运行在Centos 6.4上。 过去两周,我一直在接收来自位于服务器上的其他电子邮件帐户的电子邮件。 [email protected]发送到[email protected]和[email protected]发送到[email protected]。 他们都包含一个zip文件。 电子邮件最近开始从[email protected]进来(网站甚至没有子域)。
我相当密切地监视服务器,并没有看到任何违反FTP,SSH或PHP代码。
这些电子邮件似乎来自土耳其和其他中东地区。 没有垃圾邮件被送出服务器,他们只被发送和本地交付。
我以为我已经设置为validation所有用户,但它不authentication,仍然发送。 有人可以阐明如何做或改变?
这里是postfix / main.cf文件的一些内容。
mynetworks = 127.0.0.0/32 alias_maps = hash:/etc/aliases smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_tls_security_level = may smtpd_tls_key_file = /etc/pki/tls/private/site.com.key smtpd_tls_cert_file= /etc/pki/tls/certs/mycert.crt smtpd_tls_CAfile= /etc/pki/tls/certs/gd_bundle-g2-g1.crt smtpd_tls_loglevel = 1 smtpd_tls_session_cache_timeout = 3600s smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_cache tls_random_source = dev:/dev/urandom smtpd_tls_auth_only = yes virtual_transport = dovecot dovecot_destination_recipient_limit = 1 smtpd_milters = inet:localhost:8891 #non_smtpd_milters = non_smtpd_milters = inet:localhost:8891 milter_default_action = accept (dkim stuff) milter_protocol = 2 mailbox_command = /usr/bin/procmail (this is used for having smart mailboxes, so I could group stuff in Mac mail) 这里是/ var / logs / maillog
Mar 20 09:04:09 server1 postfix/smtpd[616]: connect from unknown[62.169.228.29] Mar 20 09:04:13 server1 postfix/smtpd[616]: disconnect from unknown[62.169.228.29] Mar 20 09:07:33 server1 postfix/anvil[618]: statistics: max connection rate 1/60s for (smtp:62.169.228.29) at Mar 20 09:04:09 Mar 20 09:07:33 server1 postfix/anvil[618]: statistics: max connection count 1 for (smtp:62.169.228.29) at Mar 20 09:04:09 Mar 20 09:07:33 server1 postfix/anvil[618]: statistics: max cache size 1 at Mar 20 09:04:09 Mar 20 09:26:45 server1 postfix/smtpd[645]: connect from unknown[125.209.5.163] Mar 20 09:26:46 server1 postfix/smtpd[645]: disconnect from unknown[125.209.5.163] Mar 20 09:30:06 server1 postfix/anvil[647]: statistics: max connection rate 1/60s for (smtp:125.209.5.163) at Mar 20 09:26:45 Mar 20 09:30:06 server1 postfix/anvil[647]: statistics: max connection count 1 for (smtp:125.209.5.163) at Mar 20 09:26:45 Mar 20 09:30:06 server1 postfix/anvil[647]: statistics: max cache size 1 at Mar 20 09:26:45 Mar 20 09:31:21 server1 postfix/smtpd[654]: connect from unknown[31.184.198.210] Mar 20 09:31:21 server1 postfix/smtpd[654]: setting up TLS connection from unknown[31.184.198.210] Mar 20 09:31:22 server1 postfix/smtpd[654]: Anonymous TLS connection established from unknown[31.184.198.210]: TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits) Mar 20 09:31:22 server1 postfix/smtpd[654]: lost connection after STARTTLS from unknown[31.184.198.210] Mar 20 09:31:22 server1 postfix/smtpd[654]: disconnect from unknown[31.184.198.210] Mar 20 09:34:42 server1 postfix/anvil[656]: statistics: max connection rate 1/60s for (submission:31.184.198.210) at Mar 20 09:31:21 Mar 20 09:34:42 server1 postfix/anvil[656]: statistics: max connection count 1 for (submission:31.184.198.210) at Mar 20 09:31:21 Mar 20 09:34:42 server1 postfix/anvil[656]: statistics: max cache size 1 at Mar 20 09:31:21 Mar 20 11:06:44 server1 postfix/smtpd[804]: warning: 185.100.64.70: hostname ip.hoster.kz verification failed: Name or service not known Mar 20 11:06:44 server1 postfix/smtpd[804]: connect from unknown[185.100.64.70] Mar 20 11:06:45 server1 postfix/smtpd[804]: disconnect from unknown[185.100.64.70] Mar 20 11:10:05 server1 postfix/anvil[806]: statistics: max connection rate 1/60s for (smtp:185.100.64.70) at Mar 20 11:06:44 Mar 20 11:10:05 server1 postfix/anvil[806]: statistics: max connection count 1 for (smtp:185.100.64.70) at Mar 20 11:06:44 Mar 20 11:10:05 server1 postfix/anvil[806]: statistics: max cache size 1 at Mar 20 11:06:44 Mar 20 11:10:09 server1 postfix/smtpd[813]: connect from unknown[31.184.198.210] Mar 20 11:10:09 server1 postfix/smtpd[813]: setting up TLS connection from unknown[31.184.198.210] Mar 20 11:10:10 server1 postfix/smtpd[813]: Anonymous TLS connection established from unknown[31.184.198.210]: TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits) Mar 20 11:10:10 server1 postfix/smtpd[813]: lost connection after STARTTLS from unknown[31.184.198.210] Mar 20 11:10:10 server1 postfix/smtpd[813]: disconnect from unknown[31.184.198.210] Mar 20 11:13:30 server1 postfix/anvil[815]: statistics: max connection rate 1/60s for (submission:31.184.198.210) at Mar 20 11:10:09 Mar 20 11:13:30 server1 postfix/anvil[815]: statistics: max connection count 1 for (submission:31.184.198.210) at Mar 20 11:10:09 Mar 20 11:13:30 server1 postfix/anvil[815]: statistics: max cache size 1 at Mar 20 11:10:09 Mar 20 13:44:46 server1 postfix/smtpd[1023]: warning: 89.248.162.178: address not listed for hostname no-reverse-dns-configured.com Mar 20 13:44:46 server1 postfix/smtpd[1023]: connect from unknown[89.248.162.178] Mar 20 13:44:47 server1 postfix/smtpd[1023]: disconnect from unknown[89.248.162.178]
这是一封电子邮件,它是垃圾邮件。
Mar 22 12:15:20 server1 postfix/smtpd[20712]: connect from unknown[203.82.37.180] Mar 22 12:15:20 server1 postfix/smtpd[20712]: 65EE53800A8: client=unknown[203.82.37.180] Mar 22 12:15:20 server1 postfix/cleanup[20717]: 65EE53800A8: message-id=<[email protected]> Mar 22 12:15:20 server1 opendkim[1444]: 65EE53800A8: [203.82.37.180] [203.82.37.180] not internal Mar 22 12:15:20 server1 opendkim[1444]: 65EE53800A8: not authenticated Mar 22 12:15:20 server1 opendkim[1444]: 65EE53800A8: no signature data Mar 22 12:15:20 server1 postfix/qmgr[27235]: 65EE53800A8: from=<[email protected]>, size=5709, nrcpt=1 (queue active) Mar 22 12:15:20 server1 spamd[19157]: spamd: connection from localhost [127.0.0.1] at port 49602 Mar 22 12:15:20 server1 spamd[19157]: spamd: setuid to spamd succeeded Mar 22 12:15:20 server1 spamd[19157]: spamd: creating default_prefs: /var/log/spamassassin/.spamassassin/user_prefs Mar 22 12:15:20 server1 spamd[19157]: config: cannot create user preferences file /var/log/spamassassin/.spamassassin/user_prefs: No such file or directory Mar 22 12:15:20 server1 spamd[19157]: spamd: failed to create readable default_prefs: /var/log/spamassassin/.spamassassin/user_prefs Mar 22 12:15:20 server1 spamd[19157]: spamd: processing message <[email protected]> for spamd:492 Mar 22 12:15:20 server1 postfix/smtpd[20712]: disconnect from unknown[203.82.37.180] Mar 22 12:15:24 server1 spamd[19157]: spamd: clean message (7.4/8.0) for spamd:492 in 3.4 seconds, 5621 bytes. Mar 22 12:15:24 server1 spamd[19157]: spamd: result: . 7 - RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_PSBL,RCVD_IN_RP_RNBL,RDNS_NONE,SPF_FAIL,TO_EQ_FM_DOM_SPF_FAIL,TVD_SPACE_RATIO scantime=3.4,size=5621,user=spamd,uid=492,required_score=8.0,rhost=localhost,raddr=127.0.0.1,rport=49602,mid=<[email protected]>,autolearn=no Mar 22 12:15:24 server1 postfix/pickup[20696]: 3B5CA3800B1: uid=492 from=<[email protected]> Mar 22 12:15:24 server1 postfix/pipe[20718]: 65EE53800A8: to=<[email protected]>, relay=spamassassin, delay=3.8, delays=0.39/0.01/0/3.4, dsn=2.0.0, status=sent (delivered via spamassassin service) Mar 22 12:15:24 server1 postfix/qmgr[27235]: 65EE53800A8: removed Mar 22 12:15:24 server1 postfix/cleanup[20717]: 3B5CA3800B1: message-id=<[email protected]> Mar 22 12:15:24 server1 opendkim[1444]: 3B5CA3800B1: DKIM-Signature field added (s=default, d=mysite.com) Mar 22 12:15:24 server1 spamd[19156]: prefork: child states: II Mar 22 12:15:24 server1 postfix/qmgr[27235]: 3B5CA3800B1: from=<[email protected]>, size=6120, nrcpt=1 (queue active) Mar 22 12:15:24 server1 postfix/local[20723]: 3B5CA3800B1: to=<[email protected]>, relay=local, delay=0.1, delays=0.06/0.01/0/0.03, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail) Mar 22 12:15:24 server1 postfix/qmgr[27235]: 3B5CA3800B1: removed Mar 22 12:18:41 server1 postfix/anvil[20714]: statistics: max connection rate 1/60s for (smtp:203.82.37.180) at Mar 22 12:15:20 Mar 22 12:18:41 server1 postfix/anvil[20714]: statistics: max connection count 1 for (smtp:203.82.37.180) at Mar 22 12:15:20 Mar 22 12:18:41 server1 postfix/anvil[20714]: statistics: max cache size 1 at Mar 22 12:15:20 Mar 22 12:44:56 server1 postfix/smtpd[20796]: connect from unknown[181.198.236.222] Mar 22 15:49:54 server1 postfix/smtpd[21823]: connect from unknown[181.65.123.194] Mar 22 15:49:54 server1 postfix/smtpd[21823]: A9B073800A8: client=unknown[181.65.123.194] Mar 22 15:49:55 server1 postfix/cleanup[21828]: A9B073800A8: message-id=<[email protected]> Mar 22 15:49:55 server1 opendkim[1444]: A9B073800A8: [181.65.123.194] [181.65.123.194] not internal Mar 22 15:49:55 server1 opendkim[1444]: A9B073800A8: not authenticated Mar 22 15:49:55 server1 opendkim[1444]: A9B073800A8: no signature data Mar 22 15:49:55 server1 postfix/qmgr[27235]: A9B073800A8: from=<[email protected]>, size=6734, nrcpt=1 (queue active) Mar 22 15:49:55 server1 spamd[19157]: spamd: connection from localhost [127.0.0.1] at port 50409 Mar 22 15:49:55 server1 spamd[19157]: spamd: setuid to spamd succeeded Mar 22 15:49:55 server1 spamd[19157]: spamd: creating default_prefs: /var/log/spamassassin/.spamassassin/user_prefs Mar 22 15:49:55 server1 spamd[19157]: config: cannot create user preferences file /var/log/spamassassin/.spamassassin/user_prefs: No such file or directory Mar 22 15:49:55 server1 spamd[19157]: spamd: failed to create readable default_prefs: /var/log/spamassassin/.spamassassin/user_prefs Mar 22 15:49:55 server1 spamd[19157]: spamd: processing message <[email protected]> for spamd:492 Mar 22 15:49:55 server1 postfix/smtpd[21823]: disconnect from unknown[181.65.123.194] Mar 22 15:49:56 server1 spamd[19157]: spamd: clean message (6.9/8.0) for spamd:492 in 1.1 seconds, 6629 bytes. Mar 22 15:49:56 server1 spamd[19157]: spamd: result: . 6 - HTML_MESSAGE,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_BRBL_LASTEXT,RCVD_IN_PSBL,RDNS_NONE,URIBL_BLOCKED scantime=1.1,size=6629,user=spamd,uid=492,required_score=8.0,rhost=localhost,raddr=127.0.0.1,rport=50409,mid=<[email protected]>,autolearn=no Mar 22 15:49:56 server1 postfix/pickup[21711]: 41F7E3800B1: uid=492 from=<[email protected]> Mar 22 15:49:56 server1 postfix/pipe[21829]: A9B073800A8: to=<[email protected]>, relay=spamassassin, delay=1.6, delays=0.4/0.01/0/1.2, dsn=2.0.0, status=sent (delivered via spamassassin service) Mar 22 15:49:56 server1 postfix/qmgr[27235]: A9B073800A8: removed Mar 22 15:49:56 server1 postfix/cleanup[21828]: 41F7E3800B1: message-id=<[email protected]> Mar 22 15:49:56 server1 opendkim[1444]: 41F7E3800B1: no signing table match for '[email protected]' Mar 22 15:49:56 server1 opendkim[1444]: 41F7E3800B1: no signature data Mar 22 15:49:56 server1 postfix/qmgr[27235]: 41F7E3800B1: from=<[email protected]>, size=7129, nrcpt=1 (queue active) Mar 22 15:49:56 server1 spamd[19156]: prefork: child states: II Mar 22 15:49:56 server1 postfix/local[21834]: 41F7E3800B1: to=<[email protected]>, relay=local, delay=0.06, delays=0.02/0.01/0/0.03, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail) Mar 22 15:49:56 server1 postfix/qmgr[27235]: 41F7E3800B1: removed
解决scheme是在后缀中实施发件人策略框架,并将SPFlogging添加到域中。
后缀实现:
安装spf软件包: sudo apt-get install postfix-policyd-spf-perl
修改main.cf:
随处添加: policy-spf_time_limit = 3600s
添加到smtpd_recipient_restrictions: check_policy_service unix:private/policy-spf
加:
policy-spf unix - nn - - spawn user=nobody argv=/usr/sbin/postfix-policyd-spf-perl
service postfix reload 向导为您的域创buildSPFlogging ( 需要基本了解如何添加域dnslogging )。