最近,有人将我的服务器用作开放中继,大量垃圾邮件通过我的服务器发送。从那时起,我就停止了这种做法,但我的邮件日志却因这种类型的日志而大幅增长。
Aug 20 07:00:29 veepiz postfix/smtp[15001]: DC8BD1641F1: lost connection with mx1.hotmail.com[65.55.92.168] while sending RCPT TO
Aug 20 07:00:29 veepiz postfix/smtp[15000]: DC8BD1641F1: host mx3.hotmail.com[65.55.92.152] said: 421 RP-001 (SNT0-MC2-F19) Unfortunately, some messages from 50.57.111.177 weren't sent. Please try again. We have limits for how many messages can be sent per hour and per day. You can also refer to http://mail.live.com/mail/troubleshooting.aspx#errors. (in reply to MAIL FROM command)
Aug 20 07:00:29 veepiz postfix/smtp[15000]: DC8BD1641F1: lost connection with mx3.hotmail.com[65.55.92.152] while sending RCPT TO
Aug 20 07:00:29 veepiz postfix/smtp[15016]: DC8BD1641F1: host a.mx.mail.yahoo.com[67.195.168.31] refused to talk to me: 421 4.7.0 [TS01] Messages from 50.57.111.177 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html
Aug 20 07:00:29 veepiz postfix/smtpd[11929]: 6E6221641F2: reject: RCPT from cpe-76-175-170-10.socal.res.rr.com[76.175.170.10]: 554 5.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<cpe-76-175-170-10.socal.res.rr.com>
Aug 20 07:00:29 veepiz postfix/smtp[15016]: DC8BD1641F1: host c.mx.mail.yahoo.com[98.139.175.225] refused to talk to me: 421 4.7.0 [TS01] Messages from 50.57.111.177 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html
Aug 20 07:00:29 veepiz postfix/smtp[15001]: DC8BD1641F1: to=<[email protected]>, relay=mx4.hotmail.com[65.55.92.136]:25, delay=44, delays=44/0.04/0.26/0.04, dsn=4.0.0, status=deferred (host mx4.hotmail.com[65.55.92.136] said: 421 RP-001 (SNT0-MC1-F17) Unfortunately, some messages from 50.57.111.177 weren't sent. Please try again. We have limits for how many messages can be sent per hour and per day. You can also refer to http://mail.live.com/mail/troubleshooting.aspx#errors. (in reply to MAIL FROM command))
Aug 20 07:00:29 veepiz postfix/smtp[15016]: DC8BD1641F1: host k.mx.mail.yahoo.com[98.139.54.60] refused to talk to me: 421 4.7.0 [TS01] Messages from 50.57.111.177 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html
Aug 20 07:00:29 veepiz postfix/smtp[15000]: DC8BD1641F1: to=<[email protected]>, relay=mx4.hotmail.com[65.54.188.126]:25, delay=44, delays=44/0.04/0.31/0.06, dsn=4.0.0, status=deferred (host mx4.hotmail.com[65.54.188.126] said: 421 RP-001 (BAY0-MC4-F28) Unfortunately, some messages from 50.57.111.177 weren't sent. Please try again. We have limits for how many messages can be sent per hour and per day. You can also refer to http://mail.live.com/mail/troubleshooting.aspx#errors. (in reply to MAIL FROM command))
Aug 20 07:00:29 veepiz postfix/smtpd[4410]: NOQUEUE: reject: RCPT from ppp089210016127.dsl.hol.gr[89.210.16.127]: 554 5.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<ppp089210016127.dsl.hol.gr>
Aug 20 07:00:29 veepiz postfix/smtpd[11903]: NOQUEUE: reject: RCPT from ppp089210016127.dsl.hol.gr[89.210.16.127]: 554 5.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<ppp089210016127.dsl.hol.gr>
Aug 20 07:00:29 veepiz postfix/smtp[15016]: DC8BD1641F1: to=<[email protected]>, relay=d.mx.mail.yahoo.com[209.191.88.254]:25, delay=44, delays=44/0.04/0.41/0, dsn=4.7.0, status=deferred (host d.mx.mail.yahoo.com[209.191.88.254] refused to talk to me: 421 4.7.0 [TS01] Messages from 50.57.111.177 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html)
Aug 20 07:00:29 veepiz postfix/smtp[15016]: DC8BD1641F1: to=<[email protected]>, relay=d.mx.mail.yahoo.com[209.191.88.254]:25, delay=44, delays=44/0.04/0.41/0, dsn=4.7.0, status=deferred (host d.mx.mail.yahoo.com[209.191.88.254] refused to talk to me: 421 4.7.0 [TS01] Messages from 50.57.111.177 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html)
Aug 20 07:00:29 veepiz postfix/smtp[15016]: DC8BD1641F1: to=<[email protected]>, relay=d.mx.mail.yahoo.com[209.191.88.254]:25, delay=44, delays=44/0.04/0.41/0, dsn=4.7.0, status=deferred (host d.mx.mail.yahoo.com[209.191.88.254] refused to talk to me: 421 4.7.0 [TS01] Messages from 50.57.111.177 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html)
Aug 20 07:00:29 veepiz postfix/smtp[15016]: DC8BD1641F1: to=<[email protected]>, relay=d.mx.mail.yahoo.com[209.191.88.254]:25, delay=44, delays=44/0.04/0.41/0, dsn=4.7.0, status=deferred (host d.mx.mail.yahoo.com[209.191.88.254] refused to talk to me: 421 4.7.0 [TS01] Messages from 50.57.111.177 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html)
Aug 20 07:00:29 veepiz postfix/smtp[15016]: DC8BD1641F1: to=<[email protected]>, relay=d.mx.mail.yahoo.com[209.191.88.254]:25, delay=44, delays=44/0.04/0.41/0, dsn=4.7.0, status=deferred (host d.mx.mail.yahoo.com[209.191.88.254] refused to talk to me: 421 4.7.0 [TS01] Messages from 50.57.111.177 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html)
Aug 20 07:00:29 veepiz postfix/smtpd[4063]: 3B9AA1641EC: reject: RCPT from cpe-76-175-170-10.socal.res.rr.com[76.175.170.10]: 554 5.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<cpe-76-175-170-10.socal.res.rr.com>
Aug 20 07:00:29 veepiz postfix/smtpd[7964]: connect from unknown[89.207.68.10]
Aug 20 07:00:29 veepiz postfix/smtpd[5382]: NOQUEUE: reject: RCPT from 203-114-141-105.mu.eth.dyn.inspire.net.nz[203.114.141.105]: 554 5.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<203-114-141-105.mu.eth.dyn.inspire.net.nz>
Aug 20 07:00:29 veepiz postfix/smtpd[4041]: connect from unknown[221.132.37.55]
#qshape incoming active deferred
T 5 10 20 40 80 160 320 640 1280 1280+
TOTAL 8899 511 402 646 2569 4771 0 0 0 0 0
hotmail.com 7838 376 325 530 2217 4390 0 0 0 0 0
msn.com 839 31 77 109 301 321 0 0 0 0 0
yahoo.com 78 16 0 3 27 32 0 0 0 0 0
gmail.com 65 65 0 0 0 0 0 0 0 0 0
kimo.com 41 12 0 3 16 10 0 0 0 0 0
yahoo.com.tw 15 9 0 0 1 5 0 0 0 0 0
live.com 4 0 0 0 3 1 0 0 0 0 0
citi.com 1 0 0 1 0 0 0 0 0 0 0
dfsd.com 1 0 0 0 0 1 0 0 0 0 0
benq.com 1 0 0 0 0 1 0 0 0 0 0
kim0.com 1 0 0 0 1 0 0 0 0 0 0
kiom.com 1 1 0 0 0 0 0 0 0 0 0
1111.com 1 0 0 0 0 1 0 0 0 0 0
test.com 1 0 0 0 0 1 0 0 0 0 0
kitty.com 1 0 0 0 0 1 0 0 0 0 0
hanam.com 1 0 0 0 1 0 0 0 0 0 0
pchome.com 1 0 0 0 1 0 0 0 0 0 0
hotmal.com 1 1 0 0 0 0 0 0 0 0 0
sinopac.com 1 0 0 0 0 1 0 0 0 0 0
hopnail.com 1 0 0 0 0 1 0 0 0 0 0
hoymail.com 1 0 0 0 0 1 0 0 0 0 0
sinamail.com 1 0 0 0 0 1 0 0 0 0 0
hiotmail.com 1 0 0 0 1 0 0 0 0 0 0
hotmaill.com 1 0 0 0 0 1 0 0 0 0 0
xasamail.com 1 0 0 0 0 1 0 0 0 0 0
twn.dupont.com 1 0 0 0 0 1 0 0 0 0 0
我仍然无法发送或接收邮件。我已保护我的联系表并尝试阻止一些违规 IP 地址。今天早上我发现了新的 IP 地址。
我也尝试过http://www.howtoforge.com/how-to-log-emails-sent-with-phps-mail-function-to-detect-form-spam但日志文件没有附加。我真的很沮丧,还没有找到解决办法。有人能告诉我可以采取哪些步骤来解决这个问题吗?拜托。另外,我的邮件队列已经增长了很多。我应该采取什么步骤来查找服务器上的恶意脚本?为什么发送邮件不起作用?
问我任何日志,我会将它们输出到这里以尝试解决这个问题。
我正在使用 centos、nginx(作为代理)、varnish、apache2 for php 和 postfix。谢谢。
答案1
对不起,肖恩。
但 Shane 的建议是错误的。现在你拒绝任何来自外部的连接!这一定是smtpd_recipient_restrictions = permit_mynetworks, reject
之前的配置不是问题。如果您不设置 Shane 错过的参数,Postfix 会隐式设置它们。不是,smtpd_client_restrictions但是smtpd_recipient_restrictions这些具有相同的效果。我测试了给定的配置,并且您没有打开中继。
顺便说一下,给出的日志没有显示任何来自外部的可疑活动。只有正常的连接和正常的 REJECTS。
您只能看到外发邮件。不管它们来自哪里,因为您没有显示日志,例如 ID 为 DC8BD1641F1 的邮件来自哪里。