我的邮件服务器上的垃圾邮件

Spam on my mail server

我用 postfix、dovecot、spamasasin 为自己创建了一个邮件服务器.. 今天在看日志,发现了很多这样的

Mar  7 15:38:30 chillihorse postfix/postscreen[16678]: CONNECT from [167.57.146.98]:65189 to [85.25.109.218]:25
Mar  7 15:38:30 chillihorse postfix/postscreen[16678]: WHITELISTED [167.57.146.98]:65189
Mar  7 15:38:30 chillihorse postfix/smtpd[16679]: connect from r167-57-146-98.dialup.adsl.anteldata.net.uy[167.57.146.98]
Mar  7 15:38:30 chillihorse amavis[16660]: (16660-07) Blocked SPAM {RejectedOpenRelay}, AM.PDP-SOCK [114.41.245.133] [114.41.245.133] <security@confirmation.net> -> <laxmi.s@vedainformatics.com>,<laxmi.sanitary@yahoo.in>,<laxmi.sbelal@ymail.com>,<laxmi.shaw@rediffmail.com>,<laxmi.shrestha@ntc.net.np>,<laxmi.singh911@yahoo.in>,<laxmi.soni@cmcltd.com>,<laxmi.srinivas@talentsprint.com>,<laxmi.thammisetti@tcs.com>,<laxmi.upadhyay@vodafone.com>,<laxmi.varajidas@sapo.pt>,<laxmi.vemaraju@cmcltd.com>,<laxmi1020@yahoo.co.in>,<laxmi1@rediffmail.com>,<laxmi2010@att.net>,<laxmi206@yahoo.co.in>,<laxmi214@yahoo.co.in>,<laxmi2906@bbox.fr>,<laxmi2_2005@yahoo.co.in>, Queue-ID: DCD211140503, Message-ID: <9afb09ce7510fef97257cee8fead42fdsecurity@confirmation.net>, mail_id: ynqCA95iv26B, Hits: 15.057, size: 48365, 784 ms
Mar  7 15:38:30 chillihorse postfix/cleanup[16833]: DCD211140503: milter-reject: END-OF-MESSAGE from 114-41-245-133.dynamic.hinet.net[114.41.245.133]: 5.7.0 Reject, id=16660-07 - spam; from=<security@confirmation.net> to=<laxmi2_2005@yahoo.co.in> proto=ESMTP helo=<220.152.56.78>
Mar  7 15:38:31 chillihorse postfix/smtpd[16824]: disconnect from 114-41-245-133.dynamic.hinet.net[114.41.245.133]
Mar  7 15:38:34 chillihorse postfix/smtpd[16679]: 7D7CB1140488: client=r167-57-146-98.dialup.adsl.anteldata.net.uy[167.57.146.98]
Mar  7 15:38:43 chillihorse postfix/smtpd[16679]: 7D7CB1140488: reject: RCPT from r167-57-146-98.dialup.adsl.anteldata.net.uy[167.57.146.98]: 450 4.1.2 <gunhild.jansson@kungsholmen.stockholm.se>: Recipient address rejected: Domain not found; from=<customers@payee.net> to=<gunhild.jansson@kungsholmen.stockholm.se> proto=ESMTP helo=<190.179.48.65>
Mar  7 15:38:46 chillihorse postfix/postscreen[16678]: CONNECT from [123.56.194.22]:59162 to [85.25.109.218]:25
Mar  7 15:38:46 chillihorse postfix/postscreen[16678]: WHITELISTED [123.56.194.22]:59162
Mar  7 15:38:46 chillihorse postfix/smtpd[16692]: connect from unknown[123.56.194.22]
Mar  7 15:38:52 chillihorse postfix/cleanup[16689]: 7D7CB1140488: message-id=<0385d5ce1708ef90563c0a70ac57e1e4customers@payee.net>
Mar  7 15:38:53 chillihorse postfix/smtpd[16692]: lost connection after MAIL from unknown[123.56.194.22]
Mar  7 15:38:53 chillihorse postfix/smtpd[16692]: disconnect from unknown[123.56.194.22]
Mar  7 15:38:54 chillihorse amavis[16659]: (16659-08) Blocked SPAM {RejectedOpenRelay}, AM.PDP-SOCK [167.57.146.98] [167.57.146.98] <customers@payee.net> -> <gunhandenizhan@yahoo.com>,<gunhanemrahsonmez@yahoo.com>,<gunhankutluk@yahoo.com.tr>,<gunhanlar@yahoo.com>,<gunhann@windowslive.com>,<gunhano@yahoo.com>,<gunhantatman@hotmail.com>,<gunhild.bjerre@live.dk>,<gunhild.bognaes@posten.no>,<gunhild.buestad@nordialaw.com>,<gunhild.claesson@home.se>,<gunhild.dahle@mrfylke.no>,<gunhild.dokkedal@yahoo.dk>,<gunhild.eriksson@tekniskamuseet.se>,<gunhild.h.synnestvedt@avinor.no>,<gunhild.haugnes@aftenposten.no>,<gunhild.holm@stofanet.dk>,<gunhild.johansen@utviklingssenteret.no>,<gunhild.ledang@alvdal.kommune.no>,<gunhild.melhuus@adecco.no>,<gunhild.nedal@stromstangen.no>,<gunhild.sallvin@swipnet.se>,<gunhild.stein@ezi.net>,<gunhild.vatn@ntnu.no>,<gunhild.viden@class.gu.se>,<gunhild79@hotmail.com>,<gunhild@brafolk.no>,<gunhild@hum.ku.dk>,<gunhild@ofir.dk>, Queue-ID: 7D7CB1140488, Message-ID: <0385d5ce1708ef90563c0a70...
Mar  7 15:38:54 chillihorse amavis[16659]: (16659-08) ...ac57e1e4customers@payee.net>, mail_id: is6lNnFaXjWt, Hits: 15.951, size: 48715, 1031 ms
Mar  7 15:38:54 chillihorse postfix/cleanup[16689]: 7D7CB1140488: milter-reject: END-OF-MESSAGE from r167-57-146-98.dialup.adsl.anteldata.net.uy[167.57.146.98]: 5.7.0 Reject, id=16659-08 - spam; from=<customers@payee.net> to=<gunhild@ofir.dk> proto=ESMTP helo=<190.179.48.65>
Mar  7 15:38:55 chillihorse postfix/smtpd[16679]: disconnect from r167-57-146-98.dialup.adsl.anteldata.net.uy[167.57.146.98]

mailq里也有邮件。因此我的IP已经被列入黑名单。 但这怎么可能呢?我的意思是这些邮件地址不适合我的域并且在我的系统上没有用户帐户。 感谢您提供有关如何阻止此垃圾邮件的任何帮助。

POSTCONF-n

alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
bounce_queue_lifetime = 5m
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
inet_interfaces = 127.0.0.1, 85.25.109.218
local_recipient_maps = $virtual_mailbox_maps
mailbox_size_limit = 0
maximal_backoff_time = 15m
maximal_queue_lifetime = 15m
message_size_limit = 52428800
milter_default_action = accept
milter_protocol = 2
minimal_backoff_time = 5m
myhostname = mail.chillihorse.de
mynetworks = 0.0.0.0/0 [::ffff:127.0.0.0]/104 [::1]/128
non_smtpd_milters = unix:/var/run/opendkim/opendkim.sock
postscreen_access_list = permit_mynetworks cidr:/etc/postfix/postscreen_access
postscreen_blacklist_action = drop
postscreen_dnsbl_action = drop
postscreen_dnsbl_sites = dnsbl.sorbs.net*1, bl.spamcop.net*1, ix.dnsbl.manitu.net*2, zen.spamhaus.org*2
postscreen_dnsbl_threshold = 2
postscreen_greet_action = drop
queue_run_delay = 5m
recipient_delimiter = +
smtp_dns_support_level = dnssec
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_ciphers = high
smtp_tls_policy_maps = mysql:/etc/postfix/sql/tls-policy.cf
smtp_tls_protocols = !SSLv2, !SSLv3
smtp_tls_security_level = dane
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_client_restrictions = permit_mynetworks check_client_access hash:/etc/postfix/without_ptr reject_unknown_client_hostname
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_milters = unix:/var/run/amavis/amavisd-milter.sock, unix:/var/run/opendkim/opendkim.sock
smtpd_recipient_restrictions = check_recipient_access mysql:/etc/postfix/sql/recipient-access.cf
smtpd_relay_restrictions = reject_non_fqdn_recipient reject_unknown_recipient_domain permit_mynetworks reject_unauth_destination
smtpd_tls_cert_file = /etc/letsencrypt/live/chillihorse.de/fullchain.pem
smtpd_tls_ciphers = high
smtpd_tls_dh1024_param_file = /etc/myssl/dh2048.pem
smtpd_tls_key_file = /etc/letsencrypt/live/chillihorse.de/privkey.pem
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
tls_high_cipherlist = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA
tls_ssl_options = NO_COMPRESSION
virtual_alias_maps = mysql:/etc/postfix/sql/aliases.cf
virtual_mailbox_domains = mysql:/etc/postfix/sql/domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/sql/accounts.cf
virtual_transport = lmtp:unix:private/dovecot-lmtp

删除这个
mynetworks = 0.0.0.0/0 [::ffff:127.0.0.0]/104 [::1]/128
并且只放你的网络
您的服务器正在作为开放中继工作

行: 我的网络 = 0.0.0.0/0 [::ffff:127.0.0.0]/104 [::1]/128

0.0.0.0/0 是不好的部分。 如果您的本地网络是 192.168.1.0 那么: 我的网络 = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.1.0/24 会更好,其他地址用于环回和内部通信。