我们的服务器被用来从不属于我们域的帐户发送垃圾邮件。此帐户正在向其他域发送电子邮件,这影响了我们的 IP 声誉。
日志:
Nov 20 06:31:42 mydomain postfix/qmgr[5177]: 8C5C921014: from=<[email protected]>, size=327666, nrcpt=1 (queue active)
Nov 20 06:31:42 mydomain opendkim[1017]: BA73821F61: no signing table match for '[email protected]'
Nov 20 06:31:42 mydomain postfix/qmgr[5177]: BA73821F61: from=<[email protected]>, size=327674, nrcpt=1 (queue active)
Nov 20 06:31:42 mydomain postfix/smtp[5214]: 61964220B8: to=<[email protected]>, relay=aspmx.l.google.com[74.125.192.26]:25, delay=0.45, delays=0.01/0/0.34/0.1, dsn=5.7.1, status=bounced (host aspmx.l.google.com[74.125.192.26] said: 550-5.7.1 [67.205.151.88 12] Our system has detected that this message is 550-5.7.1 likely unsolicited mail. To reduce the amount of spam sent to Gmail, 550-5.7.1 this message has been blocked. Please visit 550-5.7.1 https://support.google.com/mail/?p=UnsolicitedMessageError 550 5.7.1 for more information. e12si9806509qvj.70 - gsmtp (in reply to end of DATA command))
我尝试使用 postfix 的 main.cf 文件里的这个配置来阻止这些电子邮件:
"smtpd_relay_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination"
但它不起作用。我该如何停止这种开放中继?
postconf-输出
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
anvil_rate_time_unit = 60s
body_checks = regexp:/etc/postfix/body_checks
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
disable_vrfy_command = yes
dovecot_destination_recipient_limit = 1
header_checks = regexp:/etc/postfix/header_checks
html_directory = no
inet_interfaces = all
inet_protocols = all
invalid_hostname_reject_code = 554
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 30720000
milter_default_action = accept
milter_protocol = 2
mua_client_restrictions = permit_sasl_authenticated, reject
mua_helo_restrictions = permit_sasl_authenticated, reject
mua_sender_restrictions = permit_sasl_authenticated, reject
multi_recipient_bounce_reject_code = 554
mydestination = localhost, localhost.localdomain
myhostname = tboxplanet.com
mynetworks = 127.0.0.0/8 10.136.0.0/16
newaliases_path = /usr/bin/newaliases.postfix
non_fqdn_reject_code = 554
non_smtpd_milters = $smtpd_milters
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps $alias_maps $virtual_mailbox_limit_maps
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
relay_domains = proxy:mysql:/etc/postfix/mysql-relay_domains_maps.cf
relay_domains_reject_code = 554
sample_directory = /usr/share/doc/postfix-2.10.1/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_security_level = may
smtpd_client_message_rate_limit = 0
smtpd_client_recipient_rate_limit = 0
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10031
smtpd_helo_required = yes
smtpd_milters = inet:127.0.0.1:8891
smtpd_recipient_limit = 5000
smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10031, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_invalid_hostname, reject_unknown_recipient_domain, reject_rbl_client bl.spamcop.net, reject_rbl_client zen.spamhaus.org, permit
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = reject_non_fqdn_sender, permit_mynetworks, permit_sasl_authenticated, reject_sender_login_mismatch, reject_unlisted_sender, check_sender_access pcre:/etc/postfix/access, permit
smtpd_tls_CAfile = /etc/letsencrypt/live/mail.tboxplanet.com/fullchain.pem
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.tboxplanet.com/cert.pem
smtpd_tls_key_file = /etc/letsencrypt/live/mail.tboxplanet.com/privkey.pem
smtpd_tls_loglevel = 1
smtpd_use_tls = yes
strict_rfc821_envelopes = yes
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unknown_local_recipient_reject_code = 554
unknown_relay_recipient_reject_code = 554
unknown_virtual_alias_reject_code = 554
unknown_virtual_mailbox_reject_code = 554
unverified_recipient_reject_code = 554
unverified_sender_reject_code = 554
virtual_alias_domains =
virtual_alias_maps = hash:/etc/postfix/blacklist, proxy:mysql:/etc/postfix/mysql-virtual_alias_maps.cf, regexp:/etc/postfix/virtual_regexp
virtual_gid_maps = static:12
virtual_mailbox_base = /mnt/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains_maps.cf
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_maps.cf
virtual_minimum_uid = 101
virtual_transport = dovecot
virtual_uid_maps = static:101
答案1
好的,您正在使用 MySQL 来存储用户、要服务的域等。您需要打开其中一个 mysql conf 文件,获取用户名/密码和正在使用的数据库,并查看用户和传输图以准确确定您的服务器配置为服务的对象。然后删除不属于您公司的帐户/域。
看看文件/etc/postfix/mysql-virtual_mailbox_maps.cf
它应该有类似的东西
user = mailuser
password = secretword!
hosts = 127.0.0.1
dbname = mail_data
query = SELECT 1 FROM virtual_users WHERE email='%s'
在其中。用户名、密码和数据库都列在那里。使用该信息通过mysql
客户端或mysql-workbench
等进行连接以进行探索。
您的邮件服务器的设置似乎与本教程的设置类似 -https://workaround.org/ispmail/jessie
答案2
经过几天平安无事的生活后,我找到了解决问题的方法。
smtpd_relay_restrictions = check_sender_access hash:/etc/postfix/permit_domain
我创建了一个可以发送电子邮件(中继)的域名列表,该列表仅授权我的域名,因为发送垃圾邮件的电子邮件属于 gmail 域名