我的服务器发出了很多垃圾邮件,这些垃圾邮件使用虚假电子邮件但使用真实域名(托管在我的服务器 Linux Debian Squeeze 上)。这些垃圾邮件的电子邮件地址均为“msg”加上一个随机数。以下是日志中的一个例子:
6 月 25 日 09:46:18 ks4000003 postfix/qmgr[17823]: 7EA0C201608F: from=, size=1825, nrcpt=1 (队列活动) 6 月 25 日 09:46:18 ks4000003 amavis[11085]: (11085-20) 已通过 CLEAN、LOCAL [127.0.0.1] [127.0.0.1] ->,消息 ID:<[电子邮件保护]>,mail_id:ELwtXTha8l9Y,点击数:-0.9,大小:1318,queued_as:7EA0C201608F,688 毫秒
我找不到这个消息的来源。我更改了 root 密码,反正也没变。下面是消息头的示例,它表明这个消息不是来自 PHP 脚本或其他任何东西:
*** MESSAGE CONTENTS deferred/3/3CE1E2016092 ***
regular_text: Received: from localhost (localhost.localdomain [127.0.0.1])
regular_text: by ks4000003.ip-198-245-60.net (Postfix) with ESMTP id 3CE1E2016092
regular_text: for <[email protected]>; Sat, 25 Jun 2016 09:29:52 -0400 (EDT)
regular_text: X-Virus-Scanned: Debian amavisd-new at ks4000003.ip-198-245-60.net
regular_text: Received: from ks4000003.ip-198-245-60.net ([127.0.0.1])
regular_text: by localhost (ks4000003.ip-198-245-60.net [127.0.0.1]) (amavisd-new, port 10024)
regular_text: with ESMTP id WOgKWhIoZTkR for <[email protected]>;
regular_text: Sat, 25 Jun 2016 09:29:51 -0400 (EDT)
regular_text: Received: from blogs.annuairedesign.com (localhost.localdomain [127.0.0.1])
regular_text: by ks4000003.ip-198-245-60.net (Postfix) with ESMTP id 9F7E6201608E
regular_text: for <[email protected]>; Sat, 25 Jun 2016 09:29:51 -0400 (EDT)
regular_text: Date: Sat, 25 Jun 2016 13:29:53 +0000 (UTC)
regular_text: From: MKP Solutions <[email protected]>
regular_text: To: [email protected]
regular_text: Message-ID: <[email protected]>
regular_text: Subject: Hi joergpahl
regular_text: MIME-Version: 1.0
regular_text: Content-Type: multipart/alternative;
regular_text: boundary="----=_Part_5330678_1709585627.1466861393249"
regular_text: X-mailer: Mailer v1.0
regular_text:
regular_text: ------=_Part_5330678_1709585627.1466861393249
regular_text: Content-Type: text/plain; charset=utf-8
regular_text: Content-Transfer-Encoding: 7bit
regular_text:
regular_text: Medicines pricing you can smile about. Learn more
regular_text: ------=_Part_5330678_1709585627.1466861393249
regular_text: Content-Type: text/html; charset=utf-8
regular_text: Content-Transfer-Encoding: 7bit
后配置-n:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
always_add_missing_headers = yes
append_dot_mydomain = no
biff = no
body_checks = regexp:/etc/postfix/body_checks
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
content_filter = amavis:[127.0.0.1]:10024
default_destination_concurrency_limit = 10
disable_vrfy_command = yes
header_checks = regexp:/etc/postfix/header_checks
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
mailbox_size_limit = 0
message_size_limit = 0
mime_header_checks = regexp:/etc/postfix/mime_header_checks
mydestination = ks4000003.ip-198-245-60.net, localhost, localhost.localdomain
myhostname = ks4000003.ip-198-245-60.net
mynetworks = 127.0.0.0/8 [::1]/128
myorigin = /etc/mailname
nested_header_checks = regexp:/etc/postfix/nested_header_checks
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
readme_directory = /usr/share/doc/postfix
receive_override_options = no_address_mappings
recipient_delimiter = +
relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
relayhost =
smtp_destination_concurrency_limit = 5
smtp_destination_rate_delay = 1s
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_client_restrictions = permit_sasl_authenticated, permit_mynetworks, check_client_access mysql:/etc/postfix/mysql-virtual_client.cf, reject_rhsbl_sender dsn.rfc-ignorant.org, reject_rbl_client zen.spamhaus.org, reject_rbl_client list.dsbl.org, reject
smtpd_data_restrictions = reject_unauth_pipelining, permit
smtpd_error_sleep_time = 1s
smtpd_hard_error_limit = 20
smtpd_helo_required = yes
smtpd_helo_restrictions = check_helo_access mysql:/etc/postfix/mysql-virtual_client.cf, permit_sasl_authenticated, reject_non_fqdn_hostname, reject_invalid_hostname, regexp:/etc/postfix/helo.regexp, permit_mynetworks, reject
smtpd_recipient_restrictions = check_client_access hash:/etc/postfix/rbl_whitelist, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, check_recipient_access regexp:/etc/postfix/sender_access.regexp, permit_sasl_authenticated, permit_mynetworks, reject_unknown_recipient_domain, reject_unauth_pipelining, reject_unauth_destination, reject_unverified_sender, reject_unauth_destination, reject_unlisted_recipient, reject_invalid_hostname, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_rbl_client cbl.abuseat.org, reject_rbl_client bl.spamcop.net, reject_rbl_client sbl.spamhaus.org, reject_rbl_client dul.dnsbl.sorbs.net, reject_rbl_client truncate.gbudb.net
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = mysql:/etc/postfix/mysql-sender-access.cf
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, check_sender_access regexp:/etc/postfix/sender_access.regexp mysql:/etc/postfix/mysql-virtual_sender.cf, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_hostname, reject
smtpd_soft_error_limit = 10
smtpd_tls_ask_ccert = yes
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_tls_loglevel = 1
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
unknown_local_recipient_reject_code = 550
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_transport = dovecot
virtual_uid_maps = static:5000
也许我的配置不好,我真的需要一些帮助...我该如何屏蔽这些电子邮件?提前谢谢 :)
答案1
默认情况下,permit_mynetworks
设置为smtpd_recipient_restrictions
。mynetworks
设置为127.0.0.0/8
及其 IPv6 等效值。这允许来自 localhost 的未经身份验证的邮件。可能有一个恶意进程正在向 localhost 发送邮件。如果删除该选项,至少邮件可能会停止。但您仍然需要找到恶意进程。您可能需要检查您的进程列表以查找可疑进程。