Postfix envia SPAM

1

Eu venho alguns dias sendo listado no Spamhaus CBL. A lista da CBL informa que eu tenho um vírus na rede e que está enviando e-mails como "localhost.localdomain". Eu não sei onde vir este "localhost.localdomain" porque meu relay está fechado, e meu HELO é mail.domainclient.com.br .. Eu não encontrei nenhum vírus em estações de trabalho ou qualquer tráfego destinado a porta 25 passando pelo servidor .

Tivemos uma conta comprometida, mas já alteramos a senha dela. Ainda todos os dias, estou listado no link .

Abaixo, detalhe minhas configurações para ajudar a encontrar a causa do problema.

iptables:

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 7501 1076K ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0           
17175   23M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW,RELATED,ESTABLISHED 
  189 10216 ACCEPT     tcp  --  *      *       0.0.0.0/0            IP_SERVER1          tcp spts:1024:65535 dpt:25 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            IP_SERVER1          tcp spt:25 dpts:1024:65535 
    0     0 ACCEPT     udp  --  *      *       IP_SERVER1           0.0.0.0/0           udp spt:53 dpt:53 
    0     0 ACCEPT     udp  --  *      eth2    0.0.0.0/0            0.0.0.0/0           udp dpt:53 
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix 'OUTPUT:  ' 

Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 7501 1076K ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
  176 15768 ACCEPT     udp  --  eth3   *       0.0.0.0/0            0.0.0.0/0           udp dpt:1194 
    0     0 ACCEPT     udp  --  tun+   *       0.0.0.0/0            0.0.0.0/0           udp dpt:1194 
17117 1628K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
  152  8052 ACCEPT     tcp  --  *      *       0.0.0.0/0            IP_SERVER1          tcp spts:1024:65535 dpt:25 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            IP_SERVER1          tcp spt:25 dpts:1024:65535 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:21 
   11   703 ACCEPT     udp  --  *      *       192.168.1.0/24       0.0.0.0/0           udp dpt:53 
  126  9546 ACCEPT     udp  --  *      *       0.0.0.0/0            IP SERVER           udp spts:1024:65535 dpt:53 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            IP SERVER           udp spt:53 dpt:53 
    0     0 ACCEPT     udp  --  *      *       192.168.1.0/24       0.0.0.0/0           udp spt:67 dpt:68 
  130  7520 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 
    3   120 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:443 
    1    60 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:2222 
    0     0 ACCEPT     tcp  --  *      *       192.168.1.0/24       0.0.0.0/0           tcp dpt:3128 
    4   208 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:8080 
    0     0 DROP       all  --  *      *       210.51.184.41        0.0.0.0/0           
  300 17819 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix 'INPUT:  ' 

Master.cf

smtp      inet  n       -       -       -       -       smtpd
  -o smtpd_tls_security_level=none
  -o smtpd_sasl_auth_enable=no
#       -o content_filter=filter:dummy

submission   inet  n       -       n       -       -       smtpd
  -o smtpd_sasl_auth_enable=yes

cleanup25    unix  n       -       n       -       0       cleanup
   -o header_checks=pcre:/etc/postfix/header_checks_submission

main.cf

body_checks = regexp:/etc/postfix/body_checks
header_checks = regexp:/etc/postfix/header_checks
smtpd_banner = $myhostname ESMTP $mail_name
biff = no
append_dot_mydomain = no
readme_directory = no
sender_bcc_maps = hash:/etc/postfix/sender_bcc
recipient_bcc_maps = hash:/etc/postfix/recipient_bcc
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
debug_peer_level = 2
debug_peer_list = domainclient.com.br
myhostname = mail.domainclient.com.br
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = mail.domainclient.com.br
mydestination = mail.domainclient.com.br, domainclient.com.br
relayhost =
##mynetworks = 127.0.0.0/8, 192.168.1.0/24, IP_SERVER1, IP_SERVER2, hash:/var/lib/pop-before-smtp/hosts
mynetworks = 127.0.0.0/8, 192.168.1.0/24, IPSERVER1, IPSERVER2, hash:/var/lib/pop-before-smtp/hosts
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
home_mailbox = Maildir/
alias_maps = mysql:/etc/postfix/mysql-aliases.cf
transport_maps = mysql:/etc/postfix/mysql-transport.cf
virtual_maps = mysql:/etc/postfix/mysql-aliases.cf
virtual_alias_maps = mysql:/etc/postfix/mysql-aliases.cf
virtual_mailbox_base = /var/mail/virtual
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_mailbox_limit = 51200000
virtual_uid_maps = mysql:/etc/postfix/mysql-virtual-uid.cf
virtual_gid_maps = mysql:/etc/postfix/mysql-virtual-gid.cf
unknown_local_recipient_reject_code = 500
unknown_address_reject_code = 554
unknown_hostname_reject_code = 554
unknown_hostname_reject_code = 554
unknown_client_reject_code = 554
strict_rfc821_envelopes = yes
smtpd_delay_reject = yes
smtp_destination_concurrency_limit = 7
smtp_destination_recipient_limit = 10
smtpd_hard_error_limit = 3
smtpd_soft_error_limit = 1
smtpd_client_connection_count_limit = 10
smtpd_client_message_rate_limit = 25
smtpd_error_sleep_time = 20
smtpd_junk_command_limit = 1
maps_rbl_domains =
    xbl.spamhaus.org,
    relays.ordb.org,
    list.dsbl.org,
    dun.dnsrbl.net,
    spam.dnsrbl.net,
    cbl.abuseat.org,
    sbl-xbl.spamhaus.org,
    bl.spamcop.net,
    dns.rfc-ignorant.org
smtpd_helo_required = yes
smtp_helo_timeout = 60s
header_checks = regexp:/etc/postfix/header_checks
message_size_limit = 36214400
local_recipient_maps = $alias_maps $virtual_mailbox_maps unix:passwd.byname
smtpd_sasl_auth_enable = yes
# SASL Authentication
smtpd_sasl_auth_enable = yes
smtpd_sasl2_auth_enable = yes
smtpd_sasl_exceptions_networks = $mynetworks
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_path = private/auth
smtpd_sasl_application_name = smtpd
smtpd_tls_auth_only = yes
bounce_queue_lifetime = 1d
maximal_queue_lifetime = 1d
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_end_of_data_restrictions =
smtpd_etrn_restrictions =
#check_sender_access mysql:/etc/postfix/mysql_virtual_mysenders_maps.cf  
#check_sender_access cidr:/etc/postfix/cidr_koreia_china_nets   
smtpd_helo_restrictions =
    permit_sasl_authenticated,
    permit_mynetworks,
    check_helo_access regexp:/etc/postfix/regras_ehlo,
    reject_invalid_hostname,
    reject_unauth_pipelining
    reject_rhsbl_sender dsn.rfc-ignorant.org,
    reject_rbl_client maps_rbl_domains,
    #reject_non_fqdn_hostname
smtpd_client_restrictions =
    permit_sasl_authenticated,
    permit_mynetworks,
#    check_client_access hash:/etc/postfix/ip-access,
    reject_unauth_pipelining,
    reject_rbl_client maps_rbl_domains
smtpd_sender_restrictions =
    permit_sasl_authenticated,
    check_sender_access hash:/etc/postfix/sender_block,
    reject_unknown_sender_domain,
    reject_unauth_pipelining,
    #reject_non_fqdn_sender,
    reject_authenticated_sender_login_mismatch,
    reject_unauthenticated_sender_login_mismatch,
    #reject_sender_login_mismatch,
    reject_non_fqdn_sender,
    reject_unlisted_sender,
    reject_unauth_pipelining
smtpd_recipient_restrictions =
  permit_mynetworks,
  permit_sasl_authenticated,
  check_client_access hash:/etc/postfix/whitelist-ips,
  #reject_non_fqdn_hostname,
  reject_unauth_destination,
  #reject_non_fqdn_recipient,
  reject_unknown_recipient_domain,
  #reject_non_fqdn_sender,
  reject_unknown_recipient_domain,
  reject_unknown_sender_domain,
  reject_invalid_hostname,
  reject_unknown_hostname,
  reject_rbl_client bl.spamcop.net,
  reject_rbl_client cbl.abuseat.org,
  reject_rbl_client sbl.spamhaus.org,
  reject_rbl_client b.barracudacentral.org,
  #check_sender_access hash:/etc/postfix/sender_access,
#  check_policy_service unix:private/spfcheck,
  check_policy_service unix:private/policy,
  permit

# hostname servermail-gw01

# cat / etc / mailname mail.domainclient.com.br

# cat / etc / hosts

127.0.0.1 localhost 127.0.1.1 servermail-gw01.domainclient.intra servermail-gw01 IP_SERVER1 domainclient.com.br

Obrigado

    
por Christovam 19.03.2016 / 17:31

0 respostas