用Postfix + Dovecot 搭建的邮件服务器被垃圾邮件当中转服务器的处理

今天发邮件, 发送失败,然后到服务器上看日志, 发现硬盘被垃圾邮件的缓存队列和日志塞满了,

tail    -f    /var/log/maillog   发现疯狂刷屏,部分日志如下 :

Aug 17 09:39:01 www postfix/error[1173]: 455F050663: to=<[email protected]>, relay=none, delay=28778, delays=28631/146/0/0.51, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mx-tw.mail.gm0.yahoodns.net[203.188.197.119] while sending RCPT TO)
Aug 17 09:39:01 www postfix/error[1229]: 296AE2FDCD: to=<[email protected]>, relay=none, delay=30507, delays=30360/147/0/0.21, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mx-tw.mail.gm0.yahoodns.net[203.188.197.119] while sending RCPT TO)
Aug 17 09:39:01 www postfix/error[1138]: 1F9A853B47: to=<[email protected]>, relay=none, delay=28244, delays=28097/146/0/0.6, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mx-tw.mail.gm0.yahoodns.net[203.188.197.119] while sending RCPT TO)
Aug 17 09:39:01 www postfix/error[1104]: B16DB3AB0B: to=<[email protected]>, relay=none, delay=29431, delays=29284/146/0/0.83, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mx-tw.mail.gm0.yahoodns.net[203.188.197.119] while sending RCPT TO)
Aug 17 09:39:01 www postfix/error[1205]: B7F65597AE: to=<[email protected]>, relay=none, delay=26365, delays=26218/146/0/0.41, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mx-tw.mail.gm0.yahoodns.net[203.188.197.119] while sending RCPT TO)
Aug 17 09:39:01 www postfix/error[1166]: 308EE43BD2: to=<[email protected]>, relay=none, delay=30716, delays=30569/147/0/0.06, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mx-tw.mail.gm0.yahoodns.net[203.188.197.119] while sending RCPT TO)
Aug 17 09:39:01 www postfix/error[1140]: 9654E2B6A6: to=<[email protected]>, relay=none, delay=35359, delays=35213/146/0/0.79, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mx-tw.mail.gm0.yahoodns.net[203.188.197.119] while sending RCPT TO)
Aug 17 09:39:01 www postfix/error[1134]: C74DA58B4C: to=<[email protected]>, relay=none, delay=26704, delays=26557/146/0/0.57, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mx-tw.mail.gm0.yahoodns.net[203.188.197.119] while sending RCPT TO)
Aug 17 09:39:01 www postfix/error[1220]: 506172DC9A: to=<[email protected]>, relay=none, delay=34379, delays=34232/146/0/1.4, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mx-tw.mail.gm0.yahoodns.net[203.188.197.119] while sending RCPT TO)

在看一下系统进程和负载, 好晕, 负载都28了,服务器都快扛不动了。

[[email protected] /]# top

top - 09:42:06 up 2 days, 22:13,  1 user,  load average: 28.81, 20.57, 12.43
Tasks: 238 total,   1 running, 237 sleeping,   0 stopped,   0 zombie
Cpu(s):  4.4%us,  8.0%sy,  0.0%ni,  4.2%id, 82.7%wa,  0.5%hi,  0.2%si,  0.0%st
Mem:   3921316k total,  2927360k used,   993956k free,   520508k buffers
Swap:        0k total,        0k used,        0k free,   671096k cached

  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
  319 root      20   0 80764 3568 2656 S  3.7  0.1   0:13.37 master
  323 postfix   20   0 80944 3568 2596 S  2.0  0.1   0:09.92 trivial-rewrite
  322 postfix   20   0  103m  28m 2712 D  1.7  0.7   0:09.09 qmgr
  862 root      20   0  249m 4784 1032 S  1.7  0.1  14:18.73 rsyslogd
  448 postfix   20   0 80984 3592 2596 S  1.0  0.1   0:03.35 trivial-rewrite
  255 root      20   0     0    0    0 D  0.7  0.0   5:59.75 jbd2/xvda1-8
  400 postfix   20   0 94400 5164 3588 S  0.7  0.1   0:00.21 smtpd
 1293 root      20   0  761m 8096 2072 S  0.7  0.2   4:48.66 aegis_cli
 1877 postfix   20   0 80856 3528 2632 S  0.7  0.1   0:00.08 error
 2024 postfix   20   0 80856 3536 2632 S  0.7  0.1   0:00.04 error
 2152 postfix   20   0 80880 3492 2608 S  0.7  0.1   0:00.02 bounce
 2158 postfix   20   0 80880 3496 2608 D  0.7  0.1   0:00.02 bounce
 2162 root      20   0 15160 1428 1000 R  0.7  0.0   0:00.02 top
  446 postfix   20   0 94400 5172 3604 S  0.3  0.1   0:00.18 smtpd
  455 postfix   20   0 80988 3640 2712 S  0.3  0.1   0:00.10 cleanup
  463 postfix   20   0 94400 5144 3576 S  0.3  0.1   0:00.16 smtpd
  465 postfix   20   0 80988 3636 2712 S  0.3  0.1   0:00.10 cleanup
 1018 postfix   20   0 80988 3640 2712 S  0.3  0.1   0:00.07 cleanup
 1035 postfix   20   0 94400 5120 3548 S  0.3  0.1   0:00.09 smtpd
 1040 postfix   20   0 94400 5140 3568 S  0.3  0.1   0:00.14 smtpd
 1469 postfix   20   0 80856 3532 2632 S  0.3  0.1   0:00.22 error
 1836 postfix   20   0 80856 3528 2632 S  0.3  0.1   0:00.09 error
 1900 postfix   20   0 80856 3536 2632 S  0.3  0.1   0:00.06 error
 1903 postfix   20   0 80856 3528 2632 S  0.3  0.1   0:00.06 error
 1924 postfix   20   0 80856 3528 2632 S  0.3  0.1   0:00.06 error
 1939 postfix   20   0 80856 3532 2632 S  0.3  0.1   0:00.05 error
 1960 postfix   20   0 80856 3528 2632 S  0.3  0.1   0:00.05 error
 1967 postfix   20   0 80856 3532 2632 S  0.3  0.1   0:00.05 error
 1973 postfix   20   0 80856 3528 2632 S  0.3  0.1   0:00.05 error
 1977 postfix   20   0 80856 3532 2632 S  0.3  0.1   0:00.04 error
 2090 postfix   20   0 80880 3500 2608 D  0.3  0.1   0:00.01 bounce
 2153 postfix   20   0 80880 3500 2608 D  0.3  0.1   0:00.01 bounce
 2161 postfix   20   0 80880 3492 2608 D  0.3  0.1   0:00.01 bounce
 2163 postfix   20   0 80880 3492 2608 D  0.3  0.1   0:00.01 bounce
 2164 postfix   20   0 80880 3492 2608 D  0.3  0.1   0:00.01 bounce
 2165 postfix   20   0 80880 3492 2608 D  0.3  0.1   0:00.01 bounce
 2169 postfix   20   0 80880 3496 2608 D  0.3  0.1   0:00.01 bounce
 2170 postfix   20   0 80880 3496 2608 D  0.3  0.1   0:00.01 bounce
 2176 postfix   20   0 80880 3492 2608 D  0.3  0.1   0:00.01 bounce
    1 root      20   0 19232 1088  820 S  0.0  0.0   0:00.87 init
    2 root      20   0     0    0    0 S  0.0  0.0   0:00.00 kthreadd

先停下  postfix 服务,  看看被转发的垃圾邮件的内容:

[[email protected] /]# postcat -q 847D9E8238
*** ENVELOPE RECORDS deferred/8/847D9E8238 ***
message_size:            6545            3068              26               0            6545
message_arrival_time: Sun Aug 17 10:15:10 2014
create_time: Sun Aug 17 10:15:10 2014
named_attribute: rewrite_context=remote
sender: [email protected]
named_attribute: log_client_name=36-224-134-61.dynamic-ip.hinet.net
named_attribute: log_client_address=36.224.134.61
named_attribute: log_client_port=2806
named_attribute: log_message_origin=36-224-134-61.dynamic-ip.hinet.net[36.224.134.61]
named_attribute: log_helo_name=115.28.81.191
named_attribute: log_protocol_name=SMTP
named_attribute: client_name=36-224-134-61.dynamic-ip.hinet.net
named_attribute: reverse_client_name=36-224-134-61.dynamic-ip.hinet.net
named_attribute: client_address=36.224.134.61
named_attribute: client_port=2806
named_attribute: helo_name=115.28.81.191
named_attribute: protocol_name=SMTP
named_attribute: client_address_type=2
named_attribute: dsn_orig_rcpt=rfc822;[email protected]com.tw
original_recipient: [email protected]
recipient: [email protected]
named_attribute: dsn_orig_rcpt=rfc822;[email protected]
original_recipient: [email protected]
recipient: [email protected]
named_attribute: dsn_orig_rcpt=rfc822;[email protected]
original_recipient: [email protected]
recipient: [email protected]
named_attribute: dsn_orig_rcpt=rfc822;[email protected]
original_recipient: [email protected]
recipient: [email protected]
named_attribute: dsn_orig_rcpt=rfc822;[email protected]
original_recipient: [email protected]
recipient: [email protected]
named_attribute: dsn_orig_rcpt=rfc822;[email protected]
original_recipient: [email protected]
recipient: [email protected]
named_attribute: dsn_orig_rcpt=rfc822;[email protected]
original_recipient: [email protected]
recipient: [email protected]
named_attribute: dsn_orig_rcpt=rfc822;[email protected]
original_recipient: [email protected]
recipient: [email protected]
named_attribute: dsn_orig_rcpt=rfc822;[email protected]
original_recipient: [email protected]
recipient: [email protected]
named_attribute: dsn_orig_rcpt=rfc822;[email protected]
original_recipient: [email protected]
recipient: [email protected]
named_attribute: dsn_orig_rcpt=rfc822;[email protected]
original_recipient: [email protected]
recipient: [email protected]
named_attribute: dsn_orig_rcpt=rfc822;[email protected]
original_recipient: [email protected]
recipient: [email protected]
named_attribute: dsn_orig_rcpt=rfc822;[email protected]
original_recipient: [email protected]
recipient: [email protected]
named_attribute: dsn_orig_rcpt=rfc822;[email protected]
original_recipient: [email protected]
recipient: [email protected]
named_attribute: dsn_orig_rcpt=rfc822;[email protected]
original_recipient: [email protected]
recipient: [email protected]
named_attribute: dsn_orig_rcpt=rfc822;[email protected]
original_recipient: [email protected]
recipient: [email protected]
named_attribute: dsn_orig_rcpt=rfc822;[email protected]
original_recipient: [email protected]
recipient: [email protected]
named_attribute: dsn_orig_rcpt=rfc822;[email protected]
original_recipient: [email protected]
recipient: [email protected]
named_attribute: dsn_orig_rcpt=rfc822;[email protected]
original_recipient: [email protected]
recipient: [email protected]
named_attribute: dsn_orig_rcpt=rfc822;[email protected]
original_recipient: [email protected]
recipient: [email protected]
named_attribute: dsn_orig_rcpt=rfc822;[email protected]
original_recipient: [email protected]
recipient: [email protected]
named_attribute: dsn_orig_rcpt=rfc822;[email protected]
original_recipient: [email protected]
recipient: [email protected]
named_attribute: dsn_orig_rcpt=rfc822;[email protected]
original_recipient: [email protected]
recipient: [email protected]
named_attribute: dsn_orig_rcpt=rfc822;[email protected]
original_recipient: [email protected]
recipient: [email protected]
named_attribute: dsn_orig_rcpt=rfc822;[email protected]
original_recipient: [email protected]
recipient: [email protected]
named_attribute: dsn_orig_rcpt=rfc822;[email protected]
original_recipient: [email protected]
recipient: [email protected]
*** MESSAGE CONTENTS deferred/8/847D9E8238 ***
Received: from 115.28.81.191 (36-224-134-61.dynamic-ip.hinet.net [36.224.134.61])
        by mail.sintie.com (Postfix) with SMTP id 847D9E8238;
        Sun, 17 Aug 2014 10:15:10 +0800 (CST)
Received: from 65.64.252.253 by ; Sun, 17 Aug 2014 06:09:08 +0400

postfix 很强大, 重新把安全认证相关的东西设置,提高安全级别。
经过重新配置, 进行了认证之后 , 再看日志 :

Aug 17 10:52:49 www postfix/smtpd[5864]: NOQUEUE: reject: RCPT from 114-45-30-4.dynamic.hinet.net[114.45.30.4]: 504 5.5.2 <115.28.81.191>: Helo command rejected: need fully-qualified hostname; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<115.28.81.191>
Aug 17 10:52:49 www postfix/smtpd[5863]: NOQUEUE: reject: RCPT from 118-161-251-198.dynamic.hinet.net[118.161.251.198]: 504 5.5.2 <115.28.81.191>: Helo command rejected: need fully-qualified hostname; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<115.28.81.191>
Aug 17 10:52:50 www postfix/smtpd[5865]: connect from 118-161-241-28.dynamic.hinet.net[118.161.241.28]
Aug 17 10:52:50 www postfix/smtpd[5863]: NOQUEUE: reject: RCPT from 118-161-251-198.dynamic.hinet.net[118.161.251.198]: 504 5.5.2 <115.28.81.191>: Helo command rejected: need fully-qualified hostname; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<115.28.81.191>
Aug 17 10:52:50 www postfix/smtpd[5864]: NOQUEUE: reject: RCPT from 114-45-30-4.dynamic.hinet.net[114.45.30.4]: 504 5.5.2 <115.28.81.191>: Helo command rejected: need fully-qualified hostname; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<115.28.81.191>
Aug 17 10:52:50 www postfix/smtpd[5864]: NOQUEUE: reject: RCPT from 114-45-30-4.dynamic.hinet.net[114.45.30.4]: 504 5.5.2 <115.28.81.191>: Helo command rejected: need fully-qualified hostname; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<115.28.81.191>
Aug 17 10:52:50 www postfix/smtpd[5865]: NOQUEUE: reject: RCPT from 118-161-241-28.dynamic.hinet.net[118.161.241.28]: 504 5.5.2 <115.28.81.191>: Helo command rejected: need fully-qualified hostname; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<115.28.81.191>
Aug 17 10:52:50 www postfix/smtpd[5865]: NOQUEUE: reject: RCPT from 118-161-241-28.dynamic.hinet.net[118.161.241.28]: 504 5.5.2 <115.28.81.191>: Helo command rejected: need fully-qualified hostname; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<115.28.81.191>
Aug 17 10:52:50 www postfix/smtpd[5865]: NOQUEUE: reject: RCPT from 118-161-241-28.dynamic.hinet.net[118.161.241.28]: 504 5.5.2 <115.28.81.191>: Helo command rejected: need fully-qualified hostname; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<115.28.81.191>
Aug 17 10:52:51 www postfix/smtpd[5859]: NOQUEUE: reject: RCPT from 114-45-30-4.dynamic.hinet.net[114.45.30.4]: 504 5.5.2 <115.28.81.191>: Helo command rejected: need fully-qualified hostname; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<115.28.81.191>
Aug 17 10:52:51 www postfix/smtpd[5865]: NOQUEUE: reject: RCPT from 118-161-241-28.dynamic.hinet.net[118.161.241.28]: 504 5.5.2 <115.28.81.191>: Helo command rejected: need fully-qualified hostname; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<115.28.81.191>
Aug 17 10:52:51 www postfix/smtpd[5863]: NOQUEUE: reject: RCPT from 118-161-251-198.dynamic.hinet.net[118.161.251.198]: 504 5.5.2 <115.28.81.191>: Helo command rejected: need fully-qualified hostname; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<115.28.81.191>
Aug 17 10:52:51 www postfix/smtpd[5865]: NOQUEUE: reject: RCPT from 118-161-241-28.dynamic.hinet.net[118.161.241.28]: 504 5.5.2 <115.28.81.191>: Helo command rejected: need fully-qualified hostname; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<115.28.81.191>
Aug 17 10:52:51 www postfix/smtpd[5864]: NOQUEUE: reject: RCPT from 114-45-30-4.dynamic.hinet.net[114.45.30.4]: 504 5.5.2 <115.28.81.191>: Helo command rejected: need fully-qualified hostname; from=<[email protected]com.tw> to=<[email protected]> proto=SMTP helo=<115.28.81.191>
Aug 17 10:52:51 www postfix/smtpd[5865]: NOQUEUE: reject: RCPT from 118-161-241-28.dynamic.hinet.net[118.161.241.28]: 504 5.5.2 <115.28.81.191>: Helo command rejected: need fully-qualified hostname; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<115.28.81.191>

是被服务器拒绝了。

要是再能够动态分析这个日志 , 吧这个IP放入到防火墙里, 直接把它PASS掉就完美了。

用Postfix + Dovecot 搭建的邮件服务器被垃圾邮件当中转服务器的处理

时间: 2024-10-13 20:10:17

用Postfix + Dovecot 搭建的邮件服务器被垃圾邮件当中转服务器的处理的相关文章

启用Exchange 2013邮箱服务器反垃圾邮件功能

Exchange2013的邮箱反垃圾功能相对之前的老版本2010做了很大的调整,不再提供直观可用的图形化的操作管理界面,而是采用了命令行的方式进行安装和管理. --------------------------------------------- 反垃圾邮件和反恶意软件相关变更 EMC 中的反垃圾邮件代理管理 在 Exchange 2010 中,当在集线器传输服务器上启用了反垃圾邮件代理时,可以在 Exchange 管理控制台 (EMC) 中管理反垃圾邮件代理.在 Exchange 2013

RHEL6.4 postfix+dovecot搭建邮件服务器

实验需求:为公司搭建一台能够收信和发信的邮件服务器(192.168.100.1),为员工提供服务,公司域名为jinjianjun.com. 一.修改DNS服务器(192.168.100.2)上mx邮件交换记录,确保客户机能解析邮件服务器地址 1.修改DNS区域文件 # vim /var/named/jinjianjun.com.zone $TTL 3H @       IN SOA  jinjianjun.com. root.jinjianjun.com. ( 2014042601; seria

简单邮件服务器postfix+dovecot搭建

Postfix 是一种电子邮件服务器,是 MTA(邮件传输代理)软件,Dovecot 是一个开源的 IMAP 和 POP3 邮件服务器,POP / IMAP 是 MUA 从邮件服务器中读取邮件时使用的协议. linux下postfix+Dovecot的搭建 安装前准备 系统默认安装sendmail,首先对其进行关闭或卸载,防止端口占用. 1 .关闭服务 service sendmail stop chkconfig  sendmail off 2.使用yum卸载 yum remove sendm

DNS+postfix+dovecot搭建postfix邮箱服务

Postfix 由wietse负责开发 目的是为了sendmail提供一个更好的替代产品. postfix在投递效率.稳定性.服务性能以及安全性方面相当出色.linux中邮箱服务,需要DNS+postfix+dovecot服务来共同搭建. 今天我们就来学习一下,如何在linux中搭建postfix邮箱服务. 实验环境 redhat6一台 本实验地址为192.168.10.10 一.配置DNS服务 1.安装DNS服务,进入主配置文件配置 2 .vim /etc/named.rfc1912.zone

Postfix+dovecot搭建简单邮箱服务器

实验环境: (1)修改主机名:hostnamectl set-hostname mail.meilintong.com 退出,重新登陆 (2)关闭selinux (3)关闭防火墙 1.安装postfix yum install postfix yum remove sendmail 注意sendmail是centos默认安装的,超级难用,放心删掉 (1)修改MTA(默认邮件传输代理) alternatives --config mta 然后直接回车即可. 检查一下是不是已经设置成功了. alte

Postfix邮件服务器的原理和postfix + dovecot配置,使用Thunderbird发送邮件和SMTP认证

1.邮件的基本概念MUA:邮件用户代理,客户端收发邮件的软件MTA:邮件传输代理,服务器上的部署邮件服务器的软件MDA:邮件投递代理,在邮件服务器上将邮件存放到相应的位置MRA:邮件收取代理,为MUA读取邮件提供标准接口,主要使用POP3和IMAP协议2.常用的MUA与MTAMUA:Outlook.Mozilla Thunderbird.FoxmailMTA:Sendmail.Postfix.Qmail.Exchange Server3.邮件传递原理发送邮件时:   用户通过MUA将邮件投递到M

手动搭建apache james邮件服务器,实现邮件功能

最近一直在搞邮件这块,本来我们邮件发送是用的腾讯免费的企业邮箱,邮件功能没有问题,但是由于邮件的限制,如下: 这些限制导致我们的部分客户是收不到邮件的,哪怕付费,这样的固定频率限制也是无法解决的,可以说我们国内的邮件厂商都是这样,而国外的却要收费. 那么问题来了,如何突破发送邮件的频率限制? 1. 成为该企业用户的白名单,也就是说有关系,让邮件厂商后台开放就行 2. 自己搭建邮件服务器,其实这个就是最实在的 周末花了两天时间搭建了邮件服务器,也走了不少弯路,那么咱们今天就来说说 我自己搭了两款,

垃圾邮件猛增6成,我们靠什么抵御垃圾邮件

信息社会,垃圾邮件之患已经不是用“洪水猛兽”足以形容的,除了本身的危害之外,垃圾邮件已经成为病毒.木马.黑客等安全威胁的传输工具和传染温床.对每个企业来说,选购一套功能良好.有效适用的反垃圾邮件产品,成为企业局域网有效抵御垃圾邮件侵害的关键. 反垃圾邮件产品应该如何挑选?笔者总结出三眼法,从三个层次去判断分析反垃圾邮件产品的优劣. 第一眼:选择适用 目前,反垃圾邮件产品的解决方案,从型态上有很多种,所以,所谓选择适用,就是用户首先应当针对企业实际情况和需求,选择一种反垃圾邮件解决方案的型态.现在

垃圾邮件过滤优化方法

垃圾邮件过滤优化方法 通过honeypot project 搜集大量垃圾邮件数据 通过解析邮件header 获取垃圾邮件发送路径和服务器相关信息 对编写错误的单词的修正 比如:w4tch 对相同含义的词进行归类处理,比如:discount 和discounts   (可以通过porter stemmer,下面就是该算法c语言的一种实现) /* This is the Porter stemming algorithm, coded up in ANSI C by the author. It m