP="10.0.0.2"
# -----------------------------
echo "==> 安装 Postfix 和相关邮件服务"
# 更新包列表并安装所需的软件
apt update
DEBIAN_FRONTEND=noninteractive apt install -y postfix
# 备份原配置
cp /etc/postfix/main.cf /etc/postfix/main.cf.bak.$(date +%s)
# -----------------------------
# 配置 Postfix 作为邮件代理
# -----------------------------
cat > /etc/postfix/main.cf <<EOF
myhostname = relay.example.com
myorigin = /etc/mailname
inet_interfaces = all
inet_protocols = all
mydestination =
relay_domains = *
transport_maps = hash:/etc/postfix/transport
smtpd_banner = relay.example.com ESMTP Proxy
disable_vrfy_command = yes
# 接受外部连接(可以根据需要更改限制)
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
mynetworks = 0.0.0.0/0
# 邮件转发到 MIAB(接收邮件)
local_recipient_maps =
mailbox_command =
EOF
# 添加 transport 映射
cat > /etc/postfix/transport <<EOF
* smtp:[${MIAB_IP}]
EOF
postmap /etc/postfix/transport
# 确保 Postfix 不加头部
# 创建 header_checks 文件
cat >/etc/postfix/header_checks <<EOF
/^Received:/ IGNORE
EOF
# 编译 header_checks
postmap /etc/postfix/header_checks
# 在 main.cf 中添加 header_checks 设置(如果不存在)
POSTFIX_MAIN_CF="/etc/postfix/main.cf"
if ! grep -q "^header_checks" "$POSTFIX_MAIN_CF"; then
echo "header_checks = pcre:/etc/postfix/header_checks" >> "$POSTFIX_MAIN_CF"
else
sed -i '/^header_checks/s|=.*|= pcre:/etc/postfix/header_checks|' "$POSTFIX_MAIN_CF"
fi
echo "[+] Postfix 已配置忽略 Received: 头部"
# -----------------------------
# 配置 Postfix 代理外发邮件
# -----------------------------
cat >> /etc/postfix/master.cf <<EOF
# 外发专用端口
2525 inet n - n - - smtpd
-o smtpd_authorized_xforward_hosts=${MIAB_IP}
-o smtpd_client_restrictions=permit_mynetworks,reject
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o local_recipient_maps=
-o relay_domains=
-o smtpd_relay_restrictions=permit_mynetworks,reject
EOF
systemctl restart postfix
# -----------------------------
# 防火墙配置
# -----------------------------
ufw allow 25
ufw allow 2525
ufw --force enable
echo "✅ 边缘服务器已配置为邮件代理服务"
echo " - 25/2525 用于 SMTP 转发"
echo " - MIAB 完全不暴露"
echo " - 防火墙已配置,允许邮件端口访问"
echo "🚀 配置完成!"
none
