[Postfixbuch-users] POSTFIX liefert fremde Post aus? Hack?
Sandy Drobic
postfixbuch-users at japantest.homelinux.com
Di Jan 29 21:37:00 CET 2008
Oliver Strixner wrote:
> Hallo,
>
> habe seit ein paar tagen das Problem das mein Postfix-Server für Spam missbraucht wird.
> Ich dachte ich hätte schon alles getan um Spam zu reduzieren.
>
> Vielleicht kann mir jemand helfen meine Config wieder sicher zu bekommen:
Wer sagt, dass es Postfix ist? Zeige lieber die Logzeilen, wo die Spam ins
System kommt.
> postconf -n
>
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> append_dot_mydomain = no
> biff = no
> broken_sasl_auth_clients = yes
> config_directory = /etc/postfix
> content_filter = amavis:[127.0.0.1]:10024
> disable_vrfy_command = yes
> inet_interfaces = 555.777.888.999,127.0.0.1
> invalid_hostname_reject_code = 554
> mail_owner = postfix
> mailbox_size_limit = 0
> multi_recipient_bounce_reject_code = 554
> mydestination = localhost, xxx.yyy.zzz
> mydomain = yyy.zzz
> myhostname = xxx.yyy.zzz
> mynetworks = 555.777.888.999/8,127.0.0.1/8
> myorigin = /etc/mailname
> non_fqdn_reject_code = 554
> receive_override_options = no_address_mappings
> recipient_delimiter = +
> relay_domains_reject_code = 554
> relayhost =
> smtp_helo_name = isys01.os-vision.net
> smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
> smtpd_helo_required = yes
> smtpd_recipient_restrictions = reject_invalid_hostname, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client multi.uribl.com, reject_rhsbl_sender dsn.rfc-ignorant.org, reject_rbl_client dul.dnsbl.sorbs.net, reject_rbl_client list.dsbl.org, reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client dnsbl.sorbs.net, reject_rbl_client cbl.abuseat.org, reject_rbl_client ix.dnsbl.manitu.net, reject_rbl_client combined.rbl.msrbl.net, reject_rbl_client rabl.nuclearelephant.com, check_policy_service inet:127.0.0.1:60000, permit
> smtpd_restriction_classes = dont_check_rbls
> smtpd_sasl_auth_enable = yes
> smtpd_tls_cert_file = /etc/postfix/smtpd.cert
> smtpd_tls_key_file = /etc/postfix/smtpd.key
> smtpd_use_tls = yes
> strict_rfc821_envelopes = yes
> unknown_address_reject_code = 554
> unknown_client_reject_code = 554
> unknown_hostname_reject_code = 554
> unknown_local_recipient_reject_code = 554
> unknown_relay_recipient_reject_code = 554
> unknown_virtual_alias_reject_code = 554
> unknown_virtual_mailbox_reject_code = 554
> unverified_recipient_reject_code = 554
> unverified_sender_reject_code = 554
> virtual_alias_domains = $virtual_alias_maps
> virtual_alias_maps = mysql:/etc/postfix/mysql-virtual_forwardings.cf mysql:/etc/postfix/mysql-virtual_email2email.cf
> virtual_gid_maps = static:5000
> virtual_mailbox_base = /home/vmail
> virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual_domains.cf
> virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual_mailboxes.cf
> virtual_uid_maps = static:5000
>
>
> anbei eine zweite Variante, hatte einige Einstellungen verändert (mehr restrictionen).
> Allerdings bekomme ich jetzt nicht mal mehr meine eigene Post und kann auch nicht mehr senden.
> Verzweiflung macht sich breit :-(
>
>
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> append_dot_mydomain = no
> biff = no
> broken_sasl_auth_clients = yes
> config_directory = /etc/postfix
> content_filter = amavis:[127.0.0.1]:10024
> disable_vrfy_command = yes
> inet_interfaces = 555.777.888.999
> inet_protocols = all
> invalid_hostname_reject_code = 554
> mail_owner = postfix
> mailbox_size_limit = 0
> multi_recipient_bounce_reject_code = 554
> mydestination = localhost, xxx.yyy.zzz
> mydomain = yyy.zzz
> myhostname = xxx.yyy.zzz
> mynetworks = 555.777.888.999
> myorigin = /etc/mailname
> non_fqdn_reject_code = 554
> receive_override_options = no_address_mappings
> recipient_delimiter = +
> relay_domains_reject_code = 554
> relayhost =
> smtp_helo_name = xxx.yyy.zzz
> smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
> smtpd_helo_required = yes
> smtpd_recipient_restrictions = permit_mynetworks,
reject_non_fqdn_destination,
Dieser Check ist mir unbekannt. Wo hast du den ausgegraben?
reject_non_fqdn_sender, reject_non_fqdn_hostname,
reject_invalid_hostname, reject_unknown_sender_domain,
reject_unknown_recipient_domain, reject_unauth_pipelining,
permit_sasl_authenticated, reject_unauth_destination,
reject_rbl_client multi.uribl.com, reject_rhsbl_sender
dsn.rfc-ignorant.org, reject_rbl_client dul.dnsbl.sorbs.net,
reject_rbl_client list.dsbl.org, reject_rbl_client
sbl-xbl.spamhaus.org, reject_rbl_client bl.spamcop.net,
reject_rbl_client dnsbl.sorbs.net, reject_rbl_client
cbl.abuseat.org, reject_rbl_client ix.dnsbl.manitu.net,
reject_rbl_client combined.rbl.msrbl.net, reject_rbl_client
rabl.nuclearelephant.com, check_policy_service
inet:127.0.0.1:60000, permit
Bevor du jetzt wüst immer mehr Checks einbaust, solltest du zuerst
feststellen, wo der Spam herkommt. Das steht im Log.
--
Sandy
Antworten bitte nur in die Mailingliste!
PMs bitte an: news-reply2 (@) japantest (.) homelinux (.) com
Mehr Informationen über die Mailingliste Postfixbuch-users