我的电子邮件服务器正在尝试发送大量垃圾邮件。我正在使用 Postfix 和 Dovecot。
我正在尝试诊断问题并弄清楚这是如何发送的。我现在猜测它使用不安全的端口 25 发送电子邮件。这看起来与日志一致吗?我该如何解决这个问题?
Dec 29 01:29:22 balloonindustries postfix/smtpd[25536]: connect from m69-77.mailgun.net[166.78.69.77]
Dec 29 01:29:22 balloonindustries postfix/smtpd[25536]: SSL_accept error from m69-77.mailgun.net[166.78.69.77]: 0
Dec 29 01:29:22 balloonindustries postfix/smtpd[25536]: warning: TLS library problem: 25536:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:s3_pkt.c:1260:SSL alert number 42:
Dec 29 01:29:22 balloonindustries postfix/smtpd[25536]: lost connection after STARTTLS from m69-77.mailgun.net[166.78.69.77]
Dec 29 01:29:22 balloonindustries postfix/smtpd[25536]: disconnect from m69-77.mailgun.net[166.78.69.77]
Dec 29 01:29:22 balloonindustries postfix/smtpd[25536]: connect from m69-77.mailgun.net[166.78.69.77]
Dec 29 01:29:22 balloonindustries postfix/trivial-rewrite[24327]: warning: do not list domain balloonindustries.com in BOTH mydestination and virtual_mailbox_domains
Dec 29 01:29:22 balloonindustries postfix/smtpd[25536]: CCC67125A9B: client=m69-77.mailgun.net[166.78.69.77]
Dec 29 01:29:22 balloonindustries postfix/cleanup[25295]: CCC67125A9B: message-id=<54a0ae516fbff_21b41d6ee0bf6b43374775a8@ns5000775.ip-142-4-219.net.mail>
Dec 29 01:29:23 balloonindustries postfix/qmgr[1537]: CCC67125A9B: from=<[email protected]>, size=19403, nrcpt=1 (queue active)
Dec 29 01:29:23 balloonindustries postfix/trivial-rewrite[24327]: warning: do not list domain balloonindustries.com in BOTH mydestination and virtual_mailbox_domains
Dec 29 01:29:24 balloonindustries postfix/pipe[25144]: CCC67125A9B: to=<[email protected]>, relay=dovecot, delay=1.3, delays=1.2/0/0/0.07, dsn=2.0.0, status=sent (delivered via dovecot service)
Dec 29 01:29:24 balloonindustries postfix/qmgr[1537]: CCC67125A9B: removed
Dec 29 01:29:28 balloonindustries postfix/smtp[23862]: connect to mx2.hotmail.com[207.46.8.199]:25: Connection timed out
Dec 29 01:29:28 balloonindustries postfix/smtp[20637]: connect to aello.beerta.net[88.198.205.195]:25: Connection timed out
Dec 29 01:29:28 balloonindustries postfix/smtp[20637]: 64DED127F9A: to=<[email protected]>, relay=none, delay=8868, delays=8830/8.1/30/0, dsn=4.4.1, status=deferred (connect to aello.beerta.net[88.198.205.195]:25: Connection timed out)
Dec 29 01:29:30 balloonindustries postfix/smtp[23884]: connect to mta6.am0.yahoodns.net[98.138.112.35]:25: Connection timed out
Dec 29 01:29:30 balloonindustries postfix/smtp[23856]: connect to mta5.am0.yahoodns.net[63.250.192.45]:25: Connection timed out
Dec 29 01:29:34 balloonindustries postfix/smtp[23881]: connect to mx3.hotmail.com[65.55.37.104]:25: Connection timed out
Dec 29 01:29:34 balloonindustries postfix/smtp[20381]: connect to smtp-telenet.telenet-ops.be[195.130.132.55]:25: Connection timed out
Dec 29 01:29:40 balloonindustries postfix/pickup[25262]: 1123E126462: uid=33 from=<[email protected]>
Dec 29 01:29:40 balloonindustries postfix/cleanup[25295]: 1123E126462: message-id=<[email protected]>
Dec 29 01:29:40 balloonindustries postfix/qmgr[1537]: 1123E126462: from=<[email protected]>, size=776, nrcpt=1 (queue active)
Dec 29 01:29:40 balloonindustries postfix/error[25449]: 1123E126462: to=<[email protected]>, relay=none, delay=0.03, delays=0.02/0/0/0, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to mx2.hotmail.com[65.55.33.135]:25: Connection timed out)
Dec 29 01:29:40 balloonindustries postfix/pickup[25262]: 174E112646E: uid=33 from=<[email protected]>
Dec 29 01:29:40 balloonindustries postfix/cleanup[25295]: 174E112646E: message-id=<[email protected]>
Dec 29 01:29:40 balloonindustries postfix/qmgr[1537]: 174E112646E: from=<[email protected]>, size=782, nrcpt=1 (queue active)
Dec 29 01:29:40 balloonindustries postfix/pickup[25262]: 1BCA1126477: uid=33 from=<[email protected]>
Dec 29 01:29:40 balloonindustries postfix/cleanup[25295]: 1BCA1126477: message-id=<[email protected]>
Dec 29 01:29:40 balloonindustries postfix/qmgr[1537]: 1BCA1126477: from=<[email protected]>, size=776, nrcpt=1 (queue active)
Dec 29 01:29:40 balloonindustries postfix/pickup[25262]: 2065712647C: uid=33 from=<[email protected]>
Dec 29 01:29:40 balloonindustries postfix/cleanup[25295]: 2065712647C: message-id=<[email protected]>
Dec 29 01:29:40 balloonindustries postfix/qmgr[1537]: 2065712647C: from=<[email protected]>, size=763, nrcpt=1 (queue active)
Dec 29 01:29:40 balloonindustries postfix/pickup[25262]: 247DD12647E: uid=33 from=<[email protected]>
Dec 29 01:29:40 balloonindustries postfix/cleanup[25295]: 247DD12647E: message-id=<[email protected]>
Dec 29 01:29:40 balloonindustries postfix/qmgr[1537]: 247DD12647E: from=<[email protected]>, size=777, nrcpt=1 (queue active)
Dec 29 01:29:40 balloonindustries postfix/error[25526]: 247DD12647E: to=<[email protected]>, relay=none, delay=0.02, delays=0.01/0/0/0.01, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to mx2.hotmail.com[65.55.33.135]:25: Connection timed out)
Dec 29 01:29:40 balloonindustries postfix/pickup[25262]: 2A80D126493: uid=33 from=<[email protected]>
Dec 29 01:29:40 balloonindustries postfix/cleanup[25295]: 2A80D126493: message-id=<[email protected]>
Dec 29 01:29:40 balloonindustries postfix/qmgr[1537]: 2A80D126493: from=<[email protected]>, size=782, nrcpt=1 (queue active)
Dec 29 01:29:40 balloonindustries postfix/error[25451]: 2A80D126493: to=<[email protected]>, relay=none, delay=0.02, delays=0.01/0/0/0, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to mta6.am0.yahoodns.net[98.138.112.32]:25: Connection timed out)
Dec 29 01:29:40 balloonindustries postfix/pickup[25262]: 2F7FF12649F: uid=33 from=<[email protected]>
Dec 29 01:29:40 balloonindustries postfix/cleanup[25295]: 2F7FF12649F: message-id=<[email protected]>
Dec 29 01:29:40 balloonindustries postfix/qmgr[1537]: 2F7FF12649F: from=<[email protected]>, size=783, nrcpt=1 (queue active)
Dec 29 01:29:40 balloonindustries postfix/error[25373]: 2F7FF12649F: to=<[email protected]>, relay=none, delay=0.02, delays=0.01/0.01/0/0, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to alt4.gmail-smtp-in.l.google.com[74.125.136.27]:25: Connection timed out)
Dec 29 01:29:40 balloonindustries postfix/pickup[25262]: 3730A1264D1: uid=33 from=<[email protected]>
Dec 29 01:29:40 balloonindustries postfix/cleanup[25295]: 3730A1264D1: message-id=<[email protected]>
Dec 29 01:29:40 balloonindustries postfix/qmgr[1537]: 3730A1264D1: from=<[email protected]>, size=776, nrcpt=1 (queue active)
Dec 29 01:29:40 balloonindustries postfix/error[25452]: 3730A1264D1: to=<[email protected]>, relay=none, delay=0.01, delays=0.01/0/0/0, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to alt4.gmail-smtp-in.l.google.com[74.125.136.27]:25: Connection timed out)
Dec 29 01:29:40 balloonindustries postfix/pickup[25262]: 3C3CC126554: uid=33 from=<[email protected]>
答案1
<blink>销毁服务器并从已知的良好备份中恢复。</blink>
