磁盘 io 总是满的状态,发现邮件日志疯狂的输出,大致格式如下:

Oct 8 05:07:52 regskynet postfix/smtp[6232]: 95E7D37A7DBE: host
etb-3.mail.tiscali.it[213.205.33.63] refused to talk to me: 554
cmgw-2.mail.tiscali.it kx7r1y0093At5nR01 IP: 45.62.116.147, You are
not allowed to send mail. Please see
http://csi.cloudmark.com/reset-request/?ip=45.62.116.147 if you feel
this is in error.

Oct 8 05:07:56 regskynet postfix/smtpd[6310]: disconnect from
smtp304.alice.it[82.57.200.93]

Oct 8 05:08:07 regskynet postfix/smtp[6228]: 6F57637A7BC2:
to=<mattia.lugari@tiscali.it>,
relay=etb-2.mail.tiscali.it[213.205.33.62]:25, delay=128,
delays=0.38/0/127/0, dsn=4.0.0, status=deferred (host
etb-2.mail.tiscali.it[213.205.33.62] refused to talk to me: 554
cmgw-2.mail.tiscali.it kx851y00y3At5nR01 IP: 45.62.116.147, You are
not allowed to send mail. Please see
http://csi.cloudmark.com/reset-request/?ip=45.62.116.147 if you feel
this is in error.)

Oct 8 05:08:07 regskynet postfix/smtp[6237]: F32C237A792F:
to=<matty1094@tiscali.it>,
relay=etb-2.mail.tiscali.it[213.205.33.63]:25, delay=126,
delays=0.38/0/125/0, dsn=4.0.0, status=deferred (host
etb-2.mail.tiscali.it[213.205.33.63] refused to talk to me: 554
cmgw-2.mail.tiscali.it kx851y02S3At5nR01 IP: 45.62.116.147, You are
not allowed to send mail. Please see
http://csi.cloudmark.com/reset-request/?ip=45.62.116.147 if you feel
this is in error.)

Oct 8 05:08:07 regskynet postfix/smtp[6227]: 8DFAD37A7D04:
to=<maurizio.pirro@tiscali.it>,
relay=etb-2.mail.tiscali.it[213.205.33.64]:25, delay=119,
delays=0.38/0/119/0, dsn=4.0.0, status=deferred (host
etb-2.mail.tiscali.it[213.205.33.64] refused to talk to me: 554
cmgw-3.mail.tiscali.it kx851y02V3At5nR01 IP: 45.62.116.147, You are
not allowed to send mail. Please see
http://csi.cloudmark.com/reset-request/?ip=45.62.116.147 if you feel
this is in error.)

Oct 8 05:08:07 regskynet postfix/error[6242]: E28BF37A7DF0:
to=<mdl0003@tiscali.it>, relay=none, delay=92, delays=0.38/91/0/0,
dsn=4.0.0, status=deferred (delivery temporarily suspended: host
etb-2.mail.tiscali.it[213.205.33.64] refused to talk to me: 554
cmgw-3.mail.tiscali.it kx851y02V3At5nR01 IP: 45.62.116.147, You are
not allowed to send mail. Please see
http://csi.cloudmark.com/reset-request/?ip=45.62.116.147 if you feel
this is in error.)

Oct 8 05:08:07 regskynet postfix/error[6241]: B95B337A7DDD:
to=<maxceruti@tiscali.it>, relay=none, delay=104, delays=0.38/104/0/0,
dsn=4.0.0, status=deferred (delivery temporarily suspended: host
etb-2.mail.tiscali.it[213.205.33.64] refused to talk to me: 554
cmgw-3.mail.tiscali.it kx851y02V3At5nR01 IP: 45.62.116.147, You are
not allowed to send mail. Please see
http://csi.cloudmark.com/reset-request/?ip=45.62.116.147 if you feel
this is in error.)

1、在postfix的main.cf修改并添加了一些东西

vi /etc/postfix/main.cf

如下:

# 指向真正的域名
myhostname = mail.regskynet.com
# 指向根域
mydomain = regskynet.com
# 都可以指向mydomain
myorigin = $mydomain
mydestination = $mydomain
# Postfix默认只监听本地地址,如果要与外界通信,就需要监听网卡的所有IP
inet_interfaces = all
# Postfix默认将子网内的机器设置为可信任机器,如果只信任本机,就设置为host
mynetworks_style = host
# 配置哪些地址的邮件能够被Postfix转发,这里设置的是mydomain的才能转发,否则其他人都可以用这台邮件服务器转发垃圾邮件了
relay_domains = $mydomain

2、现在,Postfix已经基本配置完成,我们需要对邮件的发送进行控制

a. 对于外域到本域的邮件,必须接收,否则,收不到任何来自外部的邮件;
b. 对于本域到外域的邮件,只允许从本机发出,否则,其他人通过伪造本域地址就可以向外域发信;
c. 对于外域到外域的邮件,直接拒绝,否则我们的邮件服务器就是Open Relay,将被视为垃圾邮件服务器

继续修改postfix的main.cf:

vi /etc/postfix/main.cf

如下:

# 先设置发件人的规则,规则先判断是否是本域地址,如果是,允许,然后再从sender_access文件里检查发件人是否存在,拒绝(REJECT)或者通过(OK)存在的发件人,最后允许其他发件人。
smtpd_sender_restrictions = permit_mynetworks, check_sender_access hash:/etc/postfix/sender_access, permit
# 然后设置收件人规则:规则先判断是否是本域地址,如果是,允许,然后再从recipient_access文件里检查收件人是否存在,拒绝(REJECT)或者通过(OK)存在的收件人,最后拒绝其他收件人。
smtpd_recipient_restrictions = permit_mynetworks, check_recipient_access hash:/etc/postfix/recipient_access, reject

配置发送限制

vi /etc/postfix/sender_access

内容如下:

regskynet.com REJECT

目的是防止其他用户从外部以xxx@regskynet.com身份发送邮件,但登录到本机再发送则不受影响,因为第一条规则permit_mynetworks允许本机登录用户发送邮件。

vi /etc/postfix/recipient_access

内容如下:

noreply@regskynet.com OK
test@regskynet.com OK

外域只能发送给以上两个Email地址,其他任何地址都将被拒绝。但本机到本机发送不受影响。

最后用postmap生成hash格式的文件:

postmap /etc/postfix/sender_access
postmap /etc/postfix/recipient_access

3、重新启动Postfix

service postfix reload

4、以上步骤做完发现日志内的这些邮件已经拒绝了,但是日志还是搜搜的打印,于是开启了防火墙

gcc编译后生成了可执行文件dyn

gcc -g -o dyn dyn.c
nohup tail -f /var/log/maillog | /var/www/html/sh/dyn &

过一段时间后,我们再看maillog日志,已经基本没有 不认识的IP地址再连接过来发邮件了。

dyn.c文件的内容:

#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#define BUF_LEN 4096
#define DATA_LEN 4096*10
 
int main (int argc, char** argv)
{
    //too many errors after RCPT from 36-224-128-99.dynamic-ip.hinet.net[36.224.128.99]
    //too many errors after RCPT from 118-169-22-28.dynamic.hinet.net[118.169.22.28]
    //too many errors after AUTH from unknown[79.125.161.236]
    char buf[BUF_LEN] = {0};
    const char* sep = "too many errors after";
    while (1)
    {
        memset (buf, 0, sizeof(buf));
        char* tp = fgets (buf, sizeof(buf)-1, stdin);
        if (tp != NULL)
        {
            int buflen = strlen(tp);
            char* p = strstr(buf, sep);
            if (p != NULL)
            {
                char* p1 = p + strlen(sep) + 1;
                char* ps = NULL;
                char* pe = NULL;
                while (*p1 != '\0' && *p1 != '\n')
                {
                    if (*p1 == '[')
                        ps = p1+1;
                    if (*p1 == ']')
                        pe = p1;
                    p1++;
                }
                if (ps != NULL && pe != NULL)
                {
                    char ipbuf[64]={0};
                    memcpy (ipbuf, ps, pe-ps);
                    char ebuf[512] = {0};
                    snprintf(ebuf, sizeof(ebuf)-1, "iptables -I INPUT -s %s -j DROP", ipbuf);
                    system (ebuf);
                    printf ("%s\n", ebuf);
                }
            }
        }
    }
    return 0;
}
Last modification:November 24th, 2019 at 06:43 pm