0

我已经在我的 VPS 上安装了 webmin。我在那个 vps 上只托管一个域

我使用后缀作为 MTA

我遇到了未知用户从我的服务器发送电子邮件的奇怪问题。以下是来自未知发件人的示例电子邮件标头,如何阻止未知发件人使用我的服务器发送电子邮件。(发送的电子邮件数量以千计)

----------------------------------------------------------------------------------
Received: from User (208-40-36-163.ipv4.firstcomm.com [208.40.36.163])
     by control.shanbhags.com (Postfix) with ESMTPA id 00119874C75A;
     Fri, 29 Nov 2013 20:34:50 +0000 (GMT)
Reply-To: <al.frk005@email.ua>
From: "Albert Frank"<test@email.com>
Subject: 29/11/2013.
Date: Fri, 29 Nov 2013 15:34:51 -0500
MIME-Version: 1.0
Content-Type: text/plain;
     charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
-------------------------------------------------------------

我的 main.cf 文件

------------------------
# postfix config file

# uncomment for debugging if needed
soft_bounce=yes

# postfix main
setgid_group = postdrop
delay_warning_time = 4

# postfix paths
html_directory = no
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.2.2/samples
readme_directory = /usr/share/doc/postfix-2.2.2/README_FILES

# network settings
mydomain = control.example.com
myhostname = control.example.com
mynetworks = all
relay_domains = proxy:mysql:/etc/zpanel/configs/postfix/mysql-relay_domains_maps.cf

# mail delivery
recipient_delimiter = +

# mappings
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
transport_maps = hash:/etc/postfix/transport
#local_recipient_maps =

# virtual setup
virtual_alias_maps = proxy:mysql:/etc/zpanel/configs/postfix/mysql-virtual_alias_maps.cf,
                     regexp:/etc/zpanel/configs/postfix/virtual_regexp
virtual_mailbox_base = /var/zpanel/vmail
virtual_mailbox_domains = proxy:mysql:/etc/zpanel/configs/postfix/mysql-virtual_domains_maps.cf
virtual_mailbox_maps = proxy:mysql:/etc/zpanel/configs/postfix/mysql-virtual_mailbox_maps.cf
virtual_mailbox_limit_maps = proxy:mysql:/etc/zpanel/configs/postfix/mysql-virtual_mailbox_limit_maps.cf
virtual_minimum_uid = 101
virtual_uid_maps = static:101
virtual_gid_maps = static:12
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1

# debugging
debug_peer_level = 2
debugger_command =
         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
         xxgdb $daemon_directory/$process_name $process_id & sleep 5

# authentication
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth

# tls config
smtp_use_tls = no
smtpd_use_tls = no
#smtp_tls_note_starttls_offer = yes
#smtpd_tls_loglevel = 1
#smtpd_tls_received_header = yes
#smtpd_tls_session_cache_timeout = 3600s
#tls_random_source = dev:/dev/urandom
#smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
# Change mail.example.com.* to your host name
#smtpd_tls_key_file = /etc/pki/tls/private/mail.example.com.key
#smtpd_tls_cert_file = /etc/pki/tls/certs/mail.example.com.crt
# smtpd_tls_CAfile = /etc/pki/tls/root.crt

# rules restrictions
smtpd_client_restrictions = permit_mynetworks permit_inet_interfaces reject_unknown_reverse_client_hostname permit_tls_all_clientcerts
smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks reject_unauth_destination reject_non_fqdn_sender reject_non_fqdn_recipient reject_unknown_recipient_domain reject_rbl_client zen.spamhaus.org reject_rbl_client bl.spamcop.net reject_rbl_client dnsbl.sorbs.net permit_inet_interfaces reject_unknown_reverse_client_hostname
# uncomment for realtime black list checks

smtpd_helo_required = yes
unknown_local_recipient_reject_code = 550
disable_vrfy_command = yes
smtpd_data_restrictions = reject_unauth_pipelining

sender_bcc_maps = hash:/etc/postfix/sender_bcc
recipient_bcc_maps = hash:/etc/postfix/recipient_bcc
always_bcc = [my email address]
mynetworks_style = host
deliver_lock_attempts = 5
default_process_limit = 50000
header_size_limit = 2024
duplicate_filter_limit = 50
qmgr_message_active_limit = 500
smtpd_recipient_limit = 20
mydestination = localhost.$mydomain, localhost
default_destination_recipient_limit = 20
maximal_queue_lifetime = 1d
smtpd_sender_restrictions = permit_sasl_authenticated,        permit_mynetworks,        reject_unauth_destination,        reject_non_fqdn_sender,        reject_unknown_sender_domain,       reject_non_fqdn_recipient,        reject_unknown_recipient_domain       ,reject_rbl_client zen.spamhaus.org       ,reject_rbl_client bl.spamcop.net       ,reject_rbl_client dnsbl.sorbs.netsmtp_sasl_auth_enable = yes
line_length_limit = 4048
--------------------------------
4

1 回答 1

0

如果您还没有阅读Postfix SMTP 中继和访问控制,请立即阅读。那里有许多关于确保您的 Postfix 服务器安全的指南。尤其是:

    By default, Postfix has a moderately restrictive approach to mail relaying.
    Postfix forwards mail only from clients in trusted networks, from clients
    that have authenticated with SASL, or to domains that are configured as
    authorized relay destinations.

如果您添加或删除了任何限制smtpd_relay_restrictions,请非常仔细地查看它们,以确保您没有让它们变得比需要的更宽松。

编辑:在您的特定情况下,这几乎肯定是问题所在:

    mynetworks = all

mynetworks变量应仅包含您直接拥有或控制的网络,例如安装邮件服务器的办公室中的 LAN。请参阅后缀配置参数:

mynetworks(默认:参见“postconf -d”输出)

比“陌生人”拥有更多权限的“受信任”远程 SMTP 客户端列表。

特别是,“受信任的” SMTP 客户端可以通过 Postfix 中继邮件。

您的配置可能还有其他问题,但这是跳出来的问题。

于 2013-11-30T05:55:28.907 回答