Недавно я обнаружил это в своем журнале постфиксов:
Aug 4 11:09:12 mail postfix/smtpd[71597]: connect from unknown[59.88.35.206]
Aug 4 11:09:14 mail postfix/smtpd[71597]: Anonymous TLS connection established from unknown[59.88.35.206]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Aug 4 11:09:17 mail postfix/smtpd[71597]: 1AE3B7EC3D: client=unknown[59.88.35.206], sasl_method=PLAIN, sasl_username=MYEMAIL@example.com
Aug 4 11:09:30 mail postfix/cleanup[71606]: 1AE3B7EC3D: message-id=<5bb4d326c98e$5fd82cf7$c0cb93d7$@example.com>
Aug 4 11:09:30 mail opendkim[24666]: 1AE3B7EC3D: DKIM-Signature field added (s=mail, d=MYDOMAINCOM2012)
Aug 4 11:09:30 mail postfix/qmgr[27543]: 1AE3B7EC3D: from=<WambakiwaKing39ori@example.com>, size=2149, nrcpt=20 (queue active)
Aug 4 11:09:31 mail postfix/smtpd[71611]: connect from MAIL.example.com[172.16.0.3]
Aug 4 11:09:31 mail postfix/smtpd[71611]: 14C4C7EC57: client=MAIL.example.com[172.16.0.3]
Aug 4 11:09:31 mail postfix/cleanup[71606]: 14C4C7EC57: message-id=<5bb4d326c98e$5fd82cf7$c0cb93d7$@example.com>
Aug 4 11:09:31 mail postfix/smtpd[71611]: disconnect from MAIL.example.com[172.16.0.3]
Aug 4 11:09:31 mail postfix/qmgr[27543]: 14C4C7EC57: from=<WambakiwaKing39ori@example.com>, size=2891, nrcpt=20 (queue active)
Aug 4 11:09:31 mail postfix/lmtp[71609]: 1AE3B7EC3D: to=<rwaruingi@btinternet.com>, relay=172.16.0.3[172.16.0.3]:10024, delay=15, delays=14/0.06/0.03/0.47, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as 14C4C7EC57)
Aug 4 11:09:31 mail postfix/lmtp[71609]: 1AE3B7EC3D: to=<onboarding@equitydirect.co.ke>, relay=172.16.0.3[172.16.0.3]:10024, delay=15, delays=14/0.06/0.03/0.47, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as 14C4C7EC57)
Aug 4 11:09:31 mail postfix/lmtp[71609]: 1AE3B7EC3D: to=<modongo@kcb.co.ke>, relay=172.16.0.3[172.16.0.3]:10024, delay=15, delays=14/0.06/0.03/0.47, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as 14C4C7EC57)
Aug 4 11:09:31 mail postfix/lmtp[71609]: 1AE3B7EC3D: to=<nogutu@kcb.co.ke>, relay=172.16.0.3[172.16.0.3]:10024, delay=15, delays=14/0.06/0.03/0.47, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as 14C4C7EC57)
Aug 4 11:09:31 mail postfix/lmtp[71609]: 1AE3B7EC3D: to=<onlinehelpdesk@kcb.co.ke>, relay=172.16.0.3[172.16.0.3]:10024, delay=15, delays=14/0.06/0.03/0.47, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as 14C4C7EC57)
Aug 4 11:09:31 mail postfix/lmtp[71609]: 1AE3B7EC3D: to=<newlifeschool@live.co.uk>, relay=172.16.0.3[172.16.0.3]:10024, delay=15, delays=14/0.06/0.03/0.47, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as 14C4C7EC57)
Aug 4 11:09:31 mail postfix/lmtp[71609]: 1AE3B7EC3D: to=<doret.nosworthy@moneylineuk.com>, relay=172.16.0.3[172.16.0.3]:10024, delay=15, delays=14/0.06/0.03/0.47, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as 14C4C7EC57)
Aug 4 11:09:31 mail postfix/lmtp[71609]: 1AE3B7EC3D: to=<Nick.England@vfxplc.com>, relay=172.16.0.3[172.16.0.3]:10024, delay=15, delays=14/0.06/0.03/0.47, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as 14C4C7EC57)
Aug 4 11:09:31 mail postfix/lmtp[71609]: 1AE3B7EC3D: to=<njugunat@wajuzi.com>, relay=172.16.0.3[172.16.0.3]:10024, delay=15, delays=14/0.06/0.03/0.47, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as 14C4C7EC57)
Aug 4 11:09:31 mail postfix/lmtp[71609]: 1AE3B7EC3D: to=<bromeyassociates@yahoo.co.uk>, relay=172.16.0.3[172.16.0.3]:10024, delay=15, delays=14/0.06/0.03/0.47, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as 14C4C7EC57)
Aug 4 11:09:31 mail postfix/lmtp[71609]: 1AE3B7EC3D: to=<davidkn1@yahoo.co.uk>, relay=172.16.0.3[172.16.0.3]:10024, delay=15, delays=14/0.06/0.03/0.47, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as 14C4C7EC57)
Aug 4 11:09:31 mail postfix/lmtp[71609]: 1AE3B7EC3D: to=<lornanjNG@yahoo.co.uk>, relay=172.16.0.3[172.16.0.3]:10024, delay=15, delays=14/0.06/0.03/0.47, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as 14C4C7EC57)
Aug 4 11:09:31 mail postfix/lmtp[71609]: 1AE3B7EC3D: to=<nancienganga@yahoo.co.uk>, relay=172.16.0.3[172.16.0.3]:10024, delay=15, delays=14/0.06/0.03/0.47, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as 14C4C7EC57)
Aug 4 11:09:31 mail postfix/lmtp[71609]: 1AE3B7EC3D: to=<sammymwanik@yahoo.co.uk>, relay=172.16.0.3[172.16.0.3]:10024, delay=15, delays=14/0.06/0.03/0.47, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as 14C4C7EC57)
Aug 4 11:09:31 mail postfix/lmtp[71609]: 1AE3B7EC3D: to=<stellawambuisn@yahoo.co.uk>, relay=172.16.0.3[172.16.0.3]:10024, delay=15, delays=14/0.06/0.03/0.47, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as 14C4C7EC57)
Aug 4 11:09:31 mail postfix/lmtp[71609]: 1AE3B7EC3D: to=<jamunya@yahoo.com>, relay=172.16.0.3[172.16.0.3]:10024, delay=15, delays=14/0.06/0.03/0.47, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as 14C4C7EC57)
Aug 4 11:09:31 mail postfix/lmtp[71609]: 1AE3B7EC3D: to=<ngugijamx@yahoo.com>, relay=172.16.0.3[172.16.0.3]:10024, delay=15, delays=14/0.06/0.03/0.47, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as 14C4C7EC57)
Aug 4 11:09:31 mail postfix/lmtp[71609]: 1AE3B7EC3D: to=<nyamburakahara@yahoo.com>, relay=172.16.0.3[172.16.0.3]:10024, delay=15, delays=14/0.06/0.03/0.47, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as 14C4C7EC57)
Aug 4 11:09:31 mail postfix/lmtp[71609]: 1AE3B7EC3D: to=<sylky06@yahoo.com>, relay=172.16.0.3[172.16.0.3]:10024, delay=15, delays=14/0.06/0.03/0.47, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as 14C4C7EC57)
Aug 4 11:09:31 mail postfix/qmgr[27543]: 1AE3B7EC3D: removed
Aug 4 11:09:31 mail postfix/smtpd[71597]: 968227EC58: client=unknown[59.88.35.206], sasl_method=PLAIN, sasl_username=MYEMAIL@example.com
Aug 4 11:09:31 mail postfix/smtp[71612]: 14C4C7EC57: to=<dmuchemi@bluebottle.com>, relay=mx.bluebottle.com[136.243.21.189]:25, delay=0.61, delays=0.05/0.02/0.22/0.32, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 37DBE9EC4)
Aug 4 11:09:32 mail postfix/smtp[71618]: 14C4C7EC57: to=<Nick.England@vfxplc.com>, relay=vfxplc.com.inbound10.mxlogic.net[208.65.144.3]:25, delay=1.6, delays=0.05/0.05/0.6/0.85, dsn=5.0.0, status=bounced (host vfxplc.com.inbound10.mxlogic.net[208.65.144.3] said: 554 Denied [CS] [b6d90c55.0.552923.00-2289.1107665.p02c11m005.mxlogic.net] (Mode: normal) (in reply to end of DATA command))
Aug 4 11:09:32 mail postfix/smtp[71616]: 14C4C7EC57: to=<newlifeschool@live.co.uk>, relay=mx4.hotmail.com[65.55.33.119]:25, delay=1.6, delays=0.05/0.04/0.49/1, dsn=2.0.0, status=sent (250 <5bb4d326c98e$5fd82cf7$c0cb93d7$@example.com> Queued mail for delivery)
Aug 4 11:09:32 mail postfix/smtp[71614]: 14C4C7EC57: to=<onboarding@equitydirect.co.ke>, relay=equitydirect.co.ke.inbound10.mxlogicmx.net[208.65.145.3]:25, delay=1.6, delays=0.05/0.03/0.9/0.66, dsn=5.0.0, status=bounced (host equitydirect.co.ke.inbound10.mxlogicmx.net[208.65.145.3] said: 554 Denied [CS] [b6d90c55.0.778752.00-2304.1523550.s12p02m085.mxlogic.net] (Mode: normal) (in reply to end of DATA command))
Aug 4 11:09:32 mail postfix/smtp[71620]: 14C4C7EC57: to=<bromeyassociates@yahoo.co.uk>, relay=mx-eu.mail.am0.yahoodns.net[188.125.69.79]:25, delay=1.8, delays=0.05/0.07/0.08/1.6, dsn=2.0.0, status=sent (250 ok dirdel 4/2)
Aug 4 11:09:32 mail postfix/smtp[71620]: 14C4C7EC57: to=<davidkn1@yahoo.co.uk>, relay=mx-eu.mail.am0.yahoodns.net[188.125.69.79]:25, delay=1.8, delays=0.05/0.07/0.08/1.6, dsn=2.0.0, status=sent (250 ok dirdel 4/2)
Aug 4 11:09:32 mail postfix/smtp[71620]: 14C4C7EC57: to=<lornanjNG@yahoo.co.uk>, relay=mx-eu.mail.am0.yahoodns.net[188.125.69.79]:25, delay=1.8, delays=0.05/0.07/0.08/1.6, dsn=2.0.0, status=sent (250 ok dirdel 4/2)
Aug 4 11:09:32 mail postfix/smtp[71620]: 14C4C7EC57: to=<nancienganga@yahoo.co.uk>, relay=mx-eu.mail.am0.yahoodns.net[188.125.69.79]:25, delay=1.8, delays=0.05/0.07/0.08/1.6, dsn=2.0.0, status=sent (250 ok dirdel 4/2)
Aug 4 11:09:32 mail postfix/smtp[71620]: 14C4C7EC57: to=<sammymwanik@yahoo.co.uk>, relay=mx-eu.mail.am0.yahoodns.net[188.125.69.79]:25, delay=1.8, delays=0.05/0.07/0.08/1.6, dsn=2.0.0, status=sent (250 ok dirdel 4/2)
Aug 4 11:09:32 mail postfix/smtp[71620]: 14C4C7EC57: to=<stellawambuisn@yahoo.co.uk>, relay=mx-eu.mail.am0.yahoodns.net[188.125.69.79]:25, delay=1.8, delays=0.05/0.07/0.08/1.6, dsn=2.0.0, status=sent (250 ok dirdel 4/2)
Aug 4 11:09:33 mail postfix/smtp[71613]: 14C4C7EC57: to=<rwaruingi@btinternet.com>, relay=mx.bt.lon5.cpcloud.co.uk[65.20.0.49]:25, delay=2.5, delays=0.05/0.02/0.08/2.4, dsn=2.0.0, status=sent (250 <55BF549902860DA2> Mail accepted)
Aug 4 11:09:35 mail postfix/smtp[71615]: 14C4C7EC57: to=<modongo@kcb.co.ke>, relay=mx1.safaricombusiness.co.ke[41.203.208.3]:25, delay=4.2, delays=0.05/0.03/2.6/1.5, dsn=2.0.0, status=sent (250 ok: Message 1038363882 accepted)
Aug 4 11:09:35 mail postfix/smtp[71615]: 14C4C7EC57: to=<nogutu@kcb.co.ke>, relay=mx1.safaricombusiness.co.ke[41.203.208.3]:25, delay=4.2, delays=0.05/0.03/2.6/1.5, dsn=2.0.0, status=sent (250 ok: Message 1038363882 accepted)
Aug 4 11:09:35 mail postfix/smtp[71615]: 14C4C7EC57: to=<onlinehelpdesk@kcb.co.ke>, relay=mx1.safaricombusiness.co.ke[41.203.208.3]:25, delay=4.2, delays=0.05/0.03/2.6/1.5, dsn=2.0.0, status=sent (250 ok: Message 1038363882 accepted)
Aug 4 11:09:36 mail postfix/smtp[71621]: 14C4C7EC57: to=<jamunya@yahoo.com>, relay=mta5.am0.yahoodns.net[98.138.112.32]:25, delay=5.7, delays=0.05/0.07/0.41/5.2, dsn=2.0.0, status=sent (250 ok dirdel 4/0)
Aug 4 11:09:36 mail postfix/smtp[71621]: 14C4C7EC57: to=<ngugijamx@yahoo.com>, relay=mta5.am0.yahoodns.net[98.138.112.32]:25, delay=5.7, delays=0.05/0.07/0.41/5.2, dsn=2.0.0, status=sent (250 ok dirdel 4/0)
Aug 4 11:09:36 mail postfix/smtp[71621]: 14C4C7EC57: to=<nyamburakahara@yahoo.com>, relay=mta5.am0.yahoodns.net[98.138.112.32]:25, delay=5.7, delays=0.05/0.07/0.41/5.2, dsn=2.0.0, status=sent (250 ok dirdel 4/0)
Aug 4 11:09:36 mail postfix/smtp[71621]: 14C4C7EC57: to=<sylky06@yahoo.com>, relay=mta5.am0.yahoodns.net[98.138.112.32]:25, delay=5.7, delays=0.05/0.07/0.41/5.2, dsn=2.0.0, status=sent (250 ok dirdel 4/0)
Aug 4 11:09:43 mail postfix/cleanup[71606]: 968227EC58: message-id=<b35404cfa23e$69d3179e$8efe227b$@example.com>
Aug 4 11:09:43 mail opendkim[24666]: 968227EC58: DKIM-Signature field added (s=mail, d=MYDOMAINCOM2012)
Aug 4 11:09:43 mail postfix/qmgr[27543]: 968227EC58: from=<WambakiwaKing39ori@example.com>, size=2204, nrcpt=20 (queue active)
Aug 4 11:09:43 mail postfix/smtpd[71611]: connect from MAIL.example.com[172.16.0.3]
Aug 4 11:09:43 mail postfix/smtpd[71611]: B0D2D7EC70: client=MAIL.example.com[172.16.0.3]
Aug 4 11:09:43 mail postfix/cleanup[71606]: B0D2D7EC70: message-id=<b35404cfa23e$69d3179e$8efe227b$@example.com>
Aug 4 11:09:43 mail postfix/smtpd[71611]: disconnect from MAIL.example.com[172.16.0.3]
Aug 4 11:09:43 mail postfix/qmgr[27543]: B0D2D7EC70: from=<WambakiwaKing39ori@example.com>, size=2946, nrcpt=20 (queue active)
Aug 4 11:09:43 mail amavis[24687]: (24687-07) Passed CLEAN {RelayedOpenRelay}, [59.88.35.206]:4678 [59.88.35.206] <WambakiwaKing39ori@example.com> -> <PWmunene@british-american.co.ke>,<roquah@dwtltd.com>,<salahuddin@dwtltd.com>,<rajvinder.kaur2@enfield.gov.uk>,<beatrice@extreme-travel.co.uk>,<SBenson@fairpoint.co.uk>,<rose@flyairltd.co.ke>,<pastor.eagles@gmail.com>,<samuelgikuru@gmail.com>,<rick.wambaki@hotmail.co.uk>,<jackiepereira181@hotmail.com>,<wanyikap@hotmail.com>,<rose.wambui@housing.co.ke>,<parts@howardandsons.co.uk>,<rmaore@kcb.co.ke>,<pragnesh.bhatt@omnifmplc.co.uk>,<cakudo@tiscali.co.uk>,<rob@trafficlawyer4u.com>,<phantasy2111@yahoo.com>,<pkimondo@yahoo.com>, Queue-ID: 968227EC58, Message-ID: <b35404cfa23e$69d3179e$8efe227b$@example.com>, mail_id: JR1l308kvN-H, Hits: -, size: 2531, queued_as: B0D2D7EC70, 378 ms
Aug 4 11:09:43 mail postfix/lmtp[71609]: 968227EC58: to=<PWmunene@british-american.co.ke>, relay=172.16.0.3[172.16.0.3]:10024, delay=13, delays=12/0/0.01/0.38, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as B0D2D7EC70)
Aug 4 11:09:43 mail postfix/lmtp[71609]: 968227EC58: to=<roquah@dwtltd.com>, relay=172.16.0.3[172.16.0.3]:10024, delay=13, delays=12/0/0.01/0.38, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as B0D2D7EC70)
Aug 4 11:09:43 mail postfix/lmtp[71609]: 968227EC58: to=<salahuddin@dwtltd.com>, relay=172.16.0.3[172.16.0.3]:10024, delay=13, delays=12/0/0.01/0.38, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as B0D2D7EC70)
Aug 4 11:09:43 mail postfix/lmtp[71609]: 968227EC58: to=<rajvinder.kaur2@enfield.gov.uk>, relay=172.16.0.3[172.16.0.3]:10024, delay=13, delays=12/0/0.01/0.38, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as B0D2D7EC70)
Aug 4 11:09:43 mail postfix/lmtp[71609]: 968227EC58: to=<beatrice@extreme-travel.co.uk>, relay=172.16.0.3[172.16.0.3]:10024, delay=13, delays=12/0/0.01/0.38, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as B0D2D7EC70)
Aug 4 11:09:43 mail postfix/lmtp[71609]: 968227EC58: to=<SBenson@fairpoint.co.uk>, relay=172.16.0.3[172.16.0.3]:10024, delay=13, delays=12/0/0.01/0.38, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as B0D2D7EC70)
Aug 4 11:09:43 mail postfix/lmtp[71609]: 968227EC58: to=<rose@flyairltd.co.ke>, relay=172.16.0.3[172.16.0.3]:10024, delay=13, delays=12/0/0.01/0.38, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as B0D2D7EC70)
Aug 4 11:09:43 mail postfix/lmtp[71609]: 968227EC58: to=<pastor.eagles@gmail.com>, relay=172.16.0.3[172.16.0.3]:10024, delay=13, delays=12/0/0.01/0.38, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as B0D2D7EC70)
Aug 4 11:09:43 mail postfix/lmtp[71609]: 968227EC58: to=<samuelgikuru@gmail.com>, relay=172.16.0.3[172.16.0.3]:10024, delay=13, delays=12/0/0.01/0.38, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as B0D2D7EC70)
Aug 4 11:09:43 mail postfix/lmtp[71609]: 968227EC58: to=<rick.wambaki@hotmail.co.uk>, relay=172.16.0.3[172.16.0.3]:10024, delay=13, delays=12/0/0.01/0.38, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as B0D2D7EC70)
Aug 4 11:09:43 mail postfix/lmtp[71609]: 968227EC58: to=<jackiepereira181@hotmail.com>, relay=172.16.0.3[172.16.0.3]:10024, delay=13, delays=12/0/0.01/0.38, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[172.16.0.3]:10025): 250 2.0.0 Ok: queued as B0D2D7EC70)
172.16.0.3 - это внутренний IP-адрес моего почтового сервера-тюрьмы.
У меня небольшие проблемы с интерпретацией этого журнала. Означает ли это, что кто-то использует мое имя пользователя (MYEMAIL@example.com) для рассылки спама? Если да, то как это возможно и как исправить?
Это мой Postfix main.cf:
### GENERAL
smtpd_banner = $myhostname ESMTP $mail_name
biff = no
append_dot_mydomain = no
daemon_directory = /usr/local/libexec/postfix
command_directory = /usr/local/sbin
myhostname = MAIL.example.com
myorigin = example.com
mydestination = 172.16.0.3
#relayhost =
mynetworks = 172.16.0.0/12 127.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
alias_database = hash:/etc/aliases
alias_maps = $alias_database
message_size_limit = 50000000
smtpd_helo_required = yes
### VIRTUAL
virtual_mailbox_domains = pgsql:/usr/local/etc/postfix/postgres-virtual-mailbox-domains.cf
virtual_mailbox_base = /var/vmail
virtual_mailbox_maps = pgsql:/usr/local/etc/postfix/postgres-virtual-mailbox-maps.cf
virtual_alias_maps = pgsql:/usr/local/etc/postfix/postgres-virtual-alias-maps.cf
virtual_minimum_uid = 150
virtual_uid_maps = static:150
virtual_gid_maps = static:6
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
### SASL Authentication
smtpd_sasl_auth_enable = yes
smtpd_sasl_exceptions_networks = $mynetworks
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_tls_cert_file = /usr/local/etc/ssl/MAIL.example.com/private.crt
smtpd_tls_key_file = /usr/local/etc/ssl/MAIL.example.com/private.key
smtpd_tls_CAfile = /usr/local/etc/ssl/MAIL.example.com/cacert.pem
smtpd_tls_security_level = may
smtpd_tls_received_header = no
smtpd_tls_loglevel = 1
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
tls_random_source = dev:/dev/urandom
debug_peer_level = 2
debugger_command =
show_user_unknown_table_name = no
### LIMITATIONS
smtpd_client_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_rbl_client ix.dnsbl.manitu.net,
reject_rbl_client dnsbl.sorbs.net,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client blackholes.easynet.nl,
reject_rbl_client dialup.blacklist.jippg.org,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client t1.dnsbl.net.au,
reject_rhsbl_client block.rhs.mailpolice.com,
reject_rhsbl_client dynamic.rhs.mailpolice.com,
reject_rhsbl_client rhsbl.sorbs.net,
reject_rhsbl_client bogusmx.rfc-ignorant.org
smtpd_sender_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unknown_sender_domain,
reject_sender_login_mismatch,
reject_rhsbl_sender rhsbl.sorbs.net,
reject_rhsbl_sender rddb.dnsbl.net.au,
reject_rhsbl_sender endn.dnsbl.net.au,
reject_rhsbl_sender rhsbl.sorbs.net,
reject_rhsbl_sender block.rhs.mailpolice.com,
reject_rhsbl_sender dynamic.rhs.mailpolice.com
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_unknown_recipient_domain,
reject_rbl_client ix.dnsbl.manitu.net,
reject_rbl_client dnsbl.sorbs.net,
reject_rbl_client bl.spamcop.net,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client dnsbl-1.uceprotect.net
readme_directory = /usr/local/share/doc/postfix
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
html_directory = /usr/local/share/doc/postfix
setgid_group = maildrop
manpage_directory = /usr/local/man
newaliases_path = /usr/local/bin/newaliases
mailq_path = /usr/local/bin/mailq
queue_directory = /var/spool/postfix
mail_owner = postfix
data_directory = /var/db/postfix
disable_vrfy_command = yes
smtpd_delay_reject = yes
content_filter = amavisfeed:[172.16.0.3]:10024
#receive_override_options = no_address_mappings
smtpd_milters = inet:172.16.0.3:54321
non_smtpd_milters = inet:172.16.0.3:54321
milter_default_action = accept
inet_protocols = ipv4
172.16.0.3:54321 - это OpenDKIM.
А это мой master.cf:
smtp inet n - n - - smtpd
pickup unix n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
dovecot unix - n n - - pipe
flags=DRhu user=vmail:mail argv=/usr/local/libexec/dovecot/deliver -f ${sender} -d ${user}@${nexthop}
amavisfeed unix - - n - 2 lmtp
-o lmtp_data_done_timeout=1200
-o lmtp_send_xforward_command=yes
172.16.0.3:10025 inet n - n - - smtpd
-o content_filter=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o smtpd_restriction_classes=
-o mynetworks=172.16.0.0/12
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters,no_address_mappings
-o local_header_rewrite_clients=
-o smtpd_milters=
-o local_recipient_maps=
-o relay_recipient_maps=
Означает ли это, что кто-то использует мое имя пользователя (MYEMAIL@example.com) для рассылки спама?
Эта строка журнала была тому доказательством.
Aug 4 11:09:17 mail postfix/smtpd[71597]: 1AE3B7EC3D: client=unknown[59.88.35.206], sasl_method=PLAIN, sasl_username=MYEMAIL@example.com
Как у вас permit_sasl_authenticated в main.cf, то вы разрешаете любому, кто знает ваши учетные данные, отправлять электронную почту через ваш сервер.
Если да, то как это возможно?
Есть много способов сделать утечку ваших учетных данных.
и как мне это исправить?
Сначала отключите учетную запись, либо измените ее статус в базе данных postgre, либо измените пароль на случайный. Определите, как произошла утечка ваших учетных данных, и исправьте эту дыру.
Дополнительные замечания:
Ваша конфигурация постфикса в порядке. Хотя они немного перекрывают друг друга, поскольку вы повторяете некоторые ограничения на каждом этапе. Вы также должны убедиться, что каждый провайдер rhsbl / rbl по-прежнему активен, поддерживая черный список, чтобы избежать ложных срабатываний.
Журнал показывает, что кто-то получил пароль для учетной записи электронной почты MYEMAIL@MYDOMAIN.COM и использует его для рассылки СПАМА через сервер.
Наиболее частой причиной такого рода инцидентов является попадание пользователя на фишинговое письмо, в котором ему или ей предлагается ввести свой адрес электронной почты и пароль в веб-форму для сбора учетных данных.
Исправить: