主题: 张工您好,邮箱被人用来发送垃圾邮件
服务器版本:
ubuntu14.04
iredmail版本:
0.9.6
问题描述:
无意中发现我的postfix被人大量用来发送垃圾邮件,有的时候from是空,有的时候是下面日志中的from如“from=<myrtle.o@pkumuna.org.cn>”,在vmail-mailbox表中没有看到此类用户,数据库没什么异常(在iredadmin中也没有看到)。
配置:
关闭了ClamAV、Amavis、灰名单,以及发送和接收时的扫描,配置了SPF等。开启了465端口的SMTPS。
注:
未进行过这个操作https://docs.iredmail.org/allow.user.to.send.email.without.authentication.html
请问是要看这个么?https://docs.iredmail.org/allow.certain.users.to.send.email.as.different.user.html
请问如何解决以及您估计问题在哪里?(是main.cf的问题?本想粘贴但是太长了)
mail.log日志节选1(这个ylmf-pc大量尝试过后开始出现异常的发送行为):
Feb 10 04:08:56 mail postfix/postscreen[9398]: CONNECT from [115.209.28.184]:52519 to [10.141.172.59]:25
Feb 10 04:08:56 mail postfix/postscreen[9398]: PREGREET 14 after 0.04 from [115.209.28.184]:52519: EHLO ylmf-pc\r\n
Feb 10 04:08:56 mail postfix/postscreen[9398]: HANGUP after 0.08 from [115.209.28.184]:52519 in tests after SMTP handshake
Feb 10 04:08:56 mail postfix/postscreen[9398]: DISCONNECT [115.209.28.184]:52519
Feb 10 04:12:46 mail postfix/pickup[9724]: E48D3E001: uid=33 from=<tanya.h@pkumuna.org.cn>
Feb 10 04:12:46 mail postfix/cleanup[9725]: E48D3E001: message-id=<bc247685bb6f0f150d6c1b5c0e4800ea@pkumuna.org.cn>
Feb 10 04:12:46 mail postfix/qmgr[1612]: E48D3E001: from=<tanya.h@pkumuna.org.cn>, size=1427, nrcpt=1 (queue active)
mail.log日志节选2(from有值):
Feb 18 07:02:08 mail postfix/smtp[8303]: 85AFBE80D: to=<alain.desmit@skynet.be>, relay=mx201.skynet.be[195.238.20.25]:25, delay=34092, delays=34045/0/46/0, dsn=4.0.0, status=deferred (host mx201.skynet.be[195.238.20.25] refused to talk to me: 421 #4.4.5 Too many connections from your host.)
Feb 18 07:02:08 mail postfix/smtp[8319]: 56D17E7EE: to=<thania@skynet.be>, relay=mx201.skynet.be[195.238.20.25]:25, delay=34092, delays=34045/0.04/47/0, dsn=4.0.0, status=deferred (host mx201.skynet.be[195.238.20.25] refused to talk to me: 421 #4.4.5 Too many connections from your host.)
Feb 18 07:02:08 mail postfix/smtp[8318]: 23376E740: host mx201.skynet.be[195.238.22.25] refused to talk to me: 421 #4.4.5 Too many connections from your host.
Feb 18 07:02:10 mail postfix/pickup[8217]: 2F90BF3FD: uid=33 from=<myrtle.o@pkumuna.org.cn>
Feb 18 07:02:10 mail postfix/cleanup[7916]: 2F90BF3FD: message-id=<271d1c44dfb2d885b37d34a96a166c26@pkumuna.org.cn>
Feb 18 07:02:10 mail postfix/qmgr[2354]: 2F90BF3FD: from=<myrtle.o@pkumuna.org.cn>, size=1448, nrcpt=1 (queue active)
Feb 18 07:02:10 mail postfix/pickup[8217]: 37B39F6B2: uid=33 from=<myrtle.o@pkumuna.org.cn>
Feb 18 07:02:10 mail postfix/cleanup[8397]: 37B39F6B2: message-id=<e94f6d3f51584dce848d191d6e90895c@pkumuna.org.cn>
Feb 18 07:02:10 mail postfix/qmgr[2354]: 37B39F6B2: from=<myrtle.o@pkumuna.org.cn>, size=1446, nrcpt=1 (queue active)
Feb 18 07:02:10 mail postfix/pickup[8217]: 3EC6CF75E: uid=33 from=<ellen.f@pkumuna.org.cn>
Feb 18 07:02:10 mail postfix/cleanup[7916]: 3EC6CF75E: message-id=<f3b7b81cd64e1b81bd76d30e94504052@pkumuna.org.cn>
Feb 18 07:02:10 mail postfix/qmgr[2354]: 3EC6CF75E: from=<ellen.f@pkumuna.org.cn>, size=1449, nrcpt=1 (queue active)
Feb 18 07:02:10 mail postfix/pickup[8217]: 4648DF77C: uid=33 from=<myrtle.o@pkumuna.org.cn>
Feb 18 07:02:10 mail postfix/cleanup[8397]: 4648DF77C: message-id=<273e21634d8e3f50be4e01c9eb3f0c2c@pkumuna.org.cn>
Feb 18 07:02:10 mail postfix/qmgr[2354]: 4648DF77C: from=<myrtle.o@pkumuna.org.cn>, size=1474, nrcpt=1 (queue active)
Feb 18 07:02:10 mail postfix/smtp[7964]: 062C7F750: to=<jessicajacucci@aol.com>, relay=mailin-02.mx.aol.com[152.163.0.68]:25, delay=643, delays=593/0/50/0, dsn=4.0.0, status=deferred (host mailin-02.mx.aol.com[152.163.0.68] refused to talk to me: 421 mtaig-aae04.mx.aol.com Service unavailable - try again later)
mail.log日志2如下(from为<>):
Feb 18 07:04:00 mail postfix/cleanup[8397]: 10B78F77C: message-id=<20180217230400.10B78F77C@mail.pkumuna.org.cn>
Feb 18 07:04:00 mail postfix/qmgr[2354]: 10B78F77C: from=<>, size=4156, nrcpt=1 (queue active)
Feb 18 07:04:00 mail postfix/bounce[8634]: 76484F7C4: sender non-delivery notification: 10B78F77C
Feb 18 07:04:00 mail postfix/qmgr[2354]: 76484F7C4: removed
Feb 18 07:04:00 mail postfix/smtp[8859]: 402A3F7BE: to=<elkhadirid@hotmail.com>, relay=hotmail-com.olc.protection.outlook.com[104.47.5.33]:25, delay=1.8, delays=0.02/0.56/0.95/0.3, dsn=5.7.1, status=bounced (host hotmail-com.olc.protection.outlook.com[104.47.5.33] said: 550 5.7.1 Unfortunately, messages from [139.199.108.65] weren't sent. Please contact your Internet service provider since part of their network is on our block list (AS3150). You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors. [HE1EUR02FT043.eop-EUR02.prod.protection.outlook.com] (in reply to MAIL FROM command))
Feb 18 07:04:00 mail postfix/smtp[8859]: 402A3F7BE: lost connection with hotmail-com.olc.protection.outlook.com[104.47.5.33] while sending RCPT TO
Feb 18 07:04:00 mail postfix/cleanup[8875]: 17029F79E: message-id=<20180217230400.17029F79E@mail.pkumuna.org.cn>
Feb 18 07:04:00 mail postfix/bounce[8634]: 402A3F7BE: sender non-delivery notification: 17029F79E
Feb 18 07:04:00 mail postfix/qmgr[2354]: 17029F79E: from=<>, size=4146, nrcpt=1 (queue active)