问候,
谷歌说,我从我的IP发来太多的电子邮件。 由于我从来没有使用这个smtp来发送电子邮件,我怀疑我的后缀是有点错误configuration,所以我有一个开放的中继
google LOG entry: Oct 8 06:29:29 domU-12-31-39-00-C1-66 postfix/smtp[15217]: 79B661A0CC: to=<[email protected]>, relay=alt1.gmail-smtp-in.l.google.com[209.85.219.30]:25, delay=423271, delays=423209/0.03/31/31, dsn=4.7.0, status=deferred (host alt1.gmail-smtp-in.l.google.com[209.85.219.30] said: 421-4.7.0 [174.129.96.42] Our system has detected an unusual amount of 421-4.7.0 unsolicited mail originating from your IP address. To protect our 421-4.7.0 users from spam, mail sent from your IP address has been temporarily 421-4.7.0 blocked. Please visit http://www.google.com/mail/help/bulk_mail.html 421 4.7.0 to review our Bulk Email Senders Guidelines. 6si2037492ewy.56 (in reply to end of DATA command)) 有没有可能configuration后缀,以便不允许从它发出的电子邮件? 如果积极,如何? 否则,我怎样才能解决我的后缀configuration关于开放接力问题?
postconf -o输出:
alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no broken_sasl_auth_clients = yes config_directory = /etc/postfix header_checks = regexp:/etc/postfix/header_checks home_mailbox = Maildir/ inet_interfaces = all mailbox_command = mailbox_size_limit = 0 mydestination = fairlogic.com, legitima.com, bastos.org, sidon.com, localhost myhostname = fairlogic.com mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 myorigin = /etc/mailname readme_directory = no recipient_delimiter = + relayhost = smtp_tls_note_starttls_offer = yes smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtp_use_tls = yes smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) smtpd_recipient_restrictions = reject_unauth_destination,permit_sasl_authenticated,permit_mynetworks smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_local_domain = smtpd_sasl_security_options = noanonymous smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem smtpd_tls_auth_only = no smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes tls_random_source = dev:/dev/urandom
我find了!
search一下后,我发现了这个问题:
1)cat /var/log/mail.log | grep“smtp [”| 尾巴
Oct 8 11:47:00 domU-12-31-39-00-C1-66 postfix/smtp[24599]: 4C9521A0A4: to=<[email protected]>, relay=alt1.gmail-smtp-in.l.google.com[74.125.79.27]:25, delay=23543, delays=23481/0.01/31/31, dsn=4.7.0, status=deferred (host alt1.gmail-smtp-in.l.google.com[74.125.79.27] said: 421-4.7.0 [174.129.96.42] Our system has detected an unusual amount of 421-4.7.0 unsolicited mail originating from your IP address. To protect our 421-4.7.0 users from spam, mail sent from your IP address has been temporarily 421-4.7.0 blocked. Please visit http://www.google.com/mail/help/bulk_mail.html 421 4.7.0 to review our Bulk Email Senders Guidelines. 5si273044eyh.4 (in reply to end of DATA command))
基于消息ID(在本例中为4C9521A0A4),我可以检索消息体:
find /var/spool/postfix/defer* -name 4C9521A0A4 /var/spool/postfix/defer/4/4C9521A0A4 /var/spool/postfix/deferred/4/4C9521A0A4
根据它的内容,我发现有人在给我发垃圾邮件 – 而且postfix试图回复发件人(告诉“未送达的邮件退回给发件人”)。 所以这不是一个利用,也不是postix错误configuration。 现在我将禁用这个postfix通知,我的问题已经消失了。
可以阻止传出的请求到端口25,直到你跟踪它? 例如在Linux上用iptables
iptables -A OUTPUT -p tcp –dport 25 -j REJECT
既然你有“permit_mynetworks”设置和“my_networks”出现设置正确,它看起来像后缀不是一个开放的中继。 我会寻找你的系统上发送电子邮件的其他东西,如黑客的Web服务。
如果邮件真的来自你的后缀,你可以在/var/log/mail.log中看到。 如果它是通过Web服务传递的,请在/var/log/apache2/access.log中查找可疑条目。 否则,你可能只是扎根。
更新:您也可以使用http://www.spamhelp.org/shopenrelay/shopenrelaytest.php或类似的testing,如果你是一个开放的中继。
Postfix似乎没有像sendmail的promiscuous_relay这样的特定function,但是如果你在我的networking中添加了0.0.0.0,它应该允许任何人进行中继。
如果你使用NAT,你的IP后面的任何设备都可能被感染并发送垃圾邮件。
您不需要开放中继( 维基百科链接 ),您应该configurationmydestination和smtpd_recipient_restrictions 。
您可以在howtoforge上find几个configuration示例
如果你想开放中继尝试留下空白smtpd_recipient_restrictions和smtpd_client_restrictionsvariables。 如果你的服务器是开放中继,你可以在这里testing。