잠시 동안 가정해 보겠습니다. 제 고객의 웹사이트는 다음과 같습니다. thatshowithappened.com
몇 주 전에 우리 서버가 오픈 릴레이였기 때문에 이를 고쳤습니다.
그리고 이제 넣은 후
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_recipient_restrictions =
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unlisted_recipient,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_rbl_client zen.spamhaus.org=127.0.0.[2..11]
# check_policy_service inet:127.0.0.1:10101,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client psbl.surriel.com,
# reject_rbl_client dnsbl.sorbs.net,
reject_rbl_client b.barracudacentral.org
그것은 속임수를 썼고 실수로 메시지 대기열을 플러시했습니다. 이제 스팸 발송을 담당한 스크립트가 무엇인지 알 수 없습니다. 이미 가 아닌 것을 확인했기 때문에 CRON Job이것이 내 메일 로그에 들어가는 내용입니다.
Mar 20 06:39:53 thatshowithappened postfix/smtpd[1413]: NOQUEUE: reject: RCPT from hwsrv-234497.hostwindsdns.com[104.168.142.169]: 554 5.7.1 Service unavailable; Client host [104.168.142.169] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/104.168.142.169; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<hwsrv-234497.hostwindsdns.com>
Mar 20 06:39:57 thatshowithappened postfix/smtpd[1411]: NOQUEUE: reject: RCPT from hwsrv-234497.hostwindsdns.com[104.168.142.169]: 554 5.7.1 Service unavailable; Client host [104.168.142.169] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/104.168.142.169; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<hwsrv-234497.hostwindsdns.com>
Mar 20 06:40:00 thatshowithappened postfix/smtpd[1413]: NOQUEUE: reject: RCPT from hwsrv-234497.hostwindsdns.com[104.168.142.169]: 554 5.7.1 Service unavailable; Client host [104.168.142.169] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/104.168.142.169; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<hwsrv-234497.hostwindsdns.com>
Mar 20 06:40:03 thatshowithappened postfix/smtpd[1411]: NOQUEUE: reject: RCPT from hwsrv-234497.hostwindsdns.com[104.168.142.169]: 554 5.7.1 Service unavailable; Client host [104.168.142.169] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/104.168.142.169; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<hwsrv-234497.hostwindsdns.com>
Mar 20 06:40:07 thatshowithappened postfix/smtpd[1413]: NOQUEUE: reject: RCPT from hwsrv-234497.hostwindsdns.com[104.168.142.169]: 554 5.7.1 Service unavailable; Client host [104.168.142.169] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/104.168.142.169; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<hwsrv-234497.hostwindsdns.com>
Mar 20 06:40:10 thatshowithappened postfix/smtpd[1411]: NOQUEUE: reject: RCPT from hwsrv-234497.hostwindsdns.com[104.168.142.169]: 554 5.7.1 Service unavailable; Client host [104.168.142.169] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/104.168.142.169; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<hwsrv-234497.hostwindsdns.com>
Mar 20 06:40:13 thatshowithappened postfix/smtpd[1413]: NOQUEUE: reject: RCPT from hwsrv-234497.hostwindsdns.com[104.168.142.169]: 554 5.7.1 Service unavailable; Client host [104.168.142.169] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/104.168.142.169; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<hwsrv-234497.hostwindsdns.com>
Mar 20 06:40:16 thatshowithappened postfix/smtpd[1411]: NOQUEUE: reject: RCPT from hwsrv-234497.hostwindsdns.com[104.168.142.169]: 554 5.7.1 Service unavailable; Client host [104.168.142.169] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/104.168.142.169; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<hwsrv-234497.hostwindsdns.com>
Mar 20 06:40:19 thatshowithappened postfix/smtpd[1413]: NOQUEUE: reject: RCPT from hwsrv-234497.hostwindsdns.com[104.168.142.169]: 554 5.7.1 Service unavailable; Client host [104.168.142.169] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/104.168.142.169; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<hwsrv-234497.hostwindsdns.com>
Mar 20 06:40:22 thatshowithappened postfix/smtpd[1411]: NOQUEUE: reject: RCPT from hwsrv-234497.hostwindsdns.com[104.168.142.169]: 554 5.7.1 Service unavailable; Client host [104.168.142.169] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/104.168.142.169; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<hwsrv-234497.hostwindsdns.com>
Mar 20 06:40:31 thatshowithappened postfix/smtpd[1411]: NOQUEUE: reject: RCPT from hwsrv-234497.hostwindsdns.com[104.168.142.169]: 554 5.7.1 Service unavailable; Client host [104.168.142.169] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/104.168.142.169; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<hwsrv-234497.hostwindsdns.com>
Mar 20 06:40:35 thatshowithappened postfix/smtpd[1413]: NOQUEUE: reject: RCPT from hwsrv-234497.hostwindsdns.com[104.168.142.169]: 554 5.7.1 Service unavailable; Client host [104.168.142.169] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/104.168.142.169; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<hwsrv-234497.hostwindsdns.com>
Mar 20 06:40:38 thatshowithappened postfix/smtpd[1411]: NOQUEUE: reject: RCPT from hwsrv-234497.hostwindsdns.com[104.168.142.169]: 554 5.7.1 Service unavailable; Client host [104.168.142.169] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/104.168.142.169; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<hwsrv-234497.hostwindsdns.com>
Mar 20 06:40:41 thatshowithappened postfix/smtpd[1413]: NOQUEUE: reject: RCPT from hwsrv-234497.hostwindsdns.com[104.168.142.169]: 554 5.7.1 Service unavailable; Client host [104.168.142.169] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/104.168.142.169; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<hwsrv-234497.hostwindsdns.com>
Mar 20 06:40:44 thatshowithappened postfix/smtpd[1411]: NOQUEUE: reject: RCPT from hwsrv-234497.hostwindsdns.com[104.168.142.169]: 554 5.7.1 Service unavailable; Client host [104.168.142.169] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/104.168.142.169; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<hwsrv-234497.hostwindsdns.com>
Mar 20 06:40:48 thatshowithappened postfix/smtpd[1413]: NOQUEUE: reject: RCPT from hwsrv-234497.hostwindsdns.com[104.168.142.169]: 554 5.7.1 Service unavailable; Client host [104.168.142.169] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/104.168.142.169; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<hwsrv-234497.hostwindsdns.com>
Mar 20 06:40:50 thatshowithappened postfix/smtpd[1411]: NOQUEUE: reject: RCPT from hwsrv-234497.hostwindsdns.com[104.168.142.169]: 554 5.7.1 Service unavailable; Client host [104.168.142.169] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/104.168.142.169; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<hwsrv-234497.hostwindsdns.com>
Mar 20 06:40:54 thatshowithappened postfix/smtpd[1413]: NOQUEUE: reject: RCPT from hwsrv-234497.hostwindsdns.com[104.168.142.169]: 554 5.7.1 Service unavailable; Client host [104.168.142.169] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/104.168.142.169; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<hwsrv-234497.hostwindsdns.com>
Mar 20 06:40:57 thatshowithappened postfix/smtpd[1411]: NOQUEUE: reject: RCPT from hwsrv-234497.hostwindsdns.com[104.168.142.169]: 554 5.7.1 Service unavailable; Client host [104.168.142.169] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/104.168.142.169; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<hwsrv-234497.hostwindsdns.com>
Mar 20 06:41:00 thatshowithappened postfix/smtpd[1413]: NOQUEUE: reject: RCPT from hwsrv-234497.hostwindsdns.com[104.168.142.169]: 554 5.7.1 Service unavailable; Client host [104.168.142.169] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/104.168.142.169; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<hwsrv-234497.hostwindsdns.com>
Mar 20 06:41:03 thatshowithappened postfix/smtpd[1411]: NOQUEUE: reject: RCPT from hwsrv-234497.hostwindsdns.com[104.168.142.169]: 554 5.7.1 Service unavailable; Client host [104.168.142.169] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/104.168.142.169; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<hwsrv-234497.hostwindsdns.com>
Mar 20 06:41:07 thatshowithappened postfix/smtpd[1413]: NOQUEUE: reject: RCPT from hwsrv-234497.hostwindsdns.com[104.168.142.169]: 554 5.7.1 Service unavailable; Client host [104.168.142.169] blocked
거기 있는 것 같아단어 사전스패머가 우리 도메인을 사용하고 있습니다 thatshowithappened.com. 어디를 봐야 할지, 적어도 어떻게 알 수 있는지 모르겠습니다.메시지 헤더메시지가 나온 후이미 보냈습니다또는거부됨위와 같이.
시도해 보았지만
mailq항상 postqueue -p
비어 있고 메시지가 대기열에 있거나 지연되지 않았기 때문에 사실입니까?
# postcat -q 4DEC51723309
postcat: fatal: open queue file 4DEC51723309: No such file or directory
CPU는 90% - 100% 사이이므로 SPAM을 보내지는 않지만 내 컴퓨터가 종료됩니다(Postfix 2.x를 실행하는 Centos7).
우리에게 무엇을 제안하시나요? 이것을 디버깅하는 다른 방법이 있나요?
추신: 저는PHP 헤더어떤 스크립트가 SPAM을 보내는지 추적하기 위해 mail.add_x_header = On mail.log = /var/log/phpmail.log
그런데 질문이 "와 같지 않기를 바랍니다.내 PC가 작동하지 않습니다. 무엇을 해야 할까요?" :디
체크아웃을 해보았어요다른 질문좋다이것나와 비슷하지만 운이 좋지는 않습니다.
친절하게 도와주세요.
답변1
귀하가 게시한 로그 항목은 다른 컴퓨터가 귀하의 메일 서버를 통해 스팸을 중계하려고 시도하고 있지만 귀하의 메일 서버가 이를 거부하고 있음을 보여줍니다.
이로 인해 CPU 부하가 높아지는 경우 원격 IP 주소에 일시적으로 방화벽을 설정하여 더 이상 연결할 수 없도록 하는 것이 좋습니다. 그러면 즉각적인 안도감을 얻게 될 것입니다.
iptables -I INPUT -s 104.168.142.169 -j DROP
postfix 로그를 처리하는 감옥이 이미 미리 구성되어 있으므로, 이 작업을 수행하기 위해 fall2ban을 사용할 수도 있습니다. 단지 활성화만 하면 됩니다. 예를 들어 다음을 입력하세요 jail.local.
[postfix]
enabled = true