postfix邮件服务器,疯狂向外发送垃圾邮件 40C

公司postfix邮件服务器,一直存在有被别人当做肉鸡在本地向外发送垃圾邮件一直
以来没有解决,下面为配置文件
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
myhostname = mail.cm.com
mydomain = cm.com
myorigin = $mydomain
inet_interfaces = all
inet_protocols = ipv4
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
unknown_local_recipient_reject_code = 550
alias_maps = hash:/etc/aliases
recipient_delimiter = +
home_mailbox = Maildir/
mailbox_command = /usr/bin/procmail -a "$EXTENSION" DEFAULT=$HOME/Maildir/ MAILDIR=$HOME/Maildir
header_checks = regexp:/etc/postfix/header_checks
body_checks = regexp:/etc/postfix/body_checks
smtpd_banner = $myhostname ESMTP
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.6.6/samples
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
message_size_limit = 1000000000
mailbox_size_limit = 2000000000
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_recipient_restrictions = permit_mynetworks permit_auth_destination permit_sasl_authenticated check_policy_service unix:postgrey/socket reject
smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/pki/tls/certs/server.crt
smtpd_tls_key_file = /etc/pki/tls/certs/server.key
smtpd_tls_session_cache_database = btree:/etc/postfix/smtpd_scache
virtual_alias_maps = hash:/etc/postfix/virtual.ultra-ts.com.cn
recipient_bcc_maps = hash:/etc/postfix/bcc_map
smtpd_tls_security_level = may
content_filter = scan:127.0.0.1:10025
smtpd_milters = inet:127.0.0.1:8891
non_smtpd_milters = $smtpd_milters
milter_default_action = accept
####添加邮件队列处理时间设置
queue_run_delay = 300s
maximal_queue_lifetime = 2d
bounce_queue_lifetime = 2d
minimal_backoff_time = 300s
maximal_backoff_time = 4000s
#设置队列发送限制
anvil_rate_time_unit = 120s
smtpd_client_connection_rate_limit = 80

以下为攻击邮件内容
*** ENVELOPE RECORDS deferred/8/83BB3C077A ***
message_size: 14844 5319 50 0 14844
message_arrival_time: Wed Feb 7 05:37:03 2018
create_time: Wed Feb 7 05:37:03 2018
named_attribute: rewrite_context=remote
sender: apply@kroger.com
named_attribute: log_client_name=unknown
named_attribute: log_client_address=185.234.216.130
named_attribute: log_client_port=49272
named_attribute: log_message_origin=unknown[185.234.216.130]
named_attribute: log_helo_name=185.234.216.130
named_attribute: log_protocol_name=ESMTP
named_attribute: client_name=localhost
named_attribute: reverse_client_name=localhost
named_attribute: client_address=127.0.0.1
named_attribute: client_port=52020
named_attribute: helo_name=mail..com
named_attribute: protocol_name=ESMTP
named_attribute: client_address_type=2
named_attribute: dsn_orig_rcpt=rfc822;babygrl37907@aol.com
original_recipient: babygrl37907@aol.com
recipient: babygrl37907@aol.com

*** MESSAGE CONTENTS deferred/8/83BB3C077A ***
Received: from mail..com (localhost [127.0.0.1])
by mail..com (Postfix) with ESMTP id 83BB3C077A;
Wed, 7 Feb 2018 05:37:03 +0800 (CST)
Received: from 185.234.216.130 (unknown [185.234.216.130])
by mail..com (Postfix) with ESMTPA id 1884DC0778;
Wed, 7 Feb 2018 05:36:52 +0800 (CST)
Message-ID: 999C2A7972A6882BF7F2BB06D2327C72@185.234.216.130
Reply-To: "Kroger" no-relpy@korger.com
From: "Kroger" apply@kroger.com
Subject: Job Offer
Date: Tue, 6 Feb 2018 13:36:51 -0800
Organization: Kroger
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0FF8_01D39F4F.8B8469E0"
X-Priority: 3
X-Virus-Scanned: ClamAV using ClamSMTP
因收件人IP较多(有200多人)就不全部复制了,包括中间还有好多垃圾邮件的内容(广告)

如需进一步沟通 lmlhaozi@163.com ,谢谢指导 ,必有重谢

1个回答

postfix疯狂外发垃圾邮件之分析与解决,你看下这个,不知道百度到了没有。
http://blog.csdn.net/ayumiwang/article/details/8590369

qq_30371087
qq_30371087 我也遇到了,请问您解决没?看百度的方案里都是找到被破解的账号,可是跟您一样,没有显示被破解了的账号啊,求解,谢谢!
一年多之前 回复
showbo
支付宝加好友偷能量挖,胡杨在等着我的召唤 回复weixin_37572429: https://serverfault.com/questions/63916/how-to-disable-anonymous-access-on-ldap你看下这个,ldap禁用匿名账户的
2 年多之前 回复
weixin_37572429
weixin_37572429 首先谢谢您给出的文章,这边文章已经仔细阅读过了,虽然跟我的很相似,但是按照一样的方法并没有解决,原因是因为我们的邮件服务器用户名存储在ldap上,他所说的是mysql上面,邮件详细里面没有登录系统用户的相关信息,所以我发确定是本地用户被盗导致邮件外发,请问有没有 ldap+postfix 做匿名限制的方法,感谢!
2 年多之前 回复
devmiao
见了你女王大人喵姐还不跪下 +1
2 年多之前 回复
Csdn user default icon
上传中...
上传图片
插入图片
抄袭、复制答案,以达到刷声望分或其他目的的行为,在CSDN问答是严格禁止的,一经发现立刻封号。是时候展现真正的技术了!
立即提问
相关内容推荐