服务器 Gind.cn
  1. 服务器 Gind.cn
  3. 后缀日志显示不友好的连接
Intereting Posts
不考虑LAMP开发服务器上的文件更改 将两台生产服务器镜像到两台开发服务器 如何从vCenter插件获取vCenter Server的IP地址(使用vSphere Web Client sdk)? 如何检查所有活动的netem规则? 在删除网站后,您可以从IIS6获取W3SVC标识符吗? 重置文件迁移的目录权限 达尔文的aplay模拟器? 需要将Wikipages导出到txt 使用Nmap查找打印机 RDWeb TS连接中断了一些用户发布RemoteApp证书更改 TigerVNC和vnc4server有什么不同? 好的Magento单服务器解决scheme? 是否可以限制哪些主机可以通过SSH隧道访问? 设置SVN服务器,把DNS放在什么地方? 从Apache httpsredirect中排除单个文件

后缀日志显示不友好的连接

我从OpenBL列表中显示的IP有定期连接,我想了解它的function。

如果在authentication阶段失败,我会得到authentication错误(他将被fail2ban禁止)。

如果它成功地发送消息,我会看到关于正在传递消息的日志行。

在做任何事之前,我想知道发生了什么事。

以下是双详细模式(-v -v)的日志: 

Jun 19 16:27:21 localhost postfix/smtpd[12172]: name_mask: all Jun 19 16:27:21 localhost postfix/smtpd[12172]: inet_addr_local: configured 2 IPv4 addresses Jun 19 16:27:21 localhost postfix/smtpd[12172]: inet_addr_local: configured 3 IPv6 addresses Jun 19 16:27:21 localhost postfix/smtpd[12172]: process generation: 730 (730) Jun 19 16:27:21 localhost postfix/smtpd[12172]: match_string: mynetworks ~? debug_peer_list Jun 19 16:27:21 localhost postfix/smtpd[12172]: match_string: mynetworks ~? fast_flush_domains Jun 19 16:27:21 localhost postfix/smtpd[12172]: match_string: mynetworks ~? mynetworks Jun 19 16:27:21 localhost postfix/smtpd[12172]: match_string: relay_domains ~? debug_peer_list Jun 19 16:27:21 localhost postfix/smtpd[12172]: match_string: relay_domains ~? fast_flush_domains Jun 19 16:27:21 localhost postfix/smtpd[12172]: match_string: relay_domains ~? mynetworks Jun 19 16:27:21 localhost postfix/smtpd[12172]: match_string: relay_domains ~? permit_mx_backup_networks Jun 19 16:27:21 localhost postfix/smtpd[12172]: match_string: relay_domains ~? qmqpd_authorized_clients Jun 19 16:27:21 localhost postfix/smtpd[12172]: match_string: relay_domains ~? smtpd_access_maps Jun 19 16:27:21 localhost postfix/smtpd[12172]: match_list_match: relay_domains: no match Jun 19 16:27:21 localhost postfix/smtpd[12172]: match_string: permit_mx_backup_networks ~? debug_peer_list Jun 19 16:27:21 localhost postfix/smtpd[12172]: match_string: permit_mx_backup_networks ~? fast_flush_domains Jun 19 16:27:21 localhost postfix/smtpd[12172]: match_string: permit_mx_backup_networks ~? mynetworks Jun 19 16:27:21 localhost postfix/smtpd[12172]: match_string: permit_mx_backup_networks ~? permit_mx_backup_networks Jun 19 16:27:21 localhost postfix/smtpd[12172]: connect to subsystem private/proxymap Jun 19 16:27:21 localhost postfix/smtpd[12172]: send attr request = open Jun 19 16:27:21 localhost postfix/smtpd[12172]: send attr table = unix:passwd.byname Jun 19 16:27:21 localhost postfix/smtpd[12172]: send attr flags = 0 Jun 19 16:27:21 localhost postfix/smtpd[12172]: private/proxymap socket: wanted attribute: status Jun 19 16:27:21 localhost postfix/smtpd[12172]: input attribute name: status Jun 19 16:27:21 localhost postfix/smtpd[12172]: input attribute value: 0 Jun 19 16:27:21 localhost postfix/smtpd[12172]: private/proxymap socket: wanted attribute: flags Jun 19 16:27:21 localhost postfix/smtpd[12172]: input attribute name: flags Jun 19 16:27:21 localhost postfix/smtpd[12172]: input attribute value: 16 Jun 19 16:27:21 localhost postfix/smtpd[12172]: private/proxymap socket: wanted attribute: (list terminator) Jun 19 16:27:21 localhost postfix/smtpd[12172]: input attribute name: (end) Jun 19 16:27:21 localhost postfix/smtpd[12172]: dict_proxy_open: connect to map=unix:passwd.byname status=0 server_flags=fixed Jun 19 16:27:21 localhost postfix/smtpd[12172]: dict_open: proxy:unix:passwd.byname Jun 19 16:27:21 localhost postfix/smtpd[12172]: Compiled against Berkeley DB: 5.1.29? Jun 19 16:27:21 localhost postfix/smtpd[12172]: Run-time linked against Berkeley DB: 5.1.29? Jun 19 16:27:21 localhost postfix/smtpd[12172]: dict_open: hash:/etc/aliases Jun 19 16:27:21 localhost postfix/smtpd[12172]: Compiled against Berkeley DB: 5.1.29? Jun 19 16:27:21 localhost postfix/smtpd[12172]: Run-time linked against Berkeley DB: 5.1.29? Jun 19 16:27:21 localhost postfix/smtpd[12172]: dict_open: hash:/var/lib/mailman/data/aliases Jun 19 16:27:21 localhost postfix/smtpd[12172]: send attr request = open Jun 19 16:27:21 localhost postfix/smtpd[12172]: send attr table = pgsql:/etc/postfix/virtual-alias-maps.cf Jun 19 16:27:21 localhost postfix/smtpd[12172]: send attr flags = 0 Jun 19 16:27:21 localhost postfix/smtpd[12172]: private/proxymap socket: wanted attribute: status Jun 19 16:27:21 localhost postfix/smtpd[12172]: input attribute name: status Jun 19 16:27:21 localhost postfix/smtpd[12172]: input attribute value: 0 Jun 19 16:27:21 localhost postfix/smtpd[12172]: private/proxymap socket: wanted attribute: flags Jun 19 16:27:21 localhost postfix/smtpd[12172]: input attribute name: flags Jun 19 16:27:21 localhost postfix/smtpd[12172]: input attribute value: 16 Jun 19 16:27:21 localhost postfix/smtpd[12172]: private/proxymap socket: wanted attribute: (list terminator) Jun 19 16:27:21 localhost postfix/smtpd[12172]: input attribute name: (end) Jun 19 16:27:21 localhost postfix/smtpd[12172]: dict_proxy_open: connect to map=pgsql:/etc/postfix/virtual-alias-maps.cf status=0 server_flags=fixed Jun 19 16:27:21 localhost postfix/smtpd[12172]: dict_open: proxy:pgsql:/etc/postfix/virtual-alias-maps.cf Jun 19 16:27:21 localhost postfix/smtpd[12172]: Compiled against Berkeley DB: 5.1.29? Jun 19 16:27:21 localhost postfix/smtpd[12172]: Run-time linked against Berkeley DB: 5.1.29? Jun 19 16:27:21 localhost postfix/smtpd[12172]: dict_open: hash:/var/lib/mailman/data/virtual-mailman Jun 19 16:27:21 localhost postfix/smtpd[12172]: send attr request = open Jun 19 16:27:21 localhost postfix/smtpd[12172]: send attr table = pgsql:/etc/postfix/virtual-mailbox-maps.cf Jun 19 16:27:21 localhost postfix/smtpd[12172]: send attr flags = 0 Jun 19 16:27:21 localhost postfix/smtpd[12172]: private/proxymap socket: wanted attribute: status Jun 19 16:27:21 localhost postfix/smtpd[12172]: input attribute name: status Jun 19 16:27:21 localhost postfix/smtpd[12172]: input attribute value: 0 Jun 19 16:27:21 localhost postfix/smtpd[12172]: private/proxymap socket: wanted attribute: flags Jun 19 16:27:21 localhost postfix/smtpd[12172]: input attribute name: flags Jun 19 16:27:21 localhost postfix/smtpd[12172]: input attribute value: 16 Jun 19 16:27:21 localhost postfix/smtpd[12172]: private/proxymap socket: wanted attribute: (list terminator) Jun 19 16:27:21 localhost postfix/smtpd[12172]: input attribute name: (end) Jun 19 16:27:21 localhost postfix/smtpd[12172]: dict_proxy_open: connect to map=pgsql:/etc/postfix/virtual-mailbox-maps.cf status=0 server_flags=fixed Jun 19 16:27:21 localhost postfix/smtpd[12172]: dict_open: proxy:pgsql:/etc/postfix/virtual-mailbox-maps.cf Jun 19 16:27:21 localhost postfix/smtpd[12172]: match_string: smtpd_access_maps ~? debug_peer_list Jun 19 16:27:21 localhost postfix/smtpd[12172]: match_string: smtpd_access_maps ~? fast_flush_domains Jun 19 16:27:21 localhost postfix/smtpd[12172]: match_string: smtpd_access_maps ~? mynetworks Jun 19 16:27:21 localhost postfix/smtpd[12172]: match_string: smtpd_access_maps ~? permit_mx_backup_networks Jun 19 16:27:21 localhost postfix/smtpd[12172]: match_string: smtpd_access_maps ~? qmqpd_authorized_clients Jun 19 16:27:21 localhost postfix/smtpd[12172]: match_string: smtpd_access_maps ~? smtpd_access_maps Jun 19 16:27:21 localhost postfix/smtpd[12172]: unknown_helo_hostname_tempfail_action = defer_if_permit Jun 19 16:27:21 localhost postfix/smtpd[12172]: unknown_address_tempfail_action = defer_if_permit Jun 19 16:27:21 localhost postfix/smtpd[12172]: unverified_recipient_tempfail_action = defer_if_permit Jun 19 16:27:21 localhost postfix/smtpd[12172]: unverified_sender_tempfail_action = defer_if_permit Jun 19 16:27:21 localhost postfix/smtpd[12172]: name_mask: 0 Jun 19 16:27:21 localhost postfix/smtpd[12172]: auto_clnt_create: transport=local endpoint=private/tlsmgr Jun 19 16:27:21 localhost postfix/smtpd[12172]: auto_clnt_open: connected to private/tlsmgr Jun 19 16:27:21 localhost postfix/smtpd[12172]: send attr request = seed Jun 19 16:27:21 localhost postfix/smtpd[12172]: send attr size = 32 Jun 19 16:27:21 localhost postfix/smtpd[12172]: private/tlsmgr: wanted attribute: status Jun 19 16:27:21 localhost postfix/smtpd[12172]: input attribute name: status Jun 19 16:27:21 localhost postfix/smtpd[12172]: input attribute value: 0 Jun 19 16:27:21 localhost postfix/smtpd[12172]: private/tlsmgr: wanted attribute: seed Jun 19 16:27:21 localhost postfix/smtpd[12172]: input attribute name: seed Jun 19 16:27:21 localhost postfix/smtpd[12172]: input attribute value: BkwSErqQCehWb7QFIVoqNQDFcWGDIzh7N7jY0LHfZxM= Jun 19 16:27:21 localhost postfix/smtpd[12172]: private/tlsmgr: wanted attribute: (list terminator) Jun 19 16:27:21 localhost postfix/smtpd[12172]: input attribute name: (end) Jun 19 16:27:21 localhost postfix/smtpd[12172]: send attr request = policy Jun 19 16:27:21 localhost postfix/smtpd[12172]: send attr cache_type = smtpd Jun 19 16:27:21 localhost postfix/smtpd[12172]: private/tlsmgr: wanted attribute: status Jun 19 16:27:21 localhost postfix/smtpd[12172]: input attribute name: status Jun 19 16:27:21 localhost postfix/smtpd[12172]: input attribute value: 0 Jun 19 16:27:21 localhost postfix/smtpd[12172]: private/tlsmgr: wanted attribute: cachable Jun 19 16:27:21 localhost postfix/smtpd[12172]: input attribute name: cachable Jun 19 16:27:21 localhost postfix/smtpd[12172]: input attribute value: 1 Jun 19 16:27:21 localhost postfix/smtpd[12172]: private/tlsmgr: wanted attribute: (list terminator) Jun 19 16:27:21 localhost postfix/smtpd[12172]: input attribute name: (end) Jun 19 16:27:21 localhost postfix/smtpd[12172]: match_string: fast_flush_domains ~? debug_peer_list Jun 19 16:27:21 localhost postfix/smtpd[12172]: match_string: fast_flush_domains ~? fast_flush_domains Jun 19 16:27:21 localhost postfix/smtpd[12172]: auto_clnt_create: transport=local endpoint=private/anvil Jun 19 16:27:21 localhost postfix/smtpd[12172]: connection established Jun 19 16:27:21 localhost postfix/smtpd[12172]: master_notify: status 0 Jun 19 16:27:21 localhost postfix/smtpd[12172]: name_mask: resource Jun 19 16:27:21 localhost postfix/smtpd[12172]: name_mask: software Jun 19 16:27:21 localhost postfix/smtpd[12172]: connect from s72-38-252-2.static.datacom.cgocable.net[72.38.252.2] Jun 19 16:27:21 localhost postfix/smtpd[12172]: match_list_match: s72-38-252-2.static.datacom.cgocable.net: no match Jun 19 16:27:21 localhost postfix/smtpd[12172]: match_list_match: 72.38.252.2: no match Jun 19 16:27:21 localhost postfix/smtpd[12172]: match_list_match: s72-38-252-2.static.datacom.cgocable.net: no match Jun 19 16:27:21 localhost postfix/smtpd[12172]: match_list_match: 72.38.252.2: no match Jun 19 16:27:21 localhost postfix/smtpd[12172]: smtp_stream_setup: maxtime=300 enable_deadline=0 Jun 19 16:27:21 localhost postfix/smtpd[12172]: match_hostname: s72-38-252-2.static.datacom.cgocable.net ~? 127.0.0.0/8 Jun 19 16:27:21 localhost postfix/smtpd[12172]: match_hostaddr: 72.38.252.2 ~? 127.0.0.0/8 Jun 19 16:27:21 localhost postfix/smtpd[12172]: match_list_match: s72-38-252-2.static.datacom.cgocable.net: no match Jun 19 16:27:21 localhost postfix/smtpd[12172]: match_list_match: 72.38.252.2: no match Jun 19 16:27:21 localhost postfix/smtpd[12172]: auto_clnt_open: connected to private/anvil Jun 19 16:27:21 localhost postfix/smtpd[12172]: send attr request = connect Jun 19 16:27:21 localhost postfix/smtpd[12172]: send attr ident = smtp:72.38.252.2 Jun 19 16:27:21 localhost postfix/smtpd[12172]: private/anvil: wanted attribute: status Jun 19 16:27:21 localhost postfix/smtpd[12172]: input attribute name: status Jun 19 16:27:21 localhost postfix/smtpd[12172]: input attribute value: 0 Jun 19 16:27:21 localhost postfix/smtpd[12172]: private/anvil: wanted attribute: count Jun 19 16:27:21 localhost postfix/smtpd[12172]: input attribute name: count Jun 19 16:27:21 localhost postfix/smtpd[12172]: input attribute value: 1 Jun 19 16:27:21 localhost postfix/smtpd[12172]: private/anvil: wanted attribute: rate Jun 19 16:27:21 localhost postfix/smtpd[12172]: input attribute name: rate Jun 19 16:27:21 localhost postfix/smtpd[12172]: input attribute value: 1 Jun 19 16:27:21 localhost postfix/smtpd[12172]: private/anvil: wanted attribute: (list terminator) Jun 19 16:27:21 localhost postfix/smtpd[12172]: input attribute name: (end) Jun 19 16:27:21 localhost postfix/smtpd[12172]: > s72-38-252-2.static.datacom.cgocable.net[72.38.252.2]: 220 domain.tld ESMTP Postfix (Debian/GNU) Jun 19 16:27:21 localhost postfix/smtpd[12172]: xsasl_dovecot_server_create: SASL service=smtp, realm=(null) Jun 19 16:27:21 localhost postfix/smtpd[12172]: name_mask: noanonymous Jun 19 16:27:21 localhost postfix/smtpd[12172]: xsasl_dovecot_server_connect: Connecting Jun 19 16:27:21 localhost postfix/smtpd[12172]: xsasl_dovecot_server_connect: auth reply: VERSION?1?1 Jun 19 16:27:21 localhost postfix/smtpd[12172]: xsasl_dovecot_server_connect: auth reply: MECH?PLAIN?plaintext Jun 19 16:27:21 localhost postfix/smtpd[12172]: name_mask: plaintext Jun 19 16:27:21 localhost postfix/smtpd[12172]: xsasl_dovecot_server_connect: auth reply: SPID?11468 Jun 19 16:27:21 localhost postfix/smtpd[12172]: xsasl_dovecot_server_connect: auth reply: CUID?91 Jun 19 16:27:21 localhost postfix/smtpd[12172]: xsasl_dovecot_server_connect: auth reply: COOKIE?9df14148adb89ae414e824bc836238da Jun 19 16:27:21 localhost postfix/smtpd[12172]: xsasl_dovecot_server_connect: auth reply: DONE Jun 19 16:27:21 localhost postfix/smtpd[12172]: xsasl_dovecot_server_mech_filter: keep mechanism: PLAIN Jun 19 16:27:21 localhost postfix/smtpd[12172]: < s72-38-252-2.static.datacom.cgocable.net[72.38.252.2]: EHLO User Jun 19 16:27:21 localhost postfix/smtpd[12172]: match_list_match: s72-38-252-2.static.datacom.cgocable.net: no match Jun 19 16:27:21 localhost postfix/smtpd[12172]: match_list_match: 72.38.252.2: no match Jun 19 16:27:21 localhost postfix/smtpd[12172]: > s72-38-252-2.static.datacom.cgocable.net[72.38.252.2]: 250-domain.tld Jun 19 16:27:21 localhost postfix/smtpd[12172]: > s72-38-252-2.static.datacom.cgocable.net[72.38.252.2]: 250-PIPELINING Jun 19 16:27:21 localhost postfix/smtpd[12172]: > s72-38-252-2.static.datacom.cgocable.net[72.38.252.2]: 250-SIZE 10240000 Jun 19 16:27:21 localhost postfix/smtpd[12172]: > s72-38-252-2.static.datacom.cgocable.net[72.38.252.2]: 250-ETRN Jun 19 16:27:21 localhost postfix/smtpd[12172]: > s72-38-252-2.static.datacom.cgocable.net[72.38.252.2]: 250-STARTTLS Jun 19 16:27:21 localhost postfix/smtpd[12172]: > s72-38-252-2.static.datacom.cgocable.net[72.38.252.2]: 250-AUTH PLAIN Jun 19 16:27:21 localhost postfix/smtpd[12172]: > s72-38-252-2.static.datacom.cgocable.net[72.38.252.2]: 250-ENHANCEDSTATUSCODES Jun 19 16:27:21 localhost postfix/smtpd[12172]: > s72-38-252-2.static.datacom.cgocable.net[72.38.252.2]: 250-8BITMIME Jun 19 16:27:21 localhost postfix/smtpd[12172]: > s72-38-252-2.static.datacom.cgocable.net[72.38.252.2]: 250 DSN Jun 19 16:27:21 localhost postfix/smtpd[12172]: < s72-38-252-2.static.datacom.cgocable.net[72.38.252.2]: QUIT Jun 19 16:27:21 localhost postfix/smtpd[12172]: > s72-38-252-2.static.datacom.cgocable.net[72.38.252.2]: 221 2.0.0 Bye Jun 19 16:27:21 localhost postfix/smtpd[12172]: match_hostname: s72-38-252-2.static.datacom.cgocable.net ~? 127.0.0.0/8 Jun 19 16:27:21 localhost postfix/smtpd[12172]: match_hostaddr: 72.38.252.2 ~? 127.0.0.0/8 Jun 19 16:27:21 localhost postfix/smtpd[12172]: match_list_match: s72-38-252-2.static.datacom.cgocable.net: no match Jun 19 16:27:21 localhost postfix/smtpd[12172]: match_list_match: 72.38.252.2: no match Jun 19 16:27:21 localhost postfix/smtpd[12172]: send attr request = disconnect Jun 19 16:27:21 localhost postfix/smtpd[12172]: send attr ident = smtp:72.38.252.2 Jun 19 16:27:21 localhost postfix/smtpd[12172]: private/anvil: wanted attribute: status Jun 19 16:27:21 localhost postfix/smtpd[12172]: input attribute name: status Jun 19 16:27:21 localhost postfix/smtpd[12172]: input attribute value: 0 Jun 19 16:27:21 localhost postfix/smtpd[12172]: private/anvil: wanted attribute: (list terminator) Jun 19 16:27:21 localhost postfix/smtpd[12172]: input attribute name: (end) Jun 19 16:27:21 localhost postfix/smtpd[12172]: disconnect from s72-38-252-2.static.datacom.cgocable.net[72.38.252.2] Jun 19 16:27:21 localhost postfix/smtpd[12172]: master_notify: status 1 Jun 19 16:27:21 localhost postfix/smtpd[12172]: connection closed Jun 19 16:27:26 localhost postfix/smtpd[12172]: proxymap stream disconnect Jun 19 16:27:26 localhost postfix/smtpd[12172]: auto_clnt_close: disconnect private/tlsmgr stream

感谢您的任何提示。

远程SMTP客户端甚至不尝试进行身份validation,也不会尝试发送消息。 您的日志文件显示它只是在收到对其EHLO User命令的响应后退出: 

 < s72-38-252-2.static.datacom.cgocable.net[72.38.252.2]: EHLO User ... < s72-38-252-2.static.datacom.cgocable.net[72.38.252.2]: QUIT

我怀疑远程客户EHLO在检查对其EHLO命令(应具有完全限定的域名而不是User )的响应中的特定内容。 不同的SMTP服务器对这样的命令的反应不同,例如,你的Postfix smtpd表示它支持STARTTLSAUTH PLAIN

EHLO命令本身是原始SMTP HELO命令的扩展SMTP扩展名; ESMTP服务器根据其configuration成功(代码250,后跟服务器function列表),失败(代码550)或错误(代码500,501,502,504或421)对其进行响应。

远程主机可能正在检查一个特定的响应,表明它可能使用的漏洞的可能性。 如果它没有得到这个指示,它就会放弃。

根据我的经验,在“粗暴”的破解尝试中存在很大的差异; 有些比其他更微妙(大概是为了避免引起不必要的关注)。

拒绝无效的HELO命令

如果您将接受来自多个不同SMTP客户端的连接,最好不要拒绝无FQDN的无效EHLO命令。 我遇到过几个SMTP客户端(在打印机/扫描仪,包括邮件function的旧Windows软件等),这些客户端没有使用他们的HELO / EHLO命令发送格式正确的完全合格的域名。 红帽企业Linux 5提供的默认Postfixconfiguration不会限制HELO使用,甚至不需要它。

如果你知道所有的合法客户都会发送一个有效的HELO ,这可能有助于减less用于处理非法尝试的处理(我自己没有尝试过)。