可能攻击postfix服务器

时间:2015-05-26 15:10:05

标签: email debian postfix-mta

我担心我的vps服务器受到攻击,因为后缀日志包含数百行这些消息:

May 24 10:50:32 ukvps postfix/smtpd[29971]: warning: hostname xep9.flink.uz does not resolve to address 91.234.218.9: Name or service not known
May 24 10:50:32 ukvps postfix/smtpd[29971]: connect from unknown[91.234.218.9]
May 24 10:50:33 ukvps postfix/smtpd[29971]: lost connection after UNKNOWN from unknown[91.234.218.9]
May 24 10:50:33 ukvps postfix/smtpd[29971]: disconnect from unknown[91.234.218.9]
May 24 10:53:53 ukvps postfix/anvil[29724]: statistics: max connection rate 77/60s for (smtp:91.234.218.9) at > May 24 10:48:31
May 24 10:53:53 ukvps postfix/anvil[29724]: statistics: max connection count 1 for (smtp:91.234.218.9) at > May 24 10:47:31
May 24 10:53:53 ukvps postfix/anvil[29724]: statistics: max cache size 1 at May 24 10:47:31

May 26 10:51:56 ukvps postfix/smtpd[13694]: warning: hostname myco-bio.com does not resolve to address 112.72.13.230
May 26 10:51:56 ukvps postfix/smtpd[13694]: connect from unknown[112.72.13.230]
May 26 10:51:57 ukvps postfix/smtpd[13694]: lost connection after UNKNOWN from unknown[112.72.13.230]
May 26 10:51:57 ukvps postfix/smtpd[13694]: disconnect from unknown[112.72.13.230]
May 26 10:52:19 ukvps postfix/smtpd[13694]: warning: hostname myco-bio.com does not resolve to address 112.72.13.230
May 26 10:52:19 ukvps postfix/smtpd[13694]: connect from unknown[112.72.13.230]
May 26 10:52:20 ukvps postfix/anvil[12258]: statistics: max connection rate 8/60s for (smtp:112.72.13.230) at May 26 10:42:43
May 26 10:52:20 ukvps postfix/anvil[12258]: statistics: max connection count 1 for (smtp:112.72.13.230) at May 26 10:42:21
May 26 10:52:20 ukvps postfix/anvil[12258]: statistics: max cache size 1 at May 26 10:46:06
  

ii postfix 2.9.6-2 amd64高性能邮件传输代理

此外,有些客户正在回复我们域中不存在的用户的垃圾邮件投诉。

感谢任何帮助,谢谢。

1 个答案:

答案 0 :(得分:1)

这看起来像一些portscan或其他扫描尝试。它们连接,发出一些无效命令,然后断开连接。他们不会尝试发送任何电子邮件,因为在这种情况下,您会在后缀日志信息中看到有关接受这些电子邮件或拒绝这些电子邮件的信息。

关于第二个问题,您可能是反向散射垃圾邮件的受害者。一些垃圾邮件发送者使用您的域名发送垃圾邮件。他们使用您的电子邮件地址(例如anything@domain.com)从僵尸网络或任何地方发送垃圾邮件。当该邮件无法投递时,您的用户将收到该退回邮件。当他们定义了catch-all地址(*@domain.com被送到某个邮箱)时,情况会更糟。您无能为力,因为它完全失控于您的服务器或您的域。拥有严格的SPF记录你几乎无能为力,但它没有多大帮助。

相关问题
最新问题