Ngemva konyaka wokuthuthukiswa, igatsha elisha elizinzile leseva yeposi ye-Postfix lakhululwa - 3.6.0. Ngesikhathi esifanayo, yamemezela ukuphela kokusekelwa kwegatsha le-Postfix 3.2, elikhishwe ekuqaleni kuka-2017. I-Postfix ingenye yamaphrojekthi ayivelakancane ahlanganisa ukuphepha okuphezulu, ukwethembeka nokusebenza ngasikhathi sinye, okuzuzwe ngenxa yesakhiwo esicatshangelwe kahle kanye nenqubomgomo eqinile eqinile yokuklama ikhodi nokuhlolwa kwe-patch audit. Ikhodi yephrojekthi isatshalaliswa ngaphansi kwe-EPL 2.0 (Eclipse Public License) kanye ne-IPL 1.0 (IBM Public License).
Ngokocwaningo oluzenzakalelayo lwango-Ephreli lwamaseva e-imeyili angaba yizinkulungwane ezingama-600, iPostfix isetshenziswa ku-33.66% (onyakeni owedlule 34.29%) wamaseva e-imeyili, isabelo se-Exim singama-59.14% (57.77%), i-Sendmail - 3.6% (3.83) %), MailEnable - 2.02% ( 2.12%), MDaemon - 0.60% (0.77%), Microsoft Exchange - 0.32% (0.47%).
Okuqanjiwe okuyinhloko:
- Ngenxa yezinguquko kuzimiso eziyisisekelo ezisetshenziselwa ukusebenzisana phakathi kwezingxenye ze-Postfix, ukumisa iseva yemeyili ngomyalo othi “postfix stop” kuyadingeka ngaphambi kokubuyekeza. Uma kungenjalo, kungase kube nokwehluleka lapho usebenzisana ne-pickup, qmgr, verify, tlsproxy, kanye nezinqubo zesikrini sangemuva, okungase kubangele ukubambezeleka ekuthumeleni ama-imeyili kuze kube yilapho i-Postfix iqalwa kabusha.
- Ukukhulunywa kwamagama “omhlophe” nelithi “omnyama,” abhekwa amanye amalungu omphakathi njengokucwasa ngokwebala, kuye kwasuswa. Esikhundleni sokuthi "uhlu olumhlophe" kanye "nohlu olumnyama", "uhlu lokuvumela" kanye "nohlu lokuphika" kufanele manje kusetshenziswe (isibonelo, amapharamitha we-postscreen_allowlist_interfaces, postscreen_denylist_action kanye ne-postscreen_dnsbl_allowlist_threshold). Izinguquko zithinta amadokhumenti, izilungiselelo zenqubo yesikrini sokuthunyelwe (i-firewall eyakhelwe ngaphakathi) kanye nokuboniswa kolwazi kumalogi. postfix/postscreen[pid]: ALLOWLIST VETO [ikheli]:port postfix/postscreen[pid]: ALLOWLISTED [ikheli]:port postfix/postscreen[pid]: DENYLISTED [ikheli]:port
Ukuze kulondolozwe imigomo yangaphambilini kulogi, ipharamitha ethi “respectful_logging = no” inikezwa, okufanele icaciswe ku-main.cf ngaphambi kokuthi “compatibility_level = 3.6”. Usekelo lwamagama amasethingi esikrini sokuposa amadala agciniwe ukuze ahambisane nemuva. Futhi, ifayela lokucushwa elithi “master.cf” alikashintshiwe okwamanje.
- Kumodi ethi “compatibility_level = 3.6”, ukushintshwa okuzenzakalelayo kwenzelwe ukusebenzisa umsebenzi we-SHA256 hashi esikhundleni se-MD5. Uma usetha inguqulo yangaphambili kupharamitha yeleveli yokuhambisana, i-MD5 iyaqhubeka nokusetshenziswa, kodwa ezilungiselelweni ezihlobene nokusetshenziswa kwama-hashe lapho i-algorithm ingachazwanga ngokucacile, isexwayiso sizovezwa kulogu. Ukusekelwa kwenguqulo yokuthekelisa yephrothokholi yokushintshisana kokhiye we-Diffie-Hellman kunqanyuliwe (inani lepharamitha ethi tlsproxy_tls_dh512_param_file manje alinakiwe).
- Ukuxilongwa lula kwezinkinga ezihlobene nokucacisa uhlelo lwesibambi olungalungile ku-master.cf. Ukuze kutholwe amaphutha anjalo, isevisi ngayinye engemuva, okuhlanganisa i-postdrop, manje ikhangisa igama lephrothokholi ngaphambi kokuqala ukuxhumana, futhi inqubo yeklayenti ngayinye, okuhlanganisa i-sendmail, ihlola ukuthi igama lephrothokholi elikhangisiwe liyahambisana yini nokwehlukile okusekelwayo.
- Kwengezwe uhlobo olusha lwemephu oluthi "local_login_sender_maps" ukuze kube nokulawula okuguquguqukayo phezu komsebenzi ozokwenziwa wekheli lemvilophu yomthumeli (okunikezwa kumyalo othi "MAIL FROM" phakathi neseshini ye-SMTP) ezinqubweni zokuthumela imeyili nezokuthunyelwe. Isibonelo, ukuvumela abasebenzisi bendawo, ngaphandle kwempande ne-postfix, ukucacisa kuphela ukungena kwabo ku-sendmail, usebenzisa i-UID ebophezela egameni, ungasebenzisa izilungiselelo ezilandelayo: /etc/postfix/main.cf: local_login_sender_maps = inline :{ {impande = *} , {postfix = * } }, pcre:/etc/postfix/login_senders /etc/postfix/login_senders: # Icacisa kokubili ukungena ngemvume kanye nefomu lokungena@domain livunyelwe. /(.+)/ $1 $1…@example.com
- Kwengezwe futhi kunikwe amandla ngokuzenzakalela isilungiselelo esithi “smtpd_relay_before_recipient_restrictions=yebo”, lapho iseva ye-SMTP izohlola okuthi smtpd_relay_restrictions ngaphambi kokuthi smtpd_recipient_restrictions, futhi hhayi ngokuphambene, njengangaphambili.
- Kwengezwe ipharamitha ethi "smtpd_sasl_mechanism_list", eshintsha ngokuzenzakalelayo kokuthi "!yangaphandle, i-static:rest" ukuze kuvinjelwe amaphutha adidayo esimweni lapho i-SASL backend ithi isekela imodi ethi "EXTERNAL", engasekelwe ku-Postfix.
- Lapho uxazulula amagama ku-DNS, i-API entsha esekela i-multithreading (i-threadsafe) inikwa amandla ngokuzenzakalela. Ukuze wakhe nge-API endala, kufanele ucacise “ukwenza ama-makefiles CCARGS="-DNO_RES_NCALLS…” uma wakha.
- Kwengezwe imodi ethi "enable_threaded_bounces = yebo" esikhundleni sezaziso ezimayelana nezinkinga zokulethwa, ukubambezeleka kokulethwa noma ukuqinisekiswa kokulethwa nge-ID yengxoxo efanayo (isaziso sizoboniswa iklayenti lemeyili kuchungechunge olufanayo, kanye neminye imilayezo yezokuxhumana).
- Ngokuzenzakalelayo, isizindalwazi sesistimu /etc/services asisasetshenziselwa ukunquma izinombolo zembobo ye-TCP ye-SMTP ne-LMTP. Kunalokho, izinombolo zembobo zilungiswa ngepharamitha eyaziwayo_tcp_ports (okuzenzakalelayo lmtp=24, smtp=25, smtps=submissions=465, submission=587). Uma enye isevisi ishoda kuma-known_tcp_ports, /etc/services iyaqhubeka nokusetshenziswa.
- Izinga lokusebenzisana (“compatibility_level”) linyuselwe ku-“3.6” (ipharamitha yashintshwa kabili esikhathini esidlule, ngaphandle kuka-3.6 amanani asekelwayo angu-0 (okuzenzakalelayo), 1 kanye no-2). Kusukela manje kuqhubeke, i-“compatibility_level” izoshintsha ibe inombolo yenguqulo okwenziwa kuyo izinguquko ezephula ukuhambisana. Ukuze uhlole amazinga ahambisanayo, ama-opharetha okuqhathanisa ahlukene angeziwe ku-main.cf kanye ne-master.cf, njengokuthi “<=level” kanye “<level” (ama-opharetha wokuqhathanisa ajwayelekile awafaneleki, njengoba azocabangela u-3.10 ngaphansi kuka-3.9).
Source: opennet.ru