[Postfixbuch-users] POSTFIX liefert fremde Post aus? Hack?

Sandy Drobic postfixbuch-users at japantest.homelinux.com
Di Jan 29 21:37:00 CET 2008


Oliver Strixner wrote:
> Hallo,
> 
> habe seit ein paar tagen das Problem das mein Postfix-Server für Spam missbraucht wird.
> Ich dachte ich hätte schon alles getan um Spam zu reduzieren.
> 
> Vielleicht kann mir jemand helfen meine Config wieder sicher zu bekommen:

Wer sagt, dass es Postfix ist? Zeige lieber die Logzeilen, wo die Spam ins 
System kommt.

> postconf -n
> 
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> append_dot_mydomain = no
> biff = no
> broken_sasl_auth_clients = yes
> config_directory = /etc/postfix
> content_filter = amavis:[127.0.0.1]:10024
> disable_vrfy_command = yes
> inet_interfaces = 555.777.888.999,127.0.0.1
> invalid_hostname_reject_code = 554
> mail_owner = postfix
> mailbox_size_limit = 0
> multi_recipient_bounce_reject_code = 554
> mydestination = localhost, xxx.yyy.zzz
> mydomain = yyy.zzz
> myhostname = xxx.yyy.zzz
> mynetworks = 555.777.888.999/8,127.0.0.1/8
> myorigin = /etc/mailname
> non_fqdn_reject_code = 554
> receive_override_options = no_address_mappings
> recipient_delimiter = +
> relay_domains_reject_code = 554
> relayhost =
> smtp_helo_name = isys01.os-vision.net
> smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
> smtpd_helo_required = yes
> smtpd_recipient_restrictions = reject_invalid_hostname,            reject_unknown_recipient_domain,            reject_unauth_pipelining,            permit_mynetworks,            permit_sasl_authenticated,            reject_unauth_destination,            reject_rbl_client multi.uribl.com,        reject_rhsbl_sender dsn.rfc-ignorant.org,            reject_rbl_client dul.dnsbl.sorbs.net,            reject_rbl_client list.dsbl.org,            reject_rbl_client sbl-xbl.spamhaus.org,            reject_rbl_client bl.spamcop.net,            reject_rbl_client dnsbl.sorbs.net,            reject_rbl_client cbl.abuseat.org,            reject_rbl_client ix.dnsbl.manitu.net,            reject_rbl_client combined.rbl.msrbl.net,            reject_rbl_client rabl.nuclearelephant.com,            check_policy_service inet:127.0.0.1:60000,            permit
> smtpd_restriction_classes = dont_check_rbls
> smtpd_sasl_auth_enable = yes
> smtpd_tls_cert_file = /etc/postfix/smtpd.cert
> smtpd_tls_key_file = /etc/postfix/smtpd.key
> smtpd_use_tls = yes
> strict_rfc821_envelopes = yes
> unknown_address_reject_code = 554
> unknown_client_reject_code = 554
> unknown_hostname_reject_code = 554
> unknown_local_recipient_reject_code = 554
> unknown_relay_recipient_reject_code = 554
> unknown_virtual_alias_reject_code = 554
> unknown_virtual_mailbox_reject_code = 554
> unverified_recipient_reject_code = 554
> unverified_sender_reject_code = 554
> virtual_alias_domains = $virtual_alias_maps
> virtual_alias_maps = mysql:/etc/postfix/mysql-virtual_forwardings.cf mysql:/etc/postfix/mysql-virtual_email2email.cf
> virtual_gid_maps = static:5000
> virtual_mailbox_base = /home/vmail
> virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual_domains.cf
> virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual_mailboxes.cf
> virtual_uid_maps = static:5000
> 
> 
> anbei eine zweite Variante, hatte einige Einstellungen verändert (mehr restrictionen).
> Allerdings bekomme ich jetzt nicht mal mehr meine eigene Post und kann auch nicht mehr senden.
> Verzweiflung macht sich breit :-(
> 
> 
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> append_dot_mydomain = no
> biff = no
> broken_sasl_auth_clients = yes
> config_directory = /etc/postfix
> content_filter = amavis:[127.0.0.1]:10024
> disable_vrfy_command = yes
> inet_interfaces = 555.777.888.999
> inet_protocols = all
> invalid_hostname_reject_code = 554
> mail_owner = postfix
> mailbox_size_limit = 0
> multi_recipient_bounce_reject_code = 554
> mydestination = localhost, xxx.yyy.zzz
> mydomain = yyy.zzz
> myhostname = xxx.yyy.zzz
> mynetworks = 555.777.888.999
> myorigin = /etc/mailname
> non_fqdn_reject_code = 554
> receive_override_options = no_address_mappings
> recipient_delimiter = +
> relay_domains_reject_code = 554
> relayhost =
> smtp_helo_name = xxx.yyy.zzz
> smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
> smtpd_helo_required = yes
> smtpd_recipient_restrictions = permit_mynetworks,            

reject_non_fqdn_destination,

Dieser Check ist mir unbekannt. Wo hast du den ausgegraben?

           reject_non_fqdn_sender,            reject_non_fqdn_hostname, 
      reject_invalid_hostname,            reject_unknown_sender_domain, 
      reject_unknown_recipient_domain,            reject_unauth_pipelining, 
          permit_sasl_authenticated,            reject_unauth_destination, 
         reject_rbl_client multi.uribl.com,     reject_rhsbl_sender 
dsn.rfc-ignorant.org,            reject_rbl_client dul.dnsbl.sorbs.net, 
      reject_rbl_client list.dsbl.org,            reject_rbl_client 
sbl-xbl.spamhaus.org,            reject_rbl_client bl.spamcop.net, 
reject_rbl_client dnsbl.sorbs.net,            reject_rbl_client 
cbl.abuseat.org,            reject_rbl_client ix.dnsbl.manitu.net, 
reject_rbl_client combined.rbl.msrbl.net,            reject_rbl_client 
rabl.nuclearelephant.com,            check_policy_service 
inet:127.0.0.1:60000,            permit

Bevor du jetzt wüst immer mehr Checks einbaust, solltest du zuerst 
feststellen, wo der Spam herkommt. Das steht im Log.


-- 
Sandy

Antworten bitte nur in die Mailingliste!
PMs bitte an: news-reply2 (@) japantest (.) homelinux (.) com




Mehr Informationen über die Mailingliste Postfixbuch-users