从一周以来,我收到大量从使用 Postfix 的服务器发送的垃圾邮件。所有这些垃圾邮件都来自以下邮件地址:
XXXXXX@mywebsite.com
XXXXXXX = 随机名称,所有这些邮件地址当然都不存在,但它们可以发送垃圾邮件(发送至 aol、gmail 等)
我试图阻止从域发送邮件,但没有成功。(只有当我从现有邮件地址发送邮件时才有效,但垃圾邮件发送者仍然可以发送垃圾邮件......)此链接:serverfault.com/questions/517945/how-to-block-sending-mail-from-domain-in-postfix
以下是我的鸽舍日志的摘录:代码:
Sep 10 18:51:04 auth-worker(27351): Info: sql(paula_thomas@ mywebsite . com): unknown user
每4-5分钟
来自我的 mail.log:
> Sep 10 18:54:23 my-host postfix/qmgr[26436]: 1754037021E2:
> from=<grace_mcdonald@ mywebsite . com>, size=1251, nrcpt=1 (queue
> active) Sep 10 18:54:23 my-host postfix/lmtp[27584]: 028053701ECE:
> to=<audrey_lane@ mywebsite . com>, relay=myhostname.
> fr[private/dovecot-lmtp], delay=0.15, delays=0.09/0/0/0.07, dsn=5.1.1,
> status=bounced (host myhostname. fr[private/dovecot-lmtp] said: 550
> 5.1.1 <audrey_lane@ mywebsite . com> User doesn't exist: audrey_lane@ mywebsite . com (in reply to RCPT TO command)) Sep 10 18:54:23 my-host
> postfix/pickup[27034]: 27DC83701E50: uid=5010 from=<grace_mcdonald@
> mywebsite . com> Sep 10 18:54:23 my-host postfix/cleanup[27220]:
> 27DC83701E50: message-id=<c7f61a098fd9f9ec2e1dc242d57be877@ mywebsite
> . fr> Sep 10 18:54:23 my-host postfix/qmgr[26436]: 27DC83701E50:
> from=<grace_mcdonald@ mywebsite . com>, size=1220, nrcpt=1 (queue
> active) Sep 10 18:54:23 my-host postfix/pickup[27034]: 3BC733701DBD:
> uid=5010 from=<audrey_lane@ mywebsite . com> Sep 10 18:54:23 my-host
> postfix/cleanup[27259]: 3BC733701DBD:
> message-id=<67ee6823a83f3bb73e5f5717c2905be5@ mywebsite . fr> Sep 10
> 18:54:23 my-host postfix/qmgr[26436]: 3BC733701DBD: from=<audrey_lane@
> mywebsite . com>, size=1238, nrcpt=1 (queue active) Sep 10 18:54:23
> my-host postfix/pickup[27034]: 577763701DC6: uid=5010
> from=<audrey_lane@ mywebsite . com> Sep 10 18:54:23 my-host
> postfix/cleanup[27220]: 577763701DC6:
> message-id=<ce07dac8196b58ab895833ffe69be4e5@ mywebsite . fr> Sep 10
> 18:54:23 my-host postfix/qmgr[26436]: 577763701DC6: from=<audrey_lane@
> mywebsite . com>, size=1239, nrcpt=1 (queue active) Sep 10 18:54:23
> my-host postfix/pickup[27034]: 6A1B7370229E: uid=5010
> from=<audrey_lane@ mywebsite . com> Sep 10 18:54:23 my-host
> postfix/cleanup[27259]: 6A1B7370229E:
> message-id=<e1e88d4dc65dce78da6a03b8e165624a@ mywebsite . fr> Sep 10
> 18:54:23 my-host postfix/qmgr[26436]: 6A1B7370229E: from=<audrey_lane@
> mywebsite . com>, size=1219, nrcpt=1 (queue active) Sep 10 18:54:23
> my-host postfix/pickup[27034]: 746EA3701D7C: uid=5010
> from=<audrey_lane@ mywebsite . com> Sep 10 18:54:23 my-host
> postfix/cleanup[27220]: 746EA3701D7C:
> message-id=<b6380a13f78128602b3fce4ebc69b369@ mywebsite . fr> Sep 10
> 18:54:23 my-host postfix/qmgr[26436]: 746EA3701D7C: from=<audrey_lane@
> mywebsite . com>, size=1237, nrcpt=1 (queue active) Sep 10 18:54:23
> my-host postfix/smtp[27253]: 847553701DD2: to=<jamie.innes93@
> hotmail.co.uk>, relay=mx3.hotmail.com[65.55.33.135]:25, delay=2.7,
> delays=0.68/0/1.4/0.53, dsn=2.0.0, status=sent (250
> <c0b1f97f035a4ee8f10ebf8a93e350d9@ mywebsite . fr> Queued mail for
> delivery) Sep 10 18:54:23 my-host postfix/lmtp[27291]: 99B0C3701DD2:
> to=<grace_mcdonald@ mywebsite . com>, relay=myhostname.
> fr[private/dovecot-lmtp], delay=0.15, delays=0.06/0/0/0.09, dsn=5.1.1,
> status=bounced (host myhostname. fr[private/dovecot-lmtp] said: 550
> 5.1.1 <grace_mcdonald@ mywebsite . com> User doesn't exist: grace_mcdonald@ mywebsite . com (in reply to RCPT TO command)) Sep 10
> 18:54:23 my-host postfix/lmtp[27584]: A85D537022BB:
> to=<grace_mcdonald@ mywebsite . com>, relay=myhostname.
> fr[private/dovecot-lmtp], delay=0.14, delays=0.09/0/0/0.04, dsn=5.1.1,
> status=bounced (host myhostname. fr[private/dovecot-lmtp] said: 550
> 5.1.1 <grace_mcdonald@ mywebsite . com> User doesn't exist: grace_mcdonald@ mywebsite . com (in reply to RCPT TO command)) Sep 10
> 18:54:23 my-host postfix/lmtp[27291]: D86373701D29:
> to=<grace_mcdonald@ mywebsite . com>, relay=myhostname.
> fr[private/dovecot-lmtp], delay=0.06, delays=0.03/0/0/0.03, dsn=5.1.1,
> status=bounced (host myhostname. fr[private/dovecot-lmtp] said: 550
> 5.1.1 <grace_mcdonald@ mywebsite . com> User doesn't exist: grace_mcdonald@ mywebsite . com (in reply to RCPT TO command)) Sep 10
> 18:54:24 my-host postfix/lmtp[27584]: 255483701DD2: to=<audrey_lane@
> mywebsite . com>, relay=myhostname. fr[private/dovecot-lmtp],
> delay=0.07, delays=0.03/0/0/0.03, dsn=5.1.1, status=bounced (host
> myhostname. fr[private/dovecot-lmtp] said: 550 5.1.1 <audrey_lane@
> mywebsite . com> User doesn't exist: audrey_lane@ mywebsite . com (in
> reply to RCPT TO command)) Sep 10 18:54:24 my-host
> postfix/smtp[27246]: 72DF63702308: to=<galipete@ msn.com>,
> relay=mx1.hotmail.com[65.55.92.136]:25, delay=2.3,
> delays=0.54/0/1.4/0.41, dsn=2.0.0, status=sent (250
> <ca761254081f994ec23ef61df24a0761@ mywebsite . fr> Queued mail for
> delivery) Sep 10 18:54:24 my-host postfix/smtp[27280]: B31E43701E88:
> to=<leirbag22@ hotmail.com>, relay=mx4.hotmail.com[65.55.92.168]:25,
> delay=2.3, delays=0.79/0/1.1/0.41, dsn=2.0.0, status=sent (250
> <fab1aae28bfdd94e83cab45536ed995b@ mywebsite . fr> Queued mail for
> delivery) Sep 10 18:54:24 my-host postfix/smtp[27711]: 949E0370231B:
> to=<thebestcj18@ hotmail.com>, relay=mx1.hotmail.com[65.54.188.94]:25,
> delay=2.4, delays=0.47/0/1.4/0.52, dsn=2.0.0, status=sent (250
> <66f45a301693aaffd963970cf505ad0b@ mywebsite . fr> Queued mail for
> delivery) Sep 10 18:54:25 my-host postfix/smtp[27253]: 746EA3701D7C:
> to=<e_romero_0606@ live.com>, relay=mx3.hotmail.com[207.46.8.199]:25,
> delay=3, delays=1.1/0.01/1.3/0.51, dsn=2.0.0, status=sent (250
> <b6380a13f78128602b3fce4ebc69b369@ mywebsite . fr> Queued mail for
> delivery) Sep 10 18:54:25 my-host postfix/smtp[27300]: 577763701DC6:
> to=<rpmccreary@ hotmail.com>, relay=mx1.hotmail.com[65.55.33.135]:25,
> delay=3, delays=0.93/0/1.4/0.62, dsn=2.0.0, status=sent (250
> <ce07dac8196b58ab895833ffe69be4e5@ mywebsite . fr> Queued mail for
> delivery)
所有邮件均包含链接(色情、扑克等)
这是我的配置文件:/etc/postfix/main.cf
Code:
#######################
## GENERALS SETTINGS ##
#######################
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
append_dot_mydomain = no
readme_directory = no
delay_warning_time = 4h
mailbox_command = procmail -a "$EXTENSION"
recipient_delimiter = +
disable_vrfy_command = yes
message_size_limit = 502400000
mailbox_size_limit = 1024000000
inet_interfaces = all
inet_protocols = ipv4
myhostname = mon.domaine.fr
myorigin = mon.domaine.fr
mydestination = localhost localhost.$mydomain
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
relayhost =
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
####################
## TLS PARAMETERS ##
####################
# Smtp ( OUTGOING / Client )
smtp_tls_loglevel = 1
smtp_tls_security_level = may
#smtp_tls_CAfile = /etc/ssl/certs/ca.cert.pem
smtp_tls_protocols = !SSLv2, !SSLv3
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
smtp_tls_mandatory_ciphers = high
smtp_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, 3DES, RC2, RC4, MD5, PSK, SRP, DSS, AECDH, ADH
smtp_tls_note_starttls_offer = yes
# ---------------------------------------------------------------------------------------------------
# Smtpd ( INCOMING / Server )
smtpd_tls_loglevel = 1
#smtpd_tls_auth_only = yes
smtpd_tls_security_level = may
smtpd_tls_received_header = yes
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_mandatory_ciphers = medium
# Infos (voir : postconf -d)
# Medium cipherlist = aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@ STRENGTH
# High cipherlist = aNULL:-aNULL:ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@ STRENGTH
# smtpd_tls_exclude_ciphers = NE PAS modifier cette directive pour des raisons de compatibilité
# avec les autres serveurs de mail afin d'éviter une erreur du type
# "no shared cipher" ou "no cipher overlap" puis un fallback en
# plain/text...
# smtpd_tls_cipherlist = Ne pas modifier non plus !
#smtpd_tls_CAfile = $smtp_tls_CAfile
#smtpd_tls_cert_file = /etc/ssl/certs/mailserver.crt
#smtpd_tls_key_file = /etc/ssl/private/mailserver.key
smtp_tls_CAfile = /etc/letsencrypt/live/myhostname. fr/chain.pem
smtpd_tls_cert_file = /etc/letsencrypt/live/myhostname. fr/cert.pem
smtpd_tls_key_file = /etc/letsencrypt/live/myhostname. fr/privkey.pem
smtpd_tls_dh1024_param_file = $config_directory/dh2048.pem
smtpd_tls_dh512_param_file = $config_directory/dh512.pem
tls_preempt_cipherlist = yes
tls_random_source = dev:/dev/urandom
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
lmtp_tls_session_cache_database = btree:${data_directory}/lmtp_scache
# ----------------------------------------------------------------------
#####################
## SASL PARAMETERS ##
#####################
smtpd_sasl_auth_enable = yes
#smtp_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_authenticated_header = yes
broken_sasl_auth_clients = yes
##############################
## VIRTUALS MAPS PARAMETERS ##
##############################
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
virtual_minimum_uid = 5000
virtual_mailbox_base = /var/mail
virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf
######################
## ERRORS REPORTING ##
######################
######################
# notify_classes = bounce, delay, resource, software
notify_classes = resource, software
error_notice_recipient = me@ gmail. com
# delay_notice_recipient = admin@ domain. tld
# bounce_notice_recipient = admin@ domain. tld
# 2bounce_notice_recipient = admin@ domain. tld
##################
## RESTRICTIONS ##
##################
smtpd_recipient_restrictions =
check_sender_access hash:/etc/postfix/rejected-recipient,
reject_invalid_hostname,
reject_unauth_pipelining,
# permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_recipient,
reject_unauth_destination,
reject_unknown_recipient_domain,
reject_rbl_client zen.spamhaus. org
smtpd_helo_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname
# reject_unknown_helo_hostname
smtpd_client_restrictions =
permit_mynetworks,
permit_inet_interfaces,
permit_sasl_authenticated,
# reject_plaintext_session,
# reject_unauth_pipelining
smtpd_sender_restrictions =
check_sender_access hash:/etc/postfix/rejected-recipient,
reject_non_fqdn_sender,
reject_unknown_sender_domain
#reject_sender_login_mismatch
smtpd_milters = unix:/opendkim/opendkim.sock, unix:/opendmarc/opendmarc.sock, unix:/clamav/clamav-milter.ctl
mime_header_checks = regexp:/etc/postfix/header_checks
header_checks = regexp:/etc/postfix/header_checks
在此配置中,我已更新至此配置(仅添加了reject_rbl选项):此链接:howtoforge.com/block_spam_at_mta_level_postfix
因此我添加了:
##################
## RESTRICTIONS ##
##################
smtpd_helo_required = yes
disable_vrfy_command = yes
strict_rfc821_envelopes = yes
invalid_hostname_reject_code = 554
multi_recipient_bounce_reject_code = 554
non_fqdn_reject_code = 554
relay_domains_reject_code = 554
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unknown_local_recipient_reject_code = 554
unknown_relay_recipient_reject_code = 554
unknown_sender_reject_code = 554
unknown_virtual_alias_reject_code = 554
unknown_virtual_mailbox_reject_code = 554
unverified_recipient_reject_code = 554
unverified_sender_reject_code = 554
smtpd_recipient_restrictions =
#check_sender_access hash:/etc/postfix/rejected-recipient
reject_invalid_hostname,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_recipient,
reject_unauth_destination,
reject_unknown_recipient_domain,
reject_rbl_client zen.spamhaus. org,
#reject_rbl_client multi.uribl. com,
reject_rbl_client dsn.rfc-ignorant. org,
reject_rbl_client dul.dnsbl.sorbs. net,
reject_rbl_client list.dsbl. org,
reject_rbl_client sbl-xbl.spamhaus. org,
reject_rbl_client bl.spamcop. net,
reject_rbl_client dnsbl.sorbs. net,
reject_rbl_client cbl.abuseat. org,
reject_rbl_client dnsbl.sorbs. net,
reject_rbl_client cbl.abuseat. org,
reject_rbl_client ix.dnsbl.manitu. net,
reject_rbl_client combined.rbl.msrbl. net,
reject_rbl_client rabl.nuclearelephant. com,
reject_rbl_client badconf.rhsbl.sorbs. net,
reject_rbl_client ix.dnsbl.manitu. net,
reject_rbl_client nomail.rhsbl.sorbs. net,
permit
smtpd_helo_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname
# reject_unknown_helo_hostname
smtpd_client_restrictions =
permit_mynetworks,
permit_inet_interfaces,
permit_sasl_authenticated
# reject_plaintext_session,
# reject_unauth_pipelining
smtpd_sender_restrictions =
#reject_sender_login_mismatch,
#reject_authenticated_sender_login_mismatch,
reject_unauthenticated_sender_login_mismatch,
reject_unknown_sender_domain,
permit_sasl_authenticated,
#check_sender_access hash:/etc/postfix/rejected-recipient,
reject_non_fqdn_sender
它曾经运行完美,但现在,垃圾邮件发送者使用的邮件地址是:XXXXXXX@mywebsite.fr(而不是mywebsite.com)!
鸽舍日志:
Sep 14 10:02:15 auth-worker(10943): Info: sql(della_hall@ mywebsite . fr): unknown user
Sep 14 10:02:17 auth-worker(10943): Info: sql(joshua_spence@ mywebsite . fr): unknown user
Sep 14 10:02:18 auth-worker(10943): Info: sql(geraldine_fleming@ mywebsite . fr): unknown user
Sep 14 10:02:20 auth-worker(10943): Info: sql(genevieve_garcia@ mywebsite . fr): unknown user
Sep 14 10:02:20 auth-worker(10943): Info: sql(molly_munoz@ mywebsite . fr): unknown user
Sep 14 10:02:20 auth-worker(11073): Info: sql(jeanne_rhodes@ mywebsite . fr): unknown user
Sep 14 10:02:20 auth-worker(10943): Info: sql(samuel_barlow@ mywebsite . fr): unknown user
Sep 14 10:02:22 auth-worker(10943): Info: sql(julie_perez@ mywebsite . fr): unknown user
Sep 14 10:03:28 auth-worker(10943): Info: sql(dana_brewer@ mywebsite . fr): unknown user
Sep 14 10:03:29 auth-worker(10943): Info: sql(dana_brewer@ mywebsite . fr): unknown user
Sep 14 10:03:30 auth-worker(10943): Info: sql(dana_brewer@ mywebsite . fr): unknown user
Sep 14 10:03:31 auth-worker(10943): Info: sql(luz_newman@ mywebsite . fr): unknown user
Sep 14 10:03:33 auth-worker(10943): Info: sql(luz_newman@ mywebsite . fr): unknown user
Sep 14 10:05:01 auth-worker(11736): Info: sql(marian_mccormick@ mywebsite . fr): unknown user
Sep 14 10:05:01 auth-worker(11736): Info: sql(marian_mccormick@ mywebsite . fr): unknown user
Sep 14 10:05:03 auth-worker(11736): Info: sql(emma_welch@ mywebsite . fr): unknown user
Sep 14 10:05:03 auth-worker(11736): Info: sql(emma_welch@ mywebsite . fr): unknown user
Sep 14 10:06:51 auth-worker(11736): Info: sql(jennie_wheeler@ mywebsite . fr): unknown user
Sep 14 10:06:51 auth-worker(11736): Info: sql(samantha_porter@ mywebsite . fr): unknown user
Sep 14 10:06:51 auth-worker(11736): Info: sql(jennie_wheeler@ mywebsite . fr): unknown user
Sep 14 10:10:15 auth-worker(12510): Info: sql(lynda_little@ mywebsite . fr): unknown user
Sep 14 10:10:17 auth-worker(12510): Info: sql(deanna_salazar@ mywebsite . fr): unknown user
Sep 14 10:10:18 auth-worker(12510): Info: sql(deanna_salazar@ mywebsite . fr): unknown user
Sep 14 10:12:54 auth-worker(12871): Info: sql(candace_neal@ mywebsite . fr): unknown user
Sep 14 10:12:54 auth-worker(12871): Info: sql(suzanne_rodriguez@ mywebsite . fr): unknown user
Sep 14 10:12:54 auth-worker(12871): Info: sql(suzanne_rodriguez@ mywebsite . fr): unknown user
Sep 14 10:13:10 auth-worker(12871): Info: sql(suzanne_rodriguez@ mywebsite . fr): unknown user
Sep 14 10:13:19 auth-worker(12871): Info: sql(marsha_harris@ mywebsite . fr): unknown user
Sep 14 10:13:21 auth-worker(12871): Info: sql(marsha_harris@ mywebsite . fr): unknown user
Sep 14 10:13:21 auth-worker(12871): Info: sql(marsha_harris@ mywebsite . fr): unknown user
Sep 14 10:13:22 auth-worker(12871): Info: sql(marsha_harris@ mywebsite . fr): unknown user
Sep 14 10:13:26 auth-worker(12871): Info: sql(lorraine_bryant@ mywebsite . fr): unknown user
Sep 14 10:13:29 auth-worker(12871): Info: sql(lorraine_bryant@ mywebsite . fr): unknown user
Sep 14 10:13:29 auth-worker(12871): Info: sql(lorraine_bryant@ mywebsite . fr): unknown user
Sep 14 10:13:31 auth-worker(12871): Info: sql(gloria_mckinney@ mywebsite . fr): unknown user
Sep 14 10:14:32 auth-worker(13283): Info: sql(daniel_pickett@ mywebsite . fr): unknown user
Sep 14 10:14:32 auth-worker(13283): Info: sql(daniel_pickett@ mywebsite . fr): unknown user
Sep 14 10:14:33 auth-worker(13283): Info: sql(daniel_pickett@ mywebsite . fr): unknown user
请问,您对我有什么解决办法吗?
答案1
谢谢大家/ Rene 我解决了这个问题:我的 wordpress,即使正确更新,也被后门和线程文件感染了。