问候,
Google 说我从我的 IP 发送了太多电子邮件。由于我从未使用此 smtp 发送电子邮件,我怀疑我的 postfix 配置有些错误,所以我有一个开放的中继
google LOG entry:
Oct 8 06:29:29 domU-12-31-39-00-C1-66 postfix/smtp[15217]: 79B661A0CC: to=<[email protected]>, relay=alt1.gmail-smtp-in.l.google.com[209.85.219.30]:25, delay=423271, delays=423209/0.03/31/31, dsn=4.7.0, status=deferred (host alt1.gmail-smtp-in.l.google.com[209.85.219.30] said: 421-4.7.0 [174.129.96.42] Our system has detected an unusual amount of 421-4.7.0 unsolicited mail originating from your IP address. To protect our 421-4.7.0 users from spam, mail sent from your IP address has been temporarily 421-4.7.0 blocked. Please visit http://www.google.com/mail/help/bulk_mail.html 421 4.7.0 to review our Bulk Email Senders Guidelines. 6si2037492ewy.56 (in reply to end of DATA command))
是否可以配置 postfix 以不允许从其发送电子邮件?如果可以,怎么做?否则,我该如何修复有关开放中继问题的 postfix 配置?
postconf -o 输出:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
header_checks = regexp:/etc/postfix/header_checks
home_mailbox = Maildir/
inet_interfaces = all
mailbox_command =
mailbox_size_limit = 0
mydestination = fairlogic.com, legitima.com, bastos.org, sidon.com, localhost
myhostname = fairlogic.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_tls_note_starttls_offer = yes
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_recipient_restrictions = reject_unauth_destination,permit_sasl_authenticated,permit_mynetworks
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
答案1
我找到了!
经过一番谷歌搜索后,我发现了问题所在:
1)cat /var/log/mail.log | grep “smtp[” | tail
Oct 8 11:47:00 domU-12-31-39-00-C1-66 postfix/smtp[24599]: 4C9521A0A4: to=<[email protected]>, relay=alt1.gmail-smtp-in.l.google.com[74.125.79.27]:25, delay=23543, delays=23481/0.01/31/31, dsn=4.7.0, status=deferred (host alt1.gmail-smtp-in.l.google.com[74.125.79.27] said: 421-4.7.0 [174.129.96.42] Our system has detected an unusual amount of 421-4.7.0 unsolicited mail originating from your IP address. To protect our 421-4.7.0 users from spam, mail sent from your IP address has been temporarily 421-4.7.0 blocked. Please visit http://www.google.com/mail/help/bulk_mail.html 421 4.7.0 to review our Bulk Email Senders Guidelines. 5si273044eyh.4 (in reply to end of DATA command))
根据消息 ID(本例中为 4C9521A0A4),我可以检索消息正文:
find /var/spool/postfix/defer* -name 4C9521A0A4
/var/spool/postfix/defer/4/4C9521A0A4
/var/spool/postfix/deferred/4/4C9521A0A4
根据其内容,我发现有人在向我发送垃圾邮件 - 并且 postfix 尝试回复发件人(告知“未送达的邮件已退回给发件人”)。因此,这既不是漏洞也不是 postix 配置错误。现在我将禁用此 postfix 通知,我的问题就解决了。
答案2
可以阻止对端口 25 的传出请求,直到您找到它为止吗?例如在 Linux 上使用 iptables
iptables -A OUTPUT -p tcp --dport 25 -j REJECT
答案3
由于您已设置“permit_mynetworks”,并且“my_networks”似乎设置正确,因此看起来 postfix 不是开放中继。我会在您的系统上查找其他发送电子邮件的东西,例如被黑客入侵的 Web 服务。
如果邮件确实是通过您的 postfix 发送的,您会在 /var/log/mail.log 中看到它。如果它是通过 Web 服务发送的,请在 /var/log/apache2/access.log 中查找可疑条目。否则您可能已经获得 root 权限。
更新:您还可以使用http://www.spamhelp.org/shopenrelay/shopenrelaytest.php或类似地测试您是否是开放中继。
答案4
如果您使用 NAT,您的 IP 后面的任何盒子都可能被感染并发送垃圾邮件。