Eu recebi um problema em ambos os meus servidores (Postfix + Dovecot e um no Zimbra)
Meu problema é que alguns robôs enviam spam sem login para nossas caixas de correio hospedadas usando o mesmo FROM
/ RCPT
.
Parece que o Google também recebeu o mesmo problema:
link
Por isso, nossas caixas de correio estão recebendo e-mails de spam.
Mas esses spammers não podem enviar de caixas de correio externas (que não são hospedadas pelo nosso servidor).
Esses remetentes de spam não usam um SMTP remoto para enviar e-mails, se eles fizerem isso, nossa política de SPF os bloqueará.
Esses criadores de spam usam nosso SMTP para enviar em nossas caixas de correio locais com o mesmo FROM
e RCPT
O servidor não é de retransmissão aberta.
Exemplo, hospedamos essas caixas de correio:
- [email protected]
- [email protected]
O robô envia spam de:
[email protected]
to [email protected]
usando nosso SMTP
Mas este trabalho também:
[email protected]
to [email protected]
usando nosso SMTP
sem precisar de senha.
Como posso evitar isso?
Meu main.cf
link
Meu teste de telnet:
Connection: opening to mail2test.domain.tld:25, timeout=300, options=array ()
Connection: opened
SERVER -> CLIENT: 220 mail2test.domain.tld ESMTP Postfix (Debian/GNU)
CLIENT -> SERVER: EHLO tools.test.com
SERVER -> CLIENT: 250-mail2test.domain.tld
250-PIPELINING
250-SIZE 50240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
CLIENT -> SERVER: STARTTLS
SERVER -> CLIENT: 220 2.0.0 Ready to start TLS
CLIENT -> SERVER: EHLO tools.test.com
SERVER -> CLIENT: 250-mail2test.domain.tld
250-PIPELINING
250-SIZE 50240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
CLIENT -> SERVER: MAIL FROM: <[email protected]>
SERVER -> CLIENT: 250 2.1.0 Ok
CLIENT -> SERVER: RCPT TO: <[email protected]>
SERVER -> CLIENT: 250 2.1.5 Ok
CLIENT -> SERVER: DATA
SERVER -> CLIENT: 354 End data with .
CLIENT -> SERVER: Date: Thu, 19 Apr 2018 15:13:20 +0000
CLIENT -> SERVER: To: [email protected]
CLIENT -> SERVER: From: Test SMTP Test
CLIENT -> SERVER: Subject: Test SMTP Test Message
CLIENT -> SERVER: Message-ID: <[email protected]>
CLIENT -> SERVER: MIME-Version: 1.0
CLIENT -> SERVER: Content-Type: text/plain; charset=iso-8859-1
CLIENT -> SERVER:
CLIENT -> SERVER: This message was sent using the Test SMTP testing tool by this user:
CLIENT -> SERVER: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.124 Safari/537.36
CLIENT -> SERVER: xxx.xxx.xxx.xxx
CLIENT -> SERVER:
CLIENT -> SERVER: .
SERVER -> CLIENT: 250 2.0.0 Ok: queued as A86F61383C
CLIENT -> SERVER: QUIT
SERVER -> CLIENT: 221 2.0.0 Bye
Connection: closed
Meu mail.log
Apr 19 17:13:21 mail2 postfix/smtpd[26584]: A86F61383C: client=tools.test.com[96.126.113.160]
Apr 19 17:13:22 mail2 postfix/cleanup[26589]: A86F61383C: message-id=<[email protected]>
Apr 19 17:13:22 mail2 postfix/qmgr[26511]: A86F61383C: from=<[email protected]>, size=795, nrcpt=1 (queue active)
Apr 19 17:13:25 mail2 postfix/smtp[26591]: A86F61383C: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=3.5, delays=0.49/0.01/0.01/3, dsn=2.6.0, status=sent (250 2.6.0 Ok, id=02360-01, from MTA: 250 2.0.0 Ok: queued as ED1FF1383D)
Apr 19 17:13:25 mail2 postfix/qmgr[26511]: A86F61383C: removed
Meu SPF atual:
mail2test.domain.tld. 299 IN TXT "v=spf1 a mx -all"
A ou MX não estão apontando para 96.126.113.160
O email que recebi:
Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: from localhost (localhost [127.0.0.1])
by mail2test.domain.tld (Postfix) with ESMTP id 1421713802
for <[email protected]>; Thu, 19 Apr 2018 17:13:45 +0200 (CEST)
Received: from mail2test.domain.tld ([xxx.xxx.xxx.xxx])
by localhost (mail2test.domain.tld [127.0.0.1]) (amavisd-maia, port 10024)
with ESMTP id 02355-01 for <[email protected]>;
Thu, 19 Apr 2018 17:13:25 +0200 (CEST)
Received: from tools.test.com (tools.test.com [96.126.113.160])
by mail2test.domain.tld (Postfix) with ESMTP id A86F61383C
for <[email protected]>; Thu, 19 Apr 2018 17:13:25 +0200 (CEST)
Date: Thu, 19 Apr 2018 15:13:23 +0000
To: [email protected]
From: Wormly SMTP Test <[email protected]>
Subject: Wormly SMTP Test Message
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
X-Virus-Scanned: Test Mail 0.1
This message was sent using the Wormly SMTP testing tool by this user:
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.124 Safari/537.36
xxx.xxx.xxx.xxx