我发现有人多次尝试使用我的电子邮件服务器作为中继。helo 命令不是来自 FQDN,因此请求被拒绝。
有没有一种方法可以在多次“恶意”尝试后完全禁止 IP 地址,而无需发送 FQDN?
环境虚拟多域邮件服务器;
- VPS 上的 CentOS 8.2
- 后缀
- 鸽舍
- postfix管理员
- nft 或 nftables 作为防火墙
经过 5 - 10 次“失败”尝试或探测尝试后,IP 应该会被减慢或被禁止/阻止。
日志摘录:
from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<WIN-EM61SAN76UL>
from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<WIN-EM61SAN76UL>
from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<WIN-EM61SAN76UL>
from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<WIN-EM61SAN76UL>
from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<WIN-EM61SAN76UL>
from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<WIN-EM61SAN76UL>
from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<WIN-EM61SAN76UL>
from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<WIN-EM61SAN76UL>
from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<WIN-EM61SAN76UL>
from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<WIN-EM61SAN76UL>
from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<WIN-EM61SAN76UL>
from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<WIN-EM61SAN76UL>
from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<WIN-EM61SAN76UL>
虽然我在 postfix/main.cf 中设置了一些规则 - 但那些缺少的 FQDN 拒绝并没有被这些规则阻止:
smtpd_error_sleep_time = 10s
smtpd_soft_error_limit = 5
smtpd_hard_error_limit = 10
smtpd_client_connection_count_limit = 10
smtpd_client_connection_rate_limit = 20
smtpd_junk_command_limit = 5
smtpd_tls_auth_only = yes
smtp_destination_recipient_limit = 2