Ogromne ilo

drakerc · Post autor: **drakerc** » 03 listopada 2013, 01:21

Witam.

Mam dosyć spory problem. Od kilku dni zauważyłem próby wysyłania z (i na) mojego serwera ogromnej ilości spamu (kilka/kilkadziesiąt prób wysłania wiadomości na sekundę). Większość wiadomości nie zostaje wysłana (czy to przez SpamAssassina, czy konfiguracją postfixa, czy też przez to, że już mój serwer trafił na większość list antyspamowych). Jednak, mimo tego, przez ogromną ilość tych prób zasoby serwera mocno się wyczerpują - po włączeniu postfixa, obciążenie od razu skacze do wartości 9, 10, a mail.log rośnie tak, że w ciągu godziny potrafi ważyć 1GB.

Szczerze mówiąc, nie wiem, co zrobić - wydaje mi się, że mam dosyć dobrą konfigurację postfixa (konfig jak tutaj z połączeniem ze SpamAssassinem), która SPAM-u nie przepuszcza, lecz po prostu ilość prób jego wysłania wszystko "wiesza".

Może ktoś ma jakiś pomysł, co zrobić, by jednocześnie nie dopuścić do wysyłki SPAM-u oraz zmniejszyć przy tym obciążenie? Dodam, że (jeśli to ma jakieś znaczenie) spam nie jest wysyłany z jakiegoś dziurawego skryptu PHP (po wyłączeniu nginx nadal to samo, plus w nagłówkach spamowych wiadomości nic nie ma, co wiązałoby je z PHP...).

Poniżej przykładowy wycinek, co się dzieje w logach podczas jednej sekundy.

Kod: Zaznacz cały

Nov  3 01:09:57 ks22865 postfix/smtp[6248]: 92A2280AD0: to=<[email protected]>, relay=mx1.hotmail.com[65.54.188.94]:25, delay=95, delays=94/0/0.46/0.15, dsn=5.0.0, status=bounced (host mx1.hotmail.com[65.54.188.94] said: 550 OU-002 (BAY0-MC2-F20) Unfortunately, messages from 91.121.8.155 weren't sent. Please contact your Internet service provider since part of their network is on our block list. You can also refer your provider to [URL]http://mail.live.com/mail/troubleshooting.aspx#errors[/URL]. (in reply to MAIL FROM command))Nov  3 01:09:57 ks22865 postfix/smtp[6337]: 6E12880AEE: to=<[email protected]>, relay=mx3.hotmail.com[65.54.188.94]:25, delay=190, delays=190/0/0.46/0.15, dsn=5.0.0, status=bounced (host mx3.hotmail.com[65.54.188.94] said: 550 OU-002 (BAY0-MC2-F49) Unfortunately, messages from 91.121.8.155 weren't sent. Please contact your Internet service provider since part of their network is on our block list. You can also refer your provider to [URL]http://mail.live.com/mail/troubleshooting.aspx#errors[/URL]. (in reply to MAIL FROM command))
Nov  3 01:09:57 ks22865 postfix/smtp[6259]: A46D18099B: to=<[email protected]>, relay=mx1.hotmail.com[65.55.37.72]:25, delay=166, delays=165/0/0.48/0.16, dsn=5.0.0, status=bounced (host mx1.hotmail.com[65.55.37.72] said: 550 OU-002 (COL0-MC1-F1) Unfortunately, messages from 91.121.8.155 weren't sent. Please contact your Internet service provider since part of their network is on our block list. You can also refer your provider to [URL]http://mail.live.com/mail/troubleshooting.aspx#errors[/URL]. (in reply to MAIL FROM command))
Nov  3 01:09:57 ks22865 postfix/smtp[6248]: 92A2280AD0: lost connection with mx1.hotmail.com[65.54.188.94] while sending RCPT TO
Nov  3 01:09:57 ks22865 postfix/smtp[6337]: 6E12880AEE: lost connection with mx3.hotmail.com[65.54.188.94] while sending RCPT TO
Nov  3 01:09:57 ks22865 postfix/smtp[6259]: A46D18099B: lost connection with mx1.hotmail.com[65.55.37.72] while sending RCPT TO
Nov  3 01:09:57 ks22865 postfix/smtp[6239]: B0EB181D35: to=<[email protected]>, relay=mx2.hotmail.com[65.55.92.184]:25, delay=163, delays=162/0/0.35/0.12, dsn=5.0.0, status=bounced (host mx2.hotmail.com[65.55.92.184] said: 550 OU-002 (SNT0-MC4-F45) Unfortunately, messages from 91.121.8.155 weren't sent. Please contact your Internet service provider since part of their network is on our block list. You can also refer your provider to [URL]http://mail.live.com/mail/troubleshooting.aspx#errors[/URL]. (in reply to MAIL FROM command))
Nov  3 01:09:57 ks22865 postfix/smtp[6267]: D1C02809A0: to=<[email protected]>, relay=mx4.hotmail.com[65.55.37.104]:25, delay=200, delays=200/0/0.47/0.16, dsn=5.0.0, status=bounced (host mx4.hotmail.com[65.55.37.104] said: 550 OU-002 (COL0-MC3-F5) Unfortunately, messages from 91.121.8.155 weren't sent. Please contact your Internet service provider since part of their network is on our block list. You can also refer your provider to [URL]http://mail.live.com/mail/troubleshooting.aspx#errors[/URL]. (in reply to MAIL FROM command))
Nov  3 01:09:57 ks22865 postfix/smtp[6239]: B0EB181D35: lost connection with mx2.hotmail.com[65.55.92.184] while sending RCPT TO
Nov  3 01:09:57 ks22865 postfix/smtp[6267]: D1C02809A0: lost connection with mx4.hotmail.com[65.55.37.104] while sending RCPT TO
Nov  3 01:09:57 ks22865 postfix/smtp[6256]: E0DB2808E4: to=<[email protected]>, relay=mx2.hotmail.com[65.55.37.120]:25, delay=192, delays=192/0/0.49/0.16, dsn=5.0.0, status=bounced (host mx2.hotmail.com[65.55.37.120] said: 550 OU-002 (COL0-MC4-F17) Unfortunately, messages from 91.121.8.155 weren't sent. Please contact your Internet service provider since part of their network is on our block list. You can also refer your provider to [URL]http://mail.live.com/mail/troubleshooting.aspx#errors[/URL]. (in reply to MAIL FROM command))
Nov  3 01:09:57 ks22865 postfix/smtp[6247]: BF7A0832DE: to=<[email protected]>, relay=mx4.hotmail.com[65.55.37.88]:25, delay=195, delays=195/0.01/0.48/0.16, dsn=5.0.0, status=bounced (host mx4.hotmail.com[65.55.37.88] said: 550 OU-002 (COL0-MC2-F21) Unfortunately, messages from 91.121.8.155 weren't sent. Please contact your Internet service provider since part of their network is on our block list. You can also refer your provider to [URL]http://mail.live.com/mail/troubleshooting.aspx#errors[/URL]. (in reply to MAIL FROM command))
Nov  3 01:09:57 ks22865 postfix/smtp[6247]: BF7A0832DE: lost connection with mx4.hotmail.com[65.55.37.88] while sending RCPT TO
Nov  3 01:09:57 ks22865 postfix/smtp[6256]: E0DB2808E4: lost connection with mx2.hotmail.com[65.55.37.120] while sending RCPT TO
Nov  3 01:09:57 ks22865 postfix/cleanup[6753]: 0E2C68367C: message-id=<[email protected]>
Nov  3 01:09:57 ks22865 postfix/cleanup[6760]: 0DE1483678: message-id=<[email protected]>
Nov  3 01:09:57 ks22865 postfix/cleanup[6785]: 0DF1C8367A: message-id=<[email protected]>
Nov  3 01:09:57 ks22865 postfix/cleanup[6661]: 0E0C88367B: message-id=<[email protected]>
Nov  3 01:09:57 ks22865 postfix/cleanup[6764]: 0E9E38367D: message-id=<[email protected]>
Nov  3 01:09:57 ks22865 postfix/cleanup[6799]: 100BC8367E: message-id=<[email protected]>
Nov  3 01:09:57 ks22865 postfix/cleanup[6800]: 114218367F: message-id=<[email protected]>
Nov  3 01:09:57 ks22865 postfix/qmgr[6232]: 100BC8367E: from=<>, size=3063, nrcpt=1 (queue active)
Nov  3 01:09:57 ks22865 postfix/pickup[6231]: 161C580C2D: uid=1022 from=<ronly>
Nov  3 01:09:57 ks22865 postfix/cleanup[6788]: 161C580C2D: message-id=<[email protected]>
Nov  3 01:09:57 ks22865 postfix/qmgr[6232]: 0DF1C8367A: from=<>, size=3061, nrcpt=1 (queue active)
Nov  3 01:09:57 ks22865 postfix/qmgr[6232]: 0E9E38367D: from=<>, size=3053, nrcpt=1 (queue active)
Nov  3 01:09:57 ks22865 postfix/qmgr[6232]: 114218367F: from=<>, size=3061, nrcpt=1 (queue active)
Nov  3 01:09:57 ks22865 postfix/qmgr[6232]: 0E2C68367C: from=<>, size=3070, nrcpt=1 (queue active)
Nov  3 01:09:57 ks22865 postfix/qmgr[6232]: 0DE1483678: from=<>, size=2762, nrcpt=1 (queue active)
Nov  3 01:09:57 ks22865 postfix/qmgr[6232]: 0E0C88367B: from=<>, size=3061, nrcpt=1 (queue active)
Nov  3 01:09:57 ks22865 postfix/qmgr[6232]: CD39D80E42: from=<[email protected]>, size=87380, nrcpt=1 (queue active)
Nov  3 01:09:57 ks22865 postfix/bounce[6261]: A46D18099B: sender non-delivery notification: 0DF1C8367A
Nov  3 01:09:57 ks22865 postfix/bounce[6343]: E0DB2808E4: sender non-delivery notification: 114218367F
Nov  3 01:09:57 ks22865 postfix/bounce[6348]: 92A2280AD0: sender non-delivery notification: 0DE1483678
Nov  3 01:09:57 ks22865 postfix/bounce[6235]: B0EB181D35: sender non-delivery notification: 0E2C68367C
Nov  3 01:09:57 ks22865 postfix/bounce[6316]: D1C02809A0: sender non-delivery notification: 0E9E38367D
Nov  3 01:09:57 ks22865 postfix/bounce[6309]: BF7A0832DE: sender non-delivery notification: 100BC8367E
Nov  3 01:09:57 ks22865 postfix/bounce[6275]: 6E12880AEE: sender non-delivery notification: 0E0C88367B
Nov  3 01:09:57 ks22865 postfix/qmgr[6232]: 161C580C2D: from=<[email protected]>, size=87392, nrcpt=1 (queue active)
Nov  3 01:09:57 ks22865 postfix/qmgr[6232]: E0DB2808E4: removed
Nov  3 01:09:57 ks22865 postfix/qmgr[6232]: A46D18099B: removed
Nov  3 01:09:57 ks22865 postfix/qmgr[6232]: 92A2280AD0: removed
Nov  3 01:09:57 ks22865 postfix/qmgr[6232]: B0EB181D35: removed
Nov  3 01:09:57 ks22865 postfix/qmgr[6232]: D1C02809A0: removed
Nov  3 01:09:57 ks22865 postfix/qmgr[6232]: BF7A0832DE: removed
Nov  3 01:09:57 ks22865 postfix/qmgr[6232]: 6E12880AEE: removed
Nov  3 01:09:57 ks22865 postfix/local[6617]: 100BC8367E: to=<[email protected]>, relay=local, delay=0.12, delays=0.03/0/0/0.09, dsn=4.3.0, status=deferred (temporary failure)
Nov  3 01:09:57 ks22865 postfix/local[6621]: 0DF1C8367A: to=<[email protected]>, relay=local, delay=0.12, delays=0.04/0/0/0.09, dsn=4.3.0, status=deferred (temporary failure)
Nov  3 01:09:57 ks22865 postfix/pickup[6231]: 2C73B808E4: uid=1022 from=<ronly>
Nov  3 01:09:57 ks22865 postfix/cleanup[6800]: 2C73B808E4: message-id=<[email protected]>
cNov  3 01:09:57 ks22865 postfix/qmgr[6232]: 2C73B808E4: from=<[email protected]>, size=87377, nrcpt=1 (queue active)
Nov  3 01:09:57 ks22865 postfix/pickup[6231]: 3D3B080AD0: uid=1022 from=<ronly>
Nov  3 01:09:57 ks22865 postfix/cleanup[6661]: 3D3B080AD0: message-id=<[email protected]>
Nov  3 01:09:57 ks22865 postfix/local[6663]: 0E9E38367D: to=<[email protected]>, relay=local, delay=0.21, delays=0.03/0.09/0/0.09, dsn=4.3.0, status=deferred (temporary failure)
Nov  3 01:09:57 ks22865 postfix/local[6617]: 114218367F: to=<[email protected]>, relay=local, delay=0.21, delays=0.03/0.09/0/0.09, dsn=4.3.0, status=deferred (temporary failure)
Nov  3 01:09:57 ks22865 postfix/qmgr[6232]: 3D3B080AD0: from=<[email protected]>, size=87380, nrcpt=1 (queue active)
Nov  3 01:09:57 ks22865 postfix/pickup[6231]: 4C2F080BAB: uid=1022 from=<ronly>
Nov  3 01:09:57 ks22865 postfix/cleanup[6760]: 4C2F080BAB: message-id=<[email protected]>
/Nov  3 01:09:57 ks22865 postfix/local[6621]: 0E2C68367C: to=<[email protected]>, relay=local, delay=0.29, delays=0.04/0.18/0/0.07, dsn=4.3.0, status=deferred (temporary failure)
Nov  3 01:09:57 ks22865 postfix/local[6617]: 0DE1483678: to=<[email protected]>, relay=local, delay=0.29, delays=0.04/0.18/0/0.07, dsn=4.3.0, status=deferred (temporary failure)
Nov  3 01:09:57 ks22865 postfix/qmgr[6232]: 4C2F080BAB: from=<[email protected]>, size=87368, nrcpt=1 (queue active)
Nov  3 01:09:57 ks22865 postfix/pickup[6231]: 5D62E80B7F: uid=1022 from=<ronly>
Nov  3 01:09:57 ks22865 postfix/cleanup[6800]: 5D62E80B7F: message-id=<[email protected]>
Nov  3 01:09:57 ks22865 postfix/local[6663]: 0E0C88367B: to=<[email protected]>, relay=local, delay=0.44, delays=0.04/0.25/0/0.16, dsn=4.3.0, status=deferred (temporary failure)
Nov  3 01:09:57 ks22865 postfix/smtp[6340]: 06024809D1: to=<[email protected]>, relay=mx4.hotmail.com[65.55.37.120]:25, delay=176, delays=175/0/0.48/0.16, dsn=5.0.0, status=bounced (host mx4.hotmail.com[65.55.37.120] said: 550 OU-002 (COL0-MC4-F34) Unfortunately, messages from 91.121.8.155 weren't sent. Please contact your Internet service provider since part of their network is on our block list. You can also refer your provider to [URL]http://mail.live.com/mail/troubleshooting.aspx#errors[/URL]. (in reply to MAIL FROM command))
Nov  3 01:09:57 ks22865 postfix/smtp[6340]: 06024809D1: lost connection with mx4.hotmail.com[65.55.37.120] while sending RCPT TO
Nov  3 01:09:57 ks22865 postfix/qmgr[6232]: 5D62E80B7F: from=<[email protected]>, size=87371, nrcpt=1 (queue active)
Nov  3 01:09:57 ks22865 postfix/pickup[6231]: 995A280856: uid=1022 from=<ronly>
Nov  3 01:09:57 ks22865 postfix/cleanup[6753]: 995A280856: message-id=<[email protected]>
Nov  3 01:09:57 ks22865 postfix/cleanup[6661]: 9A09C83314: message-id=<[email protected]>
Nov  3 01:09:57 ks22865 postfix/smtp[6260]: 161C580C2D: to=<[email protected]>, relay=mx3.hotmail.com[65.55.92.136]:25, delay=168, delays=167/0/0.35/0.12, dsn=5.0.0, status=bounced (host mx3.hotmail.com[65.55.92.136] said: 550 OU-002 (SNT0-MC1-F25) Unfortunately, messages from 91.121.8.155 weren't sent. Please contact your Internet service provider since part of their network is on our block list. You can also refer your provider to [URL]http://mail.live.com/mail/troubleshooting.aspx#errors[/URL]. (in reply to MAIL FROM command))
Nov  3 01:09:57 ks22865 postfix/smtp[6260]: 161C580C2D: lost connection with mx3.hotmail.com[65.55.92.136] while sending RCPT TO
Nov  3 01:09:57 ks22865 postfix/cleanup[6785]: A5FA28366F: message-id=<[email protected]>
Nov  3 01:09:57 ks22865 postfix/bounce[6275]: 06024809D1: sender non-delivery notification: 9A09C83314
Nov  3 01:09:57 ks22865 postfix/qmgr[6232]: 995A280856: from=<[email protected]>, size=87380, nrcpt=1 (queue active)
Nov  3 01:09:57 ks22865 postfix/pickup[6231]: AC6FC80AB1: uid=1022 from=<ronly>
Nov  3 01:09:57 ks22865 postfix/cleanup[6788]: AC6FC80AB1: message-id=<[email protected]>
Nov  3 01:09:57 ks22865 postfix/qmgr[6232]: 06024809D1: removed
Nov  3 01:09:57 ks22865 postfix/qmgr[6232]: 9A09C83314: from=<>, size=3082, nrcpt=1 (queue active)
Nov  3 01:09:57 ks22865 postfix/qmgr[6232]: A5FA28366F: from=<>, size=3079, nrcpt=1 (queue active)
Nov  3 01:09:57 ks22865 postfix/smtp[6258]: CD39D80E42: to=<[email protected]>, relay=mx2.hotmail.com[65.54.188.126]:25, delay=180, delays=179/0/0.45/0.15, dsn=5.0.0, status=bounced (host mx2.hotmail.com[65.54.188.126] said: 550 OU-002 (BAY0-MC4-F38) Unfortunately, messages from 91.121.8.155 weren't sent. Please contact your Internet service provider since part of their network is on our block list. You can also refer your provider to [URL]http://mail.live.com/mail/troubleshooting.aspx#errors[/URL]. (in reply to MAIL FROM command))
Nov  3 01:09:57 ks22865 postfix/bounce[6235]: 161C580C2D: sender non-delivery notification: A5FA28366F
Nov  3 01:09:57 ks22865 postfix/smtp[6258]: CD39D80E42: lost connection with mx2.hotmail.com[65.54.188.126] while sending RCPT TO
Nov  3 01:09:57 ks22865 postfix/qmgr[6232]: AC6FC80AB1: from=<[email protected]>, size=87368, nrcpt=1 (queue active)
Nov  3 01:09:57 ks22865 postfix/qmgr[6232]: 161C580C2D: removed
Nov  3 01:09:57 ks22865 postfix/cleanup[6760]: B76EE80C2D: message-id=<[email protected]>
Nov  3 01:09:57 ks22865 postfix/local[6617]: 9A09C83314: to=<[email protected]>, relay=local, delay=0.2, delays=0.08/0/0/0.13, dsn=4.3.0, status=deferred (temporary failure)
Nov  3 01:09:57 ks22865 postfix/local[6621]: A5FA28366F: to=<[email protected]>, relay=local, delay=0.16, delays=0.03/0/0/0.13, dsn=4.3.0, status=deferred (temporary failure)
Nov  3 01:09:57 ks22865 postfix/qmgr[6232]: B76EE80C2D: from=<>, size=3068, nrcpt=1 (queue active)
Nov  3 01:09:57 ks22865 postfix/pickup[6231]: CC51781896: uid=1022 from=<ronly>
Nov  3 01:09:57 ks22865 postfix/cleanup[6661]: CC51781896: message-id=<[email protected]>
Nov  3 01:09:57 ks22865 postfix/smtp[6239]: 3D3B080AD0: to=<[email protected]>, relay=mx2.hotmail.com[65.55.92.184]:25, delay=182, delays=182/0/0.36/0.12, dsn=5.0.0, status=bounced (host mx2.hotmail.com[65.55.92.184] said: 550 OU-002 (SNT0-MC4-F10) Unfortunately, messages from 91.121.8.155 weren't sent. Please contact your Internet service provider since part of their network is on our block list. You can also refer your provider to [URL]http://mail.live.com/mail/troubleshooting.aspx#errors[/URL]. (in reply to MAIL FROM command))
Nov  3 01:09:57 ks22865 postfix/bounce[6316]: CD39D80E42: sender non-delivery notification: B76EE80C2D
Nov  3 01:09:57 ks22865 postfix/smtp[6239]: 3D3B080AD0: lost connection with mx2.hotmail.com[65.55.92.184] while sending RCPT TO
Nov  3 01:09:57 ks22865 postfix/qmgr[6232]: CC51781896: from=<[email protected]>, size=87374, nrcpt=1 (queue active)
Nov  3 01:09:57 ks22865 postfix/qmgr[6232]: CD39D80E42: removed
Nov  3 01:09:57 ks22865 postfix/cleanup[6753]: E684980E42: message-id=<[email protected]>
Nov  3 01:09:58 ks22865 postfix/smtp[6271]: 2C73B808E4: to=<[email protected]>, relay=mx4.hotmail.com[65.55.37.104]:25, delay=174, delays=173/0/0.47/0.16, dsn=5.0.0, status=bounced (host mx4.hotmail.com[65.55.37.104] said: 550 OU-002 (COL0-MC3-F36) Unfortunately, messages from 91.121.8.155 weren't sent. Please contact your Internet service provider since part of their network is on our block list. You can also refer your provider to [URL]http://mail.live.com/mail/troubleshooting.aspx#errors[/URL]. (in reply to MAIL FROM command))
Nov  3 01:09:58 ks22865 postfix/local[6663]: B76EE80C2D: to=<[email protected]>, relay=local, delay=0.29, delays=0.09/0/0/0.2, dsn=4.3.0, status=deferred (temporary failure)
Nov  3 01:09:58 ks22865 postfix/smtp[6271]: 2C73B808E4: lost connection with mx4.hotmail.com[65.55.37.104] while sending RCPT TO
Nov  3 01:09:58 ks22865 postfix/qmgr[6232]: E684980E42: from=<>, size=3067, nrcpt=1 (queue active)
Nov  3 01:09:58 ks22865 postfix/pickup[6231]: 0B1AA80B3D: uid=1022 from=<ronly>
Nov  3 01:09:58 ks22865 postfix/cleanup[6785]: 0B1AA80B3D: message-id=<[email protected]>
Nov  3 01:09:58 ks22865 postfix/cleanup[6799]: 0BBAB83676: message-id=<[email protected]>

Post autor: **LordRuthwen** » 03 listopada 2013, 10:05

Przede wszystkim: autoryzacja za pomocą sasl, postgrey, fail2ban i zobaczysz różnicę momentalnie.

drakerc · Post autor: **drakerc** » 03 listopada 2013, 12:46

Dziękuję za rady. Postgrey miałem już zainstalowane i skonfigurowane, teraz skonfigurowałem również fail2ban oraz dodałem obsługę sasl, ale jednak absolutnie nic to nie dało. Nadal obciążenie serwera skacze do 8-10 wprost po kilku sekundach od uruchomienia postfixa. Logi maila wypełniają się z ogromną prędkością, mówiąc szczerze, wyglądają praktycznie tak samo jak wcześniej.

W sumie nie do końca wiem, czy na pewno fail2ban działa i "coś robi", bo w jego pliku log przecież nic nie ma (iptables wyglądają chyba dobrze - patrz poniżej).

Jeszcze jakieś rady?

W sumie jestem tym mocno zaskoczony, że jest aż tyle prób wysłania wiadomości. W sumie nie wiem już, co zrobić? Próby wysyłania spamu nadal przechodzą i obciążają serwer (przy okazji martwi mnie w logach wpis: relay=none - co to niby znaczy?). Fail2ban zdaje się nie działać (albo te próby wysyłania spamu idą z różnych IP, albo jednak coś porobiłem przy konfiguracji, bo mimo ustawienia ,,bantime'' na 2 godziny instalacja fail2ban nic nie dała).

Kod: Zaznacz cały

Nov  3 12:31:07 ks22865 postfix/qmgr[3816]: E5B7085EBC: from=<[email protected]>, size=70216, nrcpt=1 (queue active)Nov  3 12:31:07 ks22865 postfix/smtp[3886]: 7242884899: host mta6.am0.yahoodns.net[98.136.216.26] refused to talk to me: 553 5.7.1 [BL21] Connections will not be accepted from 91.121.8.155, because the ip is in Spamhaus's list; see [URL]http://postmaster.yahoo.com/550-bl23.html[/URL]
Nov  3 12:31:07 ks22865 postfix/pickup[3815]: 0EB928697A: uid=1022 from=<ronly>
Nov  3 12:31:07 ks22865 postfix/cleanup[5037]: 0EB928697A: message-id=<[email protected]>
Nov  3 12:31:07 ks22865 postfix/smtp[3906]: 452DA80F17: to=<[email protected]>, relay=mx4.hotmail.com[65.55.37.72]:25, delay=40099, delays=40099/0/0.48/0.16, dsn=5.0.0, status=bounced (host mx4.hotmail.com[65.55.37.72] said: 550 OU-002 (COL0-MC1-F27) Unfortunately, messages from 91.121.8.155 weren't sent. Please contact your Internet service provider since part of their network is on our block list. You can also refer your provider to [URL]http://mail.live.com/mail/troubleshooting.aspx#errors[/URL]. (in reply to MAIL FROM command))
Nov  3 12:31:07 ks22865 postfix/smtp[3906]: 452DA80F17: lost connection with mx4.hotmail.com[65.55.37.72] while sending RCPT TO
Nov  3 12:31:07 ks22865 postfix/cleanup[5089]: 22B36896DB: message-id=<[email protected]>
Nov  3 12:31:07 ks22865 postfix/error[3942]: E5B7085EBC: to=<[email protected]>, relay=none, delay=30132, delays=30132/0/0/0.11, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mta7.am0.yahoodns.net[98.138.112.33] refused to talk to me: 553 5.7.1 [BL21] Connections will not be accepted from 91.121.8.155, because the ip is in Spamhaus's list; see [URL]http://postmaster.yahoo.com/550-bl23.html[/URL])
Nov  3 12:31:07 ks22865 postfix/smtp[3922]: 518F383861: to=<[email protected]>, relay=mx1.hotmail.com[65.55.37.104]:25, delay=29587, delays=29586/0/0.47/0.16, dsn=5.0.0, status=bounced (host mx1.hotmail.com[65.55.37.104] said: 550 OU-002 (COL0-MC3-F21) Unfortunately, messages from 91.121.8.155 weren't sent. Please contact your Internet service provider since part of their network is on our block list. You can also refer your provider to [URL]http://mail.live.com/mail/troubleshooting.aspx#errors[/URL]. (in reply to MAIL FROM command))
Nov  3 12:31:07 ks22865 postfix/smtp[3922]: 518F383861: lost connection with mx1.hotmail.com[65.55.37.104] while sending RCPT TO
Nov  3 12:31:07 ks22865 postfix/cleanup[5082]: 2B068896DC: message-id=<[email protected]>
Nov  3 12:31:07 ks22865 postfix/bounce[5192]: 452DA80F17: sender non-delivery notification: 22B36896DB
Nov  3 12:31:07 ks22865 postfix/qmgr[3816]: 2B068896DC: from=<>, size=3055, nrcpt=1 (queue active)
Nov  3 12:31:07 ks22865 postfix/qmgr[3816]: 452DA80F17: removed
Nov  3 12:31:07 ks22865 postfix/qmgr[3816]: 22B36896DB: from=<>, size=2932, nrcpt=1 (queue active)
Nov  3 12:31:07 ks22865 postfix/qmgr[3816]: 0EB928697A: from=<[email protected]>, size=70214, nrcpt=1 (queue active)
Nov  3 12:31:07 ks22865 postfix/pickup[3815]: 312B98655C: uid=1022 from=<ronly>
Nov  3 12:31:07 ks22865 postfix/cleanup[5089]: 312B98655C: message-id=<[email protected]>
Nov  3 12:31:07 ks22865 postfix/bounce[4979]: 518F383861: sender non-delivery notification: 2B068896DC
Nov  3 12:31:07 ks22865 postfix/qmgr[3816]: 518F383861: removed
Nov  3 12:31:07 ks22865 postfix/smtp[3886]: 7242884899: host mta6.am0.yahoodns.net[66.196.118.37] refused to talk to me: 553 5.7.1 [BL21] Connections will not be accepted from 91.121.8.155, because the ip is in Spamhaus's list; see [URL]http://postmaster.yahoo.com/550-bl23.html[/URL]
Nov  3 12:31:07 ks22865 postfix/local[3821]: 2B068896DC: to=<[email protected]>, relay=local, delay=0.13, delays=0.03/0/0/0.1, dsn=4.3.0, status=deferred (temporary failure)
Nov  3 12:31:07 ks22865 postfix/local[3825]: 22B36896DB: to=<[email protected]>, relay=local, delay=0.16, delays=0.06/0/0/0.1, dsn=4.3.0, status=deferred (temporary failure)
Nov  3 12:31:07 ks22865 postfix/qmgr[3816]: 312B98655C: from=<[email protected]>, size=70224, nrcpt=1 (queue active)
Nov  3 12:31:07 ks22865 postfix/pickup[3815]: 52FB386A55: uid=1022 from=<ronly>
Nov  3 12:31:07 ks22865 postfix/cleanup[5037]: 52FB386A55: message-id=<[email protected]>
Nov  3 12:31:07 ks22865 postfix/smtp[3905]: 8CE7B87628: to=<[email protected]>, relay=mx4.hotmail.com[65.55.37.104]:25, delay=36057, delays=36056/0/0.47/0.16, dsn=5.0.0, status=bounced (host mx4.hotmail.com[65.55.37.104] said: 550 OU-002 (COL0-MC3-F27) Unfortunately, messages from 91.121.8.155 weren't sent. Please contact your Internet service provider since part of their network is on our block list. You can also refer your provider to [URL]http://mail.live.com/mail/troubleshooting.aspx#errors[/URL]. (in reply to MAIL FROM command))
Nov  3 12:31:07 ks22865 postfix/smtp[3905]: 8CE7B87628: lost connection with mx4.hotmail.com[65.55.37.104] while sending RCPT TO
Nov  3 12:31:07 ks22865 postfix/cleanup[5089]: 5C60C896DA: message-id=<[email protected]>
Nov  3 12:31:07 ks22865 postfix/bounce[4979]: 8CE7B87628: sender non-delivery notification: 5C60C896DA
Nov  3 12:31:07 ks22865 postfix/qmgr[3816]: 5C60C896DA: from=<>, size=2927, nrcpt=1 (queue active)
Nov  3 12:31:07 ks22865 postfix/qmgr[3816]: 8CE7B87628: removed
Nov  3 12:31:07 ks22865 postfix/qmgr[3816]: 52FB386A55: from=<[email protected]>, size=69623, nrcpt=1 (queue active)
Nov  3 12:31:07 ks22865 postfix/smtp[3851]: DB7D483CA5: to=<[email protected]>, relay=mx3.hotmail.com[65.55.92.184]:25, delay=36027, delays=36026/0/0.34/0.11, dsn=5.0.0, status=bounced (host mx3.hotmail.com[65.55.92.184] said: 550 OU-002 (SNT0-MC4-F9) Unfortunately, messages from 91.121.8.155 weren't sent. Please contact your Internet service provider since part of their network is on our block list. You can also refer your provider to [URL]http://mail.live.com/mail/troubleshooting.aspx#errors[/URL]. (in reply to MAIL FROM command))
Nov  3 12:31:07 ks22865 postfix/smtp[3851]: DB7D483CA5: lost connection with mx3.hotmail.com[65.55.92.184] while sending RCPT TO
Nov  3 12:31:07 ks22865 postfix/cleanup[5082]: 6D3FB87628: message-id=<[email protected]>
Nov  3 12:31:07 ks22865 postfix/pickup[3815]: 6D50B84774: uid=1022 from=<ronly>
Nov  3 12:31:07 ks22865 postfix/cleanup[5089]: 6D50B84774: message-id=<[email protected]>
Nov  3 12:31:07 ks22865 postfix/local[4150]: 5C60C896DA: to=<[email protected]>, relay=local, delay=0.11, delays=0.03/0/0/0.07, dsn=4.3.0, status=deferred (temporary failure)
Nov  3 12:31:07 ks22865 postfix/smtp[3886]: 7242884899: host mta7.am0.yahoodns.net[66.196.118.36] refused to talk to me: 553 5.7.1 [BL21] Connections will not be accepted from 91.121.8.155, because the ip is in Spamhaus's list; see [URL]http://postmaster.yahoo.com/550-bl23.html[/URL]
Nov  3 12:31:07 ks22865 postfix/bounce[5192]: DB7D483CA5: sender non-delivery notification: 6D3FB87628
Nov  3 12:31:07 ks22865 postfix/qmgr[3816]: 6D50B84774: from=<[email protected]>, size=70216, nrcpt=1 (queue active)
Nov  3 12:31:07 ks22865 postfix/qmgr[3816]: DB7D483CA5: removed
Nov  3 12:31:07 ks22865 postfix/qmgr[3816]: 6D3FB87628: from=<>, size=2922, nrcpt=1 (queue active)
Nov  3 12:31:07 ks22865 postfix/smtp[3850]: CB180853DA: to=<[email protected]>, relay=mx1.hotmail.com[65.54.188.126]:25, delay=40712, delays=40711/0/0.45/0.15, dsn=5.0.0, status=bounced (host mx1.hotmail.com[65.54.188.126] said: 550 OU-002 (BAY0-MC4-F37) Unfortunately, messages from 91.121.8.155 weren't sent. Please contact your Internet service provider since part of their network is on our block list. You can also refer your provider to [URL]http://mail.live.com/mail/troubleshooting.aspx#errors[/URL]. (in reply to MAIL FROM command))
Nov  3 12:31:07 ks22865 postfix/smtp[3850]: CB180853DA: lost connection with mx1.hotmail.com[65.54.188.126] while sending RCPT TO
Nov  3 12:31:07 ks22865 postfix/cleanup[5037]: 8811B896DD: message-id=<[email protected]>
Nov  3 12:31:07 ks22865 postfix/pickup[3815]: 883018632D: uid=1022 from=<ronly>
Nov  3 12:31:07 ks22865 postfix/cleanup[5082]: 883018632D: message-id=<[email protected]>
Nov  3 12:31:07 ks22865 postfix/local[3976]: 6D3FB87628: to=<[email protected]>, relay=local, delay=0.15, delays=0.08/0/0/0.07, dsn=4.3.0, status=deferred (temporary failure)
Nov  3 12:31:07 ks22865 postfix/bounce[5117]: CB180853DA: sender non-delivery notification: 8811B896DD
Nov  3 12:31:07 ks22865 postfix/qmgr[3816]: 883018632D: from=<[email protected]>, size=70219, nrcpt=1 (queue active)
Nov  3 12:31:07 ks22865 postfix/qmgr[3816]: CB180853DA: removed
Nov  3 12:31:07 ks22865 postfix/qmgr[3816]: 8811B896DD: from=<>, size=2937, nrcpt=1 (queue active)
Nov  3 12:31:07 ks22865 postfix/pickup[3815]: A102E85CCC: uid=1022 from=<ronly>
Nov  3 12:31:07 ks22865 postfix/cleanup[5089]: A102E85CCC: message-id=<[email protected]>
Nov  3 12:31:07 ks22865 postfix/local[3821]: 8811B896DD: to=<[email protected]>, relay=local, delay=0.13, delays=0.07/0/0/0.06, dsn=4.3.0, status=deferred (temporary failure)
Nov  3 12:31:07 ks22865 postfix/error[4043]: 883018632D: to=<[email protected]>, relay=none, delay=36048, delays=36048/0/0/0.06, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mta7.am0.yahoodns.net[98.138.112.33] refused to talk to me: 553 5.7.1 [BL21] Connections will not be accepted from 91.121.8.155, because the ip is in Spamhaus's list; see [URL]http://postmaster.yahoo.com/550-bl23.html[/URL])
Nov  3 12:31:07 ks22865 postfix/smtp[3846]: 2ED45843A0: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[173.194.78.26]:25, delay=8118, delays=8117/0/0.03/1.4, dsn=2.0.0, status=sent (250 2.0.0 OK 1383478267 n15si4147782wiw.64 - gsmtp)
Nov  3 12:31:07 ks22865 postfix/qmgr[3816]: 2ED45843A0: removed
Nov  3 12:31:07 ks22865 postfix/smtp[3888]: 0EB928697A: to=<[email protected]>, relay=mx1.hotmail.com[65.55.92.152]:25, delay=30181, delays=30181/0/0.35/0.12, dsn=5.0.0, status=bounced (host mx1.hotmail.com[65.55.92.152] said: 550 OU-002 (SNT0-MC2-F44) Unfortunately, messages from 91.121.8.155 weren't sent. Please contact your Internet service provider since part of their network is on our block list. You can also refer your provider to [URL]http://mail.live.com/mail/troubleshooting.aspx#errors[/URL]. (in reply to MAIL FROM command))
Nov  3 12:31:07 ks22865 postfix/smtp[3888]: 0EB928697A: lost connection with mx1.hotmail.com[65.55.92.152] while sending RCPT TO
Nov  3 12:31:07 ks22865 postfix/cleanup[5037]: B7825896E0: message-id=<[email protected]>
Nov  3 12:31:07 ks22865 postfix/smtp[3886]: 7242884899: to=<[email protected]>, relay=mta6.am0.yahoodns.net[66.196.118.33]:25, delay=8184, delays=8183/0/1.1/0, dsn=4.7.1, status=deferred (host mta6.am0.yahoodns.net[66.196.118.33] refused to talk to me: 553 5.7.1 [BL21] Connections will not be accepted from 91.121.8.155, because the ip is in Spamhaus's list; see [URL]http://postmaster.yahoo.com/550-bl23.html[/URL])
Nov  3 12:31:07 ks22865 postfix/qmgr[3816]: A102E85CCC: from=<[email protected]>, size=70213, nrcpt=1 (queue active)
Nov  3 12:31:07 ks22865 postfix/qmgr[3816]: B7825896E0: from=<>, size=2927, nrcpt=1 (queue active)
Nov  3 12:31:07 ks22865 postfix/pickup[3815]: BD3BE86127: uid=1022 from=<ronly>
Nov  3 12:31:07 ks22865 postfix/cleanup[5082]: BD3BE86127: message-id=<[email protected]>
Nov  3 12:31:07 ks22865 postfix/bounce[5190]: 0EB928697A: sender non-delivery notification: B7825896E0
Nov  3 12:31:07 ks22865 postfix/qmgr[3816]: 0EB928697A: removed
Nov  3 12:31:07 ks22865 postfix/error[3961]: A102E85CCC: to=<[email protected]>, relay=none, delay=30224, delays=30223/0/0/0.08, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mta7.am0.yahoodns.net[98.138.112.33] refused to talk to me: 553 5.7.1 [BL21] Connections will not be accepted from 91.121.8.155, because the ip is in Spamhaus's list; see [URL]http://postmaster.yahoo.com/550-bl23.html[/URL])
Nov  3 12:31:07 ks22865 postfix/smtp[3865]: 312B98655C: to=<[email protected]>, relay=mx4.hotmail.com[65.55.92.152]:25, delay=30122, delays=30122/0/0.35/0.12, dsn=5.0.0, status=bounced (host mx4.hotmail.com[65.55.92.152] said: 550 OU-002 (SNT0-MC2-F11) Unfortunately, messages from 91.121.8.155 weren't sent. Please contact your Internet service provider since part of their network is on our block list. You can also refer your provider to [URL]http://mail.live.com/mail/troubleshooting.aspx#errors[/URL]. (in reply to MAIL FROM command))
Nov  3 12:31:07 ks22865 postfix/smtp[3865]: 312B98655C: lost connection with mx4.hotmail.com[65.55.92.152] while sending RCPT TO
Nov  3 12:31:07 ks22865 postfix/local[4154]: B7825896E0: to=<[email protected]>, relay=local, delay=0.1, delays=0.03/0/0/0.08, dsn=4.3.0, status=deferred (temporary failure)
Nov  3 12:31:07 ks22865 postfix/cleanup[5089]: D0B9E8697A: message-id=<[email protected]>
Nov  3 12:31:07 ks22865 postfix/qmgr[3816]: D0B9E8697A: from=<>, size=2957, nrcpt=1 (queue active)
Nov  3 12:31:07 ks22865 postfix/qmgr[3816]: BD3BE86127: from=<[email protected]>, size=70217, nrcpt=1 (queue active)
Nov  3 12:31:07 ks22865 postfix/pickup[3815]: D5E2486AD6: uid=1022 from=<ronly>
Nov  3 12:31:07 ks22865 postfix/cleanup[5037]: D5E2486AD6: message-id=<[email protected]>
Nov  3 12:31:07 ks22865 postfix/bounce[5192]: 312B98655C: sender non-delivery notification: D0B9E8697A
Nov  3 12:31:07 ks22865 postfix/qmgr[3816]: 312B98655C: removed
Nov  3 12:31:07 ks22865 postfix/smtp[3890]: 52FB386A55: to=<[email protected]>, relay=mx4.hotmail.com[65.55.92.168]:25, delay=40114, delays=40113/0/0.35/0.11, dsn=5.0.0, status=bounced (host mx4.hotmail.com[65.55.92.168] said: 550 OU-002 (SNT0-MC3-F1) Unfortunately, messages from 91.121.8.155 weren't sent. Please contact your Internet service provider since part of their network is on our block list. You can also refer your provider to [URL]http://mail.live.com/mail/troubleshooting.aspx#errors[/URL]. (in reply to MAIL FROM command))
Nov  3 12:31:07 ks22865 postfix/smtp[3890]: 52FB386A55: lost connection with mx4.hotmail.com[65.55.92.168] while sending RCPT TO
Nov  3 12:31:07 ks22865 postfix/local[3825]: D0B9E8697A: to=<[email protected]>, relay=local, delay=0.12, delays=0.02/0/0/0.09, dsn=4.3.0, status=deferred (temporary failure)
Nov  3 12:31:07 ks22865 postfix/cleanup[5082]: ED2188655C: message-id=<[email protected]>

Konfiguracja postfix (spory bałagan, bo eksperymentowałem z różnymi konfigami):

Kod: Zaznacz cały

# See /usr/share/postfix/main.cf.dist for a commented, more complete version




# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname


smtpd_banner = $myhostname ESMTP
biff = no






soft_bounce = no
unknown_local_recipient_reject_code = 550
in_flow_delay = 5s




mail_owner = postfix
setgid_group = postdrop
luser_relay = 


# appending .domain is the MUA's job.
append_dot_mydomain = no


# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h


readme_directory = no


# TLS parameters
smtpd_tls_cert_file = /etc/ssl/certs/iRedMail_CA.pem
smtpd_tls_key_file = /etc/ssl/private/iRedMail.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache


# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.


myhostname = ks22865.kimsufi.com
alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases
myorigin = ks22865.kimsufi.com
mydestination = $myhostname, localhost, localhost.localdomain, localhost.$myhostname, gtasite.pl, gta.net.pl, gtasite.net
relayhost = 
mynetworks = 127.0.0.0/8
mailbox_command = /usr/lib/dovecot/deliver
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = 91.121.8.155, localhost
virtual_alias_domains = 
mydomain = kimsufi.com
inet_protocols = ipv4
mynetworks_style = subnet


smtpd_client_restrictions =
        reject_rbl_client b.barracudacentral.org,
        reject_rbl_client hostkarma.junkemailfilter.com=127.0.0.2,
        reject_unknown_client_hostname






smtpd_data_restrictions = reject_unauth_pipelining
smtpd_reject_unlisted_recipient = yes
#smtpd_sender_restrictions = permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated


smtpd_sender_restrictions =
        reject_unknown_sender_domain,
        reject_unknown_address,
        reject_rbl_client b.barracudacentral.org


delay_warning_time = 0h
maximal_queue_lifetime = 1h
bounce_queue_lifetime = 1d
local_recipient_maps =
proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions
smtp_data_init_timeout = 240s
smtp_data_xfer_timeout = 600s
smtpd_helo_required = yes
#smtpd_helo_restrictions = permit_mynetworks,permit_sasl_authenticated, check_helo_access pcre:/etc/postfix/helo_access.pcre


smtpd_helo_restrictions =
        reject_non_fqdn_helo_hostname,
        reject_invalid_helo_hostname,
        reject_rhsbl_helo hostkarma.junkemailfilter.com=127.0.0.2,
        reject_rhsbl_helo zen.spamhaus.org


queue_run_delay = 300s
minimal_backoff_time = 300s
maximal_backoff_time = 4000s
enable_original_recipient = no
disable_vrfy_command = yes
home_mailbox = Maildir/
allow_min_user = no
message_size_limit = 15728640
virtual_minimum_uid = 1008
virtual_uid_maps = static:1008
virtual_gid_maps = static:1009
virtual_mailbox_base = /var/vmail
smtpd_reject_unlisted_sender = yes
transport_maps = proxy:mysql:/etc/postfix/mysql/transport_maps_user.cf, proxy:mysql:/etc/postfix/mysql/transport_maps_domain.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql/virtual_alias_maps.cf, proxy:mysql:/etc/postfix/mysql/domain_alias_maps.cf, proxy:mysql:/etc/postfix/mysql/catchall_maps.cf, proxy:mysql:/etc/postfix/mysql/domain_alias_catchall_maps.cf
sender_bcc_maps = proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_domain.cf, proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_user.cf
recipient_bcc_maps = proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_domain.cf, proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_user.cf
relay_domains = $mydestination, proxy:mysql:/etc/postfix/mysql/relay_domains.cf
smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql/sender_login_maps.cf




smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = 
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_authenticated_header = no
#smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth


#smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, check_policy_service inet:127.0.0.1:10031,, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, check_policy_service inet:127.0.0.1:10031


smtpd_recipient_restrictions =
        check_policy_service inet:127.0.0.1:60000,
        permit_mynetworks,
        permit_sasl_authenticated
        reject_invalid_hostname,
        reject_non_fqdn_sender,
        reject_non_fqdn_recipient,
        reject_unknown_sender_domain,
        reject_unknown_recipient_domain,
        reject_unauth_destination,
 
        permit_dnswl_client list.dnswl.org,
 
        check_policy_service inet:127.0.0.1:10023,
 
        reject_rhsbl_reverse_client dbl.spamhaus.org,
        reject_rhsbl_sender dbl.spamhaus.org,
        reject_rhsbl_client dbl.spamhaus.org,
        reject_rhsbl_sender fresh15.spameatingmonkey.net,
        reject_rhsbl_client fresh15.spameatingmonkey.net,
        reject_rhsbl_sender uribl.spameatingmonkey.net,
        reject_rhsbl_client uribl.spameatingmonkey.net,
        reject_rhsbl_sender urired.spameatingmonkey.net,
        reject_rhsbl_client urired.spameatingmonkey.net,
        reject_rhsbl_client hostkarma.junkemailfilter.com=127.0.0.2,
 
        reject_rbl_client b.barracudacentral.org,
        reject_rbl_client zen.spamhaus.org,
        reject_rbl_client bl.spameatingmonkey.net,
        reject_rbl_client bl.spamcop.net,
        reject_rbl_client hostkarma.junkemailfilter.com=127.0.0.2,
        reject_rbl_client dnsbl.njabl.org,
        reject_rbl_client spamsources.fabel.dk,
        reject_rbl_client truncate.gbudb.net,
        reject_rbl_client ubl.unsubscore.com,
        reject_rbl_client aspews.ext.sorbs.net,
        reject_rbl_client dnsbl.sorbs.net,
        reject_rbl_client backscatter.spameatingmonkey.net,
        reject_rbl_client bl.spameatingmonkey.net,
        reject_rbl_client psbl.surriel.com,
        reject_rbl_client cidr.bl.mcafee.com,
        reject_rbl_client bl.mailspike.net,
        reject_rbl_client ix.dnsbl.manitu.net,
        reject_rbl_client black.uribl.com,
        reject_rbl_client spam.spamrats.com,
 
        permit


smtpd_tls_security_level = may
smtpd_enforce_tls = no
smtpd_tls_loglevel = 0
smtpd_tls_CAfile = /etc/ssl/certs/iRedMail_CA.pem
tls_random_source = dev:/dev/urandom
# Uncomment below line to enable policyd sender throttle.
#smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10031




virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
smtpd_sasl_type = dovecot
smtpd_sasl_path = ./dovecot-auth
#content_filter = smtp-amavis:[127.0.0.1]:10024
#smtp-amavis_destination_recipient_limit = 1
#reject_unauth_destination

snejk · Post autor: **snejk** » 05 listopada 2013, 08:55

Ktoś Ci się włamał na konto pocztowe i z niego wysyła spam.
Dodatkowo Twoje IP zostało dodane do globalnej listy spamu - sprawdź http://mxtoolbox.com/blacklists.aspx

Ustaw logowanie na najniższy poziom, potem przeszukaj logi, po jednej wiadomości - szósta kolumna:

Kod: Zaznacz cały

grep 452DA80F17 /var/log/mail.log

i powinieneś zobaczyć z jakiego konta wysyłany jest dany mail.
U mnie wygląda to tak:

Kod: Zaznacz cały


Nov  5 08:43:57 mail postfix/smtpd[17607]: 922B85E9B3D: client=apn-77-113-6-188.dynamic.gprs.plus.pl[77.113.6.188], sasl_method=PLAIN,sasl_username=marcin@domena-x                                                                                        
Nov  5 08:43:58 mail postfix/cleanup[18041]: 922B85E9B3D: message-id=<[email protected]                                                                                                                           
Nov  5 08:43:58 mail postfix/qmgr[1319]: 922B85E9B3D: from=<marcin@domena-x>, size=1287, nrcpt=1 (queue active)               
Nov  5 08:43:59 mail postfix/smtp[18042]: 922B85E9B3D: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[173.194.66.
26]:25, delay=2.4, delays=0.78/0.02/0.48/1.1, dsn=2.0.0, status=sent (250 2.0.0 OK 1383637455 pb6si8774961wjb.135 - gsmtp)    
Nov  5 08:43:59 mail postfix/qmgr[1319]: 922B85E9B3D: removed       19]: 922B85E9B3D: removed

Musisz znaleźć linijkę:

Kod: Zaznacz cały

sasl_username=marcin@domena-x

gdyż, pole from jest sfałszowane.

markossx · Post autor: **markossx** » 06 listopada 2013, 11:12

Zablokuj w iptables podsieć 65.52.0.0/14 i potem ustalaj, bo być może snejk ma rację...

adam_01001110 · Post autor: **adam_01001110** » 06 listopada 2013, 23:29

A czy rozważałeś zablokowanie całych pul adresów IP? Jak poszukać w sieci to jest pełno list adresów IP spamerskich:

http://sblam.com/ - bardzo często aktualizowana
http://incredibill.me/htaccess-block-country-ips - blokowanie IP całego kraju
http://www.parkansky.com/china.htm - blokowanie często używanych adresów IP hakerów z Chin
http://www.wizcrafts.net/chinese-blocklist.html - j/w

To jest akurat tylko przykład, czyli bardziej od strony www blokowanie .htaccess, ale możesz poszukać w Google rozwiązania dla Ciebie, czyli blokowania spamerskich list mailowych po firewallu iptables, czy jak tam Ci wygodnie. Jeden z moich klientów dostawał kiedyś tony spamu i po zastosowaniu jednej z takich list jak ręką odjął... . Trzeba tylko zwracać uwagę na aktualność listy, bo to jest dużym wykładnikiem jej skuteczności.

drakerc · Post autor: **drakerc** » 30 listopada 2013, 22:09

Dziękuję wszystkim za odpowiedzi i przepraszam, że odpisuję dopiero teraz - dostałem od datacenter ban na wysyłanie wiadomości na 30 dni i dopiero teraz minął, tak więc zacząłem naprawiać całą sytuację.

Prawdopodobnie już wiem, o co chodziło. Okazało się, że spam wysyłany był z konta

Kod: Zaznacz cały

[email protected]

które założyłem prawie rok temu i całkowicie o nim zapomniałem. A jak sobie właśnie przypomniałem, hasło do niego było ogólnodostępne (konto miało "niby" uprawnienia tylko do odczytu do jednego katalogu na serwerze (zrobione w ten sposób, że prawa dostępu były ustawione na tylko do odczytu i inny właściciel katalogu. Wiem, tragedia, ale całkowicie zapomniałem o możliwości wykorzystania innych uprawnień, m.in. wysyłania wiadomości.

Właśnie zablokowałem dostęp do powłoki użytkownikowi ronly (/etc/passwd - ustawienie przy koncie na /dev/null) i chciałbym, by użytkownik ten miał dostęp wyłącznie do odczytywania danych z katalogu FTP (czyli tak jak wcześniej). Jednak obstawiam, że samo wyłączenie dostępu do powłoki nic tu nie da - nadal będzie możliwość wysyłania wiadomości.

W związku z tym moje obecne pytanie, w jaki sposób można w postfixie zablokować możliwość wysyłania wiadomości użytkownikowi? Korzystając z pewnego poradnika zablokowałem dostęp do wysyłania poprzez utworzenie pliku sender_access (patrz poradnik http://www.cyberciti.biz/faq/howto-blac ... l-address/). Czy to wystarczy? Ban na wysyłanie wiadomości skończy się za trzy dni, więc chciałbym się przygotować do ponownej możliwości wysyłania wiadomości.

Ogromne ilo

Ogromne ilości spamu blokują serwer - Postfix