解释系统日志中的后缀条目

tag-icon tag-icon postfix log-files
解释系统日志中的后缀条目

我的syslog邮箱里塞满了postfix类似这样的信息:

Jun 28 10:27:07 myserver postfix/smtpd[28830]: connect from unknown[180.215.170.141]
Jun 28 10:27:07 myserver postfix/smtpd[28830]: match_list_match: unknown: no match
Jun 28 10:27:07 myserver postfix/smtpd[28830]: match_list_match: 180.215.170.141: no match
Jun 28 10:27:07 myserver postfix/smtpd[28830]: match_list_match: unknown: no match
Jun 28 10:27:07 myserver postfix/smtpd[28830]: match_list_match: 180.215.170.141: no match
Jun 28 10:27:07 myserver postfix/smtpd[28830]: smtp_stream_setup: maxtime=300 enable_deadline=0
Jun 28 10:27:07 myserver postfix/smtpd[28830]: match_hostname: unknown ~? 127.0.0.0/8
Jun 28 10:27:07 myserver postfix/smtpd[28830]: match_hostaddr: 180.215.170.141 ~? 127.0.0.0/8
Jun 28 10:27:07 myserver postfix/smtpd[28830]: match_hostname: unknown ~? [::ffff:127.0.0.0]/104
Jun 28 10:27:07 myserver postfix/smtpd[28830]: match_hostaddr: 180.215.170.141 ~? [::ffff:127.0.0.0]/104
Jun 28 10:27:07 myserver postfix/smtpd[28830]: match_hostname: unknown ~? [::1]/128
Jun 28 10:27:07 myserver postfix/smtpd[28830]: match_hostaddr: 180.215.170.141 ~? [::1]/128
Jun 28 10:27:07 myserver postfix/smtpd[28830]: match_list_match: unknown: no match
Jun 28 10:27:07 myserver postfix/smtpd[28830]: match_list_match: 180.215.170.141: no match
Jun 28 10:27:07 myserver postfix/smtpd[28830]: send attr request = connect
Jun 28 10:27:07 myserver postfix/smtpd[28830]: send attr ident = smtp:180.215.170.141
Jun 28 10:27:07 myserver postfix/smtpd[28830]: private/anvil: wanted attribute: status
Jun 28 10:27:07 myserver postfix/smtpd[28830]: input attribute name: status
Jun 28 10:27:07 myserver postfix/smtpd[28830]: input attribute value: 0
Jun 28 10:27:07 myserver postfix/smtpd[28830]: private/anvil: wanted attribute: count
Jun 28 10:27:07 myserver postfix/smtpd[28830]: input attribute name: count
Jun 28 10:27:07 myserver postfix/smtpd[28830]: input attribute value: 1
Jun 28 10:27:07 myserver postfix/smtpd[28830]: private/anvil: wanted attribute: rate
Jun 28 10:27:07 myserver postfix/smtpd[28830]: input attribute name: rate
Jun 28 10:27:07 myserver postfix/smtpd[28830]: input attribute value: 21
Jun 28 10:27:07 myserver postfix/smtpd[28830]: private/anvil: wanted attribute: (list terminator)
Jun 28 10:27:07 myserver postfix/smtpd[28830]: input attribute name: (end)
Jun 28 10:27:07 myserver postfix/smtpd[28830]: > unknown[180.215.170.141]: 220 myserver.mydomain.co.uk ESMTP Postfix (Ubuntu)
Jun 28 10:27:07 myserver postfix/smtpd[28830]: < unknown[180.215.170.141]: EHLO ylmf-pc
Jun 28 10:27:07 myserver postfix/smtpd[28830]: match_list_match: unknown: no match
Jun 28 10:27:07 myserver postfix/smtpd[28830]: match_list_match: 180.215.170.141: no match
Jun 28 10:27:07 myserver postfix/smtpd[28830]: > unknown[180.215.170.141]: 250-myserver.mydomain.co.uk
Jun 28 10:27:07 myserver postfix/smtpd[28830]: > unknown[180.215.170.141]: 250-PIPELINING
Jun 28 10:27:07 myserver postfix/smtpd[28830]: > unknown[180.215.170.141]: 250-SIZE 10240000
Jun 28 10:27:07 myserver postfix/smtpd[28830]: > unknown[180.215.170.141]: 250-VRFY
Jun 28 10:27:07 myserver postfix/smtpd[28830]: > unknown[180.215.170.141]: 250-ETRN
Jun 28 10:27:07 myserver postfix/smtpd[28830]: > unknown[180.215.170.141]: 250-STARTTLS
Jun 28 10:27:07 myserver postfix/smtpd[28830]: > unknown[180.215.170.141]: 250-ENHANCEDSTATUSCODES
Jun 28 10:27:07 myserver postfix/smtpd[28830]: > unknown[180.215.170.141]: 250-8BITMIME
Jun 28 10:27:07 myserver postfix/smtpd[28830]: > unknown[180.215.170.141]: 250 DSN
Jun 28 10:27:08 myserver postfix/smtpd[28830]: < unknown[180.215.170.141]: AUTH LOGIN
Jun 28 10:27:08 myserver postfix/smtpd[28830]: > unknown[180.215.170.141]: 503 5.5.1 Error: authentication not enabled
Jun 28 10:27:08 myserver postfix/smtpd[28830]: smtp_get: EOF
Jun 28 10:27:08 myserver postfix/smtpd[28830]: match_hostname: unknown ~? 127.0.0.0/8
Jun 28 10:27:08 myserver postfix/smtpd[28830]: match_hostaddr: 180.215.170.141 ~? 127.0.0.0/8
Jun 28 10:27:08 myserver postfix/smtpd[28830]: match_hostname: unknown ~? [::ffff:127.0.0.0]/104
Jun 28 10:27:08 myserver postfix/smtpd[28830]: match_hostaddr: 180.215.170.141 ~? [::ffff:127.0.0.0]/104
Jun 28 10:27:08 myserver postfix/smtpd[28830]: match_hostname: unknown ~? [::1]/128
Jun 28 10:27:08 myserver postfix/smtpd[28830]: match_hostaddr: 180.215.170.141 ~? [::1]/128
Jun 28 10:27:08 myserver postfix/smtpd[28830]: match_list_match: unknown: no match
Jun 28 10:27:08 myserver postfix/smtpd[28830]: match_list_match: 180.215.170.141: no match
Jun 28 10:27:08 myserver postfix/smtpd[28830]: send attr request = disconnect
Jun 28 10:27:08 myserver postfix/smtpd[28830]: send attr ident = smtp:180.215.170.141
Jun 28 10:27:08 myserver postfix/smtpd[28830]: private/anvil: wanted attribute: status
Jun 28 10:27:08 myserver postfix/smtpd[28830]: input attribute name: status
Jun 28 10:27:08 myserver postfix/smtpd[28830]: input attribute value: 0
Jun 28 10:27:08 myserver postfix/smtpd[28830]: private/anvil: wanted attribute: (list terminator)
Jun 28 10:27:08 myserver postfix/smtpd[28830]: input attribute name: (end)
Jun 28 10:27:08 myserver postfix/smtpd[28830]: lost connection after AUTH from unknown[180.215.170.141]
Jun 28 10:27:08 myserver postfix/smtpd[28830]: disconnect from unknown[180.215.170.141]
Jun 28 10:27:08 myserver postfix/smtpd[28830]: master_notify: status 1
Jun 28 10:27:08 myserver postfix/smtpd[28830]: connection closed

这只是一个试图(但失败了)获取访问权限的机器人吗?有人能给我解释一下各个部分吗?和match_list_match位是怎么回事match_hostname

为什么这些日志会使系统日志混乱,而不是仅仅存在于专用的系统中mail.log

答案1

个人电脑来自印度失控并连接您的服务器。该机器人太愚蠢了,所以它试图对自己进行身份验证。不幸的是,您的服务器没有宣布 AUTH 功能,因此 postfix 抛出了错误503 5.5.1 Error: authentication not enabled。因此它断开与您的服务器的连接并转到下一个受害服务器。没什么可担心的。

对于有关 syslog 的第二个问题,OP 指出编辑的行

*.*;auth,authpriv.none;mail.none;mail.error -/var/log/syslog

将使/etc/rsyslog.d/50-default.conf日志转到 maillog 而不是 syslog。

答案2

除了 syslog 目标配置之外...您似乎已激活 Postfix 调试输出(使用debug_peer_list)。请帮自己一个忙并禁用它,然后您将获得 3-5 行日志,而不是每个连接 100 行。

相关内容