我在 Ubuntu 19.10 上运行 Postfix 邮件服务器,并将 mynetworks 设置为 localhost,因此任何中继电子邮件的尝试都会被阻止 - 即:
telnet emailserver.com 25
helo testing.com
mail from:<[email protected]>
rcpt to:<[email protected]>
554 5.7.1 <[email protected]>: Relay access denied
然而,该电子邮件服务器刚刚被添加到黑名单,查看当时的邮件日志,我看到如下行:
postfix/qmgr[1887]: 9B5D41BAA34: from=<[email protected]>, size=2536, nrcpt=20 (queue active)
postfix/smtp[6764]: 53FA21B94EE: to=<[email protected]>, relay=mx00.kundenserver.de[212.227.15.41]:25, delay=41155, delays=41154/0.96/0.1/0, dsn=4.0.0, status=deferred (host mx00.kundenserver.de[212.227.15.41] refused to talk to me: 554-kundenserver.de (mxeue011) Nemesis ESMTP Service not available 554-No SMTP service 554-Bad DNS PTR resource record. 554
postfix/error[6700]: 9B5D41BAA34: to=<[email protected]>, relay=none, delay=30007, delays=30007/0.02/0/0, dsn=4.0.0, status=deferred (delivery temporarily suspended: host mx-ha02.web.de[212.227.17.8] refused to talk to me: 554-web.de (mxweb113) Nemesis ESMTP Service not available 554-No SMTP service 554-Bad DNS PTR resource record. 554
发件人地址各不相同,而且不是服务器上存在的用户,所以我搞不清楚哪里出了问题。自 12 月 23 日 10:29 以来,邮件日志中一直充斥着类似上述消息,在此之前一切正常。
因此看起来我的服务器正在发送垃圾邮件,但根据我所做的测试,中继被拒绝,并且由于发件人电子邮件与任何用户都不匹配,我不知道谁的登录信息可能已被泄露,如果这是问题所在?
以下是我的配置中的相关部分:
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
# Restrictions
smtpd_helo_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_unlisted_recipient,
reject_unauth_destination
smtpd_sender_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_sender,
reject_unknown_sender_domain
smtpd_relay_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
defer_unauth_destination
mydestination = localhost
再查看一下邮件日志,看起来这些电子邮件可能正在通过我的服务器进行中继:
Dec 23 10:56:06 rwshosting1810 postfix/qmgr[1887]: E99061B9FB8: from=<[email protected]>, size=1911, nrcpt=20 (queue active)
Dec 23 10:56:07 rwshosting1810 postfix/qmgr[1887]: BDF221B9FC3: from=<[email protected]>, size=2754, nrcpt=20 (queue active)
Dec 23 10:56:07 rwshosting1810 amavis[14683]: (14683-12) Passed CLEAN {RelayedInbound}, [188.162.43.235]:38411 [188.162.43.235] <[email protected]> -> <[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>, Queue-ID: E99061B9FB8, Message-ID: <[email protected]>, mail_id: LkGzeR7_Yuv4, Hits: 1.885, size: 1911, queued_as: BDF221B9FC3, 1112 ms
Dec 23 10:57:40 rwshosting1810 postfix/smtp[12908]: C1F771B9FC6: to=<[email protected]>, relay=mta.21cn.com[183.61.185.83]:25, delay=1.8, delays=0.01/0.01/1.6/0.22, dsn=5.0.0, status=bounced (host mta.21cn.com[183.61.185.83] said: 501 Syntax: MAIL FROM: <address> zm-as1 (in reply to MAIL FROM command))
查看更多日志似乎[电子邮件保护]使用不同子网中的一系列不同 IP 地址。如果我在日志中搜索 IP 地址,则会看到如下条目:
Dec 23 12:52:58 rwshosting1810 postfix/submission/smtpd[16065]: connect from unknown[188.162.199.142]
Dec 23 12:52:58 rwshosting1810 postfix/submission/smtpd[16065]: lost connection after CONNECT from unknown[188.162.199.142]
Dec 23 12:52:58 rwshosting1810 postfix/submission/smtpd[16065]: disconnect from unknown[188.162.199.142] commands=0/0
Dec 23 12:52:59 rwshosting1810 amavis[21295]: (21295-07) Passed CLEAN {RelayedInbound}, [188.162.199.142]:11962 [188.162.199.142] <[email protected]> -> <[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>, Queue-ID: D80F51BA7EC, Message-ID: <[email protected]>, mail_id: w5hrPYA4CZZC, Hits: 5.681, size: 1964, queued_as: 58BA61BA7ED, 1377 ms
Dec 23 12:53:00 rwshosting1810 postfix/submission/smtpd[14803]: warning: hostname client.yota.ru does not resolve to address 188.162.199.142: Name or service not known
谢谢罗宾
答案1
我得到了相同的输出。虽然我使用 SASL 并将saslauthd -a shadow主机用作垃圾邮件中继。我注意到 SASL 的领域与我的真实领域不一致,这是因为我在将服务器投入生产之前为它使用了不同的主机名。将 SASL 领域与服务器的真实主机名同步后,授权现在就可以正常工作了。