如何将postfix设置为忽略不存在的用户邮件

我收到了大量的垃圾邮件尝试随机用户名。我知道所有的邮件服务器都在某种程度上发生了这种情况，但是在过去的两周内，我的VPS的磁盘分配量已经被填满了，只是因为maillog文件的大小！一周的日志差不多是7GB，其他的则较小，但不正常。我是阅读日志的新手，但这是一个随机select的小片段：

Sep 11 03:53:16 vps-1011517-5697 postfix/qmgr[31514]: 05DEA31470BF: from=<[email protected]>, size=1165, nrcpt=1 (queue active) Sep 11 03:53:16 vps-1011517-5697 postfix/qmgr[31514]: 05DEA31470BF: to=<[email protected]>, relay=none, delay=358802, delays=358802/0.07/0/0, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mta5.am0.yahoodns.net[66.196.118.34] while sending RCPT TO) Sep 11 03:53:16 vps-1011517-5697 postfix/qmgr[31514]: 00B053186BAE: from=<[email protected]>, size=1123, nrcpt=1 (queue active) Sep 11 03:53:16 vps-1011517-5697 postfix/local[27246]: 00DAD31454C1: to=<[email protected]>, relay=local, delay=391867, delays=391867/0.13/0/0.02, dsn=4.1.1, status=SOFTBOUNCE (unknown user: "ginger_walton") Sep 11 03:53:16 vps-1011517-5697 postfix/smtp[26812]: 0099B3136B26: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[74.125.204.27]:25, delay=107076, delays=107075/0/0.39/0.68, dsn=4.7.1, status=SOFTBOUNCE (host gmail-smtp-in.l.google.com[74.125.204.27] said: 550-5.7.1 [27.112.107.68 1] Our system has detected an unusual rate of 550-5.7.1 unsolicited mail originating from your IP address. To protect our 550-5.7.1 users from spam, mail sent from your IP address has been blocked. 550-5.7.1 Please visit 550-5.7.1 https://support.google.com/mail/?p=UnsolicitedIPError to review our 550 5.7.1 Bulk Email Senders Guidelines. q189si11097060pfq.189 - gsmtp (in reply to end of DATA command)) Sep 11 03:53:16 vps-1011517-5697 postfix/qmgr[31514]: 00ECD3169334: from=<[email protected]>, size=1106, nrcpt=1 (queue active) Sep 11 03:53:16 vps-1011517-5697 postfix/qmgr[31514]: 00ECD3169334: to=<[email protected]>, relay=none, delay=246340, delays=246340/0.02/0/0, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mta5.am0.yahoodns.net[66.196.118.34] while sending RCPT TO) Sep 11 03:53:16 vps-1011517-5697 postfix/qmgr[31514]: 0231E3138414: from=<[email protected]>, size=1560, nrcpt=1 (queue active) Sep 11 03:53:16 vps-1011517-5697 postfix/qmgr[31514]: 0231E3138414: to=<[email protected]>, relay=none, delay=14482, delays=14482/0/0/0, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mta5.am0.yahoodns.net[66.196.118.34] while sending RCPT TO) Sep 11 03:53:16 vps-1011517-5697 postfix/qmgr[31514]: 062593144D72: from=<>, size=3463, nrcpt=1 (queue active) Sep 11 03:53:16 vps-1011517-5697 postfix/qmgr[31514]: 08A1D31498F3: from=<>, size=3045, nrcpt=1 (queue active) Sep 11 03:53:16 vps-1011517-5697 postfix/local[27247]: 062593144D72: to=<[email protected]>, relay=local, delay=396966, delays=396966/0.01/0/0, dsn=4.1.1, status=SOFTBOUNCE (unknown user: "isabel_miles") Sep 11 03:53:16 vps-1011517-5697 postfix/qmgr[31514]: 0D692313F1DA: from=<>, size=3078, nrcpt=1 (queue active) Sep 11 03:53:16 vps-1011517-5697 postfix/qmgr[31514]: 00EA0313F88E: from=<>, size=3464, nrcpt=1 (queue active) Sep 11 03:53:16 vps-1011517-5697 postfix/local[27248]: 08A1D31498F3: to=<[email protected]>, relay=local, delay=321787, delays=321787/0.02/0/0, dsn=4.1.1, status=SOFTBOUNCE (unknown user: "bridget_harrison") Sep 11 03:53:16 vps-1011517-5697 postfix/qmgr[31514]: 0F2A33147B48: from=<>, size=3657, nrcpt=1 (queue active) Sep 11 03:53:16 vps-1011517-5697 postfix/local[27246]: 0D692313F1DA: to=<[email protected]>, relay=local, delay=430240, delays=430240/0.02/0/0, dsn=4.1.1, status=SOFTBOUNCE (unknown user: "freda_gordon") Sep 11 03:53:16 vps-1011517-5697 postfix/qmgr[31514]: 046C83133878: from=<[email protected]>, size=1180, nrcpt=1 (queue active) Sep 11 03:53:16 vps-1011517-5697 postfix/local[27247]: 00EA0313F88E: to=<[email protected]>, relay=local, delay=425180, delays=425180/0.02/0/0, dsn=4.1.1, status=SOFTBOUNCE (unknown user: "amelia_hanson") Sep 11 03:53:16 vps-1011517-5697 postfix/qmgr[31514]: 035633144D87: from=<>, size=3087, nrcpt=1 (queue active) Sep 11 03:53:16 vps-1011517-5697 postfix/qmgr[31514]: 019673137E30: from=<[email protected]>, size=1161, nrcpt=1 (queue active) Sep 11 03:53:16 vps-1011517-5697 postfix/local[27248]: 0F2A33147B48: to=<[email protected]>, relay=local, delay=347073, delays=347073/0.02/0/0, dsn=4.1.1, status=SOFTBOUNCE (unknown user: "della_wright") Sep 11 03:53:16 vps-1011517-5697 postfix/qmgr[31514]: 01F593146A8D: from=<>, size=3579, nrcpt=1 (queue active) Sep 11 03:53:16 vps-1011517-5697 postfix/local[27246]: 035633144D87: to=<[email protected]>, relay=local, delay=396952, delays=396952/0.02/0/0, dsn=4.1.1, status=SOFTBOUNCE (unknown user: "kelley_strickland") Sep 11 03:53:16 vps-1011517-5697 postfix/smtp[27074]: 0423D31361AE: to=<[email protected]>, relay=mx3.hotmail.com[65.55.37.72]:25, delay=33557, delays=33557/0.01/0.38/0.12, dsn=4.0.0, status=SOFTBOUNCE (host mx3.hotmail.com[65.55.37.72] said: 550 SC-002 (COL004-MC1F20) Unfortunately, messages from 27.112.107.68 weren't sent. Please contact your Internet service provider since part of their network is on our block list. You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors. (in reply to MAIL FROM command)) Sep 11 03:53:16 vps-1011517-5697 postfix/smtp[27074]: 0423D31361AE: lost connection with mx3.hotmail.com[65.55.37.72] while sending RCPT TO Sep 11 03:53:16 vps-1011517-5697 postfix/qmgr[31514]: 078CF312D56D: from=<>, size=3751, nrcpt=1 (queue active) Sep 11 03:53:16 vps-1011517-5697 postfix/local[27247]: 01F593146A8D: to=<[email protected]>, relay=local, delay=371261, delays=371261/0.02/0/0, dsn=4.1.1, status=SOFTBOUNCE (unknown user: "eva_morrison") Sep 11 03:53:16 vps-1011517-5697 postfix/qmgr[31514]: 0CB143130F4A: from=<>, size=3022, nrcpt=1 (queue active) Sep 11 03:53:16 vps-1011517-5697 postfix/local[27248]: 078CF312D56D: to=<[email protected]>, relay=local, delay=321700, delays=321700/0.01/0/0, dsn=4.1.1, status=SOFTBOUNCE (unknown user: "gwen_mendoza") Sep 11 03:53:16 vps-1011517-5697 postfix/qmgr[31514]: 02A0C31284D7: from=<>, size=3032, nrcpt=1 (queue active) Sep 11 03:53:16 vps-1011517-5697 postfix/local[27246]: 0CB143130F4A: to=<[email protected]>, relay=local, delay=242903, delays=242903/0.01/0/0, dsn=4.1.1, status=SOFTBOUNCE (unknown user: "marcia_harvey")

三个沉思：

我对“SOFTBOUNCE”的理解不适合这种情况 – 一个无效的用户名应该是一个很难的反弹，对吧？无论如何，我宁愿没有任何反弹，因为这是一个浪费资源，以及给垃圾邮件发送者太多的信息。
我不明白Google服务器的投诉文本 – 编号“500-5.7.1”似乎随机插入句子中。但是我认为，如果有足够的反弹，那么所有这些即将发生的反弹都可能被解释为垃圾邮件，对吗？
来自法国的Hotmail关于阻止列表的投诉可能是由我的服务器或其他人造成的; 107个黑名单的检查报告我的IP只有其中两个，所以我不认为我有我的网站上真正的垃圾邮件发生器或类似的东西。

无论如何，我只有一个有效的用户名在域上，所以是否有可能configuration后缀简单地删除任何邮件尝试任何其他用户名？如果没有发送反弹，甚至没有在日志文件中input，我会很高兴，因为正如我所说的，日志文件本身已经填满了。或者，如果有更好的办法来处理这种攻击，我全是耳朵。

编辑＃1：为了回应关于连接/断开连接条目的评论，我search了第一个“连接”（其周围有空格 – 否则我得到所有的“连接丢失”条目），然后grepped后续引用相同的邮件服务器。这是第一个在两秒内发生的序列，这可能与同一个电子邮件尝试有关：

 Sep 11 03:53:25 vps-1011517-5697 postfix/smtpd[20505]: connect from simcoe209srvr.owm.bell.net[184.150.200.209] Sep 11 03:53:25 vps-1011517-5697 postfix/smtpd[20505]: setting up TLS connection from simcoe209srvr.owm.bell.net[184.150.200.209] Sep 11 03:53:26 vps-1011517-5697 postfix/smtpd[20505]: TLS connection established from simcoe209srvr.owm.bell.net[184.150.200.209]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bi ts) Sep 11 03:53:26 vps-1011517-5697 postfix/smtpd[20505]: NOQUEUE: reject: RCPT from simcoe209srvr.owm.bell.net[184.150.200.209]: 450 4.1.1 <[email protected]>: Recipient address rejected: User unknown in local recipient table; from=<> to=<[email protected]> proto=ESMTP helo=<torfep04.bell.net> Sep 11 03:53:27 vps-1011517-5697 postfix/smtpd[20505]: disconnect from simcoe209srvr.owm.bell.net[184.150.200.209]

这些不是日志中的顺序条目; 在相同的两秒钟内有大量不相关的条目。但是，如果你想让我search一些相关的东西，请告诉我要寻找什么。

编辑＃2：作为对JennyD的回应，这里是我的/etc/postfix/main.cf（当然，注释已被删除）：

 soft_bounce = yes queue_directory = /var/spool/postfix command_directory = /usr/sbin daemon_directory = /usr/libexec/postfix mail_owner = postfix myhostname = l4jp.com mydomain = l4jp.com mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain unknown_local_recipient_reject_code = 550 alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5 sendmail_path = /usr/sbin/sendmail.postfix newaliases_path = /usr/bin/newaliases.postfix mailq_path = /usr/bin/mailq.postfix setgid_group = postdrop html_directory = no manpage_directory = /usr/share/man sample_directory = /usr/share/doc/postfix-2.3.3/samples readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES # THE FOLLOWING IS FROM: http://www.anchor.com.au/hosting/dedicated/Postfix-SASL-setup smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes broken_sasl_auth_clients = yes smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination smtpd_tls_security_level = may smtpd_tls_key_file = /etc/ssl/smtpd.key smtpd_tls_cert_file = /etc/ssl/smtpd.crt smtpd_tls_auth_only = yes smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes #My settings for virtual mailbox domains (which I don't think I actually use for anything) virtual_mailbox_domains = /etc/postfix/vhosts.txt virtual_mailbox_base = /var/spool/vmail virtual_mailbox_maps = hash:/etc/postfix/vmaps.txt virtual_minimum_uid = 100 virtual_uid_maps = static:101 virtual_gid_maps = static:101 message_size_limit = 30720000

编辑＃3： Dombuild议softbounce = no。我在发生这种变化之前和之后发送了一封testing邮件 – 以下是相关日志条目（来自地址清理）：

 Sep 12 20:38:39 vps-1011517-5697 postfix/smtpd[5343]: connect from gateway21.websitewelcome.com[192.185.45.43] Sep 12 20:38:39 vps-1011517-5697 postfix/smtpd[5343]: setting up TLS connection from gateway21.websitewelcome.com[192.185.45.43] Sep 12 20:38:39 vps-1011517-5697 postfix/smtpd[5343]: TLS connection established from gateway21.websitewelcome.com[192.185.45.43]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits) Sep 12 20:38:40 vps-1011517-5697 postfix/smtpd[5343]: NOQUEUE: reject: RCPT from gateway21.websitewelcome.com[192.185.45.43]: 450 4.1.1 <[email protected]>: Recipient address rejected: User unknown in local recipient table; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<gateway21.websitewelcome.com> Sep 12 20:38:40 vps-1011517-5697 postfix/smtpd[5343]: disconnect from gateway21.websitewelcome.com[192.185.45.43] Sep 12 20:43:06 vps-1011517-5697 postfix/smtpd[6400]: connect from gateway23.websitewelcome.com[192.185.50.119] Sep 12 20:43:06 vps-1011517-5697 postfix/smtpd[6400]: setting up TLS connection from gateway23.websitewelcome.com[192.185.50.119] Sep 12 20:43:07 vps-1011517-5697 postfix/smtpd[6400]: TLS connection established from gateway23.websitewelcome.com[192.185.50.119]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits) Sep 12 20:43:07 vps-1011517-5697 postfix/smtpd[6400]: NOQUEUE: reject: RCPT from gateway23.websitewelcome.com[192.185.50.119]: 550 5.1.1 <[email protected]>: Recipient address rejected: User unknown in local recipient table; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<gateway23.websitewelcome.com> Sep 12 20:43:07 vps-1011517-5697 postfix/smtpd[6400]: disconnect from gateway23.websitewelcome.com[192.185.50.119]

在这两种情况下有五个条目 – 日志中的唯一区别是错误代码（如预期的那样）。但是在改变之后，我得到了一个实际的退回消息到我发送testing的地址。发送给垃圾邮件制造者不是一件坏事吗？

编辑＃4：回应masegaloeh的评论要求所有条目相关的相同的消息队列ID。例如，他给出的ID是closuressoft_bounce之前的原始文件，但是我怀疑没有soft_bounce的文件会更有用，所以这是一个最近的随机示例：

 [root](10:27:06)[~]$ grep E6CBF312663B /var/log/maillog Sep 15 10:26:11 vps-1011517-5697 postfix/cleanup[10347]: E6CBF312663B: message-id=<[email protected]> Sep 15 10:26:11 vps-1011517-5697 postfix/bounce[10292]: 47A8E3126F85: sender non-delivery notification: E6CBF312663B Sep 15 10:26:11 vps-1011517-5697 postfix/qmgr[8701]: E6CBF312663B: from=<>, size=3801, nrcpt=1 (queue active) Sep 15 10:26:11 vps-1011517-5697 postfix/local[10477]: E6CBF312663B: to=<[email protected]>, relay=local, delay=0, delays=0/0/0/0, dsn=5.1.1, status=bounced (unknown user: "eula_mcdonald") Sep 15 10:26:11 vps-1011517-5697 postfix/qmgr[8701]: E6CBF312663B: removed

目前的日志文件仅在2.5天左右就增长到了1.2GB。我无法保持这个速度

编辑＃5：接下来，masegaloeh问这个：

 [root](09:03:50)[/var/log]$ grep 47A8E3126F85 maillog Sep 15 10:26:10 vps-1011517-5697 postfix/pickup[10444]: 47A8E3126F85: uid=500 from=<[email protected]> Sep 15 10:26:10 vps-1011517-5697 postfix/cleanup[10347]: 47A8E3126F85: message-id=<[email protected]> Sep 15 10:26:10 vps-1011517-5697 postfix/qmgr[8701]: 47A8E3126F85: from=<[email protected]>, size=1153, nrcpt=1 (queue active) Sep 15 10:26:11 vps-1011517-5697 postfix/smtp[9981]: 47A8E3126F85: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[64.233.189.27]:25, delay=1.7, delays=0.02/0.39/0.51/0.75, dsn=5.7.1, status=bounced (host gmail-smtp-in.l.google.com[64.233.189.27] said: 550-5.7.1 [27.112.107.68 1] Our system has detected an unusual rate of 550-5.7.1 unsolicited mail originating from your IP address. To protect our 550-5.7.1 users from spam, mail sent from your IP address has been blocked. 550-5.7.1 Please visit 550-5.7.1 https://support.google.com/mail/?p=UnsolicitedIPError to review our 550 5.7.1 Bulk Email Senders Guidelines. n130si231260oig.169 - gsmtp (in reply to end of DATA command)) Sep 15 10:26:11 vps-1011517-5697 postfix/bounce[10292]: 47A8E3126F85: sender non-delivery notification: E6CBF312663B Sep 15 10:26:11 vps-1011517-5697 postfix/qmgr[8701]: 47A8E3126F85: removed

编辑＃6：迈克尔·汉普顿的build议行动后，我再次看了日志的尾巴。 “接受交付”这个词引起了我的注意，因为我没有发送或接收任何真实的邮件 – 这里是与我注意到的有关系列：

 [root](15:01:16)[/var/log]$ grep 638BD3122039 maillog Sep 17 14:59:34 vps-1011517-5697 postfix/pickup[8959]: 638BD3122039: uid=500 from=<[email protected]> Sep 17 14:59:34 vps-1011517-5697 postfix/cleanup[9099]: 638BD3122039: message-id=<[email protected]> Sep 17 14:59:34 vps-1011517-5697 postfix/qmgr[7492]: 638BD3122039: from=<[email protected]>, size=1185, nrcpt=1 (queue active) Sep 17 14:59:38 vps-1011517-5697 postfix/smtp[9109]: 638BD3122039: to=<[email protected]>, relay=gw-eur1.smtp.philips.com[212.159.218.9]:25, delay=3.6, delays=0.07/0.01/1.6/2, dsn=2.0.0, status=sent (250 2.0.0 kVzb1t0041UaJoz01VzcmY mail accepted for delivery) Sep 17 14:59:38 vps-1011517-5697 postfix/qmgr[7492]: 638BD3122039: removed

当然这里没有juanita_ellis。什么可能导致该消息被发送？我真的发送垃圾邮件吗？

我没有看到你的Postfixconfigurationmain.cf指定的mynetworks = 。

如果没有指定，那么同一个本地networking上的任何人都可以通过你的服务器中继邮件，而不需要进行身份validation，从而使邮件服务器至less有一个开放的中继。如果您的系统具有全球IP地址，例如因为您在某种types的VPS提供商（如Digital Ocean）上托pipe，则可能会遭受来自同一供应商托pipe的附近机器的攻击。

这应该立即修复。

要locking它，只有本地主机可以通过服务器发送未经身份validation的邮件：

 mynetworks = 127.0.0.0/8 [::1]/128

另外，考虑删除服务器上的任何排队邮件（垃圾邮件！），以便Postfix不会尝试重新发送。

用mailq查看队列，如果你没有看到任何合法的东西，用postsuper -d ALL删除所有的东西。

您上次的编辑清楚地表明您的系统上的本地进程正在生成邮件。这个过程以uid 500运行，这很可能是你的账户。所以看起来你已经妥协了。将它从轨道上移开; 这是唯一确定的方法。