在 Centos 6.4 上运行。过去两周,我一直在接收来自我们服务器上的其他电子邮件帐户的电子邮件。[电子邮件保护]正在发送至[电子邮件保护]和[电子邮件保护]正在发送至[电子邮件保护]。它们都包含一个 zip 文件。最近开始有来自[电子邮件保护](该网站甚至没有子域名)。
我相当密切地监控服务器,并没有发现任何对 FTP、SSH 或 php 代码的漏洞。
这些电子邮件似乎是从土耳其和其他中东地区发来的。没有垃圾邮件从服务器发出,它们只是在本地发送和投递。
我以为我已经将其设置为对所有用户进行身份验证,但它没有进行身份验证并且仍在发送。有人能告诉我该怎么做或更改吗?
以下是 postfix/main.cf 文件的一些摘录。
mynetworks = 127.0.0.0/32
alias_maps = hash:/etc/aliases
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_tls_security_level = may
smtpd_tls_key_file = /etc/pki/tls/private/site.com.key
smtpd_tls_cert_file= /etc/pki/tls/certs/mycert.crt
smtpd_tls_CAfile= /etc/pki/tls/certs/gd_bundle-g2-g1.crt
smtpd_tls_loglevel = 1
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_cache
tls_random_source = dev:/dev/urandom
smtpd_tls_auth_only = yes
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
smtpd_milters = inet:localhost:8891
#non_smtpd_milters =
non_smtpd_milters = inet:localhost:8891
milter_default_action = accept (dkim stuff)
milter_protocol = 2
mailbox_command = /usr/bin/procmail (this is used for having smart mailboxes, so I could group stuff in Mac mail)
这是 /var/logs/maillog
Mar 20 09:04:09 server1 postfix/smtpd[616]: connect from unknown[62.169.228.29]
Mar 20 09:04:13 server1 postfix/smtpd[616]: disconnect from unknown[62.169.228.29]
Mar 20 09:07:33 server1 postfix/anvil[618]: statistics: max connection rate 1/60s for (smtp:62.169.228.29) at Mar 20 09:04:09
Mar 20 09:07:33 server1 postfix/anvil[618]: statistics: max connection count 1 for (smtp:62.169.228.29) at Mar 20 09:04:09
Mar 20 09:07:33 server1 postfix/anvil[618]: statistics: max cache size 1 at Mar 20 09:04:09
Mar 20 09:26:45 server1 postfix/smtpd[645]: connect from unknown[125.209.5.163]
Mar 20 09:26:46 server1 postfix/smtpd[645]: disconnect from unknown[125.209.5.163]
Mar 20 09:30:06 server1 postfix/anvil[647]: statistics: max connection rate 1/60s for (smtp:125.209.5.163) at Mar 20 09:26:45
Mar 20 09:30:06 server1 postfix/anvil[647]: statistics: max connection count 1 for (smtp:125.209.5.163) at Mar 20 09:26:45
Mar 20 09:30:06 server1 postfix/anvil[647]: statistics: max cache size 1 at Mar 20 09:26:45
Mar 20 09:31:21 server1 postfix/smtpd[654]: connect from unknown[31.184.198.210]
Mar 20 09:31:21 server1 postfix/smtpd[654]: setting up TLS connection from unknown[31.184.198.210]
Mar 20 09:31:22 server1 postfix/smtpd[654]: Anonymous TLS connection established from unknown[31.184.198.210]: TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)
Mar 20 09:31:22 server1 postfix/smtpd[654]: lost connection after STARTTLS from unknown[31.184.198.210]
Mar 20 09:31:22 server1 postfix/smtpd[654]: disconnect from unknown[31.184.198.210]
Mar 20 09:34:42 server1 postfix/anvil[656]: statistics: max connection rate 1/60s for (submission:31.184.198.210) at Mar 20 09:31:21
Mar 20 09:34:42 server1 postfix/anvil[656]: statistics: max connection count 1 for (submission:31.184.198.210) at Mar 20 09:31:21
Mar 20 09:34:42 server1 postfix/anvil[656]: statistics: max cache size 1 at Mar 20 09:31:21
Mar 20 11:06:44 server1 postfix/smtpd[804]: warning: 185.100.64.70: hostname ip.hoster.kz verification failed: Name or service not known
Mar 20 11:06:44 server1 postfix/smtpd[804]: connect from unknown[185.100.64.70]
Mar 20 11:06:45 server1 postfix/smtpd[804]: disconnect from unknown[185.100.64.70]
Mar 20 11:10:05 server1 postfix/anvil[806]: statistics: max connection rate 1/60s for (smtp:185.100.64.70) at Mar 20 11:06:44
Mar 20 11:10:05 server1 postfix/anvil[806]: statistics: max connection count 1 for (smtp:185.100.64.70) at Mar 20 11:06:44
Mar 20 11:10:05 server1 postfix/anvil[806]: statistics: max cache size 1 at Mar 20 11:06:44
Mar 20 11:10:09 server1 postfix/smtpd[813]: connect from unknown[31.184.198.210]
Mar 20 11:10:09 server1 postfix/smtpd[813]: setting up TLS connection from unknown[31.184.198.210]
Mar 20 11:10:10 server1 postfix/smtpd[813]: Anonymous TLS connection established from unknown[31.184.198.210]: TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)
Mar 20 11:10:10 server1 postfix/smtpd[813]: lost connection after STARTTLS from unknown[31.184.198.210]
Mar 20 11:10:10 server1 postfix/smtpd[813]: disconnect from unknown[31.184.198.210]
Mar 20 11:13:30 server1 postfix/anvil[815]: statistics: max connection rate 1/60s for (submission:31.184.198.210) at Mar 20 11:10:09
Mar 20 11:13:30 server1 postfix/anvil[815]: statistics: max connection count 1 for (submission:31.184.198.210) at Mar 20 11:10:09
Mar 20 11:13:30 server1 postfix/anvil[815]: statistics: max cache size 1 at Mar 20 11:10:09
Mar 20 13:44:46 server1 postfix/smtpd[1023]: warning: 89.248.162.178: address not listed for hostname no-reverse-dns-configured.com
Mar 20 13:44:46 server1 postfix/smtpd[1023]: connect from unknown[89.248.162.178]
Mar 20 13:44:47 server1 postfix/smtpd[1023]: disconnect from unknown[89.248.162.178]
这是收到的一封电子邮件,是垃圾邮件。
Mar 22 12:15:20 server1 postfix/smtpd[20712]: connect from unknown[203.82.37.180]
Mar 22 12:15:20 server1 postfix/smtpd[20712]: 65EE53800A8: client=unknown[203.82.37.180]
Mar 22 12:15:20 server1 postfix/cleanup[20717]: 65EE53800A8: message-id=<[email protected]>
Mar 22 12:15:20 server1 opendkim[1444]: 65EE53800A8: [203.82.37.180] [203.82.37.180] not internal
Mar 22 12:15:20 server1 opendkim[1444]: 65EE53800A8: not authenticated
Mar 22 12:15:20 server1 opendkim[1444]: 65EE53800A8: no signature data
Mar 22 12:15:20 server1 postfix/qmgr[27235]: 65EE53800A8: from=<[email protected]>, size=5709, nrcpt=1 (queue active)
Mar 22 12:15:20 server1 spamd[19157]: spamd: connection from localhost [127.0.0.1] at port 49602
Mar 22 12:15:20 server1 spamd[19157]: spamd: setuid to spamd succeeded
Mar 22 12:15:20 server1 spamd[19157]: spamd: creating default_prefs: /var/log/spamassassin/.spamassassin/user_prefs
Mar 22 12:15:20 server1 spamd[19157]: config: cannot create user preferences file /var/log/spamassassin/.spamassassin/user_prefs: No such file or directory
Mar 22 12:15:20 server1 spamd[19157]: spamd: failed to create readable default_prefs: /var/log/spamassassin/.spamassassin/user_prefs
Mar 22 12:15:20 server1 spamd[19157]: spamd: processing message <[email protected]> for spamd:492
Mar 22 12:15:20 server1 postfix/smtpd[20712]: disconnect from unknown[203.82.37.180]
Mar 22 12:15:24 server1 spamd[19157]: spamd: clean message (7.4/8.0) for spamd:492 in 3.4 seconds, 5621 bytes.
Mar 22 12:15:24 server1 spamd[19157]: spamd: result: . 7 - RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_PSBL,RCVD_IN_RP_RNBL,RDNS_NONE,SPF_FAIL,TO_EQ_FM_DOM_SPF_FAIL,TVD_SPACE_RATIO scantime=3.4,size=5621,user=spamd,uid=492,required_score=8.0,rhost=localhost,raddr=127.0.0.1,rport=49602,mid=<[email protected]>,autolearn=no
Mar 22 12:15:24 server1 postfix/pickup[20696]: 3B5CA3800B1: uid=492 from=<[email protected]>
Mar 22 12:15:24 server1 postfix/pipe[20718]: 65EE53800A8: to=<[email protected]>, relay=spamassassin, delay=3.8, delays=0.39/0.01/0/3.4, dsn=2.0.0, status=sent (delivered via spamassassin service)
Mar 22 12:15:24 server1 postfix/qmgr[27235]: 65EE53800A8: removed
Mar 22 12:15:24 server1 postfix/cleanup[20717]: 3B5CA3800B1: message-id=<[email protected]>
Mar 22 12:15:24 server1 opendkim[1444]: 3B5CA3800B1: DKIM-Signature field added (s=default, d=mysite.com)
Mar 22 12:15:24 server1 spamd[19156]: prefork: child states: II
Mar 22 12:15:24 server1 postfix/qmgr[27235]: 3B5CA3800B1: from=<[email protected]>, size=6120, nrcpt=1 (queue active)
Mar 22 12:15:24 server1 postfix/local[20723]: 3B5CA3800B1: to=<[email protected]>, relay=local, delay=0.1, delays=0.06/0.01/0/0.03, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail)
Mar 22 12:15:24 server1 postfix/qmgr[27235]: 3B5CA3800B1: removed
Mar 22 12:18:41 server1 postfix/anvil[20714]: statistics: max connection rate 1/60s for (smtp:203.82.37.180) at Mar 22 12:15:20
Mar 22 12:18:41 server1 postfix/anvil[20714]: statistics: max connection count 1 for (smtp:203.82.37.180) at Mar 22 12:15:20
Mar 22 12:18:41 server1 postfix/anvil[20714]: statistics: max cache size 1 at Mar 22 12:15:20
Mar 22 12:44:56 server1 postfix/smtpd[20796]: connect from unknown[181.198.236.222]
Mar 22 15:49:54 server1 postfix/smtpd[21823]: connect from unknown[181.65.123.194]
Mar 22 15:49:54 server1 postfix/smtpd[21823]: A9B073800A8: client=unknown[181.65.123.194]
Mar 22 15:49:55 server1 postfix/cleanup[21828]: A9B073800A8: message-id=<[email protected]>
Mar 22 15:49:55 server1 opendkim[1444]: A9B073800A8: [181.65.123.194] [181.65.123.194] not internal
Mar 22 15:49:55 server1 opendkim[1444]: A9B073800A8: not authenticated
Mar 22 15:49:55 server1 opendkim[1444]: A9B073800A8: no signature data
Mar 22 15:49:55 server1 postfix/qmgr[27235]: A9B073800A8: from=<[email protected]>, size=6734, nrcpt=1 (queue active)
Mar 22 15:49:55 server1 spamd[19157]: spamd: connection from localhost [127.0.0.1] at port 50409
Mar 22 15:49:55 server1 spamd[19157]: spamd: setuid to spamd succeeded
Mar 22 15:49:55 server1 spamd[19157]: spamd: creating default_prefs: /var/log/spamassassin/.spamassassin/user_prefs
Mar 22 15:49:55 server1 spamd[19157]: config: cannot create user preferences file /var/log/spamassassin/.spamassassin/user_prefs: No such file or directory
Mar 22 15:49:55 server1 spamd[19157]: spamd: failed to create readable default_prefs: /var/log/spamassassin/.spamassassin/user_prefs
Mar 22 15:49:55 server1 spamd[19157]: spamd: processing message <[email protected]> for spamd:492
Mar 22 15:49:55 server1 postfix/smtpd[21823]: disconnect from unknown[181.65.123.194]
Mar 22 15:49:56 server1 spamd[19157]: spamd: clean message (6.9/8.0) for spamd:492 in 1.1 seconds, 6629 bytes.
Mar 22 15:49:56 server1 spamd[19157]: spamd: result: . 6 - HTML_MESSAGE,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_BRBL_LASTEXT,RCVD_IN_PSBL,RDNS_NONE,URIBL_BLOCKED scantime=1.1,size=6629,user=spamd,uid=492,required_score=8.0,rhost=localhost,raddr=127.0.0.1,rport=50409,mid=<[email protected]>,autolearn=no
Mar 22 15:49:56 server1 postfix/pickup[21711]: 41F7E3800B1: uid=492 from=<[email protected]>
Mar 22 15:49:56 server1 postfix/pipe[21829]: A9B073800A8: to=<[email protected]>, relay=spamassassin, delay=1.6, delays=0.4/0.01/0/1.2, dsn=2.0.0, status=sent (delivered via spamassassin service)
Mar 22 15:49:56 server1 postfix/qmgr[27235]: A9B073800A8: removed
Mar 22 15:49:56 server1 postfix/cleanup[21828]: 41F7E3800B1: message-id=<[email protected]>
Mar 22 15:49:56 server1 opendkim[1444]: 41F7E3800B1: no signing table match for '[email protected]'
Mar 22 15:49:56 server1 opendkim[1444]: 41F7E3800B1: no signature data
Mar 22 15:49:56 server1 postfix/qmgr[27235]: 41F7E3800B1: from=<[email protected]>, size=7129, nrcpt=1 (queue active)
Mar 22 15:49:56 server1 spamd[19156]: prefork: child states: II
Mar 22 15:49:56 server1 postfix/local[21834]: 41F7E3800B1: to=<[email protected]>, relay=local, delay=0.06, delays=0.02/0.01/0/0.03, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail)
Mar 22 15:49:56 server1 postfix/qmgr[27235]: 41F7E3800B1: removed
答案1
解决方案是在 Postfix 中实现发件人策略框架并向您的域添加 SPF 记录。
Postfix 实现:
安装 spf 包:
sudo apt-get install postfix-policyd-spf-perl
修改main.cf:
添加任意位置:
policy-spf_time_limit = 3600s
添加到 smtpd_recipient_restrictions:
check_policy_service unix:private/policy-spf
- 修改主文件
添加:
policy-spf unix - n n - - spawn user=nobody argv=/usr/sbin/postfix-policyd-spf-perl
- 重新加载后缀:
service postfix reload
为您的域名创建 SPF 记录的向导(需要对如何添加域 DNS 记录有基本的了解)。