后缀:从未知连接

后缀:从未知连接

我的 postfix 服务器中总是收到此邮件日志

Jan 22 16:04:30 mydomain postfix/smtpd[2282]: connect from unknown[46.38.144.79]
Jan 22 16:04:30 mydomain postfix/smtpd[1844]: warning: unknown[46.38.144.124]: SASL LOGIN authentication failed: authentication failure
Jan 22 16:04:31 mydomain postfix/smtpd[1844]: disconnect from unknown[46.38.144.124] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Jan 22 16:04:35 mydomain postfix/smtpd[1839]: warning: unknown[46.38.144.231]: SASL LOGIN authentication failed: authentication failure
Jan 22 16:04:35 mydomain postfix/smtpd[1839]: disconnect from unknown[46.38.144.231] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Jan 22 16:04:37 mydomain postfix/smtpd[2282]: warning: unknown[46.38.144.79]: SASL LOGIN authentication failed: authentication failure
Jan 22 16:04:38 mydomain postfix/smtpd[2282]: disconnect from unknown[46.38.144.79] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Jan 22 16:04:41 mydomain postfix/smtpd[1404]: connect from unknown[46.38.144.64]
Jan 22 16:04:44 mydomain postfix/smtpd[1844]: connect from unknown[46.38.144.124]
Jan 22 16:04:46 mydomain postfix/smtpd[1404]: warning: unknown[46.38.144.64]: SASL LOGIN authentication failed: authentication failure
Jan 22 16:04:46 mydomain postfix/smtpd[1404]: disconnect from unknown[46.38.144.64] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Jan 22 16:04:50 mydomain postfix/smtpd[1844]: warning: unknown[46.38.144.124]: SASL LOGIN authentication failed: authentication failure
Jan 22 16:04:50 mydomain postfix/smtpd[2282]: connect from unknown[46.38.144.231]
Jan 22 16:04:50 mydomain postfix/smtpd[1839]: connect from unknown[46.38.144.79]
Jan 22 16:04:51 mydomain postfix/smtpd[1844]: disconnect from unknown[46.38.144.124] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Jan 22 16:04:57 mydomain postfix/smtpd[2282]: warning: unknown[46.38.144.231]: SASL LOGIN authentication failed: authentication failure
Jan 22 16:04:57 mydomain postfix/smtpd[1839]: warning: unknown[46.38.144.79]: SASL LOGIN authentication failed: authentication failure
Jan 22 16:04:58 mydomain postfix/smtpd[2282]: disconnect from unknown[46.38.144.231] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Jan 22 16:04:58 mydomain postfix/smtpd[1839]: disconnect from unknown[46.38.144.79] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Jan 22 16:05:01 mydomain postfix/smtpd[1404]: connect from unknown[46.38.144.64]

这是来自外部的攻击吗?我该如何防止这种情况?

这是我的 main.cf 文件

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = mydomain.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, mydomain.com, localhost.com, , localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
virtual_alias_maps = hash:/etc/postfix/virtual
sender_bcc_maps = hash:/etc/postfix/bcc
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
home_mailbox = Maildir/
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination
smtp_tls_security_level = dane
allow_percent_hack = no
smtpd_tls_CAfile = /etc/postfix/postfix.ca.pem
smtpd_tls_security_level = may
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
# enable SASL authentication
smtp_sasl_auth_enable = yes
# disallow methods that allow anonymous authentication.
smtp_sasl_security_options = noanonymous
# where to find sasl_passwd
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
# Enable STARTTLS encryption
smtp_use_tls = yes
# where to find CA certificates
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

smtpd_client_restrictions =
        permit_mynetworks,
        reject_unauth_pipelining,
        reject_unknown_client_hostname,
        permit
smtpd_restriction_classes = mua_sender_restrictions, mua_client_restrictions, mua_helo_restrictions

mua_client_restrictions = permit_sasl_authenticated, reject

mua_sender_restrictions = permit_sasl_authenticated, reject

mua_helo_restrictions = permit_mynetworks, reject_non_fqdn_hostname, reject_invalid_hostname, permit
disable_vrfy_command = yes
smtpd_helo_required = yes

答案1

是的。这是攻击。您可以用来fail2ban阻止这些 IP 地址。

相关内容