我们似乎在我们的mail.log文件中有很多垃圾邮件。 例如
Mar 11 18:23:01 localhost postfix/qmgr[1452]: 87945226BD: removed Mar 11 18:23:01 localhost postfix/smtp[8809]: 87945226BD: to=<[email protected]>, relay=email-smtp.us-east-1.amazonaws.com[xxx.xxx.xxx.xxx]:25, delay=1.6, delays=0.02/0.03/0.78/0.75, dsn=2.0.0, status=sent (250 Ok 0000013d5ab120a5-11d24ebe-f43a-4b98-82a3-9ffcb03a6d93-000000) Mar 11 18:16:10 localhost postfix/smtp[8678]: 36032226BE: to=<[email protected]>, relay=email-smtp.us-east-1.amazonaws.com[xx.xx.xx.xx]:25, delay=1.2, delays=0.01/0/0.81/0.4, dsn=2.0.0, status=sent (250 Ok) Mar 11 18:16:09 localhost postfix/qmgr[1452]: A232E226BD: removed Mar 11 18:16:09 localhost postfix/qmgr[1452]: 36032226BE: from=<>, size=3015, nrcpt=1 (queue active) Mar 11 18:16:09 localhost postfix/bounce[8681]: A232E226BD: sender non-delivery notification: 36032226BE Mar 11 18:16:09 localhost postfix/cleanup[8676]: 36032226BE: message-id=<20130311181609.36032226BE@ip-10-32-0-15.eu-west-1.compute.internal> 我们目前的设置使用Amazon SES的两个或三个validation的域名,所以我不太确定为什么这些说'发送'。
是值得通过iptables阻止他们? 如果是,那么我们怎么做,因为它没有显示他们的IP地址?
任何帮助或build议表示赞赏。
UPDATE
我可以确认上面的电子邮件地址是垃圾邮件(检查他们对一些垃圾邮件论坛)。
关于开放中继configuration,我们检查了我们的IP对这个testing在这里开放中继testing并且它通过了。
这里是我们的main.cf文件,没有评论:
alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no config_directory = /etc/postfix delay_warning_time = 4h disable_vrfy_command = yes inet_interfaces = all mailbox_size_limit = 0 maximal_backoff_time = 8000s maximal_queue_lifetime = 7d minimal_backoff_time = 1000s mydestination = ip-10-32-0-15.eu-west-1.compute.internal, localhost.eu-west-1.compute.internal, , localhost myhostname = ip-10-32-0-15.eu-west-1.compute.internal mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mynetworks_style = host myorigin = /etc/mailname readme_directory = no recipient_delimiter = + relayhost = email-smtp.us-east-1.amazonaws.com:25 smtp_helo_timeout = 60s smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = noanonymous smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt smtp_tls_note_starttls_offer = yes smtp_tls_security_level = encrypt smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtp_use_tls = yes smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl, reject_rbl_client dnsbl.njabl.org smtpd_data_restrictions = reject_unauth_pipelining smtpd_delay_reject = yes smtpd_hard_error_limit = 12 smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit smtpd_recipient_limit = 16 smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service inet:127.0.0.1:10023, permit smtpd_sender_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit smtpd_soft_error_limit = 3 smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_use_tls = yes unknown_local_recipient_reject_code = 450
最简洁的答案是不。
关于IP地址,它应该在mail.log中显示 – grep中的“connect from”string[grep“connect from”mail.log | grep -v localhost]
如果你倾向于自己的黑名单IP,你实际上可以使用“check_client_access”白名单和黑名单的IP和域名。
最后,您可以使用pflogsumm(“Postfix Log Entry Summarizer”)来获取除了大量其他信息之外的通过计数汇总的IP列表。 如果你正在运行你自己的邮件服务器,那么这个服务器就可以很好地运行这个报告,每天运行这个报告来得到你的服务器正在发生的事情的总结。
所以长期的答案是,你已经有了一个很好的阻塞机制,为什么还要花时间在这些IP上安装。
看起来你有开放的中继configuration – closures它。 您可以尝试检查SPF + DKIM或使用DSPAM切断垃圾邮件。