Вопросы Теги

Постфикс, кажется, отправляет спам

Я недавно обнаружил это в своем постфиксном журнале:

Aug  4 11:09:12 mail postfix/smtpd[71597]: connect from unknown[59.88.35.206]
Aug  4 11:09:14 mail postfix/smtpd[71597]: Anonymous TLS connection established from unknown[59.88.35.206]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Aug  4 11:09:17 mail postfix/smtpd[71597]: 1AE3B7EC3D: client=unknown[59.88.35.206], sasl_method=PLAIN, sasl_username=MYEMAIL@example.com
Aug  4 11:09:30 mail postfix/cleanup[71606]: 1AE3B7EC3D: message-id=<5bb4d326c98e$5fd82cf7$c0cb93d7$@example.com>
Aug  4 11:09:30 mail opendkim[24666]: 1AE3B7EC3D: DKIM-Signature field added (s=mail, d=MYDOMAINCOM2012)
Aug  4 11:09:30 mail postfix/qmgr[27543]: 1AE3B7EC3D: from=<WambakiwaKing39ori@example.com>, size=2149, nrcpt=20 (queue active)
Aug  4 11:09:31 mail postfix/smtpd[71611]: connect from MAIL.example.com[172.16.0.3]
Aug  4 11:09:31 mail postfix/smtpd[71611]: 14C4C7EC57: client=MAIL.example.com[172.16.0.3]
Aug  4 11:09:31 mail postfix/cleanup[71606]: 14C4C7EC57: message-id=<5bb4d326c98e$5fd82cf7$c0cb93d7$@example.com>
Aug  4 11:09:31 mail postfix/smtpd[71611]: disconnect from MAIL.example.com[172.16.0.3]
Aug  4 11:09:31 mail postfix/qmgr[27543]: 14C4C7EC57: from=<WambakiwaKing39ori@example.com>, size=2891, nrcpt=20 (queue active)
Aug  4 11:09:31 mail postfix/lmtp[71609]: 1AE3B7EC3D: to=<rwaruingi@btinternet.com>, relay=172.16.0.3[172.16.0.3]:10024, delay=15, delays=14/0.06/0.03/0.47, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as 14C4C7EC57)
Aug  4 11:09:31 mail postfix/lmtp[71609]: 1AE3B7EC3D: to=<onboarding@equitydirect.co.ke>, relay=172.16.0.3[172.16.0.3]:10024, delay=15, delays=14/0.06/0.03/0.47, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as 14C4C7EC57)
Aug  4 11:09:31 mail postfix/lmtp[71609]: 1AE3B7EC3D: to=<modongo@kcb.co.ke>, relay=172.16.0.3[172.16.0.3]:10024, delay=15, delays=14/0.06/0.03/0.47, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as 14C4C7EC57)
Aug  4 11:09:31 mail postfix/lmtp[71609]: 1AE3B7EC3D: to=<nogutu@kcb.co.ke>, relay=172.16.0.3[172.16.0.3]:10024, delay=15, delays=14/0.06/0.03/0.47, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as 14C4C7EC57)
Aug  4 11:09:31 mail postfix/lmtp[71609]: 1AE3B7EC3D: to=<onlinehelpdesk@kcb.co.ke>, relay=172.16.0.3[172.16.0.3]:10024, delay=15, delays=14/0.06/0.03/0.47, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as 14C4C7EC57)
Aug  4 11:09:31 mail postfix/lmtp[71609]: 1AE3B7EC3D: to=<newlifeschool@live.co.uk>, relay=172.16.0.3[172.16.0.3]:10024, delay=15, delays=14/0.06/0.03/0.47, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as 14C4C7EC57)
Aug  4 11:09:31 mail postfix/lmtp[71609]: 1AE3B7EC3D: to=<doret.nosworthy@moneylineuk.com>, relay=172.16.0.3[172.16.0.3]:10024, delay=15, delays=14/0.06/0.03/0.47, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as 14C4C7EC57)
Aug  4 11:09:31 mail postfix/lmtp[71609]: 1AE3B7EC3D: to=<Nick.England@vfxplc.com>, relay=172.16.0.3[172.16.0.3]:10024, delay=15, delays=14/0.06/0.03/0.47, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as 14C4C7EC57)
Aug  4 11:09:31 mail postfix/lmtp[71609]: 1AE3B7EC3D: to=<njugunat@wajuzi.com>, relay=172.16.0.3[172.16.0.3]:10024, delay=15, delays=14/0.06/0.03/0.47, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as 14C4C7EC57)
Aug  4 11:09:31 mail postfix/lmtp[71609]: 1AE3B7EC3D: to=<bromeyassociates@yahoo.co.uk>, relay=172.16.0.3[172.16.0.3]:10024, delay=15, delays=14/0.06/0.03/0.47, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as 14C4C7EC57)
Aug  4 11:09:31 mail postfix/lmtp[71609]: 1AE3B7EC3D: to=<davidkn1@yahoo.co.uk>, relay=172.16.0.3[172.16.0.3]:10024, delay=15, delays=14/0.06/0.03/0.47, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as 14C4C7EC57)
Aug  4 11:09:31 mail postfix/lmtp[71609]: 1AE3B7EC3D: to=<lornanjNG@yahoo.co.uk>, relay=172.16.0.3[172.16.0.3]:10024, delay=15, delays=14/0.06/0.03/0.47, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as 14C4C7EC57)
Aug  4 11:09:31 mail postfix/lmtp[71609]: 1AE3B7EC3D: to=<nancienganga@yahoo.co.uk>, relay=172.16.0.3[172.16.0.3]:10024, delay=15, delays=14/0.06/0.03/0.47, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as 14C4C7EC57)
Aug  4 11:09:31 mail postfix/lmtp[71609]: 1AE3B7EC3D: to=<sammymwanik@yahoo.co.uk>, relay=172.16.0.3[172.16.0.3]:10024, delay=15, delays=14/0.06/0.03/0.47, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as 14C4C7EC57)
Aug  4 11:09:31 mail postfix/lmtp[71609]: 1AE3B7EC3D: to=<stellawambuisn@yahoo.co.uk>, relay=172.16.0.3[172.16.0.3]:10024, delay=15, delays=14/0.06/0.03/0.47, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as 14C4C7EC57)
Aug  4 11:09:31 mail postfix/lmtp[71609]: 1AE3B7EC3D: to=<jamunya@yahoo.com>, relay=172.16.0.3[172.16.0.3]:10024, delay=15, delays=14/0.06/0.03/0.47, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as 14C4C7EC57)
Aug  4 11:09:31 mail postfix/lmtp[71609]: 1AE3B7EC3D: to=<ngugijamx@yahoo.com>, relay=172.16.0.3[172.16.0.3]:10024, delay=15, delays=14/0.06/0.03/0.47, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as 14C4C7EC57)
Aug  4 11:09:31 mail postfix/lmtp[71609]: 1AE3B7EC3D: to=<nyamburakahara@yahoo.com>, relay=172.16.0.3[172.16.0.3]:10024, delay=15, delays=14/0.06/0.03/0.47, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as 14C4C7EC57)
Aug  4 11:09:31 mail postfix/lmtp[71609]: 1AE3B7EC3D: to=<sylky06@yahoo.com>, relay=172.16.0.3[172.16.0.3]:10024, delay=15, delays=14/0.06/0.03/0.47, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as 14C4C7EC57)
Aug  4 11:09:31 mail postfix/qmgr[27543]: 1AE3B7EC3D: removed
Aug  4 11:09:31 mail postfix/smtpd[71597]: 968227EC58: client=unknown[59.88.35.206], sasl_method=PLAIN, sasl_username=MYEMAIL@example.com
Aug  4 11:09:31 mail postfix/smtp[71612]: 14C4C7EC57: to=<dmuchemi@bluebottle.com>, relay=mx.bluebottle.com[136.243.21.189]:25, delay=0.61, delays=0.05/0.02/0.22/0.32, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 37DBE9EC4)
Aug  4 11:09:32 mail postfix/smtp[71618]: 14C4C7EC57: to=<Nick.England@vfxplc.com>, relay=vfxplc.com.inbound10.mxlogic.net[208.65.144.3]:25, delay=1.6, delays=0.05/0.05/0.6/0.85, dsn=5.0.0, status=bounced (host vfxplc.com.inbound10.mxlogic.net[208.65.144.3] said: 554 Denied [CS] [b6d90c55.0.552923.00-2289.1107665.p02c11m005.mxlogic.net] (Mode: normal) (in reply to end of DATA command))
Aug  4 11:09:32 mail postfix/smtp[71616]: 14C4C7EC57: to=<newlifeschool@live.co.uk>, relay=mx4.hotmail.com[65.55.33.119]:25, delay=1.6, delays=0.05/0.04/0.49/1, dsn=2.0.0, status=sent (250  <5bb4d326c98e$5fd82cf7$c0cb93d7$@example.com> Queued mail for delivery)
Aug  4 11:09:32 mail postfix/smtp[71614]: 14C4C7EC57: to=<onboarding@equitydirect.co.ke>, relay=equitydirect.co.ke.inbound10.mxlogicmx.net[208.65.145.3]:25, delay=1.6, delays=0.05/0.03/0.9/0.66, dsn=5.0.0, status=bounced (host equitydirect.co.ke.inbound10.mxlogicmx.net[208.65.145.3] said: 554 Denied [CS] [b6d90c55.0.778752.00-2304.1523550.s12p02m085.mxlogic.net] (Mode: normal) (in reply to end of DATA command))
Aug  4 11:09:32 mail postfix/smtp[71620]: 14C4C7EC57: to=<bromeyassociates@yahoo.co.uk>, relay=mx-eu.mail.am0.yahoodns.net[188.125.69.79]:25, delay=1.8, delays=0.05/0.07/0.08/1.6, dsn=2.0.0, status=sent (250 ok dirdel 4/2)
Aug  4 11:09:32 mail postfix/smtp[71620]: 14C4C7EC57: to=<davidkn1@yahoo.co.uk>, relay=mx-eu.mail.am0.yahoodns.net[188.125.69.79]:25, delay=1.8, delays=0.05/0.07/0.08/1.6, dsn=2.0.0, status=sent (250 ok dirdel 4/2)
Aug  4 11:09:32 mail postfix/smtp[71620]: 14C4C7EC57: to=<lornanjNG@yahoo.co.uk>, relay=mx-eu.mail.am0.yahoodns.net[188.125.69.79]:25, delay=1.8, delays=0.05/0.07/0.08/1.6, dsn=2.0.0, status=sent (250 ok dirdel 4/2)
Aug  4 11:09:32 mail postfix/smtp[71620]: 14C4C7EC57: to=<nancienganga@yahoo.co.uk>, relay=mx-eu.mail.am0.yahoodns.net[188.125.69.79]:25, delay=1.8, delays=0.05/0.07/0.08/1.6, dsn=2.0.0, status=sent (250 ok dirdel 4/2)
Aug  4 11:09:32 mail postfix/smtp[71620]: 14C4C7EC57: to=<sammymwanik@yahoo.co.uk>, relay=mx-eu.mail.am0.yahoodns.net[188.125.69.79]:25, delay=1.8, delays=0.05/0.07/0.08/1.6, dsn=2.0.0, status=sent (250 ok dirdel 4/2)
Aug  4 11:09:32 mail postfix/smtp[71620]: 14C4C7EC57: to=<stellawambuisn@yahoo.co.uk>, relay=mx-eu.mail.am0.yahoodns.net[188.125.69.79]:25, delay=1.8, delays=0.05/0.07/0.08/1.6, dsn=2.0.0, status=sent (250 ok dirdel 4/2)
Aug  4 11:09:33 mail postfix/smtp[71613]: 14C4C7EC57: to=<rwaruingi@btinternet.com>, relay=mx.bt.lon5.cpcloud.co.uk[65.20.0.49]:25, delay=2.5, delays=0.05/0.02/0.08/2.4, dsn=2.0.0, status=sent (250 <55BF549902860DA2> Mail accepted)
Aug  4 11:09:35 mail postfix/smtp[71615]: 14C4C7EC57: to=<modongo@kcb.co.ke>, relay=mx1.safaricombusiness.co.ke[41.203.208.3]:25, delay=4.2, delays=0.05/0.03/2.6/1.5, dsn=2.0.0, status=sent (250 ok:  Message 1038363882 accepted)
Aug  4 11:09:35 mail postfix/smtp[71615]: 14C4C7EC57: to=<nogutu@kcb.co.ke>, relay=mx1.safaricombusiness.co.ke[41.203.208.3]:25, delay=4.2, delays=0.05/0.03/2.6/1.5, dsn=2.0.0, status=sent (250 ok:  Message 1038363882 accepted)
Aug  4 11:09:35 mail postfix/smtp[71615]: 14C4C7EC57: to=<onlinehelpdesk@kcb.co.ke>, relay=mx1.safaricombusiness.co.ke[41.203.208.3]:25, delay=4.2, delays=0.05/0.03/2.6/1.5, dsn=2.0.0, status=sent (250 ok:  Message 1038363882 accepted)
Aug  4 11:09:36 mail postfix/smtp[71621]: 14C4C7EC57: to=<jamunya@yahoo.com>, relay=mta5.am0.yahoodns.net[98.138.112.32]:25, delay=5.7, delays=0.05/0.07/0.41/5.2, dsn=2.0.0, status=sent (250 ok dirdel 4/0)
Aug  4 11:09:36 mail postfix/smtp[71621]: 14C4C7EC57: to=<ngugijamx@yahoo.com>, relay=mta5.am0.yahoodns.net[98.138.112.32]:25, delay=5.7, delays=0.05/0.07/0.41/5.2, dsn=2.0.0, status=sent (250 ok dirdel 4/0)
Aug  4 11:09:36 mail postfix/smtp[71621]: 14C4C7EC57: to=<nyamburakahara@yahoo.com>, relay=mta5.am0.yahoodns.net[98.138.112.32]:25, delay=5.7, delays=0.05/0.07/0.41/5.2, dsn=2.0.0, status=sent (250 ok dirdel 4/0)
Aug  4 11:09:36 mail postfix/smtp[71621]: 14C4C7EC57: to=<sylky06@yahoo.com>, relay=mta5.am0.yahoodns.net[98.138.112.32]:25, delay=5.7, delays=0.05/0.07/0.41/5.2, dsn=2.0.0, status=sent (250 ok dirdel 4/0)
Aug  4 11:09:43 mail postfix/cleanup[71606]: 968227EC58: message-id=<b35404cfa23e$69d3179e$8efe227b$@example.com>
Aug  4 11:09:43 mail opendkim[24666]: 968227EC58: DKIM-Signature field added (s=mail, d=MYDOMAINCOM2012)
Aug  4 11:09:43 mail postfix/qmgr[27543]: 968227EC58: from=<WambakiwaKing39ori@example.com>, size=2204, nrcpt=20 (queue active)
Aug  4 11:09:43 mail postfix/smtpd[71611]: connect from MAIL.example.com[172.16.0.3]
Aug  4 11:09:43 mail postfix/smtpd[71611]: B0D2D7EC70: client=MAIL.example.com[172.16.0.3]
Aug  4 11:09:43 mail postfix/cleanup[71606]: B0D2D7EC70: message-id=<b35404cfa23e$69d3179e$8efe227b$@example.com>
Aug  4 11:09:43 mail postfix/smtpd[71611]: disconnect from MAIL.example.com[172.16.0.3]
Aug  4 11:09:43 mail postfix/qmgr[27543]: B0D2D7EC70: from=<WambakiwaKing39ori@example.com>, size=2946, nrcpt=20 (queue active)
Aug  4 11:09:43 mail amavis[24687]: (24687-07) Passed CLEAN {RelayedOpenRelay}, [59.88.35.206]:4678 [59.88.35.206] <WambakiwaKing39ori@example.com> -> <PWmunene@british-american.co.ke>,<roquah@dwtltd.com>,<salahuddin@dwtltd.com>,<rajvinder.kaur2@enfield.gov.uk>,<beatrice@extreme-travel.co.uk>,<SBenson@fairpoint.co.uk>,<rose@flyairltd.co.ke>,<pastor.eagles@gmail.com>,<samuelgikuru@gmail.com>,<rick.wambaki@hotmail.co.uk>,<jackiepereira181@hotmail.com>,<wanyikap@hotmail.com>,<rose.wambui@housing.co.ke>,<parts@howardandsons.co.uk>,<rmaore@kcb.co.ke>,<pragnesh.bhatt@omnifmplc.co.uk>,<cakudo@tiscali.co.uk>,<rob@trafficlawyer4u.com>,<phantasy2111@yahoo.com>,<pkimondo@yahoo.com>, Queue-ID: 968227EC58, Message-ID: <b35404cfa23e$69d3179e$8efe227b$@example.com>, mail_id: JR1l308kvN-H, Hits: -, size: 2531, queued_as: B0D2D7EC70, 378 ms
Aug  4 11:09:43 mail postfix/lmtp[71609]: 968227EC58: to=<PWmunene@british-american.co.ke>, relay=172.16.0.3[172.16.0.3]:10024, delay=13, delays=12/0/0.01/0.38, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as B0D2D7EC70)
Aug  4 11:09:43 mail postfix/lmtp[71609]: 968227EC58: to=<roquah@dwtltd.com>, relay=172.16.0.3[172.16.0.3]:10024, delay=13, delays=12/0/0.01/0.38, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as B0D2D7EC70)
Aug  4 11:09:43 mail postfix/lmtp[71609]: 968227EC58: to=<salahuddin@dwtltd.com>, relay=172.16.0.3[172.16.0.3]:10024, delay=13, delays=12/0/0.01/0.38, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as B0D2D7EC70)
Aug  4 11:09:43 mail postfix/lmtp[71609]: 968227EC58: to=<rajvinder.kaur2@enfield.gov.uk>, relay=172.16.0.3[172.16.0.3]:10024, delay=13, delays=12/0/0.01/0.38, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as B0D2D7EC70)
Aug  4 11:09:43 mail postfix/lmtp[71609]: 968227EC58: to=<beatrice@extreme-travel.co.uk>, relay=172.16.0.3[172.16.0.3]:10024, delay=13, delays=12/0/0.01/0.38, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as B0D2D7EC70)
Aug  4 11:09:43 mail postfix/lmtp[71609]: 968227EC58: to=<SBenson@fairpoint.co.uk>, relay=172.16.0.3[172.16.0.3]:10024, delay=13, delays=12/0/0.01/0.38, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as B0D2D7EC70)
Aug  4 11:09:43 mail postfix/lmtp[71609]: 968227EC58: to=<rose@flyairltd.co.ke>, relay=172.16.0.3[172.16.0.3]:10024, delay=13, delays=12/0/0.01/0.38, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as B0D2D7EC70)
Aug  4 11:09:43 mail postfix/lmtp[71609]: 968227EC58: to=<pastor.eagles@gmail.com>, relay=172.16.0.3[172.16.0.3]:10024, delay=13, delays=12/0/0.01/0.38, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as B0D2D7EC70)
Aug  4 11:09:43 mail postfix/lmtp[71609]: 968227EC58: to=<samuelgikuru@gmail.com>, relay=172.16.0.3[172.16.0.3]:10024, delay=13, delays=12/0/0.01/0.38, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as B0D2D7EC70)
Aug  4 11:09:43 mail postfix/lmtp[71609]: 968227EC58: to=<rick.wambaki@hotmail.co.uk>, relay=172.16.0.3[172.16.0.3]:10024, delay=13, delays=12/0/0.01/0.38, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as B0D2D7EC70)
Aug  4 11:09:43 mail postfix/lmtp[71609]: 968227EC58: to=<jackiepereira181@hotmail.com>, relay=172.16.0.3[172.16.0.3]:10024, delay=13, delays=12/0/0.01/0.38, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as B0D2D7EC70)

172.16.0.3 внутренний IP моей mailserver-тюрьмы.

Я испытываю немного затруднений при интерпретации этого журнала. Это означает, что кто-то использует мое имя пользователя (MYEMAIL@example.com) для отправки спама? Если так, затем как возможно и как я фиксирую его?

Это - мой Постфикс main.cf:

### GENERAL
smtpd_banner = $myhostname ESMTP $mail_name
biff = no
append_dot_mydomain = no
daemon_directory = /usr/local/libexec/postfix
command_directory = /usr/local/sbin
myhostname = MAIL.example.com
myorigin = example.com
mydestination = 172.16.0.3
#relayhost =
mynetworks = 172.16.0.0/12 127.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
alias_database = hash:/etc/aliases
alias_maps = $alias_database
message_size_limit = 50000000
smtpd_helo_required = yes

### VIRTUAL
virtual_mailbox_domains = pgsql:/usr/local/etc/postfix/postgres-virtual-mailbox-domains.cf
virtual_mailbox_base = /var/vmail
virtual_mailbox_maps = pgsql:/usr/local/etc/postfix/postgres-virtual-mailbox-maps.cf
virtual_alias_maps = pgsql:/usr/local/etc/postfix/postgres-virtual-alias-maps.cf
virtual_minimum_uid = 150
virtual_uid_maps = static:150
virtual_gid_maps = static:6
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1

### SASL Authentication
smtpd_sasl_auth_enable = yes
smtpd_sasl_exceptions_networks = $mynetworks
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth

smtpd_tls_cert_file = /usr/local/etc/ssl/MAIL.example.com/private.crt
smtpd_tls_key_file = /usr/local/etc/ssl/MAIL.example.com/private.key
smtpd_tls_CAfile = /usr/local/etc/ssl/MAIL.example.com/cacert.pem
smtpd_tls_security_level = may
smtpd_tls_received_header = no
smtpd_tls_loglevel = 1
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
tls_random_source = dev:/dev/urandom

debug_peer_level                = 2
debugger_command                =
show_user_unknown_table_name    = no

### LIMITATIONS
smtpd_client_restrictions =
    permit_mynetworks,
    permit_sasl_authenticated,
    reject_rbl_client ix.dnsbl.manitu.net,
    reject_rbl_client dnsbl.sorbs.net,
    reject_rbl_client sbl-xbl.spamhaus.org,
    reject_rbl_client zen.spamhaus.org,
    reject_rbl_client blackholes.easynet.nl,
    reject_rbl_client dialup.blacklist.jippg.org,
    reject_rbl_client cbl.abuseat.org,
    reject_rbl_client bl.spamcop.net,
    reject_rbl_client sbl.spamhaus.org,
    reject_rbl_client t1.dnsbl.net.au,
    reject_rhsbl_client block.rhs.mailpolice.com,
    reject_rhsbl_client dynamic.rhs.mailpolice.com,
    reject_rhsbl_client rhsbl.sorbs.net,
    reject_rhsbl_client bogusmx.rfc-ignorant.org

smtpd_sender_restrictions =
    permit_mynetworks,
    permit_sasl_authenticated,
    reject_unknown_sender_domain,
    reject_sender_login_mismatch,
    reject_rhsbl_sender rhsbl.sorbs.net,
    reject_rhsbl_sender rddb.dnsbl.net.au,
    reject_rhsbl_sender endn.dnsbl.net.au,
    reject_rhsbl_sender rhsbl.sorbs.net,
    reject_rhsbl_sender block.rhs.mailpolice.com,
    reject_rhsbl_sender dynamic.rhs.mailpolice.com

smtpd_recipient_restrictions =
  permit_mynetworks,
  permit_sasl_authenticated,
  reject_unauth_destination,
  reject_unknown_recipient_domain,
  reject_rbl_client ix.dnsbl.manitu.net,
  reject_rbl_client dnsbl.sorbs.net,
  reject_rbl_client bl.spamcop.net,
  reject_rbl_client zen.spamhaus.org,
  reject_rbl_client dnsbl-1.uceprotect.net


readme_directory = /usr/local/share/doc/postfix
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
html_directory = /usr/local/share/doc/postfix
setgid_group = maildrop
manpage_directory = /usr/local/man
newaliases_path = /usr/local/bin/newaliases
mailq_path = /usr/local/bin/mailq
queue_directory = /var/spool/postfix
mail_owner = postfix
data_directory = /var/db/postfix
disable_vrfy_command = yes
smtpd_delay_reject = yes
content_filter = amavisfeed:[172.16.0.3]:10024
#receive_override_options = no_address_mappings
smtpd_milters = inet:172.16.0.3:54321
non_smtpd_milters = inet:172.16.0.3:54321
milter_default_action = accept
inet_protocols = ipv4

172.16.0.3:54321 OpenDKIM.

И это - мой master.cf:

 smtp      inet  n       -       n       -       -       smtpd
 pickup    unix  n       -       n       60      1       pickup
 cleanup   unix  n       -       n       -       0       cleanup
 qmgr      unix  n       -       n       300     1       qmgr
 tlsmgr    unix  -       -       n       1000?   1       tlsmgr
 rewrite   unix  -       -       n       -       -       trivial-rewrite
 bounce    unix  -       -       n       -       0       bounce
 defer     unix  -       -       n       -       0       bounce
 trace     unix  -       -       n       -       0       bounce
 verify    unix  -       -       n       -       1       verify
 flush     unix  n       -       n       1000?   0       flush
 proxymap  unix  -       -       n       -       -       proxymap
 proxywrite unix -       -       n       -       1       proxymap
 smtp      unix  -       -       n       -       -       smtp
 relay     unix  -       -       n       -       -       smtp
 showq     unix  n       -       n       -       -       showq
 error     unix  -       -       n       -       -       error
 retry     unix  -       -       n       -       -       error
 discard   unix  -       -       n       -       -       discard
 local     unix  -       n       n       -       -       local
 virtual   unix  -       n       n       -       -       virtual
 lmtp      unix  -       -       n       -       -       lmtp
 anvil     unix  -       -       n       -       1       anvil
 scache    unix  -       -       n       -       1       scache
 dovecot    unix  -       n       n       -       -       pipe
    flags=DRhu user=vmail:mail argv=/usr/local/libexec/dovecot/deliver -f ${sender} -d ${user}@${nexthop}
 amavisfeed unix  -       -       n       -       2       lmtp
    -o lmtp_data_done_timeout=1200
    -o lmtp_send_xforward_command=yes
172.16.0.3:10025 inet n - n - - smtpd
   -o content_filter=
   -o smtpd_delay_reject=no
   -o smtpd_client_restrictions=permit_mynetworks,reject
   -o smtpd_helo_restrictions=
   -o smtpd_sender_restrictions=
   -o smtpd_recipient_restrictions=permit_mynetworks,reject
   -o smtpd_data_restrictions=reject_unauth_pipelining
   -o smtpd_end_of_data_restrictions=
   -o smtpd_restriction_classes=
   -o mynetworks=172.16.0.0/12
   -o smtpd_error_sleep_time=0
   -o smtpd_soft_error_limit=1001
   -o smtpd_hard_error_limit=1000
   -o smtpd_client_connection_count_limit=0
   -o smtpd_client_connection_rate_limit=0
   -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters,no_address_mappings
   -o local_header_rewrite_clients=
   -o smtpd_milters=
   -o local_recipient_maps=
   -o relay_recipient_maps=
3
задан 4 August 2015 в 16:39
2 ответа

Означает ли это, что кто-то использует мое имя пользователя (скрытое) для рассылки спама?

ДА

Эта строка журнала была доказательством этого. 

Aug  4 11:09:17 mail postfix/smtpd[71597]: 1AE3B7EC3D: client=unknown[59.88.35.206], sasl_method=PLAIN, sasl_username=MYEMAIL@example.com

Как вы ] permission_sasl_authenticated в main.cf , затем вы разрешаете любому, кто знает ваши учетные данные, отправлять электронную почту через ваш сервер.

Если да, то как это возможно?

Есть много способов сделать это сделать утечку ваших учетных данных.

  • Кейлоггер установлен на вашем компьютере
  • Червь отправляет конфиденциальную информацию (включая ваши учетные данные)
  • Слабый пароль был получен с помощью перебора или угадывания
  • Электронная почта Phising
  • И многие другие ...

и как это исправить?

Сначала отключите учетную запись, либо измените ее статус в postgre или измените пароль на случайный. Определите, как произошла утечка ваших учетных данных, и исправьте эту дыру.

Дополнительные примечания:

Конфигурация вашего постфикса в порядке. Хотя они немного перекрывают друг друга, поскольку вы повторяете некоторые ограничения на каждом этапе. Вы также должны убедиться, что каждый провайдер rhsbl / rbl все еще был активен, поддерживая черный список, чтобы избежать ложных срабатываний.

6
ответ дан 3 December 2019 в 04:52

Журнал показывает, что кто-то получил пароль для учетной записи электронной почты (скрытый) и использует его для отправки СПАМА через сервер.

  • Запись в момент времени 11:09:17 показывает успешную аутентификацию SASL с IP-адреса 59.88.35.206 с именем пользователя (скрытым), запись в 11:09:30 показывает получение и постановку в очередь сообщения с адресом отправителя (скрытым) с двадцатью объявленными получателями по этому соединению.
  • Записи с отметкой времени 11:09:31 показать, что эти двадцать копий сначала пересылаются внутри Postfix, а затем рассылаются получателям.

Наиболее частой причиной такого рода инцидентов является пользователь, попавшийся на фишинговое письмо, в котором ему или ей предлагается ввести свой почтовый адрес и пароль в веб-форме для сбора учетных данных.

Чтобы исправить:

  • Немедленно измените пароль этой учетной записи.
  • Выберите (более) разумный пароль, особенно тот, который больше нигде не используется.
  • Будьте (более) осторожны, не чтобы раскрыть этот пароль кому-либо, в частности, не вводите его ни на каком веб-сайте.
4
ответ дан 3 December 2019 в 04:52

Теги

Похожие вопросы