对 postfix 服务器的可能攻击
possible attack on postfix server
我担心我的 vps 服务器受到攻击,因为后缀日志有数百行包含这些消息:
May 24 10:50:32 ukvps postfix/smtpd[29971]: warning: hostname xep9.flink.uz does not resolve to address 91.234.218.9: Name or service not known
May 24 10:50:32 ukvps postfix/smtpd[29971]: connect from unknown[91.234.218.9]
May 24 10:50:33 ukvps postfix/smtpd[29971]: lost connection after UNKNOWN from unknown[91.234.218.9]
May 24 10:50:33 ukvps postfix/smtpd[29971]: disconnect from unknown[91.234.218.9]
May 24 10:53:53 ukvps postfix/anvil[29724]: statistics: max connection rate 77/60s for (smtp:91.234.218.9) at > May 24 10:48:31
May 24 10:53:53 ukvps postfix/anvil[29724]: statistics: max connection count 1 for (smtp:91.234.218.9) at > May 24 10:47:31
May 24 10:53:53 ukvps postfix/anvil[29724]: statistics: max cache size 1 at May 24 10:47:31
May 26 10:51:56 ukvps postfix/smtpd[13694]: warning: hostname myco-bio.com does not resolve to address 112.72.13.230
May 26 10:51:56 ukvps postfix/smtpd[13694]: connect from unknown[112.72.13.230]
May 26 10:51:57 ukvps postfix/smtpd[13694]: lost connection after UNKNOWN from unknown[112.72.13.230]
May 26 10:51:57 ukvps postfix/smtpd[13694]: disconnect from unknown[112.72.13.230]
May 26 10:52:19 ukvps postfix/smtpd[13694]: warning: hostname myco-bio.com does not resolve to address 112.72.13.230
May 26 10:52:19 ukvps postfix/smtpd[13694]: connect from unknown[112.72.13.230]
May 26 10:52:20 ukvps postfix/anvil[12258]: statistics: max connection rate 8/60s for (smtp:112.72.13.230) at May 26 10:42:43
May 26 10:52:20 ukvps postfix/anvil[12258]: statistics: max connection count 1 for (smtp:112.72.13.230) at May 26 10:42:21
May 26 10:52:20 ukvps postfix/anvil[12258]: statistics: max cache size 1 at May 26 10:46:06
ii postfix 2.9.6-2 amd64 High-performance mail transport agent
还有一些客户向我们回复了我们域中不存在的用户的垃圾邮件投诉。
感谢任何帮助,谢谢。
这看起来像是一些端口扫描或其他扫描尝试。他们连接,发出一些无效命令,然后断开连接。他们不会尝试发送任何电子邮件,因为在这种情况下,您会在后缀日志信息中看到有关接受这些电子邮件或拒绝它们的信息。
关于第二个问题,您可能是反向散射垃圾邮件的受害者。某些垃圾邮件发送者正在使用您的域名发送垃圾邮件。他们像 anything@domain.com 一样使用您的电子邮件地址从僵尸网络或任何地方发送垃圾邮件。当该邮件无法投递时,您的用户将收到该退回邮件。当他们定义了所有地址时,情况更糟(*@domain.com 被传送到某个邮箱)。您对此无能为力,因为它完全不受您的服务器或域的控制。拥有严格的 SPF 记录对您没有多大帮助,但帮助不大。
我担心我的 vps 服务器受到攻击,因为后缀日志有数百行包含这些消息:
May 24 10:50:32 ukvps postfix/smtpd[29971]: warning: hostname xep9.flink.uz does not resolve to address 91.234.218.9: Name or service not known
May 24 10:50:32 ukvps postfix/smtpd[29971]: connect from unknown[91.234.218.9]
May 24 10:50:33 ukvps postfix/smtpd[29971]: lost connection after UNKNOWN from unknown[91.234.218.9]
May 24 10:50:33 ukvps postfix/smtpd[29971]: disconnect from unknown[91.234.218.9]
May 24 10:53:53 ukvps postfix/anvil[29724]: statistics: max connection rate 77/60s for (smtp:91.234.218.9) at > May 24 10:48:31
May 24 10:53:53 ukvps postfix/anvil[29724]: statistics: max connection count 1 for (smtp:91.234.218.9) at > May 24 10:47:31
May 24 10:53:53 ukvps postfix/anvil[29724]: statistics: max cache size 1 at May 24 10:47:31
May 26 10:51:56 ukvps postfix/smtpd[13694]: warning: hostname myco-bio.com does not resolve to address 112.72.13.230
May 26 10:51:56 ukvps postfix/smtpd[13694]: connect from unknown[112.72.13.230]
May 26 10:51:57 ukvps postfix/smtpd[13694]: lost connection after UNKNOWN from unknown[112.72.13.230]
May 26 10:51:57 ukvps postfix/smtpd[13694]: disconnect from unknown[112.72.13.230]
May 26 10:52:19 ukvps postfix/smtpd[13694]: warning: hostname myco-bio.com does not resolve to address 112.72.13.230
May 26 10:52:19 ukvps postfix/smtpd[13694]: connect from unknown[112.72.13.230]
May 26 10:52:20 ukvps postfix/anvil[12258]: statistics: max connection rate 8/60s for (smtp:112.72.13.230) at May 26 10:42:43
May 26 10:52:20 ukvps postfix/anvil[12258]: statistics: max connection count 1 for (smtp:112.72.13.230) at May 26 10:42:21
May 26 10:52:20 ukvps postfix/anvil[12258]: statistics: max cache size 1 at May 26 10:46:06
ii postfix 2.9.6-2 amd64 High-performance mail transport agent
还有一些客户向我们回复了我们域中不存在的用户的垃圾邮件投诉。
感谢任何帮助,谢谢。
这看起来像是一些端口扫描或其他扫描尝试。他们连接,发出一些无效命令,然后断开连接。他们不会尝试发送任何电子邮件,因为在这种情况下,您会在后缀日志信息中看到有关接受这些电子邮件或拒绝它们的信息。
关于第二个问题,您可能是反向散射垃圾邮件的受害者。某些垃圾邮件发送者正在使用您的域名发送垃圾邮件。他们像 anything@domain.com 一样使用您的电子邮件地址从僵尸网络或任何地方发送垃圾邮件。当该邮件无法投递时,您的用户将收到该退回邮件。当他们定义了所有地址时,情况更糟(*@domain.com 被传送到某个邮箱)。您对此无能为力,因为它完全不受您的服务器或域的控制。拥有严格的 SPF 记录对您没有多大帮助,但帮助不大。