Coremail系列之四十七:修改外发投递线路
Coremail
Coremail系列之四十七:修改外发投递线路
Coremail

Coremail系列之四十七:修改外发投递线路

一、投递基础知识

1.顺序和优先级

  • 顺序:邮件—-MTA(杀毒、反垃圾)—–DA (负责投递)
  • 优先级:配置文件优先级最高,其次DNS

2.出口IP信息

  • 青岛:
    • 172.16.101.232 mailapp1
    • 对应外网移动:120.224.84.136
    • 对应外网联通:119.167.65.242
    • 172.16.101.233 mailapp2
    • 对应外网电信:219.146.246.202
  • 越南
    • 192.168.150.37 外网地址:113.161.176.17
  • 加拿大
    • 10.0.60.233 外网地址:23.91.191.13

3.修改方式

  • cat /home/coremail/conf/hosts.cf 主要修改投递到哪个前端出去
  • cat /home/coremail/conf/programs.cf 主要修改投递到外部地址

二、原则

  • 越南出口很不稳定,经常发信失败,统一转发到国内节点投递
  • 发信白名单,没有过cac检查,没有cac检查结果,所以没匹配到海外转发的规则
  • 对于邮件退信是解析不了海外域名造成的并且可以ping、telnet通的,可以手工指定MX解析IP,相关记录可以通过越南节点获取
  • 对于邮件退信是解析不了海外域名造成的并且不可以ping、telnet通的,需要反馈给售后添加域名走海外通邮
    • 邮箱控制台的1.0,运维管理-海外转发
    • 售后的是2.0版本更稳定

三、配置

1.国内前端(任意前端执行,再所有前端重启)

方法一:投递到外部地址

首先通过越南节点获取MX的IP地址

[root@mailvietnam ~]# dig mx amss.com.vn

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.16 <<>> mx amss.com.vn
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43180
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 6

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;amss.com.vn.                   IN      MX

;; ANSWER SECTION:
amss.com.vn.            300     IN      MX      20 mail.amss.com.vn.
amss.com.vn.            300     IN      MX      50 mail.thaiminh.net.
amss.com.vn.            300     IN      MX      10 sgn1.amss.com.vn.

;; ADDITIONAL SECTION:
mail.amss.com.vn.       300     IN      A       115.79.42.212
mail.thaiminh.net.      300     IN      A       148.135.6.92
mail.thaiminh.net.      300     IN      AAAA    2607:f130:0:105:ff:ff:e395:826b
sgn1.amss.com.vn.       300     IN      A       138.2.76.129
sgn1.amss.com.vn.       300     IN      AAAA    2603:c024:4510:d5aa:5e95:ec6a:6f8b:868c

;; Query time: 389 msec
;; SERVER: 192.168.150.225#53(192.168.150.225)
;; WHEN: Mon Apr 21 16:03:24 ICT 2025
;; MSG SIZE  rcvd: 219

根据MX优先级选择域名,ping、telnet 域名或IP ,若能ping、telnet通域名可以写域名,否则写的IP地址

默认连接对方25端口,有要求的设置587端口连接

格式:域名="value[:25]"
其中value取值为2:连接该域名普通的smtp端口,如果发现支持starttls,就进入ssl通道发信

实际配置如下:

[root@mailapp1 logs]# /home/coremail/bin/confutil
CoreMail Version BES3.0.1_RC2(Build Linux-240930[50283.51162.57330]-c4d3b04-b820387-d0d08e8) Copyright (c) 2000-2024 Mailtech Limited

Cmd: 0-End  1-List  2-View  3-VI  4-DL  7-DlAll  9-Flush  10-FlushAll 11-Check  [risky operation: 5-UL  6-Del  8-UlAll]
3 programs.cf
file=
#! Encoding UTF-8
[deliveragent/ssl]
binshihonco.com="2:25"

[deliveragent/transport]
sailuntires.com="remote:[10.0.90.1]:25"
aapt.co.in="remote:aapt-co-in.mail.protection.outlook.com:25"
amss.com.vn="remote:[sgn1.amss.com.vn]:25"
#binshihonco.com="remote:[binshihonco.com]:587"

方法二:投递到哪个前端出去

[root@mailapp1 logs]# /home/coremail/bin/confutil
CoreMail Version BES3.0.1_RC2(Build Linux-240930[50283.51162.57330]-c4d3b04-b820387-d0d08e8) Copyright (c) 2000-2024 Mailtech Limited
Cmd: 0-End  1-List  2-View  3-VI  4-DL  7-DlAll  9-Flush  10-FlushAll 11-Check  [risky operation: 5-UL  6-Del  8-UlAll]
3 hosts.cf
file=
#! Encoding UTF-8                                                                                                                                                                    
:/25

[mailapp1/programs/deliveragent/transport]
inossem.com="remote:[172.16.101.233]:25"

[mailapp2/programs/deliveragent/transport]
hecny.com="remote:[172.16.101.232]:25"
carozplus.com="remote:[172.16.101.232]:25"

[authguard]
IP="authguradpro.icoremail.net"
ProgramsList="authguardsvr"
"/tmp/confutilvi9wBiL6" 185L, 5377C written

Checking file /tmp/confutilvi9wBiL6 ...
+OK Check file is OK!
157a158,159
> amss.com.vn="remote:[138.2.76.129]:25"
> 
177a180
> amss.com.vn="remote:[138.2.76.129]:25"
apply the change? (y/n)
y
....
Cmd: 0-End  1-List  2-View  3-VI  4-DL  7-DlAll  9-Flush  10-FlushAll 11-Check  [risky operation: 5-UL  6-Del  8-UlAll]
0
[root@mailapp1 logs]# /home/coremail/bin/coremail restart deliveragent
CoreMail Version BES3.0.1_RC2(Build Linux-240930[50283.51162.57330]-c4d3b04-b820387-d0d08e8) Copyright (c) 2000-2024 Mailtech Limited
(2025-04-21 17:06:14)(22036) Stopping deliveragent
(2025-04-21 17:06:17)(22036) deliveragent server stopped!
(2025-04-21 17:06:17)(22036) Starting deliveragent
(2025-04-21 17:06:17)(22036) deliveragent Server(pid:31372) Started!

2.越南前端(外部邮件走国内节点收、发)

[root@mailvietnam ~]# /home/coremail/bin/confutil
CoreMail Version BES3.0.1_RC2(Build Linux-240930[50283.51162.57330]-c4d3b04-b820387-d0d08e8) Copyright (c) 2000-2024 Mailtech Limited

Cmd: 0-End  1-List  2-View  3-VI  4-DL  7-DlAll  9-Flush  10-FlushAll 11-Check  [risky operation: 5-UL  6-Del  8-UlAll]
3 programs.cf
file=
#! Encoding UTF-8
[deliveragent/transport]
remote="remote:[172.16.101.232]:25"

3.加拿大前端(外部邮件默认走自己出口,国内节点收)

[root@wdbsvcmail01 ~]# /home/coremail/bin/confutil
CoreMail Version BES3.0.1_RC2(Build Linux-240930[50283.51162.57330]-c4d3b04-b820387-d0d08e8) Copyright (c) 2000-2024 Mailtech Limited

Cmd: 0-End  1-List  2-View  3-VI  4-DL  7-DlAll  9-Flush  10-FlushAll 11-Check  [risky operation: 5-UL  6-Del  8-UlAll]
3 programs.cf
file=
#! Encoding UTF-8
[deliveragent/transport]
sailuntires.com="remote:[10.0.90.1]:25"