我有一个运行Postfix的iRedMail服务器,并试图确定其垃圾邮件问题的来源。
我已经改变了域名上的MXlogging接收垃圾邮件的地址,好消息是没有垃圾邮件通过这个第二台服务器。 但是,尽pipeMXlogging发生了更改,但新的垃圾邮件仍会出现在旧服务器上。 这怎么可能?
以下是其中一封垃圾邮件的标题:
Content-Type: multipart/alternative; boundary="6656864_13052705_6656864" Mime-Version: 1.0 Return-Path: <[email protected]> Content-Transfer-Encoding: 8bit X-Virus-Scanned: Debian amavisd-new at myserverdomain.com Received: from localhost (localhost [127.0.0.1]) by myserverdomain.com (Postfix) with ESMTP id 293FD6B977 for <[email protected]>; Tue, 12 Jan 2016 20:45:14 -0700 (MST) Received: from myserverdomain.com ([127.0.0.1]) by localhost (myserverdomain.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G3TC68wvWWEK for <[email protected]>; Tue, 12 Jan 2016 20:45:13 -0700 (MST) Received: from yuijdd.stablecheck.party (unknown [46.166.133.21]) by myserverdomain.com (Postfix) with ESMTP id 480626B976 for <[email protected]>; Tue, 12 Jan 2016 20:45:12 -0700 (MST) Delivered-To: [email protected] Message-Id: <Lackadaisical.0300b221f33a2b213a8dc0ee683baadac.Obsecratorynick@emaildomain.com> Re: Macy's is giving out a $50 voucher to start 2016 这似乎是来自我自己的服务器? 还是来自这个IP?:46.166.133.21。 该IP被列入Spamhaus,我有后缀设置为查询列入黑名单。
这里是我的/var/logs/mail.log文件的一部分
Jan 13 03:45:11 mailhost postfix/smtpd[4796]: connect from unknown[46.166.133.21] Jan 13 03:45:12 mailhost postfix/smtpd[4796]: 480626B976: client=unknown[46.166.133.21] Jan 13 03:45:12 mailhost postfix/cleanup[4806]: 480626B976: message-id=<Lackadaisical.0300b221f33a2b213a8dc0ee683baadac.Obsecratorynick@emaildomain.com> Jan 13 03:45:13 mailhost postfix/qmgr[9274]: 480626B976: from=<[email protected]>, size=5484, nrcpt=1 (queue active) Jan 13 03:45:13 mailhost postfix/smtpd[4796]: disconnect from unknown[46.166.133.21] Jan 13 03:45:14 mailhost postfix/smtpd[4815]: connect from localhost[127.0.0.1] Jan 13 03:45:14 mailhost postfix/smtpd[4815]: 293FD6B977: client=localhost[127.0.0.1] Jan 13 03:45:14 mailhost postfix/cleanup[4806]: 293FD6B977: message-id=<Lackadaisical.0300b221f33a2b213a8dc0ee683baadac.Obsecratorynick@emaildomain.com> Jan 13 03:45:14 mailhost postfix/qmgr[9274]: 293FD6B977: from=<[email protected]>, size=5943, nrcpt=1 (queue active) Jan 13 03:45:14 mailhost postfix/smtpd[4815]: disconnect from localhost[127.0.0.1] Jan 13 03:45:14 mailhost amavis[31884]: (31884-08) Passed CLEAN, LOCAL [46.166.133.21] [46.166.133.21] <[email protected]> -> <[email protected]>, Message-ID: <Lackadaisical.0300b221f33a2b213a8dc0ee683baadac.Obsecratorynick@emaildomain.com>, mail_id: G3TC68wvWWEK, Hits: -0.546, size: 5482, queued_as: 293FD6B977, 568 ms Jan 13 03:45:14 mailhost postfix/smtp[4812]: 480626B976: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=2, delays=1.4/0.01/0.01/0.58, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 293FD6B977) Jan 13 03:45:14 mailhost postfix/qmgr[9274]: 480626B976: removed Jan 13 03:45:14 mailhost postfix/pipe[4816]: 293FD6B977: to=<[email protected]>, relay=dovecot, delay=0.09, delays=0.01/0.01/0/0.07, dsn=2.0.0, status=sent (delivered via dovecot service)
我也认为可能有一个PHP脚本发送这个邮件的地方,所以我安装并运行了Linux恶意软件检测,但没有发现任何东西。
谢谢你的帮助!
编辑:我有main.cf中的黑名单过滤
smtpd_recipient_restrictions = reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client cbl.abuseat.org, reject_rbl_client b.barracudacentral.org, reject_invalid_hostname, reject_unknown_sender_domain, reject_unknown_recipient_domain, check_policy_service inet:127.0.0.1:7777, check_policy_service inet:127.0.0.1:10031, reject_non_fqdn_sender, reject_non_fqdn_hostname, reject_non_fqdn_recipient, reject_unlisted_recipient, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, permit
此电子邮件来自您的服务器之外,从指定的IP地址。
Postfix被configuration为将其传递给Amavis进行病毒扫描,当完成后,Amavis将其传回给Postfix进行传送。
这就是为什么有两个localhost Received:行。 一个是Amavis在处理消息时添加的,另一个是Postfix从Amavis重新接受它的最终交付。