垃圾邮件在我的邮件服务器上

时间:2017-03-07 14:58:01

标签: email spam postfix

我自己创建了一个带有postfix,dovecot,spamasasin的邮件服务器。 今天看着日志,发现了很多这个

Mar  7 15:38:30 chillihorse postfix/postscreen[16678]: CONNECT from [167.57.146.98]:65189 to [85.25.109.218]:25
Mar  7 15:38:30 chillihorse postfix/postscreen[16678]: WHITELISTED [167.57.146.98]:65189
Mar  7 15:38:30 chillihorse postfix/smtpd[16679]: connect from r167-57-146-98.dialup.adsl.anteldata.net.uy[167.57.146.98]
Mar  7 15:38:30 chillihorse amavis[16660]: (16660-07) Blocked SPAM {RejectedOpenRelay}, AM.PDP-SOCK [114.41.245.133] [114.41.245.133] <security@confirmation.net> -> <laxmi.s@vedainformatics.com>,<laxmi.sanitary@yahoo.in>,<laxmi.sbelal@ymail.com>,<laxmi.shaw@rediffmail.com>,<laxmi.shrestha@ntc.net.np>,<laxmi.singh911@yahoo.in>,<laxmi.soni@cmcltd.com>,<laxmi.srinivas@talentsprint.com>,<laxmi.thammisetti@tcs.com>,<laxmi.upadhyay@vodafone.com>,<laxmi.varajidas@sapo.pt>,<laxmi.vemaraju@cmcltd.com>,<laxmi1020@yahoo.co.in>,<laxmi1@rediffmail.com>,<laxmi2010@att.net>,<laxmi206@yahoo.co.in>,<laxmi214@yahoo.co.in>,<laxmi2906@bbox.fr>,<laxmi2_2005@yahoo.co.in>, Queue-ID: DCD211140503, Message-ID: <9afb09ce7510fef97257cee8fead42fdsecurity@confirmation.net>, mail_id: ynqCA95iv26B, Hits: 15.057, size: 48365, 784 ms
Mar  7 15:38:30 chillihorse postfix/cleanup[16833]: DCD211140503: milter-reject: END-OF-MESSAGE from 114-41-245-133.dynamic.hinet.net[114.41.245.133]: 5.7.0 Reject, id=16660-07 - spam; from=<security@confirmation.net> to=<laxmi2_2005@yahoo.co.in> proto=ESMTP helo=<220.152.56.78>
Mar  7 15:38:31 chillihorse postfix/smtpd[16824]: disconnect from 114-41-245-133.dynamic.hinet.net[114.41.245.133]
Mar  7 15:38:34 chillihorse postfix/smtpd[16679]: 7D7CB1140488: client=r167-57-146-98.dialup.adsl.anteldata.net.uy[167.57.146.98]
Mar  7 15:38:43 chillihorse postfix/smtpd[16679]: 7D7CB1140488: reject: RCPT from r167-57-146-98.dialup.adsl.anteldata.net.uy[167.57.146.98]: 450 4.1.2 <gunhild.jansson@kungsholmen.stockholm.se>: Recipient address rejected: Domain not found; from=<customers@payee.net> to=<gunhild.jansson@kungsholmen.stockholm.se> proto=ESMTP helo=<190.179.48.65>
Mar  7 15:38:46 chillihorse postfix/postscreen[16678]: CONNECT from [123.56.194.22]:59162 to [85.25.109.218]:25
Mar  7 15:38:46 chillihorse postfix/postscreen[16678]: WHITELISTED [123.56.194.22]:59162
Mar  7 15:38:46 chillihorse postfix/smtpd[16692]: connect from unknown[123.56.194.22]
Mar  7 15:38:52 chillihorse postfix/cleanup[16689]: 7D7CB1140488: message-id=<0385d5ce1708ef90563c0a70ac57e1e4customers@payee.net>
Mar  7 15:38:53 chillihorse postfix/smtpd[16692]: lost connection after MAIL from unknown[123.56.194.22]
Mar  7 15:38:53 chillihorse postfix/smtpd[16692]: disconnect from unknown[123.56.194.22]
Mar  7 15:38:54 chillihorse amavis[16659]: (16659-08) Blocked SPAM {RejectedOpenRelay}, AM.PDP-SOCK [167.57.146.98] [167.57.146.98] <customers@payee.net> -> <gunhandenizhan@yahoo.com>,<gunhanemrahsonmez@yahoo.com>,<gunhankutluk@yahoo.com.tr>,<gunhanlar@yahoo.com>,<gunhann@windowslive.com>,<gunhano@yahoo.com>,<gunhantatman@hotmail.com>,<gunhild.bjerre@live.dk>,<gunhild.bognaes@posten.no>,<gunhild.buestad@nordialaw.com>,<gunhild.claesson@home.se>,<gunhild.dahle@mrfylke.no>,<gunhild.dokkedal@yahoo.dk>,<gunhild.eriksson@tekniskamuseet.se>,<gunhild.h.synnestvedt@avinor.no>,<gunhild.haugnes@aftenposten.no>,<gunhild.holm@stofanet.dk>,<gunhild.johansen@utviklingssenteret.no>,<gunhild.ledang@alvdal.kommune.no>,<gunhild.melhuus@adecco.no>,<gunhild.nedal@stromstangen.no>,<gunhild.sallvin@swipnet.se>,<gunhild.stein@ezi.net>,<gunhild.vatn@ntnu.no>,<gunhild.viden@class.gu.se>,<gunhild79@hotmail.com>,<gunhild@brafolk.no>,<gunhild@hum.ku.dk>,<gunhild@ofir.dk>, Queue-ID: 7D7CB1140488, Message-ID: <0385d5ce1708ef90563c0a70...
Mar  7 15:38:54 chillihorse amavis[16659]: (16659-08) ...ac57e1e4customers@payee.net>, mail_id: is6lNnFaXjWt, Hits: 15.951, size: 48715, 1031 ms
Mar  7 15:38:54 chillihorse postfix/cleanup[16689]: 7D7CB1140488: milter-reject: END-OF-MESSAGE from r167-57-146-98.dialup.adsl.anteldata.net.uy[167.57.146.98]: 5.7.0 Reject, id=16659-08 - spam; from=<customers@payee.net> to=<gunhild@ofir.dk> proto=ESMTP helo=<190.179.48.65>
Mar  7 15:38:55 chillihorse postfix/smtpd[16679]: disconnect from r167-57-146-98.dialup.adsl.anteldata.net.uy[167.57.146.98]

mailq中也有邮件。我的知识产权因此被列入黑名单。 但这怎么可能呢?我的意思是这些是不适合我的域名的邮件地址,并且在我的系统上没有用户帐户。 感谢您提供有关如何阻止此垃圾邮件的任何帮助。

POSTCONF正 

alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
bounce_queue_lifetime = 5m
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
inet_interfaces = 127.0.0.1, 85.25.109.218
local_recipient_maps = $virtual_mailbox_maps
mailbox_size_limit = 0
maximal_backoff_time = 15m
maximal_queue_lifetime = 15m
message_size_limit = 52428800
milter_default_action = accept
milter_protocol = 2
minimal_backoff_time = 5m
myhostname = mail.chillihorse.de
mynetworks = 0.0.0.0/0 [::ffff:127.0.0.0]/104 [::1]/128
non_smtpd_milters = unix:/var/run/opendkim/opendkim.sock
postscreen_access_list = permit_mynetworks cidr:/etc/postfix/postscreen_access
postscreen_blacklist_action = drop
postscreen_dnsbl_action = drop
postscreen_dnsbl_sites = dnsbl.sorbs.net*1, bl.spamcop.net*1, ix.dnsbl.manitu.net*2, zen.spamhaus.org*2
postscreen_dnsbl_threshold = 2
postscreen_greet_action = drop
queue_run_delay = 5m
recipient_delimiter = +
smtp_dns_support_level = dnssec
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_ciphers = high
smtp_tls_policy_maps = mysql:/etc/postfix/sql/tls-policy.cf
smtp_tls_protocols = !SSLv2, !SSLv3
smtp_tls_security_level = dane
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_client_restrictions = permit_mynetworks check_client_access hash:/etc/postfix/without_ptr reject_unknown_client_hostname
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_milters = unix:/var/run/amavis/amavisd-milter.sock, unix:/var/run/opendkim/opendkim.sock
smtpd_recipient_restrictions = check_recipient_access mysql:/etc/postfix/sql/recipient-access.cf
smtpd_relay_restrictions = reject_non_fqdn_recipient reject_unknown_recipient_domain permit_mynetworks reject_unauth_destination
smtpd_tls_cert_file = /etc/letsencrypt/live/chillihorse.de/fullchain.pem
smtpd_tls_ciphers = high
smtpd_tls_dh1024_param_file = /etc/myssl/dh2048.pem
smtpd_tls_key_file = /etc/letsencrypt/live/chillihorse.de/privkey.pem
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
tls_high_cipherlist = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA
tls_ssl_options = NO_COMPRESSION
virtual_alias_maps = mysql:/etc/postfix/sql/aliases.cf
virtual_mailbox_domains = mysql:/etc/postfix/sql/domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/sql/accounts.cf
virtual_transport = lmtp:unix:private/dovecot-lmtp

2 个答案:

答案 0 :(得分:0)

删除此mynetworks = 0.0.0.0/0 [::ffff:127.0.0.0]/104 [::1]/128
只放你的网络
您的服务器正在作为开放中继工作

答案 1 :(得分:0)

行: mynetworks = 0.0.0.0/0 [::ffff:127.0.0.0]/104 [:: 1] / 128

0.0.0.0/0是不好的部分。 如果您的本地网络是192.168.1.0,那么: mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [:: 1] / 128 192.168.1.0/24 将更好地工作,其他地址用于环回和内部通信。

相关问题
最新问题