我的 Postfix 邮件日志中有如下几条日志:
Mar 9 06:01:10 postfix/smtpd[23043]: initializing the server-side TLS engine
Mar 9 06:01:10 postfix/smtpd[23043]: connect from mlxmail4.icicibank.com[203.27.235.122]
Mar 9 06:01:11 postfix/smtpd[23043]: setting up TLS connection from mlxmail4.icicibank.com[203.27.235.122]
Mar 9 06:01:11 postfix/smtpd[23043]: mlxmail4.icicibank.com[203.27.235.122]: TLS cipher list "ALL:+RC4:@STRENGTH"
Mar 9 06:01:11 postfix/smtpd[23043]: SSL_accept:before/accept initialization
Mar 9 06:01:11 postfix/smtpd[23043]: read from 7FE9DE41E2C0 [7FE9DE4BE4C0] (11 bytes => -1 (0xFFFFFFFFFFFFFFFF))
Mar 9 06:01:11 postfix/smtpd[23043]: read from 7FE9DE41E2C0 [7FE9DE4BE4C0] (11 bytes => 11 (0xB))
Mar 9 06:01:11 postfix/smtpd[23043]: 0000 16 03 01 02 00 01 00 01|fc 03 03 ........ ...
Mar 9 06:01:11 postfix/smtpd[23043]: read from 7FE9DE41E2C0 [7FE9DE4BE4CE] (506 bytes => -1 (0xFFFFFFFFFFFFFFFF))
Mar 9 06:01:11 postfix/smtpd[23043]: read from 7FE9DE41E2C0 [7FE9DE4BE4CE] (506 bytes => 506 (0x1FA))
(some cipher text)
Mar 9 06:01:11 postfix/smtpd[23043]: 0128 - <SPACES/NULLS>
Mar 9 06:01:11 postfix/smtpd[23043]: SSL_accept:SSLv3 read client hello B
Mar 9 06:01:11 postfix/smtpd[23043]: SSL_accept:SSLv3 write server hello A
Mar 9 06:01:11 postfix/smtpd[23043]: SSL_accept:SSLv3 write certificate A
Mar 9 06:01:11 postfix/smtpd[23043]: SSL_accept:SSLv3 write key exchange A
Mar 9 06:01:11 postfix/smtpd[23043]: SSL_accept:SSLv3 write server done A
Mar 9 06:01:11 postfix/smtpd[23043]: write to 7FE9DE41E2C0 [7FE9DE4CBE80] (1567 bytes => 1567 (0x61F))
(some cipher text)
Mar 9 06:01:11 postfix/smtpd[23043]: 061c - <SPACES/NULLS>
Mar 9 06:01:11 postfix/smtpd[23043]: SSL_accept:SSLv3 flush data
Mar 9 06:01:11 postfix/smtpd[23043]: read from 7FE9DE41E2C0 [7FE9DE4BE4C3] (5 bytes => -1 (0xFFFFFFFFFFFFFFFF))
Mar 9 06:01:11 postfix/smtpd[23043]: read from 7FE9DE41E2C0 [7FE9DE4BE4C3] (5 bytes => 5 (0x5))
Mar 9 06:01:11 postfix/smtpd[23043]: read from 7FE9DE41E2C0 [7FE9DE4BE4C8] (134 bytes => -1 (0xFFFFFFFFFFFFFFFF))
Mar 9 06:01:11 postfix/smtpd[23043]: read from 7FE9DE41E2C0 [7FE9DE4BE4C8] (134 bytes => 134 (0x86))
(some cipher text)
Mar 9 06:01:11 postfix/smtpd[23043]: SSL_accept:SSLv3 read client key exchange A
Mar 9 06:01:11 postfix/smtpd[23043]: read from 7FE9DE41E2C0 [7FE9DE4BE4C3] (5 bytes => -1 (0xFFFFFFFFFFFFFFFF))
Mar 9 06:01:11 postfix/smtpd[23043]: read from 7FE9DE41E2C0 [7FE9DE4BE4C3] (5 bytes => 5 (0x5))
Mar 9 06:01:11 postfix/smtpd[23043]: 0000 14 03 03 00 01 .....
Mar 9 06:01:11 postfix/smtpd[23043]: read from 7FE9DE41E2C0 [7FE9DE4BE4C8] (1 bytes => -1 (0xFFFFFFFFFFFFFFFF))
Mar 9 06:01:11 postfix/smtpd[23043]: read from 7FE9DE41E2C0 [7FE9DE4BE4C8] (1 bytes => 1 (0x1))
Mar 9 06:01:11 postfix/smtpd[23043]: 0000 01 .
Mar 9 06:01:11 postfix/smtpd[23043]: read from 7FE9DE41E2C0 [7FE9DE4BE4C3] (5 bytes => -1 (0xFFFFFFFFFFFFFFFF))
Mar 9 06:01:11 postfix/smtpd[23043]: read from 7FE9DE41E2C0 [7FE9DE4BE4C3] (5 bytes => 5 (0x5))
Mar 9 06:01:11 postfix/smtpd[23043]: 0000 16 03 03 00 28 ....(
Mar 9 06:01:11 postfix/smtpd[23043]: read from 7FE9DE41E2C0 [7FE9DE4BE4C8] (40 bytes => -1 (0xFFFFFFFFFFFFFFFF))
Mar 9 06:01:11 postfix/smtpd[23043]: read from 7FE9DE41E2C0 [7FE9DE4BE4C8] (40 bytes => 40 (0x28))
(some cipher text)
Mar 9 06:01:11 postfix/smtpd[23043]: SSL_accept:SSLv3 read finished A
Mar 9 06:01:11 postfix/smtpd[23043]: SSL_accept:SSLv3 write change cipher spec A
Mar 9 06:01:11 postfix/smtpd[23043]: SSL_accept:SSLv3 write finished A
Mar 9 06:01:11 postfix/smtpd[23043]: write to 7FE9DE41E2C0 [7FE9DE4CBE80] (51 bytes => 51 (0x33))
(some cipher text)
Mar 9 06:01:11 postfix/smtpd[23043]: 0030 d1 82 cb ...
Mar 9 06:01:11 postfix/smtpd[23043]: SSL_accept:SSLv3 flush data
Mar 9 06:01:11 postfix/smtpd[23043]: Anonymous TLS connection established from mlxmail4.icicibank.com[203.27.235.122]: TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Mar 9 06:01:11 postfix/smtpd[23043]: read from 7FE9DE41E2C0 [7FE9DE4BE4C3] (5 bytes => -1 (0xFFFFFFFFFFFFFFFF))
Mar 9 06:01:12 postfix/smtpd[23043]: read from 7FE9DE41E2C0 [7FE9DE4BE4C3] (5 bytes => 5 (0x5))
Mar 9 06:01:12 postfix/smtpd[23043]: 0000 17 03 03 00 35 ....5
Mar 9 06:01:12 postfix/smtpd[23043]: read from 7FE9DE41E2C0 [7FE9DE4BE4C8] (53 bytes => -1 (0xFFFFFFFFFFFFFFFF))
Mar 9 06:01:12 postfix/smtpd[23043]: read from 7FE9DE41E2C0 [7FE9DE4BE4C8] (53 bytes => 53 (0x35))
(some cipher text)
Mar 9 06:01:12 postfix/smtpd[23043]: Read 29 chars: EHLO mlxmail4.icicibank.com??
Mar 9 06:01:12 postfix/smtpd[23043]: Write 158 chars: 250-mail.xxx.com??250-PIPELINING??250
Mar 9 06:01:12 postfix/smtpd[23043]: write to 7FE9DE41E2C0 [7FE9DE4C6A13] (187 bytes => 187 (0xBB))
(some cipher text)
Mar 9 06:01:12 postfix/smtpd[23043]: read from 7FE9DE41E2C0 [7FE9DE4BE4C3] (5 bytes => -1 (0xFFFFFFFFFFFFFFFF))
mlxmail4.icicibank.com 试图做什么?它想向我的电子邮件帐户发送垃圾邮件吗?
答案1
根据你的邮件日志和讨论以上评论,看起来 SMTP 客户端 mlxmail4.icicibank.com 是行为不当. postfix EHLO 回复后无响应
Mar 9 06:01:12 postfix/smtpd[23043]: Read 29 chars: EHLO mlxmail4.icicibank.com??
Mar 9 06:01:12 postfix/smtpd[23043]: Write 158 chars: 250-mail.xxx.com??250-PIPELINING??250
我应该注意这种奇怪的行为吗?
除非另一个客户端有同样的症状,否则您无需担心。这不是您的 postfix 错误。
mlxmail4.icicibank.com 试图做什么?它想向我的电子邮件帐户发送垃圾邮件吗?
不知道。SMTP 未完成时它就挂断了。但与你之前的日志,mlxmail4.icicibank.com 没有进行 AUTH 尝试。因此,现在断定该客户端想要向您的服务器发送电子邮件还为时过早。
可以通过守护进程grep的 -ping postfix 统计来检测垃圾邮件活动anvil。垃圾邮件发送者倾向于在短时间内发送大量电子邮件。