Question

我收到了AOL的电子邮件滥用行为报告，以下电子邮件被触发为垃圾邮件：

Date: 09 Jan 2017 10:08:12 +0000
Message-ID: <20170109100812.8052.qmail@my.domain.com>
Subject: Order Cheap Meds. Save up to 70%. New 12 products. Deliver to your home.
Reply-To: ViagraCialisMD@www.dealbroker.nl
MIME-Version: 1.0
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
From: <ViagraCialisMD@www.dealbroker.nl>
To: 

很容易看出他们的评估是正确的。

我正在使用Postfix设置的专用Debian 7.11服务器。我没有提到上述域名www.dealbroker.nl

我搜索了mail.log和phpmail.log（在php.ini中配置，记录通过php发送的所有邮件）的邮件ID和“dealbroker”，但无法找到任何事件。

服务器上的每个域都通过Rackspace的mailgun服务传递其邮件。我也经历了他们的日志并且空了。

我确信我设置的Postfix的main.cf配置不允许这样做。

postconf -n

alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
anvil_rate_time_unit = 60s
append_dot_mydomain = no
biff = no
body_checks = regexp:/etc/postfix/body_checks
bounce_queue_lifetime = 12h
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
content_filter = amavis:[127.0.0.1]:10024
greylisting = check_policy_service inet:127.0.0.1:10023
header_checks = regexp:/etc/postfix/header_checks
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
inet_protocols = all
local_recipient_maps = $virtual_mailbox_maps
local_transport = virtual
mailbox_size_limit = 0
maildrop_destination_concurrency_limit = 1
maildrop_destination_recipient_limit = 1
maximal_queue_lifetime = 12h
message_size_limit = 0
mime_header_checks = regexp:/etc/postfix/mime_header_checks
mydestination = my.domain.com, localhost, localhost.localdomain
myhostname = my.domain.com
mynetworks = 127.0.0.0/8 [::1]/128
myorigin = /etc/mailname
nested_header_checks = regexp:/etc/postfix/nested_header_checks
owner_request_special = no
policy-spf_time_limit = 3600s
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps
readme_directory = /usr/share/doc/postfix
receive_override_options = no_address_mappings
recipient_delimiter = +
relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
relayhost =
sender_bcc_maps = proxy:mysql:/etc/postfix/mysql-virtual_outgoing_bcc.cf
sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relay
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sender_dependent_authentication = yes
smtp_tls_exclude_ciphers = RC4, aNULL
smtp_tls_protocols = !SSLv2,!SSLv3
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_client_message_rate_limit = 100
smtpd_client_recipient_rate_limit = 50
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_reverse_client_hostname, check_client_access mysql:/etc/postfix/mysql-virtual_client.cf, reject_rbl_client cbl.abuseat.org
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_delay_reject = yes
smtpd_hard_error_limit = 20
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, check_helo_access regexp:/etc/postfix/blacklist_helo
smtpd_recipient_limit = 50
smtpd_recipient_overshoot_limit = 51
smtpd_recipient_restrictions = reject_non_fqdn_recipient, reject_unknown_recipient_domain, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, check_policy_service unix:private/policy-spf
smtpd_reject_unlisted_sender = yes
smtpd_restriction_classes = greylisting
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender_login_maps.cf
smtpd_sender_restrictions = reject_unknown_sender_domain, reject_non_fqdn_sender, check_sender_access regexp:/etc/postfix/tag_as_originating.re , permit_mynetworks, permit_sasl_authenticated, check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf, check_sender_access regexp:/etc/postfix/tag_as_foreign.re
smtpd_tls_CApath = /etc/postfix
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_exclude_ciphers = RC4, aNULL
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2,!SSLv3
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
strict_rfc821_envelopes = yes
transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
virtual_alias_domains =
virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_limit = 0
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_transport = maildrop

如何找到此电子邮件的来源？

除了Postfix发送邮件之外我还有别的东西吗？

非常感谢任何帮助。

Answer 1

看起来垃圾邮件是使用qmail而不是postfix发送的。

它可能来自您的网络，但您确定它来自您的服务器吗？您的服务器是否具有直接的Internet IP或是否通过防火墙？如果您有防火墙，请检查其中的日志，看看您是否可以分辨出电子邮件的来源。

您的网络上是否有WiFi接入点？可能是有人从另一台计算机连接到您的网络并使用它来发送垃圾邮件。

Answer 2

该行：

docker.build('oracle', 'docker/oracle')

建议将电子邮件标记为垃圾邮件，因为它没有SPF记录

Postfix从未列出的发件人发送垃圾邮件

2 个答案: