LINUX.ORG.RU
решено ФорумAdmin

Что происходит с почтовым сервером (postfix+dovecot)?

 , , ,


0

1

Настраивал сервер по этому мануалу.http://help.ubuntu.ru/wiki/%D0%BF%D0%BE%D1%87%D1%82%D0%BE%D0%B2%D1%8B%D0%B9_%D1%81%D0%B5%D1%80%D0%B2%D0%B5%D1%80_%D1%81%D0%BE_%D0%B2%D1%81%D0%B5%D0%BC_%D1%84%D0%B0%D1%80%D1%88%D0%B5%D0%BC_%D0%BD%D0%B0_10.04_lts Дошел пока только до этапа настройки веб-интерфейса, фильтры не настраивал. С сервера кем-то отправляется спам, проверка на relay дала отрицательный результат. Правила перенаправления портов отключал, но спам все-равно отсылается. Значит кто-то авторизовался через pam и изнутри шлет письма? Подскажите, что проверить? 

Dec 18 18:07:27 mail postfix/smtp[2755]: 92A6C48886: host mx.dca.untd.com[64.136.44.37] refused to talk to me: 550 IP айписервера in zen.spamhaus.org : Access Denied, please see www.spamhaus.org 
Dec 18 18:07:28 mail postfix/smtp[2557]: 92A6C48886: to=<frank@thegillco.com>, relay=mx1.emailsrvr.com[98.129.185.131]:25, delay=43, delays=12/30/0.87/0.41, dsn=5.7.1, status=bounced (host mx1.emailsrvr.com[98.129.185.131] said: 554 5.7.1 ACL dns_rbl; Client host [айписервера] blocked using sa-ip4tset.blagr.emailsrvr.com=127.22.0.2 Senderscore. Please visit https://senderscore.org/rtbl/ for more information on why this message could not be delivered (in reply to RCPT TO command))
Dec 18 18:07:28 mail postfix/smtp[2817]: connect to cluster6.us.messagelabs.com[216.82.251.38]:25: Connection timed out
Dec 22 08:31:09 mail postfix/qmgr[3785]: F081548A97: from=<safety@security.com>, size=39025, nrcpt=30 (queue active)
Dec 22 08:31:09 mail postfix/smtp[3803]: 5A7F348AF6: host mailin-01.mx.aol.com[152.163.0.99] refused to talk to me: 554- (RTR:DU)  https://postmaster.aol.com/error-codes#554rtrdu 554  Connecting IP: 1.2.3.4
Dec 22 08:31:09 mail postfix/smtp[3794]: 5A7F348AF6: host mx2.comcast.net[68.87.20.5] refused to talk to me: 554 resimta-ch2-23v.sys.comcast.net comcast 1.2.3.4 found on one or more DNSBLs, see http://postmaster.comcast.net/smtp-error-codes.php#BL000001
Dec 22 08:31:09 mail postfix/qmgr[3785]: 5B04E47D4E: from=<>, size=51084, nrcpt=1 (queue active)
Dec 22 08:31:09 mail postfix/qmgr[3785]: 983F04880E: from=<guard@checked.com>, size=39144, nrcpt=30 (queue active)
Dec 22 08:31:09 mail postfix/qmgr[3785]: 57C34479C7: from=<>, size=41067, nrcpt=1 (queue active)
Вот мой конфиг postfix 
# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/certs/domen.crt
smtpd_tls_key_file = /etc/ssl/private/domen.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination
myhostname = mail.domen.ru
mydomain = domen.ru
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = domen.ru
mydestination = $myhostname, localhost
relayhost = 
relay_domains =
mynetworks = 127.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
virtual_alias_domains = 
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /home/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
broken_sasl_auth_clients = yes
# Запретить ETRN команду
smtpd_etrn_restrictions = reject
# Запретить VRFY команду
disable_vrfy_command = yes
#Требовать наличие EHLO (HELO) команды
smtpd_helo_required = yes
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions = reject_non_fqdn_recipient,
                               reject_unknown_recipient_domain,
                               reject_multi_recipient_bounce,
                               permit_mynetworks,
                               permit_sasl_authenticated,
                               reject_unauth_destination,
                               check_policy_service unix:/var/spool/postfix/postgrey/socket,
                               #reject_rbl_client zen.spamhaus.org,
                               #reject_rbl_client bl.spamcop.net,
                               #reject_rbl_client dnsbl.sorbs.net,
                               reject_invalid_hostname
smtpd_helo_restrictions = permit_mynetworks,
                          permit_sasl_authenticated,
                          reject_non_fqdn_helo_hostname,
                          reject_invalid_helo_hostname

smtpd_data_restrictions = permit_mynetworks,
                          permit_sasl_authenticated,
                          reject_unauth_pipelining,
                          reject_multi_recipient_bounce,

smtpd_sender_restrictions = permit_mynetworks,
                            permit_sasl_authenticated,
                            reject_non_fqdn_sender,
                            reject_unknown_sender_domain
smtpd_sasl_security_options = noanonymous
#smtpd_sender_restrictions = yes
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
proxy_read_maps = $local_recipient_maps $mydestination 
	$virtual_alias_maps $virtual_alias_domains
	$virtual_mailbox_maps $virtual_mailbox_domains
	$relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks

Сходить на spamhaus.org и проверить, действительно твой ip сидит в blacklist-e.

Cмотреть логи почтового сервера.

vlb ★★★
()

Пока был открытым релеем накопилась очередь на отправку.

anovikov
() автор топика
Вы не можете добавлять комментарии в эту тему. Тема перемещена в архив.
Admin