Postfix 邮件服务器。有人从我的服务器发送邮件

tag-icon tag-icon server security postfix mail
Postfix 邮件服务器。有人从我的服务器发送邮件

我从自己的邮件服务器接收邮件,该邮件来自属于我的域的用户,但未在我的邮件用户数据库中列出。以下是日志:

    4679 Mar 28 15:54:13 Bumblebee postfix/smtpd[29350]: connect from unknown[45.127.40.218]
4680 Mar 28 15:54:13 Bumblebee postfix/smtpd[29350]: C7B8A3FCB1EC: client=unknown[45.127.40.218]
4681 Mar 28 15:54:14 Bumblebee postfix/cleanup[29353]: C7B8A3FCB1EC: message-id=<[email protected]>
4682 Mar 28 15:54:14 Bumblebee postfix/qmgr[14800]: C7B8A3FCB1EC: from=<[email protected]>, size=5170, nrcpt=1 (queue active)
4683 Mar 28 15:54:14 Bumblebee postfix/smtpd[29350]: disconnect from unknown[45.127.40.218]
4684 Mar 28 15:54:15 Bumblebee postfix/smtp[29349]: connect to example.com[2606:2800:220:1:248:1893:25c8:1946]:25: Connection timed out
4685 Mar 28 15:54:15 Bumblebee postfix/smtpd[29363]: connect from localhost[127.0.0.1]
4686 Mar 28 15:54:15 Bumblebee postfix/smtpd[29363]: 875153FCB201: client=localhost[127.0.0.1]
4687 Mar 28 15:54:15 Bumblebee postfix/cleanup[29353]: 875153FCB201: message-id=<[email protected]>
4688 Mar 28 15:54:15 Bumblebee postfix/smtpd[29363]: disconnect from localhost[127.0.0.1]
4689 Mar 28 15:54:15 Bumblebee postfix/qmgr[14800]: 875153FCB201: from=<[email protected]>, size=5957, nrcpt=1 (queue active)
4690 Mar 28 15:54:15 Bumblebee amavis[28484]: (28484-11) Passed CLEAN {RelayedInbound}, [45.127.40.218]:54919 [45.127.40.218] <[email protected]> -> <[email protected]>, Queue-ID: C7B8A3FCB1EC, Message-ID: <[email protected]>, mail_id: 0r59-HfxT3Vu, Hits     : 5.282, size: 5170, queued_as: 875153FCB201, 1437 ms
4691 Mar 28 15:54:15 Bumblebee postfix/smtp[29355]: C7B8A3FCB1EC: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=1.8, delays=0.36/0/0/1.4, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 875153FCB201)
4692 Mar 28 15:54:15 Bumblebee postfix/qmgr[14800]: C7B8A3FCB1EC: removed
4693 Mar 28 15:54:15 Bumblebee postfix/lmtp[29364]: 875153FCB201: to=<[email protected]>, relay=mydomain.com[private/dovecot-lmtp], delay=0.17, delays=0.06/0/0/0.1, dsn=2.0.0, status=sent (250 2.0.0 <[email protected]> 2Hz6JIc3+Va1cgAA4FbCCg Saved)
4694 Mar 28 15:54:15 Bumblebee postfix/qmgr[14800]: 875153FCB201: removed

没有“nadiam1pa”用户,我检查了好几次,但不知何故,这个人使用我的邮件服务器向我服务器上的其他邮件用户发送带有可疑附件的邮件。我不知道从哪里开始解决这个安全问题。有人能帮我吗?

//编辑:这是邮件标题:

X-Spam-Level: *****
Return-Path: <[email protected]>
Mime-Version: 1.0
Thread-Index: AdCh6FNHn/LWax1JSTSc7XL2c2t2TQ==
X-Virus-Scanned: Debian amavisd-new at mydomain.com
Message-Id: <[email protected]>
X-Mailer: Microsoft Outlook 14.0
X-Spam-Score: 5.282
X-Spam-Flag: NO
X-Spam-Status: No, score=5.282 tagged_above=2 required=6.31 tests=[BAYES_20=-0.001, DOS_OUTLOOK_TO_MX=2.845, HELO_MISC_IP=0.25, PYZOR_CHECK=1.392, RDNS_NONE=0.793, SPF_FAIL=0.001, TO_EQ_FM_DOM_SPF_FAIL=0.001, TVD_SPACE_RATIO=0.001] autolearn=no autolearn_force=no
Content-Type: multipart/mixed; boundary="----=_NextPart_000_0042_01D0A1F9.171F24B0"
Delivered-To: <[email protected]>
Content-Language: en-US
Received: from mydomain.com by Ubuntu-1310-saucy-64-minimal (Dovecot) with LMTP id 2Hz6JIc3+Va1cgAA4FbCCg for <[email protected]>; Mon, 28 Mar 2016 15:54:15 +0200
Received: from localhost (localhost [127.0.0.1]) by mydomain.com (Postfix) with ESMTP id 875153FCB201 for <[email protected]>; Mon, 28 Mar 2016 15:54:15 +0200 (CEST)
Received: from mydomain.com ([127.0.0.1]) by localhost (mail.mydomain.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0r59-HfxT3Vu for <[email protected]>; Mon, 28 Mar 2016 15:54:14 +0200 (CEST)
Received: from [45.127.40.218] (unknown [45.127.40.218]) by mydomain.com (Postfix) with ESMTP id C7B8A3FCB1EC for <[email protected]>; Mon, 28 Mar 2016 15:54:13 +0200 (CEST)
Document (1).pdf

答案1

您的邮件服务器没有发送任何内容。该地址被伪造了。如果您检查其中一封可疑邮件的标题,您将看到发件人的 IP 地址。不过,您收到的每封邮件都有可能有不同的 IP 地址。

答案2

我也遇到过同样的问题。有一种欺骗性的电子邮件以帐户所有者的名义发送,附件包含恶意软件(java 脚本文件),该软件被编程为解密数据或破坏位置,大多数防病毒软件都无法检测到病毒,

解决方案

解决方案是使用 DKIM 保护外发电子邮件

相关内容