我们的 mail.log 文件中似乎有很多垃圾邮件。例如
Mar 11 18:23:01 localhost postfix/qmgr[1452]: 87945226BD: removed
Mar 11 18:23:01 localhost postfix/smtp[8809]: 87945226BD: to=<[email protected]>, relay=email-smtp.us-east-1.amazonaws.com[xxx.xxx.xxx.xxx]:25, delay=1.6, delays=0.02/0.03/0.78/0.75, dsn=2.0.0, status=sent (250 Ok 0000013d5ab120a5-11d24ebe-f43a-4b98-82a3-9ffcb03a6d93-000000)
Mar 11 18:16:10 localhost postfix/smtp[8678]: 36032226BE: to=<[email protected]>, relay=email-smtp.us-east-1.amazonaws.com[xx.xx.xx.xx]:25, delay=1.2, delays=0.01/0/0.81/0.4, dsn=2.0.0, status=sent (250 Ok)
Mar 11 18:16:09 localhost postfix/qmgr[1452]: A232E226BD: removed
Mar 11 18:16:09 localhost postfix/qmgr[1452]: 36032226BE: from=<>, size=3015, nrcpt=1 (queue active)
Mar 11 18:16:09 localhost postfix/bounce[8681]: A232E226BD: sender non-delivery notification: 36032226BE
Mar 11 18:16:09 localhost postfix/cleanup[8676]: 36032226BE: message-id=<20130311181609.36032226BE@ip-10-32-0-15.eu-west-1.compute.internal>
我们当前的设置使用具有两个或三个经过验证的域的 Amazon SES,所以我不太确定为什么这些会显示“已发送”。
是否值得通过 iptables 阻止它们?如果是,那么我们该怎么做,因为它没有显示它们的 IP 地址?
任何帮助或建议均感激不尽。
更新
我可以确认上述电子邮件地址是垃圾邮件(已在一些垃圾邮件论坛上检查过)。
关于 Open Relay 配置,我们根据此处的测试检查了我们的 IP开放式中继测试并且它通过了。
这是我们的 main.cf 文件,没有注释:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
delay_warning_time = 4h
disable_vrfy_command = yes
inet_interfaces = all
mailbox_size_limit = 0
maximal_backoff_time = 8000s
maximal_queue_lifetime = 7d
minimal_backoff_time = 1000s
mydestination = ip-10-32-0-15.eu-west-1.compute.internal, localhost.eu-west-1.compute.internal, , localhost
myhostname = ip-10-32-0-15.eu-west-1.compute.internal
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mynetworks_style = host
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost = email-smtp.us-east-1.amazonaws.com:25
smtp_helo_timeout = 60s
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = encrypt
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl, reject_rbl_client dnsbl.njabl.org
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_delay_reject = yes
smtpd_hard_error_limit = 12
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit
smtpd_recipient_limit = 16
smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service inet:127.0.0.1:10023, permit
smtpd_sender_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit
smtpd_soft_error_limit = 3
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
unknown_local_recipient_reject_code = 450
答案1
最简洁的答案是不。
关于 IP 地址,它应该在 mail.log 中显示它们 - grep “connect from” 字符串 [grep “connect from” mail.log|grep -v localhost]
如果您倾向于自行将 IP 列入黑名单,那么您实际上可以使用“check_client_access”将 IP 和域名列入白名单和黑名单。
最后,您可以使用 pflogsumm(“Postfix 日志条目汇总器”)获取按计数汇总的 IP 列表以及大量其他信息。如果您正在运行自己的邮件服务器,则最好每天运行此报告以获取有关服务器正在发生的事情的摘要。
所以长话短说,你已经有一个很好的阻止机制,为什么还要费心去适应这些 IP 并花费你的时间。
答案2
看起来您有开放的中继配置 - 关闭它。您可以尝试检查 SPF + DKIM 或使用 DSPAM 来切断垃圾邮件。