O meu Postfix está enviando spam?

Navegue suas respostas
1

No meu registro de Rsys, estou recebendo solicitações de e-mail estranhas que não são iniciadas pelo meu servidor: 

Nov 17 09:32:18 localhost postfix/qmgr[21748]: 8E52272C09: from=<>, size=33770, nrcpt=1 (queue active)
Nov 17 09:32:18 localhost postfix/qmgr[21748]: 15E6472BE2: from=<>, size=36706, nrcpt=1 (queue active)
Nov 17 09:32:18 localhost postfix/qmgr[21748]: AB7F672BE6: from=<>, size=36159, nrcpt=1 (queue active)
Nov 17 09:32:18 localhost postfix/qmgr[21748]: 723D672C0A: from=<>, size=33263, nrcpt=1 (queue active)
Nov 17 09:32:20 localhost postfix/smtp[27598]: 8E52272C09: to=<[email protected]>, relay=mail.crimea.com[80.245.112.5]:25, delay=6902, delays=6900/0.02/2.3/0, dsn=4.7.1, status=deferred (host mail.crimea.com[80.245.112.5] refused to talk to me: 554 5.7.1 Service unavailable; Client host blocked using b.barracudacentral.org)
Nov 17 09:32:48 localhost postfix/smtp[27600]: connect to smereka.com.ua[178.248.232.65]:25: Connection timed out
Nov 17 09:32:48 localhost postfix/smtp[27600]: AB7F672BE6: to=<[email protected]>, relay=none, delay=15304, delays=15274/0.02/30/0, dsn=4.4.1, status=deferred (connect to smereka.com.ua[178.248.232.65]:25: Connection timed out)
Nov 17 09:32:48 localhost postfix/smtp[27601]: connect to alex.krc.karelia.ru[82.196.66.2]:25: Connection timed out
Nov 17 09:32:48 localhost postfix/smtp[27601]: 723D672C0A: to=<[email protected]>, relay=none, delay=6893, delays=6863/0.03/30/0, dsn=4.4.1, status=deferred (connect to alex.krc.karelia.ru[82.196.66.2]:25: Connection timed out)
Nov 17 09:32:48 localhost postfix/smtp[27599]: connect to scbglobal.net[208.73.211.173]:25: Connection timed out
Nov 17 09:33:18 localhost postfix/smtp[27599]: connect to scbglobal.net[208.73.210.212]:25: Connection timed out
Nov 17 09:33:48 localhost postfix/smtp[27599]: connect to scbglobal.net[208.73.211.171]:25: Connection timed out
Nov 17 09:34:18 localhost postfix/smtp[27599]: connect to scbglobal.net[208.73.210.209]:25: Connection timed out
Nov 17 09:34:18 localhost postfix/smtp[27599]: 15E6472BE2: to=<[email protected]>, relay=none, delay=15409, delays=15288/0.02/121/0, dsn=4.4.1, status=deferred (connect to scbglobal.net[208.73.210.209]:25: Connection timed out)
Nov 17 09:37:18 localhost postfix/qmgr[21748]: D125572C2E: from=<>, size=33171, nrcpt=1 (queue active)
Nov 17 09:37:18 localhost postfix/qmgr[21748]: B3CCE72C2D: from=<valeriya.biryukova@dak-cat-stroitelnye-materialy-kirpich-kamen-bloki>, size=31283, nrcpt=1 (queue active)
Nov 17 09:37:29 localhost postfix/smtp[27626]: B3CCE72C2D: host mail.citycon.kiev.ua[77.120.247.43] said: 451 <dak-cat-stroitelnye-materialy-kirpich-kamen-bloki> is invalid or DNS says does not exist (in reply to MAIL FROM command)
Nov 17 09:37:48 localhost postfix/smtp[27625]: connect to konkovotur.ru[109.70.26.37]:25: Connection timed out
Nov 17 09:37:59 localhost postfix/smtp[27626]: connect to mx.lucky.net[193.193.193.137]:25: Connection timed out
Nov 17 09:38:18 localhost postfix/smtp[27625]: connect to konkovotur.ru[194.85.61.76]:25: Connection timed out
Nov 17 09:38:18 localhost postfix/smtp[27625]: D125572C2E: to=<[email protected]>, relay=none, delay=6850, delays=6790/0.01/60/0, dsn=4.4.1, status=deferred (connect to konkovotur.ru[194.85.61.76]:25: Connection timed out)
Nov 17 09:38:29 localhost postfix/smtp[27626]: connect to mx.lucky.net[62.244.55.219]:25: Connection timed out
Nov 17 09:38:29 localhost postfix/smtp[27626]: B3CCE72C2D: to=<[email protected]>, relay=none, delay=6855, delays=6783/0.02/72/0, dsn=4.4.1, status=deferred (connect to mx.lucky.net[62.244.55.219]:25: Connection timed out)
Nov 17 09:42:18 localhost postfix/qmgr[21748]: 779D772BB4: from=<[email protected]>, size=34213, nrcpt=1 (queue active)
Nov 17 09:42:26 localhost postfix/smtp[27683]: 779D772BB4: to=<[email protected]>, relay=none, delay=15297, delays=15289/0.01/8/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=tica.co type=MX: Host not found, try again)
Nov 17 09:47:18 localhost postfix/qmgr[21748]: 138A972BB1: from=<[email protected]>, size=34196, nrcpt=1 (queue active)
Nov 17 09:47:18 localhost postfix/qmgr[21748]: 2A97872BF7: from=<[email protected]>, size=34185, nrcpt=1 (queue active)
Nov 17 09:47:18 localhost postfix/qmgr[21748]: C16D772BB5: from=<[email protected]>, size=34250, nrcpt=1 (queue active)
Nov 17 09:47:18 localhost postfix/qmgr[21748]: E6BC972C23: from=<>, size=33139, nrcpt=1 (queue active)
Nov 17 09:47:19 localhost postfix/smtp[27704]: C16D772BB5: host imx1.rambler.ru[81.19.66.235] said: 450 4.1.8 <[email protected]>: Sender address rejected: Domain not found (in reply to RCPT TO command)
Nov 17 09:47:20 localhost postfix/smtp[27704]: C16D772BB5: to=<[email protected]>, relay=imx1.rambler.ru[81.19.66.234]:25, delay=17125, delays=17123/0.02/1.3/0.2, dsn=4.1.8, status=deferred (host imx1.rambler.ru[81.19.66.234] said: 450 4.1.8 <[email protected]>: Sender address rejected: Domain not found (in reply to RCPT TO command))
Nov 17 09:47:46 localhost postfix/smtp[27702]: 138A972BB1: host mxs.mail.ru[217.69.139.150] said: 421 DNS problem (mail.starce.net). Try again later (in reply to MAIL FROM command)
Nov 17 09:47:50 localhost postfix/smtp[27705]: connect to mail.zoomlynx.com[206.251.24.106]:25: Connection timed out
Nov 17 09:47:50 localhost postfix/smtp[27705]: E6BC972C23: lost connection with mail.zoomlynx.com[206.251.24.108] while receiving the initial server greeting
Nov 17 09:47:51 localhost postfix/smtp[27705]: E6BC972C23: to=<[email protected]>, relay=smtp.zoomlynx.com[206.251.24.108]:25, delay=6951, delays=6919/0.03/32/0, dsn=4.4.2, status=deferred (lost connection with smtp.zoomlynx.com[206.251.24.108] while receiving the initial server greeting)

alguém pode ajudar aqui?

    
por infinity 17.11.2014 / 10:52

2 respostas

5

Os e-mails são provenientes dos seguintes endereços de e-mail.

biryukova@dak-cat-stroitelnye-materialy-kirpich-kamen-bloki

[email protected]

[email protected]

[email protected]

[email protected]

& Os e-mails estão sendo entregues nos seguintes endereços

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

Adicionado a isso existe essa mensagem de erro

[email protected]: Sender address rejected: Domain not found (in reply to RCPT TO command))

& então você tem um número vazio de endereços (remetentes)

from=<>

O que provavelmente significa que o endereço do remetente é falso. Mas postfix está deixando os e-mails de qualquer maneira, eu acho que é melhor dizer que você tem um problema.

    
por 17.11.2014 / 11:58
2

O endereço vazio (remetente) geralmente significa que seu servidor está enviando mensagens MAILER-DAEMON como: "Correio não entregue retornado ao remetente" às vezes pode ser um backscatter. 

Nov 17 09:47:18 localhost postfix/qmgr[21748]: C16D772BB5: from=<[email protected]>, size=34250, nrcpt=1 (queue active)
Nov 17 09:47:19 localhost postfix/smtp[27704]: C16D772BB5: host imx1.rambler.ru[81.19.66.235] said: 450 4.1.8 <[email protected]>: Sender address rejected: Domain not found (in reply to RCPT TO command)
Nov 17 09:47:20 localhost postfix/smtp[27704]: C16D772BB5: to=<[email protected]>, relay=imx1.rambler.ru[81.19.66.234]:25, delay=17125, delays=17123/0.02/1.3/0.2, dsn=4.1.8, status=deferred (host imx1.rambler.ru[81.19.66.234] said: 450 4.1.8 <[email protected]>: Sender address rejected: Domain not found (in reply to RCPT TO command))

Se o endereço do seu domínio for judwin.demon.co.uk, então ele não terá o DNS correto. Caso contrário, parece que o seu servidor é um retransmissor de correio aberto ou, pelo menos, não verifica os endereços do remetente para os correios enviados.

    
por 19.11.2014 / 16:16

Tags

Maneira recomendada para iniciar o supervisord a partir do script bash não-root? Usando o Puppet para adicionar incrementalmente linhas a um arquivo, de várias classes