我最近被用作开放中继,大量垃圾邮件通过我的服务器发送。 我从那以后停止了它,但是我的邮件日志随着这种types的日志大大增加了。
Aug 20 07:00:29 veepiz postfix/smtp[15001]: DC8BD1641F1: lost connection with mx1.hotmail.com[65.55.92.168] while sending RCPT TO Aug 20 07:00:29 veepiz postfix/smtp[15000]: DC8BD1641F1: host mx3.hotmail.com[65.55.92.152] said: 421 RP-001 (SNT0-MC2-F19) Unfortunately, some messages from 50.57.111.177 weren't sent. Please try again. We have limits for how many messages can be sent per hour and per day. You can also refer to http://mail.live.com/mail/troubleshooting.aspx#errors. (in reply to MAIL FROM command) Aug 20 07:00:29 veepiz postfix/smtp[15000]: DC8BD1641F1: lost connection with mx3.hotmail.com[65.55.92.152] while sending RCPT TO Aug 20 07:00:29 veepiz postfix/smtp[15016]: DC8BD1641F1: host a.mx.mail.yahoo.com[67.195.168.31] refused to talk to me: 421 4.7.0 [TS01] Messages from 50.57.111.177 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html Aug 20 07:00:29 veepiz postfix/smtpd[11929]: 6E6221641F2: reject: RCPT from cpe-76-175-170-10.socal.res.rr.com[76.175.170.10]: 554 5.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<cpe-76-175-170-10.socal.res.rr.com> Aug 20 07:00:29 veepiz postfix/smtp[15016]: DC8BD1641F1: host c.mx.mail.yahoo.com[98.139.175.225] refused to talk to me: 421 4.7.0 [TS01] Messages from 50.57.111.177 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html Aug 20 07:00:29 veepiz postfix/smtp[15001]: DC8BD1641F1: to=<[email protected]>, relay=mx4.hotmail.com[65.55.92.136]:25, delay=44, delays=44/0.04/0.26/0.04, dsn=4.0.0, status=deferred (host mx4.hotmail.com[65.55.92.136] said: 421 RP-001 (SNT0-MC1-F17) Unfortunately, some messages from 50.57.111.177 weren't sent. Please try again. We have limits for how many messages can be sent per hour and per day. You can also refer to http://mail.live.com/mail/troubleshooting.aspx#errors. (in reply to MAIL FROM command)) Aug 20 07:00:29 veepiz postfix/smtp[15016]: DC8BD1641F1: host k.mx.mail.yahoo.com[98.139.54.60] refused to talk to me: 421 4.7.0 [TS01] Messages from 50.57.111.177 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html Aug 20 07:00:29 veepiz postfix/smtp[15000]: DC8BD1641F1: to=<[email protected]>, relay=mx4.hotmail.com[65.54.188.126]:25, delay=44, delays=44/0.04/0.31/0.06, dsn=4.0.0, status=deferred (host mx4.hotmail.com[65.54.188.126] said: 421 RP-001 (BAY0-MC4-F28) Unfortunately, some messages from 50.57.111.177 weren't sent. Please try again. We have limits for how many messages can be sent per hour and per day. You can also refer to http://mail.live.com/mail/troubleshooting.aspx#errors. (in reply to MAIL FROM command)) Aug 20 07:00:29 veepiz postfix/smtpd[4410]: NOQUEUE: reject: RCPT from ppp089210016127.dsl.hol.gr[89.210.16.127]: 554 5.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<ppp089210016127.dsl.hol.gr> Aug 20 07:00:29 veepiz postfix/smtpd[11903]: NOQUEUE: reject: RCPT from ppp089210016127.dsl.hol.gr[89.210.16.127]: 554 5.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<ppp089210016127.dsl.hol.gr> Aug 20 07:00:29 veepiz postfix/smtp[15016]: DC8BD1641F1: to=<[email protected]>, relay=d.mx.mail.yahoo.com[209.191.88.254]:25, delay=44, delays=44/0.04/0.41/0, dsn=4.7.0, status=deferred (host d.mx.mail.yahoo.com[209.191.88.254] refused to talk to me: 421 4.7.0 [TS01] Messages from 50.57.111.177 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html) Aug 20 07:00:29 veepiz postfix/smtp[15016]: DC8BD1641F1: to=<[email protected]>, relay=d.mx.mail.yahoo.com[209.191.88.254]:25, delay=44, delays=44/0.04/0.41/0, dsn=4.7.0, status=deferred (host d.mx.mail.yahoo.com[209.191.88.254] refused to talk to me: 421 4.7.0 [TS01] Messages from 50.57.111.177 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html) Aug 20 07:00:29 veepiz postfix/smtp[15016]: DC8BD1641F1: to=<[email protected]>, relay=d.mx.mail.yahoo.com[209.191.88.254]:25, delay=44, delays=44/0.04/0.41/0, dsn=4.7.0, status=deferred (host d.mx.mail.yahoo.com[209.191.88.254] refused to talk to me: 421 4.7.0 [TS01] Messages from 50.57.111.177 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html) Aug 20 07:00:29 veepiz postfix/smtp[15016]: DC8BD1641F1: to=<[email protected]>, relay=d.mx.mail.yahoo.com[209.191.88.254]:25, delay=44, delays=44/0.04/0.41/0, dsn=4.7.0, status=deferred (host d.mx.mail.yahoo.com[209.191.88.254] refused to talk to me: 421 4.7.0 [TS01] Messages from 50.57.111.177 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html) Aug 20 07:00:29 veepiz postfix/smtp[15016]: DC8BD1641F1: to=<[email protected]>, relay=d.mx.mail.yahoo.com[209.191.88.254]:25, delay=44, delays=44/0.04/0.41/0, dsn=4.7.0, status=deferred (host d.mx.mail.yahoo.com[209.191.88.254] refused to talk to me: 421 4.7.0 [TS01] Messages from 50.57.111.177 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html) Aug 20 07:00:29 veepiz postfix/smtpd[4063]: 3B9AA1641EC: reject: RCPT from cpe-76-175-170-10.socal.res.rr.com[76.175.170.10]: 554 5.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<cpe-76-175-170-10.socal.res.rr.com> Aug 20 07:00:29 veepiz postfix/smtpd[7964]: connect from unknown[89.207.68.10] Aug 20 07:00:29 veepiz postfix/smtpd[5382]: NOQUEUE: reject: RCPT from 203-114-141-105.mu.eth.dyn.inspire.net.nz[203.114.141.105]: 554 5.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<203-114-141-105.mu.eth.dyn.inspire.net.nz> Aug 20 07:00:29 veepiz postfix/smtpd[4041]: connect from unknown[221.132.37.55] #qshape incoming active deferred T 5 10 20 40 80 160 320 640 1280 1280+ TOTAL 8899 511 402 646 2569 4771 0 0 0 0 0 hotmail.com 7838 376 325 530 2217 4390 0 0 0 0 0 msn.com 839 31 77 109 301 321 0 0 0 0 0 yahoo.com 78 16 0 3 27 32 0 0 0 0 0 gmail.com 65 65 0 0 0 0 0 0 0 0 0 kimo.com 41 12 0 3 16 10 0 0 0 0 0 yahoo.com.tw 15 9 0 0 1 5 0 0 0 0 0 live.com 4 0 0 0 3 1 0 0 0 0 0 citi.com 1 0 0 1 0 0 0 0 0 0 0 dfsd.com 1 0 0 0 0 1 0 0 0 0 0 benq.com 1 0 0 0 0 1 0 0 0 0 0 kim0.com 1 0 0 0 1 0 0 0 0 0 0 kiom.com 1 1 0 0 0 0 0 0 0 0 0 1111.com 1 0 0 0 0 1 0 0 0 0 0 test.com 1 0 0 0 0 1 0 0 0 0 0 kitty.com 1 0 0 0 0 1 0 0 0 0 0 hanam.com 1 0 0 0 1 0 0 0 0 0 0 pchome.com 1 0 0 0 1 0 0 0 0 0 0 hotmal.com 1 1 0 0 0 0 0 0 0 0 0 sinopac.com 1 0 0 0 0 1 0 0 0 0 0 hopnail.com 1 0 0 0 0 1 0 0 0 0 0 hoymail.com 1 0 0 0 0 1 0 0 0 0 0 sinamail.com 1 0 0 0 0 1 0 0 0 0 0 hiotmail.com 1 0 0 0 1 0 0 0 0 0 0 hotmaill.com 1 0 0 0 0 1 0 0 0 0 0 xasamail.com 1 0 0 0 0 1 0 0 0 0 0 twn.dupont.com 1 0 0 0 0 1 0 0 0 0 0 我仍然不能发送或接收邮件。 我已经确保了我的联系表格,并试图阻止一些违规的IP地址。 今天早上我发现了新的IP地址。
我也试过http://www.howtoforge.com/how-to-log-emails-sent-with-phps-mail-function-to-detect-form-spam,但是日志文件没有附加。 我真的很沮丧,还没有find解决scheme。 有人能指出我可以采取哪些措施来解决问题。 请。 另外,我的邮件队列也大大增加了。 我会采取哪些步骤来查找我的服务器上的任何恶意脚本? 为什么不发送邮件工作?
问我任何日志,我会在这里输出它们来试图解决这个问题。
我使用的是centos,nginx(作为代理),varnish,PHP的apache2和后缀。 谢谢。
对不起肖恩
但是谢恩的推荐是错误的。 现在你拒绝任何来自外部的连接! 它必须是smtpd_recipient_restrictions = permit_mynetworks, reject
以前的configuration不是问题。 如果你没有设置参数,那么Shane的参数将由Postfix隐式设置。 不是smtpd_client_restrictions但smtpd_recipient_restrictions但这些具有相同的效果。 我testing了给定的configuration,并且没有开放中继。
顺便说一下,给定的日志不会从外面显示任何可疑的活动。 只有连接不坏和拒绝哪个是好的。
你只看到传出的邮件。 无论他们来自哪里,因为你没有显示日志如何,例如,DC8BD1641F1的邮件来自。