我已经阅读了尽可能多的关于调整 postfix main.cf 参数的文档,但仍然有一些外部电子邮件被转发。以下是 /var/log/mail.log 中的一个典型示例:
Mar 6 06:26:13 myhostname postfix/pickup[21313]: E860B17643B9: uid=33 from=<www-data>
Mar 6 06:26:13 myhostname postfix/cleanup[21605]: E860B17643B9: message-id=<[email protected]>
Mar 6 06:26:13 myhostname postfix/qmgr[16702]: E860B17643B9: from=<www-data@mydomain>, size=2146, nrcpt=1 (queue active)
Mar 6 06:26:14 myhostname postfix/smtp[21607]: Host offered STARTTLS: [mta5.am0.yahoodns.net]
Mar 6 06:26:16 myhostname postfix/smtp[21607]: E860B17643B9: to=<[email protected]>, relay=mta5.am0.yahoodns.net[98.138.112.33]:25, delay=2.7, delays=0.05/0/0.4/2.2, dsn=2.0.0, status=sent (250 ok dirdel)
Mar 6 06:26:16 myhostname postfix/qmgr[16702]: E860B17643B9: removed
大约每小时发生一次。然而所有这些测试成功通过,结束于中继访问被拒绝或者发件人地址被拒绝:本地收件人表中的用户未知。
服务器在 Debian Wheezy 64 上运行,使用 postfix v2.9.6、dovecot v2.1.7 和 spamassassin v3.3.2(在 Perl v5.14.2 上运行)。
输出后配置-n:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = no
canonical_maps = hash:/etc/postfix/canonical
config_directory = /etc/postfix
default_destination_concurrency_limit = 3
disable_vrfy_command = yes
home_mailbox = Maildir/
inet_interfaces = all
inet_protocols = all
mailbox_command = /usr/lib/dovecot/deliver -c /etc/dovecot/dovecot.conf
mailbox_size_limit = 0
message_size_limit = 42000000
mydestination = $mydomain, $myhostname, localhost, localhost.$mydomain
mydomain = [obfuscated]
myhostname = mail.[obfuscated]
mynetworks = 127.0.0.0/8, [::1]/128, [a few obfuscated trusted IPs]
myorigin = $mydomain
recipient_delimiter = +
relay_destination_concurrency_limit = 1
relay_domains =
smtp_tls_note_starttls_offer = yes
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP
smtpd_client_connection_count_limit = 3
smtpd_client_connection_rate_limit = 60
smtpd_client_message_rate_limit = 60
smtpd_client_new_tls_session_rate_limit = 60
smtpd_client_restrictions = permit_mynetworks, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, reject_unknown_helo_hostname
smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_client_hostname, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_destination, reject_invalid_hostname, reject_non_fqdn_sender
smtpd_reject_unlisted_sender = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/dovecot-auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = hash:/etc/postfix/loginmaps
smtpd_sender_restrictions = permit_mynetworks, reject_unknown_sender_domain, reject_sender_login_mismatch
smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtpd_tls_CApath = /etc/ssl/certs
smtpd_tls_ask_ccert = yes
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = [path to cert file]
smtpd_tls_ciphers = high
smtpd_tls_key_file = [path to key file]
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_address_reject_code = 550
unknown_client_reject_code = 550
unknown_hostname_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_transport = dovecot
出了什么问题?提前致谢!
答案1
正如上文评论所述,postfix 未配置为开放中继。同样如上所述,我的一个 nginx 网站存在漏洞。通过关闭未使用的网站,问题得以“解决”。我认为唯一可能受到攻击的网站是空的且未配置的 dokuwiki。
现在我仍然看到类似的连接尝试
3 月 8 日 02:17:57 vps78987 postfix/smtpd[5935]: 警告:主机名 [some_domain] 无法解析为地址 [some_IP]:名称或服务未知 3月8日 02:17:57 vps78987 postfix/smtpd[5935]: 从未知 [IP] 连接 3 月 8 日 02:17:57 vps78987 postfix/smtpd[5935]: 来自未知 [IP] 的 AUTH 后失去连接 3 月 8 日 02:17:57 vps78987 postfix/smtpd[5935]: 断开与未知[IP] 的连接
无论有没有警告,但可能都无能为力。