我在我的VPS上安装了webmin。 我只在该vps上托管一个域
我使用postfix作为MTA
我有一个奇怪的问题,即未知用户从我的服务器发送电子邮件。 以下是来自未知发件人的示例电子邮件标题,如何阻止未知发件人使用我的服务器发送电子邮件。 (发送的电子邮件数量为数千)
----------------------------------------------------------------------------------
Received: from User (208-40-36-163.ipv4.firstcomm.com [208.40.36.163])
by control.shanbhags.com (Postfix) with ESMTPA id 00119874C75A;
Fri, 29 Nov 2013 20:34:50 +0000 (GMT)
Reply-To: <al.frk005@email.ua>
From: "Albert Frank"<test@email.com>
Subject: 29/11/2013.
Date: Fri, 29 Nov 2013 15:34:51 -0500
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
-------------------------------------------------------------
我的main.cf文件
------------------------
# postfix config file
# uncomment for debugging if needed
soft_bounce=yes
# postfix main
setgid_group = postdrop
delay_warning_time = 4
# postfix paths
html_directory = no
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.2.2/samples
readme_directory = /usr/share/doc/postfix-2.2.2/README_FILES
# network settings
mydomain = control.example.com
myhostname = control.example.com
mynetworks = all
relay_domains = proxy:mysql:/etc/zpanel/configs/postfix/mysql-relay_domains_maps.cf
# mail delivery
recipient_delimiter = +
# mappings
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
transport_maps = hash:/etc/postfix/transport
#local_recipient_maps =
# virtual setup
virtual_alias_maps = proxy:mysql:/etc/zpanel/configs/postfix/mysql-virtual_alias_maps.cf,
regexp:/etc/zpanel/configs/postfix/virtual_regexp
virtual_mailbox_base = /var/zpanel/vmail
virtual_mailbox_domains = proxy:mysql:/etc/zpanel/configs/postfix/mysql-virtual_domains_maps.cf
virtual_mailbox_maps = proxy:mysql:/etc/zpanel/configs/postfix/mysql-virtual_mailbox_maps.cf
virtual_mailbox_limit_maps = proxy:mysql:/etc/zpanel/configs/postfix/mysql-virtual_mailbox_limit_maps.cf
virtual_minimum_uid = 101
virtual_uid_maps = static:101
virtual_gid_maps = static:12
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
# debugging
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
# authentication
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
# tls config
smtp_use_tls = no
smtpd_use_tls = no
#smtp_tls_note_starttls_offer = yes
#smtpd_tls_loglevel = 1
#smtpd_tls_received_header = yes
#smtpd_tls_session_cache_timeout = 3600s
#tls_random_source = dev:/dev/urandom
#smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
# Change mail.example.com.* to your host name
#smtpd_tls_key_file = /etc/pki/tls/private/mail.example.com.key
#smtpd_tls_cert_file = /etc/pki/tls/certs/mail.example.com.crt
# smtpd_tls_CAfile = /etc/pki/tls/root.crt
# rules restrictions
smtpd_client_restrictions = permit_mynetworks permit_inet_interfaces reject_unknown_reverse_client_hostname permit_tls_all_clientcerts
smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks reject_unauth_destination reject_non_fqdn_sender reject_non_fqdn_recipient reject_unknown_recipient_domain reject_rbl_client zen.spamhaus.org reject_rbl_client bl.spamcop.net reject_rbl_client dnsbl.sorbs.net permit_inet_interfaces reject_unknown_reverse_client_hostname
# uncomment for realtime black list checks
smtpd_helo_required = yes
unknown_local_recipient_reject_code = 550
disable_vrfy_command = yes
smtpd_data_restrictions = reject_unauth_pipelining
sender_bcc_maps = hash:/etc/postfix/sender_bcc
recipient_bcc_maps = hash:/etc/postfix/recipient_bcc
always_bcc = [my email address]
mynetworks_style = host
deliver_lock_attempts = 5
default_process_limit = 50000
header_size_limit = 2024
duplicate_filter_limit = 50
qmgr_message_active_limit = 500
smtpd_recipient_limit = 20
mydestination = localhost.$mydomain, localhost
default_destination_recipient_limit = 20
maximal_queue_lifetime = 1d
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_non_fqdn_recipient, reject_unknown_recipient_domain ,reject_rbl_client zen.spamhaus.org ,reject_rbl_client bl.spamcop.net ,reject_rbl_client dnsbl.sorbs.netsmtp_sasl_auth_enable = yes
line_length_limit = 4048
--------------------------------
答案 0 :(得分:0)
如果您还没有阅读Postfix SMTP relay and access control,请立即阅读。有许多指导方针可以确保您的Postfix服务器是安全的。特别是:
By default, Postfix has a moderately restrictive approach to mail relaying.
Postfix forwards mail only from clients in trusted networks, from clients
that have authenticated with SASL, or to domains that are configured as
authorized relay destinations.
如果您已对smtpd_relay_restrictions
添加或删除了任何限制,请仔细检查以确保您没有比他们需要的更宽松。
编辑:在您的特定情况下,这几乎肯定是问题所在:
mynetworks = all
mynetworks
变量应仅包含您直接拥有或控制的网络,例如安装邮件服务器的办公室中的LAN。见Postfix Configuration Parameters:
mynetworks (默认:请参阅“postconf -d”输出)
具有比“陌生人”更多权限的“受信任”远程SMTP客户端列表。
特别是,“受信任的”SMTP客户端可以通过Postfix中继邮件。
您的配置可能还有其他问题,但这是一个跳出来的问题。