我们的邮件服务器面临问题。我们有两个服务器用于邮件系统,一个是POP(安装了Dovecot),另一个是SMTP(postfix,amavis,pyzor,razor只安装和发送)。两台服务器都安装了iredmail实例。 SMTP记录在SMTP中。我们在两台服务器上都有一个共享用户数据库,并在SMTP服务器中配置SASL身份验证。我们已经通过实现Header Check PCRE来停止后向散射。
现在我们面临伪造地址垃圾邮件发送,其中用户ID为something@mydomain.com,我们的系统可以传递此邮件。请帮助我,这样我就可以配置一个用户名列表(即hash:/etc/postfix/clean_sender)或指向mysql数据库,如果有任何用户名输入的邮件与此列表不匹配,它将立即丢弃。
问题的一个例子是shown in this extract from our logs:
*** ENVELOPE RECORDS active/XXXXX ***
message_size: 49356 785 1 0 49356
message_arrival_time: XXXXX
create_time: XXXXX
content_filter: smtp-amavis:[127.0.0.1]:10024
named_attribute: log_ident= XXXXX
named_attribute: rewrite_context=remote
sender: u@ XXXXX.com
named_attribute: log_client_name= XXXXX
named_attribute: log_client_address= XXXXX
named_attribute: log_client_port=51472
named_attribute: log_message_origin= XXXXX
named_attribute: log_helo_name= XXXXX
named_attribute: log_protocol_name=ESMTP
named_attribute: client_name= XXXXX
named_attribute: reverse_client_name= XXXXX
named_attribute: client_address= XXXXX
named_attribute: client_port=51472
named_attribute: helo_name= XXXXX
named_attribute: protocol_name=ESMTP
named_attribute: client_address_type=2
named_attribute: dsn_orig_rcpt=rfc822;bob.baxter@charles-stanley.co.uk
original_recipient:
recipient: bob.baxter@charles-stanley.co.uk
*** MESSAGE CONTENTS active/75C6734077E ***
Received: from ip245c164.banglalionwimax.com (XXXXX)
by smtp. XXXXX.com (Postfix) with ESMTP id XXXXX
for <bob.baxter@charles-stanley.co.uk>; XXXXX
Message-ID: <7521347.20150606135549@barretthead.com
Date: XXXXX
Subject: Wesley, use you personal coupon - nayfeith
From: "Harris" <fgbagrlidak@e-sil.com>
To: <bob.baxter@charles-stanley.co.uk>
MIME-Version: 1.0
X-Priority: 3
Precedence: bulk
Content-Type: multipart/mixed;
boundary="O74xv3RG7hejSBa3"