ちょっと仮定してみましょう。私のクライアントの Web サイトは、thatshowithappened.com
数週間前に私たちのサーバーがオープン リレーだったのですが、それを修正しました。
そして今、
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_recipient_restrictions =
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unlisted_recipient,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_rbl_client zen.spamhaus.org=127.0.0.[2..11]
# check_policy_service inet:127.0.0.1:10101,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client psbl.surriel.com,
# reject_rbl_client dnsbl.sorbs.net,
reject_rbl_client b.barracudacentral.org
それはうまくいきましたが、私は誤ってメッセージキューをフラッシュしました。これで、どのスクリプトがSPAMを送信したのかわかりません。すでにそれがではないことを確認したのでCRON Job、これが私のメールログに入るのです。
Mar 20 06:39:53 thatshowithappened postfix/smtpd[1413]: NOQUEUE: reject: RCPT from hwsrv-234497.hostwindsdns.com[104.168.142.169]: 554 5.7.1 Service unavailable; Client host [104.168.142.169] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/104.168.142.169; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<hwsrv-234497.hostwindsdns.com>
Mar 20 06:39:57 thatshowithappened postfix/smtpd[1411]: NOQUEUE: reject: RCPT from hwsrv-234497.hostwindsdns.com[104.168.142.169]: 554 5.7.1 Service unavailable; Client host [104.168.142.169] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/104.168.142.169; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<hwsrv-234497.hostwindsdns.com>
Mar 20 06:40:00 thatshowithappened postfix/smtpd[1413]: NOQUEUE: reject: RCPT from hwsrv-234497.hostwindsdns.com[104.168.142.169]: 554 5.7.1 Service unavailable; Client host [104.168.142.169] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/104.168.142.169; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<hwsrv-234497.hostwindsdns.com>
Mar 20 06:40:03 thatshowithappened postfix/smtpd[1411]: NOQUEUE: reject: RCPT from hwsrv-234497.hostwindsdns.com[104.168.142.169]: 554 5.7.1 Service unavailable; Client host [104.168.142.169] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/104.168.142.169; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<hwsrv-234497.hostwindsdns.com>
Mar 20 06:40:07 thatshowithappened postfix/smtpd[1413]: NOQUEUE: reject: RCPT from hwsrv-234497.hostwindsdns.com[104.168.142.169]: 554 5.7.1 Service unavailable; Client host [104.168.142.169] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/104.168.142.169; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<hwsrv-234497.hostwindsdns.com>
Mar 20 06:40:10 thatshowithappened postfix/smtpd[1411]: NOQUEUE: reject: RCPT from hwsrv-234497.hostwindsdns.com[104.168.142.169]: 554 5.7.1 Service unavailable; Client host [104.168.142.169] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/104.168.142.169; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<hwsrv-234497.hostwindsdns.com>
Mar 20 06:40:13 thatshowithappened postfix/smtpd[1413]: NOQUEUE: reject: RCPT from hwsrv-234497.hostwindsdns.com[104.168.142.169]: 554 5.7.1 Service unavailable; Client host [104.168.142.169] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/104.168.142.169; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<hwsrv-234497.hostwindsdns.com>
Mar 20 06:40:16 thatshowithappened postfix/smtpd[1411]: NOQUEUE: reject: RCPT from hwsrv-234497.hostwindsdns.com[104.168.142.169]: 554 5.7.1 Service unavailable; Client host [104.168.142.169] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/104.168.142.169; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<hwsrv-234497.hostwindsdns.com>
Mar 20 06:40:19 thatshowithappened postfix/smtpd[1413]: NOQUEUE: reject: RCPT from hwsrv-234497.hostwindsdns.com[104.168.142.169]: 554 5.7.1 Service unavailable; Client host [104.168.142.169] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/104.168.142.169; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<hwsrv-234497.hostwindsdns.com>
Mar 20 06:40:22 thatshowithappened postfix/smtpd[1411]: NOQUEUE: reject: RCPT from hwsrv-234497.hostwindsdns.com[104.168.142.169]: 554 5.7.1 Service unavailable; Client host [104.168.142.169] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/104.168.142.169; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<hwsrv-234497.hostwindsdns.com>
Mar 20 06:40:31 thatshowithappened postfix/smtpd[1411]: NOQUEUE: reject: RCPT from hwsrv-234497.hostwindsdns.com[104.168.142.169]: 554 5.7.1 Service unavailable; Client host [104.168.142.169] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/104.168.142.169; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<hwsrv-234497.hostwindsdns.com>
Mar 20 06:40:35 thatshowithappened postfix/smtpd[1413]: NOQUEUE: reject: RCPT from hwsrv-234497.hostwindsdns.com[104.168.142.169]: 554 5.7.1 Service unavailable; Client host [104.168.142.169] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/104.168.142.169; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<hwsrv-234497.hostwindsdns.com>
Mar 20 06:40:38 thatshowithappened postfix/smtpd[1411]: NOQUEUE: reject: RCPT from hwsrv-234497.hostwindsdns.com[104.168.142.169]: 554 5.7.1 Service unavailable; Client host [104.168.142.169] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/104.168.142.169; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<hwsrv-234497.hostwindsdns.com>
Mar 20 06:40:41 thatshowithappened postfix/smtpd[1413]: NOQUEUE: reject: RCPT from hwsrv-234497.hostwindsdns.com[104.168.142.169]: 554 5.7.1 Service unavailable; Client host [104.168.142.169] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/104.168.142.169; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<hwsrv-234497.hostwindsdns.com>
Mar 20 06:40:44 thatshowithappened postfix/smtpd[1411]: NOQUEUE: reject: RCPT from hwsrv-234497.hostwindsdns.com[104.168.142.169]: 554 5.7.1 Service unavailable; Client host [104.168.142.169] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/104.168.142.169; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<hwsrv-234497.hostwindsdns.com>
Mar 20 06:40:48 thatshowithappened postfix/smtpd[1413]: NOQUEUE: reject: RCPT from hwsrv-234497.hostwindsdns.com[104.168.142.169]: 554 5.7.1 Service unavailable; Client host [104.168.142.169] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/104.168.142.169; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<hwsrv-234497.hostwindsdns.com>
Mar 20 06:40:50 thatshowithappened postfix/smtpd[1411]: NOQUEUE: reject: RCPT from hwsrv-234497.hostwindsdns.com[104.168.142.169]: 554 5.7.1 Service unavailable; Client host [104.168.142.169] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/104.168.142.169; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<hwsrv-234497.hostwindsdns.com>
Mar 20 06:40:54 thatshowithappened postfix/smtpd[1413]: NOQUEUE: reject: RCPT from hwsrv-234497.hostwindsdns.com[104.168.142.169]: 554 5.7.1 Service unavailable; Client host [104.168.142.169] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/104.168.142.169; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<hwsrv-234497.hostwindsdns.com>
Mar 20 06:40:57 thatshowithappened postfix/smtpd[1411]: NOQUEUE: reject: RCPT from hwsrv-234497.hostwindsdns.com[104.168.142.169]: 554 5.7.1 Service unavailable; Client host [104.168.142.169] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/104.168.142.169; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<hwsrv-234497.hostwindsdns.com>
Mar 20 06:41:00 thatshowithappened postfix/smtpd[1413]: NOQUEUE: reject: RCPT from hwsrv-234497.hostwindsdns.com[104.168.142.169]: 554 5.7.1 Service unavailable; Client host [104.168.142.169] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/104.168.142.169; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<hwsrv-234497.hostwindsdns.com>
Mar 20 06:41:03 thatshowithappened postfix/smtpd[1411]: NOQUEUE: reject: RCPT from hwsrv-234497.hostwindsdns.com[104.168.142.169]: 554 5.7.1 Service unavailable; Client host [104.168.142.169] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/104.168.142.169; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<hwsrv-234497.hostwindsdns.com>
Mar 20 06:41:07 thatshowithappened postfix/smtpd[1413]: NOQUEUE: reject: RCPT from hwsrv-234497.hostwindsdns.com[104.168.142.169]: 554 5.7.1 Service unavailable; Client host [104.168.142.169] blocked
どうやらそこに単語の辞書スパマーが私たちのドメインで使用しているものなのでthatshowithappened.com、どこを見ればよいのか、少なくともどのように知ればよいのかわかりません。メッセージヘッダーメッセージが送信された後送信済みまたは拒否された上記のように。
試してみました
mailqがpostqueue -p
、常に空です。メッセージはキューにも延期もされていないので、これは本当ですよね?
# postcat -q 4DEC51723309
postcat: fatal: open queue file 4DEC51723309: No such file or directory
CPU は 90% - 100% の間なので、スパムは送信されませんが、マシン (Postfix 2.x を実行している Centos7) が停止します。
私たちに何をすべきか提案はありますか? これをデバッグする他の方法はありますか?
PS: 私は有効にしましたPHP ヘッダーどのスクリプトがスパムを送信しているかを追跡するため mail.add_x_header = On mail.log = /var/log/phpmail.log
ところで、この質問は「PC が動作しません。どうすればいいですか?:D
チェックアウトしてみましたその他の質問のようにこれ私のものと似ていますが、運がありません。
ご協力をお願いします。
答え1
あなたが投稿したログ エントリは、他のマシンがあなたのメール サーバーを介してスパムを中継しようとしているが、あなたのメール サーバーがそれを拒否していることを示しています。
これが CPU 負荷の上昇の原因である場合は、リモート IP アドレスを一時的にファイアウォールで保護して接続できないようにすることを検討してください。これにより、すぐに問題が解消されるはずです。
iptables -I INPUT -s 104.168.142.169 -j DROP
fail2ban を使用してこれを行うこともできます。これは、postfix ログを処理する jail がすでに事前設定されているため、有効にするだけで済みます。たとえば、次のように入力しますjail.local。
[postfix]
enabled = true