O postfix parece enviar spam

Question

O postfix parece enviar spam

#1 resposta do (5 votos)
#2 resposta do (4 votos)

2

Eu descobri recentemente isso no meu postfix-log:

Aug  4 11:09:12 mail postfix/smtpd[71597]: connect from unknown[59.88.35.206]
Aug  4 11:09:14 mail postfix/smtpd[71597]: Anonymous TLS connection established from unknown[59.88.35.206]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Aug  4 11:09:17 mail postfix/smtpd[71597]: 1AE3B7EC3D: client=unknown[59.88.35.206], sasl_method=PLAIN, [email protected]
Aug  4 11:09:30 mail postfix/cleanup[71606]: 1AE3B7EC3D: message-id=<[email protected]>
Aug  4 11:09:30 mail opendkim[24666]: 1AE3B7EC3D: DKIM-Signature field added (s=mail, d=MYDOMAINCOM2012)
Aug  4 11:09:30 mail postfix/qmgr[27543]: 1AE3B7EC3D: from=<[email protected]>, size=2149, nrcpt=20 (queue active)
Aug  4 11:09:31 mail postfix/smtpd[71611]: connect from MAIL.example.com[172.16.0.3]
Aug  4 11:09:31 mail postfix/smtpd[71611]: 14C4C7EC57: client=MAIL.example.com[172.16.0.3]
Aug  4 11:09:31 mail postfix/cleanup[71606]: 14C4C7EC57: message-id=<[email protected]>
Aug  4 11:09:31 mail postfix/smtpd[71611]: disconnect from MAIL.example.com[172.16.0.3]
Aug  4 11:09:31 mail postfix/qmgr[27543]: 14C4C7EC57: from=<[email protected]>, size=2891, nrcpt=20 (queue active)
Aug  4 11:09:31 mail postfix/lmtp[71609]: 1AE3B7EC3D: to=<[email protected]>, relay=172.16.0.3[172.16.0.3]:10024, delay=15, delays=14/0.06/0.03/0.47, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as 14C4C7EC57)
Aug  4 11:09:31 mail postfix/lmtp[71609]: 1AE3B7EC3D: to=<[email protected]>, relay=172.16.0.3[172.16.0.3]:10024, delay=15, delays=14/0.06/0.03/0.47, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as 14C4C7EC57)
Aug  4 11:09:31 mail postfix/lmtp[71609]: 1AE3B7EC3D: to=<[email protected]>, relay=172.16.0.3[172.16.0.3]:10024, delay=15, delays=14/0.06/0.03/0.47, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as 14C4C7EC57)
Aug  4 11:09:31 mail postfix/lmtp[71609]: 1AE3B7EC3D: to=<[email protected]>, relay=172.16.0.3[172.16.0.3]:10024, delay=15, delays=14/0.06/0.03/0.47, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as 14C4C7EC57)
Aug  4 11:09:31 mail postfix/lmtp[71609]: 1AE3B7EC3D: to=<[email protected]>, relay=172.16.0.3[172.16.0.3]:10024, delay=15, delays=14/0.06/0.03/0.47, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as 14C4C7EC57)
Aug  4 11:09:31 mail postfix/lmtp[71609]: 1AE3B7EC3D: to=<[email protected]>, relay=172.16.0.3[172.16.0.3]:10024, delay=15, delays=14/0.06/0.03/0.47, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as 14C4C7EC57)
Aug  4 11:09:31 mail postfix/lmtp[71609]: 1AE3B7EC3D: to=<[email protected]>, relay=172.16.0.3[172.16.0.3]:10024, delay=15, delays=14/0.06/0.03/0.47, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as 14C4C7EC57)
Aug  4 11:09:31 mail postfix/lmtp[71609]: 1AE3B7EC3D: to=<[email protected]>, relay=172.16.0.3[172.16.0.3]:10024, delay=15, delays=14/0.06/0.03/0.47, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as 14C4C7EC57)
Aug  4 11:09:31 mail postfix/lmtp[71609]: 1AE3B7EC3D: to=<[email protected]>, relay=172.16.0.3[172.16.0.3]:10024, delay=15, delays=14/0.06/0.03/0.47, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as 14C4C7EC57)
Aug  4 11:09:31 mail postfix/lmtp[71609]: 1AE3B7EC3D: to=<[email protected]>, relay=172.16.0.3[172.16.0.3]:10024, delay=15, delays=14/0.06/0.03/0.47, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as 14C4C7EC57)
Aug  4 11:09:31 mail postfix/lmtp[71609]: 1AE3B7EC3D: to=<[email protected]>, relay=172.16.0.3[172.16.0.3]:10024, delay=15, delays=14/0.06/0.03/0.47, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as 14C4C7EC57)
Aug  4 11:09:31 mail postfix/lmtp[71609]: 1AE3B7EC3D: to=<[email protected]>, relay=172.16.0.3[172.16.0.3]:10024, delay=15, delays=14/0.06/0.03/0.47, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as 14C4C7EC57)
Aug  4 11:09:31 mail postfix/lmtp[71609]: 1AE3B7EC3D: to=<[email protected]>, relay=172.16.0.3[172.16.0.3]:10024, delay=15, delays=14/0.06/0.03/0.47, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as 14C4C7EC57)
Aug  4 11:09:31 mail postfix/lmtp[71609]: 1AE3B7EC3D: to=<[email protected]>, relay=172.16.0.3[172.16.0.3]:10024, delay=15, delays=14/0.06/0.03/0.47, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as 14C4C7EC57)
Aug  4 11:09:31 mail postfix/lmtp[71609]: 1AE3B7EC3D: to=<[email protected]>, relay=172.16.0.3[172.16.0.3]:10024, delay=15, delays=14/0.06/0.03/0.47, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as 14C4C7EC57)
Aug  4 11:09:31 mail postfix/lmtp[71609]: 1AE3B7EC3D: to=<[email protected]>, relay=172.16.0.3[172.16.0.3]:10024, delay=15, delays=14/0.06/0.03/0.47, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as 14C4C7EC57)
Aug  4 11:09:31 mail postfix/lmtp[71609]: 1AE3B7EC3D: to=<[email protected]>, relay=172.16.0.3[172.16.0.3]:10024, delay=15, delays=14/0.06/0.03/0.47, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as 14C4C7EC57)
Aug  4 11:09:31 mail postfix/lmtp[71609]: 1AE3B7EC3D: to=<[email protected]>, relay=172.16.0.3[172.16.0.3]:10024, delay=15, delays=14/0.06/0.03/0.47, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as 14C4C7EC57)
Aug  4 11:09:31 mail postfix/lmtp[71609]: 1AE3B7EC3D: to=<[email protected]>, relay=172.16.0.3[172.16.0.3]:10024, delay=15, delays=14/0.06/0.03/0.47, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as 14C4C7EC57)
Aug  4 11:09:31 mail postfix/qmgr[27543]: 1AE3B7EC3D: removed
Aug  4 11:09:31 mail postfix/smtpd[71597]: 968227EC58: client=unknown[59.88.35.206], sasl_method=PLAIN, [email protected]
Aug  4 11:09:31 mail postfix/smtp[71612]: 14C4C7EC57: to=<[email protected]>, relay=mx.bluebottle.com[136.243.21.189]:25, delay=0.61, delays=0.05/0.02/0.22/0.32, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 37DBE9EC4)
Aug  4 11:09:32 mail postfix/smtp[71618]: 14C4C7EC57: to=<[email protected]>, relay=vfxplc.com.inbound10.mxlogic.net[208.65.144.3]:25, delay=1.6, delays=0.05/0.05/0.6/0.85, dsn=5.0.0, status=bounced (host vfxplc.com.inbound10.mxlogic.net[208.65.144.3] said: 554 Denied [CS] [b6d90c55.0.552923.00-2289.1107665.p02c11m005.mxlogic.net] (Mode: normal) (in reply to end of DATA command))
Aug  4 11:09:32 mail postfix/smtp[71616]: 14C4C7EC57: to=<[email protected]>, relay=mx4.hotmail.com[65.55.33.119]:25, delay=1.6, delays=0.05/0.04/0.49/1, dsn=2.0.0, status=sent (250  <[email protected]> Queued mail for delivery)
Aug  4 11:09:32 mail postfix/smtp[71614]: 14C4C7EC57: to=<[email protected]>, relay=equitydirect.co.ke.inbound10.mxlogicmx.net[208.65.145.3]:25, delay=1.6, delays=0.05/0.03/0.9/0.66, dsn=5.0.0, status=bounced (host equitydirect.co.ke.inbound10.mxlogicmx.net[208.65.145.3] said: 554 Denied [CS] [b6d90c55.0.778752.00-2304.1523550.s12p02m085.mxlogic.net] (Mode: normal) (in reply to end of DATA command))
Aug  4 11:09:32 mail postfix/smtp[71620]: 14C4C7EC57: to=<[email protected]>, relay=mx-eu.mail.am0.yahoodns.net[188.125.69.79]:25, delay=1.8, delays=0.05/0.07/0.08/1.6, dsn=2.0.0, status=sent (250 ok dirdel 4/2)
Aug  4 11:09:32 mail postfix/smtp[71620]: 14C4C7EC57: to=<[email protected]>, relay=mx-eu.mail.am0.yahoodns.net[188.125.69.79]:25, delay=1.8, delays=0.05/0.07/0.08/1.6, dsn=2.0.0, status=sent (250 ok dirdel 4/2)
Aug  4 11:09:32 mail postfix/smtp[71620]: 14C4C7EC57: to=<[email protected]>, relay=mx-eu.mail.am0.yahoodns.net[188.125.69.79]:25, delay=1.8, delays=0.05/0.07/0.08/1.6, dsn=2.0.0, status=sent (250 ok dirdel 4/2)
Aug  4 11:09:32 mail postfix/smtp[71620]: 14C4C7EC57: to=<[email protected]>, relay=mx-eu.mail.am0.yahoodns.net[188.125.69.79]:25, delay=1.8, delays=0.05/0.07/0.08/1.6, dsn=2.0.0, status=sent (250 ok dirdel 4/2)
Aug  4 11:09:32 mail postfix/smtp[71620]: 14C4C7EC57: to=<[email protected]>, relay=mx-eu.mail.am0.yahoodns.net[188.125.69.79]:25, delay=1.8, delays=0.05/0.07/0.08/1.6, dsn=2.0.0, status=sent (250 ok dirdel 4/2)
Aug  4 11:09:32 mail postfix/smtp[71620]: 14C4C7EC57: to=<[email protected]>, relay=mx-eu.mail.am0.yahoodns.net[188.125.69.79]:25, delay=1.8, delays=0.05/0.07/0.08/1.6, dsn=2.0.0, status=sent (250 ok dirdel 4/2)
Aug  4 11:09:33 mail postfix/smtp[71613]: 14C4C7EC57: to=<[email protected]>, relay=mx.bt.lon5.cpcloud.co.uk[65.20.0.49]:25, delay=2.5, delays=0.05/0.02/0.08/2.4, dsn=2.0.0, status=sent (250 <55BF549902860DA2> Mail accepted)
Aug  4 11:09:35 mail postfix/smtp[71615]: 14C4C7EC57: to=<[email protected]>, relay=mx1.safaricombusiness.co.ke[41.203.208.3]:25, delay=4.2, delays=0.05/0.03/2.6/1.5, dsn=2.0.0, status=sent (250 ok:  Message 1038363882 accepted)
Aug  4 11:09:35 mail postfix/smtp[71615]: 14C4C7EC57: to=<[email protected]>, relay=mx1.safaricombusiness.co.ke[41.203.208.3]:25, delay=4.2, delays=0.05/0.03/2.6/1.5, dsn=2.0.0, status=sent (250 ok:  Message 1038363882 accepted)
Aug  4 11:09:35 mail postfix/smtp[71615]: 14C4C7EC57: to=<[email protected]>, relay=mx1.safaricombusiness.co.ke[41.203.208.3]:25, delay=4.2, delays=0.05/0.03/2.6/1.5, dsn=2.0.0, status=sent (250 ok:  Message 1038363882 accepted)
Aug  4 11:09:36 mail postfix/smtp[71621]: 14C4C7EC57: to=<[email protected]>, relay=mta5.am0.yahoodns.net[98.138.112.32]:25, delay=5.7, delays=0.05/0.07/0.41/5.2, dsn=2.0.0, status=sent (250 ok dirdel 4/0)
Aug  4 11:09:36 mail postfix/smtp[71621]: 14C4C7EC57: to=<[email protected]>, relay=mta5.am0.yahoodns.net[98.138.112.32]:25, delay=5.7, delays=0.05/0.07/0.41/5.2, dsn=2.0.0, status=sent (250 ok dirdel 4/0)
Aug  4 11:09:36 mail postfix/smtp[71621]: 14C4C7EC57: to=<[email protected]>, relay=mta5.am0.yahoodns.net[98.138.112.32]:25, delay=5.7, delays=0.05/0.07/0.41/5.2, dsn=2.0.0, status=sent (250 ok dirdel 4/0)
Aug  4 11:09:36 mail postfix/smtp[71621]: 14C4C7EC57: to=<[email protected]>, relay=mta5.am0.yahoodns.net[98.138.112.32]:25, delay=5.7, delays=0.05/0.07/0.41/5.2, dsn=2.0.0, status=sent (250 ok dirdel 4/0)
Aug  4 11:09:43 mail postfix/cleanup[71606]: 968227EC58: message-id=<[email protected]>
Aug  4 11:09:43 mail opendkim[24666]: 968227EC58: DKIM-Signature field added (s=mail, d=MYDOMAINCOM2012)
Aug  4 11:09:43 mail postfix/qmgr[27543]: 968227EC58: from=<[email protected]>, size=2204, nrcpt=20 (queue active)
Aug  4 11:09:43 mail postfix/smtpd[71611]: connect from MAIL.example.com[172.16.0.3]
Aug  4 11:09:43 mail postfix/smtpd[71611]: B0D2D7EC70: client=MAIL.example.com[172.16.0.3]
Aug  4 11:09:43 mail postfix/cleanup[71606]: B0D2D7EC70: message-id=<[email protected]>
Aug  4 11:09:43 mail postfix/smtpd[71611]: disconnect from MAIL.example.com[172.16.0.3]
Aug  4 11:09:43 mail postfix/qmgr[27543]: B0D2D7EC70: from=<[email protected]>, size=2946, nrcpt=20 (queue active)
Aug  4 11:09:43 mail amavis[24687]: (24687-07) Passed CLEAN {RelayedOpenRelay}, [59.88.35.206]:4678 [59.88.35.206] <[email protected]> -> <[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>, Queue-ID: 968227EC58, Message-ID: <[email protected]>, mail_id: JR1l308kvN-H, Hits: -, size: 2531, queued_as: B0D2D7EC70, 378 ms
Aug  4 11:09:43 mail postfix/lmtp[71609]: 968227EC58: to=<[email protected]>, relay=172.16.0.3[172.16.0.3]:10024, delay=13, delays=12/0/0.01/0.38, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as B0D2D7EC70)
Aug  4 11:09:43 mail postfix/lmtp[71609]: 968227EC58: to=<[email protected]>, relay=172.16.0.3[172.16.0.3]:10024, delay=13, delays=12/0/0.01/0.38, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as B0D2D7EC70)
Aug  4 11:09:43 mail postfix/lmtp[71609]: 968227EC58: to=<[email protected]>, relay=172.16.0.3[172.16.0.3]:10024, delay=13, delays=12/0/0.01/0.38, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as B0D2D7EC70)
Aug  4 11:09:43 mail postfix/lmtp[71609]: 968227EC58: to=<[email protected]>, relay=172.16.0.3[172.16.0.3]:10024, delay=13, delays=12/0/0.01/0.38, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as B0D2D7EC70)
Aug  4 11:09:43 mail postfix/lmtp[71609]: 968227EC58: to=<[email protected]>, relay=172.16.0.3[172.16.0.3]:10024, delay=13, delays=12/0/0.01/0.38, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as B0D2D7EC70)
Aug  4 11:09:43 mail postfix/lmtp[71609]: 968227EC58: to=<[email protected]>, relay=172.16.0.3[172.16.0.3]:10024, delay=13, delays=12/0/0.01/0.38, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as B0D2D7EC70)
Aug  4 11:09:43 mail postfix/lmtp[71609]: 968227EC58: to=<[email protected]>, relay=172.16.0.3[172.16.0.3]:10024, delay=13, delays=12/0/0.01/0.38, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as B0D2D7EC70)
Aug  4 11:09:43 mail postfix/lmtp[71609]: 968227EC58: to=<[email protected]>, relay=172.16.0.3[172.16.0.3]:10024, delay=13, delays=12/0/0.01/0.38, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as B0D2D7EC70)
Aug  4 11:09:43 mail postfix/lmtp[71609]: 968227EC58: to=<[email protected]>, relay=172.16.0.3[172.16.0.3]:10024, delay=13, delays=12/0/0.01/0.38, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as B0D2D7EC70)
Aug  4 11:09:43 mail postfix/lmtp[71609]: 968227EC58: to=<[email protected]>, relay=172.16.0.3[172.16.0.3]:10024, delay=13, delays=12/0/0.01/0.38, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as B0D2D7EC70)
Aug  4 11:09:43 mail postfix/lmtp[71609]: 968227EC58: to=<[email protected]>, relay=172.16.0.3[172.16.0.3]:10024, delay=13, delays=12/0/0.01/0.38, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as B0D2D7EC70)

172.16.0.3 é o IP interno da minha cadeia de servidores de email.

Eu tenho um pouco de dificuldade para interpretar este log. Isso significa que alguém está usando meu nome de usuário ([email protected]) para enviar spam? Se sim, então como é possível e como faço para corrigir isso?

Este é o meu postfix main.cf:

### GENERAL
smtpd_banner = $myhostname ESMTP $mail_name
biff = no
append_dot_mydomain = no
daemon_directory = /usr/local/libexec/postfix
command_directory = /usr/local/sbin
myhostname = MAIL.example.com
myorigin = example.com
mydestination = 172.16.0.3
#relayhost =
mynetworks = 172.16.0.0/12 127.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
alias_database = hash:/etc/aliases
alias_maps = $alias_database
message_size_limit = 50000000
smtpd_helo_required = yes

### VIRTUAL
virtual_mailbox_domains = pgsql:/usr/local/etc/postfix/postgres-virtual-mailbox-domains.cf
virtual_mailbox_base = /var/vmail
virtual_mailbox_maps = pgsql:/usr/local/etc/postfix/postgres-virtual-mailbox-maps.cf
virtual_alias_maps = pgsql:/usr/local/etc/postfix/postgres-virtual-alias-maps.cf
virtual_minimum_uid = 150
virtual_uid_maps = static:150
virtual_gid_maps = static:6
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1

### SASL Authentication
smtpd_sasl_auth_enable = yes
smtpd_sasl_exceptions_networks = $mynetworks
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth

smtpd_tls_cert_file = /usr/local/etc/ssl/MAIL.example.com/private.crt
smtpd_tls_key_file = /usr/local/etc/ssl/MAIL.example.com/private.key
smtpd_tls_CAfile = /usr/local/etc/ssl/MAIL.example.com/cacert.pem
smtpd_tls_security_level = may
smtpd_tls_received_header = no
smtpd_tls_loglevel = 1
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
tls_random_source = dev:/dev/urandom

debug_peer_level                = 2
debugger_command                =
show_user_unknown_table_name    = no

### LIMITATIONS
smtpd_client_restrictions =
    permit_mynetworks,
    permit_sasl_authenticated,
    reject_rbl_client ix.dnsbl.manitu.net,
    reject_rbl_client dnsbl.sorbs.net,
    reject_rbl_client sbl-xbl.spamhaus.org,
    reject_rbl_client zen.spamhaus.org,
    reject_rbl_client blackholes.easynet.nl,
    reject_rbl_client dialup.blacklist.jippg.org,
    reject_rbl_client cbl.abuseat.org,
    reject_rbl_client bl.spamcop.net,
    reject_rbl_client sbl.spamhaus.org,
    reject_rbl_client t1.dnsbl.net.au,
    reject_rhsbl_client block.rhs.mailpolice.com,
    reject_rhsbl_client dynamic.rhs.mailpolice.com,
    reject_rhsbl_client rhsbl.sorbs.net,
    reject_rhsbl_client bogusmx.rfc-ignorant.org

smtpd_sender_restrictions =
    permit_mynetworks,
    permit_sasl_authenticated,
    reject_unknown_sender_domain,
    reject_sender_login_mismatch,
    reject_rhsbl_sender rhsbl.sorbs.net,
    reject_rhsbl_sender rddb.dnsbl.net.au,
    reject_rhsbl_sender endn.dnsbl.net.au,
    reject_rhsbl_sender rhsbl.sorbs.net,
    reject_rhsbl_sender block.rhs.mailpolice.com,
    reject_rhsbl_sender dynamic.rhs.mailpolice.com

smtpd_recipient_restrictions =
  permit_mynetworks,
  permit_sasl_authenticated,
  reject_unauth_destination,
  reject_unknown_recipient_domain,
  reject_rbl_client ix.dnsbl.manitu.net,
  reject_rbl_client dnsbl.sorbs.net,
  reject_rbl_client bl.spamcop.net,
  reject_rbl_client zen.spamhaus.org,
  reject_rbl_client dnsbl-1.uceprotect.net


readme_directory = /usr/local/share/doc/postfix
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
html_directory = /usr/local/share/doc/postfix
setgid_group = maildrop
manpage_directory = /usr/local/man
newaliases_path = /usr/local/bin/newaliases
mailq_path = /usr/local/bin/mailq
queue_directory = /var/spool/postfix
mail_owner = postfix
data_directory = /var/db/postfix
disable_vrfy_command = yes
smtpd_delay_reject = yes
content_filter = amavisfeed:[172.16.0.3]:10024
#receive_override_options = no_address_mappings
smtpd_milters = inet:172.16.0.3:54321
non_smtpd_milters = inet:172.16.0.3:54321
milter_default_action = accept
inet_protocols = ipv4

172.16.0.3:54321 é OpenDKIM.

E este é meu master.cf:

 smtp      inet  n       -       n       -       -       smtpd
 pickup    unix  n       -       n       60      1       pickup
 cleanup   unix  n       -       n       -       0       cleanup
 qmgr      unix  n       -       n       300     1       qmgr
 tlsmgr    unix  -       -       n       1000?   1       tlsmgr
 rewrite   unix  -       -       n       -       -       trivial-rewrite
 bounce    unix  -       -       n       -       0       bounce
 defer     unix  -       -       n       -       0       bounce
 trace     unix  -       -       n       -       0       bounce
 verify    unix  -       -       n       -       1       verify
 flush     unix  n       -       n       1000?   0       flush
 proxymap  unix  -       -       n       -       -       proxymap
 proxywrite unix -       -       n       -       1       proxymap
 smtp      unix  -       -       n       -       -       smtp
 relay     unix  -       -       n       -       -       smtp
 showq     unix  n       -       n       -       -       showq
 error     unix  -       -       n       -       -       error
 retry     unix  -       -       n       -       -       error
 discard   unix  -       -       n       -       -       discard
 local     unix  -       n       n       -       -       local
 virtual   unix  -       n       n       -       -       virtual
 lmtp      unix  -       -       n       -       -       lmtp
 anvil     unix  -       -       n       -       1       anvil
 scache    unix  -       -       n       -       1       scache
 dovecot    unix  -       n       n       -       -       pipe
    flags=DRhu user=vmail:mail argv=/usr/local/libexec/dovecot/deliver -f ${sender} -d ${user}@${nexthop}
 amavisfeed unix  -       -       n       -       2       lmtp
    -o lmtp_data_done_timeout=1200
    -o lmtp_send_xforward_command=yes
172.16.0.3:10025 inet n - n - - smtpd
   -o content_filter=
   -o smtpd_delay_reject=no
   -o smtpd_client_restrictions=permit_mynetworks,reject
   -o smtpd_helo_restrictions=
   -o smtpd_sender_restrictions=
   -o smtpd_recipient_restrictions=permit_mynetworks,reject
   -o smtpd_data_restrictions=reject_unauth_pipelining
   -o smtpd_end_of_data_restrictions=
   -o smtpd_restriction_classes=
   -o mynetworks=172.16.0.0/12
   -o smtpd_error_sleep_time=0
   -o smtpd_soft_error_limit=1001
   -o smtpd_hard_error_limit=1000
   -o smtpd_client_connection_count_limit=0
   -o smtpd_client_connection_rate_limit=0
   -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters,no_address_mappings
   -o local_header_rewrite_clients=
   -o smtpd_milters=
   -o local_recipient_maps=
   -o relay_recipient_maps=

email postfix smtp spam freebsd

por fmeyers 04.08.2015 / 14:15

2 respostas

4

O log mostra que alguém obteve a senha para a conta de e-mail [email protected] e a está usando para enviar SPAM pelo servidor.

A entrada no horário 11:09:17 mostra uma autenticação SASL bem-sucedida do endereço IP 59.88.35.206 com o nome de usuário [email protected].
A entrada às 11:09:30 mostra a recepção e o enfileiramento de uma mensagem com o endereço do remetente [email protected] com vinte destinatários declarados nessa conexão.
As entradas com data e hora de 11:09:31 mostram essas vinte cópias sendo primeiro encaminhadas internamente dentro do Postfix e depois enviadas para os destinatários.

A causa mais frequente desse tipo de incidente é um usuário que se apega a um e-mail de phishing dizendo a ele para inserir seu endereço de e-mail e senha em algumas credenciais que coletam formulários da web.

Para corrigir:

Altere a senha dessa conta imediatamente.
Escolha uma senha (mais) sensata, especificamente uma não usada em nenhum outro lugar.
Seja (mais) cuidadoso em não revelar essa senha a ninguém, especificamente, não a insira em nenhum site.

por 04.08.2015 / 15:30

Tags email postfix smtp spam freebsd

Servidores separados para TFTP e DHCP para inicialização PXE Como obter 2 servidores sob controle (Red Hat Linux)

score 5 · Accepted Answer

Does it mean that someone is using my username ([email protected]) to send spam?

SIM

Esta linha de log foi a prova disso.

Aug  4 11:09:17 mail postfix/smtpd[71597]: 1AE3B7EC3D: client=unknown[59.88.35.206], sasl_method=PLAIN, [email protected]

Como você tem permit_sasl_authenticated em main.cf , autoriza alguém que conheça sua credencial a enviar e-mail pelo seu servidor.

If so, then how is it possible?

Existem muitas maneiras de divulgar sua credencial.

Keylogger plantado no seu computador
O worm envia informações confidenciais (incluindo sua credencial)
Senha fraca foi recuperada por força bruta ou adivinhação
E-mail de Phising
E muitos outros ...

and how do I fix it?

Primeiro, desative a conta, altere seu status no banco de dados de postgre ou altere a senha para um aleatório. Identifique como sua credencial vazou e corrija esse buraco também.

Notas adicionais:

Sua configuração do postfix foi boa. Embora seja um pouco sobreposto uns aos outros como você repita algumas das restrições em cada fase. Você também deve verificar se cada provedor rhsbl / rbl ainda está ativo mantendo a lista negra para evitar falsos positivos.