有一个带有服务器的托管交换机 - 一个管理程序 - 插入其中,在管理程序上有几个具有公共 IP 的虚拟服务器。问题是如何在网络设备上正确地将范围划分为 VLAN,以便在虚拟服务器上既看不到内部网络上的可用资源,也看不到相邻虚拟服务器的内部网络上可用的资源。
让我们在 4 个地址中截取一块。其中一个去网络地址,第二个网关,第三个去广播,有1个地址可以在这个逻辑单元中使用。那些。3 个地址“消失”。还有哪些其他选择?
下午好!在 Debian 系统上,安装了 docker 17.12.1-ce 服务,并且在同一网络上有 2 个具有相同网关的接口,通过 /etc/iptoute2/rt_tables - T1、T2 中描述的 2 个表工作:
iface eth0 inet static
address 10.10.6.2
netmask 255.255.252.0
# hook scripts
post-up ip route add default via '10.10.6.1' dev eth0 table T1
post-up ip rule add from '10.10.6.2' table T1
post-up ip rule add to '10.10.6.2' table T1
post-up ip route add default via '10.10.6.1' metric 101 dev eth0
post-down ip rule del from 0/0 to 0/0 table T1
post-down ip rule del from 0/0 to 0/0 table T1
第二个接口配置类似,当docker镜像升起时,docker0网桥升起并在系统中添加路由:
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1
并且所有数据包都正常从docker向外发送,除了主机接口:eth0和eth1,数据包在172.17.0.1之后立即消失到这些接口的IP地址。在docker的ip上,所有的包也正常通过。将路由添加到表的解决方案
ip route add 172.17.0.0/16 dev docker0 table T1
问题:
- 这是一个正确的决定吗?
- 如何使桥升起时,docker服务本身添加必要的路由?
下午好!我在与垃圾邮件发送者的不平等斗争中需要帮助)这是我的后缀配置(与问题有关的部分):
smtpd_restriction_classes = verify_sender, rbl_cbl_abuseat_org, rbl_sbl_spamhaus_org, rbl_dul_ru, rbl_spamcop, white_client_ip, black_client_ip, block_dsl, helo_access, white_client, black_client, mx_access verify_sender = reject_unverified_sender, permit rbl_cbl_abuseat_org = reject_rbl_client cbl.abuseat.org rbl_dul_ru = reject_rbl_client dul.ru rbl_sbl_spamhaus_org = reject_rbl_client sbl.spamhaus.org rbl_spamcop = reject_rbl_client bl.spamcop.net white_client_ip = check_client_access pcre:/etc/postfix/config/white_client_ip black_client_ip = check_client_access pcre:/etc/postfix/config/black_client_ip white_client = check_sender_access pcre:/etc/postfix/config/white_client black_client = check_sender_access pcre:/etc/postfix/config/black_client block_dsl = regexp:/etc/postfix/config/block_dsl helo_access = check_helo_access pcre:/etc/postfix/config/helo_checks mx_access = check_sender_mx_access cidr:/etc/postfix/config/mx_access smtpd_client_restrictions = white_client_ip, black_client_ip, white_client, black_client, helo_access, block_dsl, rbl_dul_ru, rbl_sbl_spamhaus_org, rbl_spamcop, rbl_cbl_abuseat_org, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unauth_pipelining, reject_unknown_address, reject_unknown_recipient_domain, reject_unknown_sender_domain smtpd_sender_restrictions = white_client, white_client_ip, black_client_ip, reject_unknown_recipient_domain, reject_unknown_sender_domain, reject_non_fqdn_recipient, reject_non_fqdn_sender, permit_sasl_authenticated, permit_mynetworks, mx_access, reject_unlisted_sender, reject_unauth_destination smtpd_recipient_restrictions = verify_sender, white_client, helo_access, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_sasl_authenticated, permit_mynetworks, reject_unlisted_recipient, reject_unknown_address, reject_unauth_destination, reject_multi_recipient_bounce, check_policy_service inet:localhost:10023 smtpd_data_restrictions = reject_unauth_pipelining, reject_multi_recipient_bounce, permit smtp_skip_5xx_greeting = no smtpd_reject_unlisted_sender = yes smtpd_reject_unlisted_recipient = yes
MX 已正确注册,有 DKIM、SPF 记录(无 DMARC),已启用灰名单。因此,垃圾邮件周期性地落在 info@ 和 contact@ 邮箱上;其显着特点是发件人和收件人都与邮件域无关,但标题与邮件域相关:
Received: from mail.spammers.net (mail.spammers.net [ip-address]) by my-post.domain.com (Postfix) with ESMTP id 5B56A00000 for <info@domain.com>; Sun, 2 Jul 2017 20:42:10 +0000 (CEST) Message-ID: <it581458.43231@mail.spammers.net> Reply-To: "Original SPAM" <it@spammers.net> From: "Original SPAM" <it@spammers.net> To: <g.meriseeg@postmotmydomain.gg> Subject: Subj spammers Date: Sun, 02 Jul 2017 20:14:39 +0000
如何过滤此类邮件?有 spamassasin,但即使在用 10 封类似的电子邮件训练他之后,他也会跳过这些电子邮件。