我最近在 Ubuntu 20.04 上设置了一个 Postfix 邮件服务器。该服务器主要用于将经过身份验证的用户的消息转发到外部世界。这样,工资单等应用程序或我们的各种 Web 应用程序就可以向用户发送电子邮件。
由于外发邮件有时会被标记为垃圾邮件(导致无法送达最终用户),我们还设置了 postfix 将所有邮件的副本保存到 Dovecot 中的存档邮箱中,可以通过 IMAP 访问。
我还没有开始使用它,但在测试中它似乎有效。
我还会收到每日服务器统计信息,这样我就可以监控它是否已被破坏,或者是否正常运行。
今天显示我的服务器发送了一封看似垃圾邮件的电子邮件,我不明白它是从哪里来的。
我的邮件日志显示它是由 postfix/pickup 进程接收的,我相信这意味着它是使用 maildrop 目录在本地生成的。但是,我不知道是什么原因造成的。
下面是 Mail.log,其中我的实际域名被“my-domain.co.uk”替换。
Oct 20 20:51:33 smtp postfix/pickup[122235]: 6932F1802EE: uid=0 from=<[email protected]>
Oct 20 20:51:33 smtp postfix/cleanup[122417]: 6932F1802EE: message-id=<[email protected]>
Oct 20 20:51:33 smtp postfix/qmgr[96237]: 6932F1802EE: from=<[email protected]>, size=362, nrcpt=2 (queue active)
Oct 20 20:51:33 smtp dovecot: lmtp(122427): Connect from local
Oct 20 20:51:33 smtp dovecot: lmtp(archive)<122427><6rUBHUVzcGE73gEAMbpG8w>: msgid=<[email protected]>: saved mail to INBOX
Oct 20 20:51:33 smtp dovecot: lmtp(122427): Disconnect from local: Client has quit the connection (state=READY)
Oct 20 20:51:33 smtp postfix/lmtp[122424]: 6932F1802EE: to=<[email protected]>, relay=smtp.my-domain.co.uk[private/dovecot-lmtp], delay=0.08, delays=0.02/0.02/0.03/0.01, dsn=2.0.0, status=sent (250 2.0.0 <[email protected]> 6rUBHUVzcGE73gEAMbpG8w Saved)
Oct 20 20:51:34 smtp postfix/smtp[122422]: 6932F1802EE: to=<[email protected]>, relay=smtp-in.libero.it[213.209.1.129]:25, delay=1.4, delays=0.02/0.02/0.52/0.89, dsn=2.0.0, status=sent (250 dHcbmPvGwsN2WdHcbmMIwS mail accepted for delivery)
Oct 20 20:51:34 smtp postfix/qmgr[96237]: 6932F1802EE: removed
我的服务器是否遭到了攻击?如果是这样,我该如何找到罪魁祸首?
此外,看起来 maildrop 目录被向我发送邮件统计信息的每日 cron 作业所使用,所以我认为我不能简单地禁用提取过程。
我最后检查的是 auth.log。我确信最近几天唯一成功的登录都是我自己的。尽管有很多次失败的尝试。
更新: postconf -Mf 输出:
smtp inet n - y - - smtpd
submission inet n - y - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_tls_auth_only=yes
pickup unix n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp
relay unix - - y - - smtp
-o syslog_name=postfix/$service_name
showq unix n - y - - showq
error unix - - y - - error
retry unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
postlog unix-dgram n - n - 1 postlogd
maildrop unix - n n - - pipe flags=DRhu
user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe flags=Fqhu
user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe flags=F user=ftn
argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe flags=Fq.
user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe flags=R
user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop}
${user} ${extension}
mailman unix - n n - - pipe flags=FR
user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop}
${user}
然后 postconf -n(再次将我的实际域名更改为 my-domain.co.uk)
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
always_bcc = [email protected]
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
compatibility_level = 2
inet_interfaces = all
inet_protocols = all
local_recipient_maps = hash:/etc/postfix/local_recipient_maps
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 50000000
mailbox_transport = lmtp:unix:private/dovecot-lmtp
mydestination = smtp.my-domain.co.uk, localhost
myhostname = smtp.my-domain.co.uk
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_tls_CApath = /etc/ssl/certs
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_cert_file = /etc/letsencrypt/live/smtp.my-domain.co.uk/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/smtp.my-domain.co.uk/privkey.pem
smtpd_tls_security_level = may