我来到Spamhaus CBL上了几天。 CBL列表报告说,我在networking上有一个病毒,并发送电子邮件为“localhost.localdomain”。 我不知道该怎么来这个“localhost.localdomain”,因为我的继电器是closures的,而我的HELO是mail.domainclient.com.br ..我没有发现工作站上的病毒或任何stream量通过服务器端口25 。
我们有一个妥协的帐户,但已经改变了她的密码。 我仍然每天都在http://www.abuseat.org/列出。
下面我详细介绍我的设置,以帮助find问题的原因。
iptables的:
Chain OUTPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 7501 1076K ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 17175 23M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED 189 10216 ACCEPT tcp -- * * 0.0.0.0/0 IP_SERVER1 tcp spts:1024:65535 dpt:25 0 0 ACCEPT tcp -- * * 0.0.0.0/0 IP_SERVER1 tcp spt:25 dpts:1024:65535 0 0 ACCEPT udp -- * * IP_SERVER1 0.0.0.0/0 udp spt:53 dpt:53 0 0 ACCEPT udp -- * eth2 0.0.0.0/0 0.0.0.0/0 udp dpt:53 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `OUTPUT: ' Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 7501 1076K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 176 15768 ACCEPT udp -- eth3 * 0.0.0.0/0 0.0.0.0/0 udp dpt:1194 0 0 ACCEPT udp -- tun+ * 0.0.0.0/0 0.0.0.0/0 udp dpt:1194 17117 1628K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 152 8052 ACCEPT tcp -- * * 0.0.0.0/0 IP_SERVER1 tcp spts:1024:65535 dpt:25 0 0 ACCEPT tcp -- * * 0.0.0.0/0 IP_SERVER1 tcp spt:25 dpts:1024:65535 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 11 703 ACCEPT udp -- * * 192.168.1.0/24 0.0.0.0/0 udp dpt:53 126 9546 ACCEPT udp -- * * 0.0.0.0/0 IP SERVER udp spts:1024:65535 dpt:53 0 0 ACCEPT udp -- * * 0.0.0.0/0 IP SERVER udp spt:53 dpt:53 0 0 ACCEPT udp -- * * 192.168.1.0/24 0.0.0.0/0 udp spt:67 dpt:68 130 7520 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 3 120 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 1 60 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2222 0 0 ACCEPT tcp -- * * 192.168.1.0/24 0.0.0.0/0 tcp dpt:3128 4 208 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 0 0 DROP all -- * * 210.51.184.41 0.0.0.0/0 300 17819 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `INPUT: ' Master.cf
smtp inet n - - - - smtpd -o smtpd_tls_security_level=none -o smtpd_sasl_auth_enable=no # -o content_filter=filter:dummy submission inet n - n - - smtpd -o smtpd_sasl_auth_enable=yes cleanup25 unix n - n - 0 cleanup -o header_checks=pcre:/etc/postfix/header_checks_submission
main.cf
body_checks = regexp:/etc/postfix/body_checks header_checks = regexp:/etc/postfix/header_checks smtpd_banner = $myhostname ESMTP $mail_name biff = no append_dot_mydomain = no readme_directory = no sender_bcc_maps = hash:/etc/postfix/sender_bcc recipient_bcc_maps = hash:/etc/postfix/recipient_bcc # TLS parameters smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key smtpd_use_tls=yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache debug_peer_level = 2 debug_peer_list = domainclient.com.br myhostname = mail.domainclient.com.br alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = mail.domainclient.com.br mydestination = mail.domainclient.com.br, domainclient.com.br relayhost = ##mynetworks = 127.0.0.0/8, 192.168.1.0/24, IP_SERVER1, IP_SERVER2, hash:/var/lib/pop-before-smtp/hosts mynetworks = 127.0.0.0/8, 192.168.1.0/24, IPSERVER1, IPSERVER2, hash:/var/lib/pop-before-smtp/hosts mailbox_command = procmail -a "$EXTENSION" mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all home_mailbox = Maildir/ alias_maps = mysql:/etc/postfix/mysql-aliases.cf transport_maps = mysql:/etc/postfix/mysql-transport.cf virtual_maps = mysql:/etc/postfix/mysql-aliases.cf virtual_alias_maps = mysql:/etc/postfix/mysql-aliases.cf virtual_mailbox_base = /var/mail/virtual virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf virtual_mailbox_limit = 51200000 virtual_uid_maps = mysql:/etc/postfix/mysql-virtual-uid.cf virtual_gid_maps = mysql:/etc/postfix/mysql-virtual-gid.cf unknown_local_recipient_reject_code = 500 unknown_address_reject_code = 554 unknown_hostname_reject_code = 554 unknown_hostname_reject_code = 554 unknown_client_reject_code = 554 strict_rfc821_envelopes = yes smtpd_delay_reject = yes smtp_destination_concurrency_limit = 7 smtp_destination_recipient_limit = 10 smtpd_hard_error_limit = 3 smtpd_soft_error_limit = 1 smtpd_client_connection_count_limit = 10 smtpd_client_message_rate_limit = 25 smtpd_error_sleep_time = 20 smtpd_junk_command_limit = 1 maps_rbl_domains = xbl.spamhaus.org, relays.ordb.org, list.dsbl.org, dun.dnsrbl.net, spam.dnsrbl.net, cbl.abuseat.org, sbl-xbl.spamhaus.org, bl.spamcop.net, dns.rfc-ignorant.org smtpd_helo_required = yes smtp_helo_timeout = 60s header_checks = regexp:/etc/postfix/header_checks message_size_limit = 36214400 local_recipient_maps = $alias_maps $virtual_mailbox_maps unix:passwd.byname smtpd_sasl_auth_enable = yes # SASL Authentication smtpd_sasl_auth_enable = yes smtpd_sasl2_auth_enable = yes smtpd_sasl_exceptions_networks = $mynetworks smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_sasl_path = private/auth smtpd_sasl_application_name = smtpd smtpd_tls_auth_only = yes bounce_queue_lifetime = 1d maximal_queue_lifetime = 1d smtpd_data_restrictions = reject_unauth_pipelining smtpd_end_of_data_restrictions = smtpd_etrn_restrictions = #check_sender_access mysql:/etc/postfix/mysql_virtual_mysenders_maps.cf #check_sender_access cidr:/etc/postfix/cidr_koreia_china_nets smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:/etc/postfix/regras_ehlo, reject_invalid_hostname, reject_unauth_pipelining reject_rhsbl_sender dsn.rfc-ignorant.org, reject_rbl_client maps_rbl_domains, #reject_non_fqdn_hostname smtpd_client_restrictions = permit_sasl_authenticated, permit_mynetworks, # check_client_access hash:/etc/postfix/ip-access, reject_unauth_pipelining, reject_rbl_client maps_rbl_domains smtpd_sender_restrictions = permit_sasl_authenticated, check_sender_access hash:/etc/postfix/sender_block, reject_unknown_sender_domain, reject_unauth_pipelining, #reject_non_fqdn_sender, reject_authenticated_sender_login_mismatch, reject_unauthenticated_sender_login_mismatch, #reject_sender_login_mismatch, reject_non_fqdn_sender, reject_unlisted_sender, reject_unauth_pipelining smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_client_access hash:/etc/postfix/whitelist-ips, #reject_non_fqdn_hostname, reject_unauth_destination, #reject_non_fqdn_recipient, reject_unknown_recipient_domain, #reject_non_fqdn_sender, reject_unknown_recipient_domain, reject_unknown_sender_domain, reject_invalid_hostname, reject_unknown_hostname, reject_rbl_client bl.spamcop.net, reject_rbl_client cbl.abuseat.org, reject_rbl_client sbl.spamhaus.org, reject_rbl_client b.barracudacentral.org, #check_sender_access hash:/etc/postfix/sender_access, # check_policy_service unix:private/spfcheck, check_policy_service unix:private/policy, permit
#主机名 servermail-gw01
#cat / etc / mailname mail.domainclient.com.br
#cat / etc / hosts
127.0.0.1 localhost 127.0.1.1 servermail-gw01.domainclient.intra servermail-gw01 IP_SERVER1 domainclient.com.br
谢谢