當內部設備(Firewall,Switch)寄通知信到你自架的Mail Server時,可能因為SPF設定內容,而出現
Recipient address rejected: Message rejected due to: SPF fail - not authorized.解決方式:
修改 /etc/postfix-policyd-spf-python/policyd-spf.conf ,修改 skip_addresses 的值,將要發信的設備ip加入,例如:
skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0//104,::1//128,10.2.3.3/32
1.編輯 /etc/bind/named.conf,新增以下這行:
include "/etc/bind/named.conf.log";
2. 創建 /etc/bind/named.conf.log,並新增以下內容:
logging {
channel bind_log {
file "/var/log/bind/bind.log" versions 3 size 5m;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category default { bind_log; };
category update { bind_log; };
category update-security { bind_log; };
category security { bind_log; };
category queries { bind_log; };
category lame-servers { null; };
};
3.新增log檔所需的資料夾,並變更擁有者
mkdir /var/log/bind
chown -R bind:bind /var/log/bind
4.編輯 /etc/apparmor.d/usr.sbin.named,註解下面兩行:
/var/log/named/** rw,
/var/log/named/ rw,
並新增下面兩行
/var/log/bind/** rw,
/var/log/bind/ rw,
5.重新啟動 app armor
/etc/init.d/apparmor restart
6.重新啟動bind9
service named restart