用Postfix + Dovecot 搭建的邮件server被垃圾邮件其中转server的处理
今天发邮件。 发送失败。然后到server上看日志, 发现硬盘被垃圾邮件的缓存队列和日志塞满了。
tail -f /var/log/maillog 发现疯狂刷屏。部分日志例如以下 :
Aug 17 09:39:01 www postfix/error[1173]: 455F050663: to=<papa8833_1234@yahoo.com.tw>, relay=none, delay=28778, delays=28631/146/0/0.51, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mx-tw.mail.gm0.yahoodns.net[203.188.197.119] while sending RCPT TO)
Aug 17 09:39:01 www postfix/error[1229]: 296AE2FDCD: to=<masakiaiba1224@yahoo.com.tw>, relay=none, delay=30507, delays=30360/147/0/0.21, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mx-tw.mail.gm0.yahoodns.net[203.188.197.119] while sending RCPT TO)
Aug 17 09:39:01 www postfix/error[1138]: 1F9A853B47: to=<jessie-0918@yahoo.com.tw>, relay=none, delay=28244, delays=28097/146/0/0.6, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mx-tw.mail.gm0.yahoodns.net[203.188.197.119] while sending RCPT TO)
Aug 17 09:39:01 www postfix/error[1104]: B16DB3AB0B: to=<dalin0602@yahoo.com.tw>, relay=none, delay=29431, delays=29284/146/0/0.83, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mx-tw.mail.gm0.yahoodns.net[203.188.197.119] while sending RCPT TO)
Aug 17 09:39:01 www postfix/error[1205]: B7F65597AE: to=<alice19920502@yahoo.com.tw>, relay=none, delay=26365, delays=26218/146/0/0.41, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mx-tw.mail.gm0.yahoodns.net[203.188.197.119] while sending RCPT TO)
Aug 17 09:39:01 www postfix/error[1166]: 308EE43BD2: to=<095275385@yahoo.com.tw>, relay=none, delay=30716, delays=30569/147/0/0.06, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mx-tw.mail.gm0.yahoodns.net[203.188.197.119] while sending RCPT TO)
Aug 17 09:39:01 www postfix/error[1140]: 9654E2B6A6: to=<kzy@yahoo.com.tw>, relay=none, delay=35359, delays=35213/146/0/0.79, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mx-tw.mail.gm0.yahoodns.net[203.188.197.119] while sending RCPT TO)
Aug 17 09:39:01 www postfix/error[1134]: C74DA58B4C: to=<a6043112@yahoo.com.tw>, relay=none, delay=26704, delays=26557/146/0/0.57, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mx-tw.mail.gm0.yahoodns.net[203.188.197.119] while sending RCPT TO)
Aug 17 09:39:01 www postfix/error[1220]: 506172DC9A: to=<znzn720908@yahoo.com.tw>, relay=none, delay=34379, delays=34232/146/0/1.4, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mx-tw.mail.gm0.yahoodns.net[203.188.197.119] while sending RCPT TO)
在看一下系统进程和负载。 好晕。 负载都28了,server都快扛不动了。
[root@www /]# top top - 09:42:06 up 2 days, 22:13, 1 user, load average: 28.81, 20.57, 12.43
Tasks: 238 total, 1 running, 237 sleeping, 0 stopped, 0 zombie
Cpu(s): 4.4%us, 8.0%sy, 0.0%ni, 4.2%id, 82.7%wa, 0.5%hi, 0.2%si, 0.0%st
Mem: 3921316k total, 2927360k used, 993956k free, 520508k buffers
Swap: 0k total, 0k used, 0k free, 671096k cached PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
319 root 20 0 80764 3568 2656 S 3.7 0.1 0:13.37 master
323 postfix 20 0 80944 3568 2596 S 2.0 0.1 0:09.92 trivial-rewrite
322 postfix 20 0 103m 28m 2712 D 1.7 0.7 0:09.09 qmgr
862 root 20 0 249m 4784 1032 S 1.7 0.1 14:18.73 rsyslogd
448 postfix 20 0 80984 3592 2596 S 1.0 0.1 0:03.35 trivial-rewrite
255 root 20 0 0 0 0 D 0.7 0.0 5:59.75 jbd2/xvda1-8
400 postfix 20 0 94400 5164 3588 S 0.7 0.1 0:00.21 smtpd
1293 root 20 0 761m 8096 2072 S 0.7 0.2 4:48.66 aegis_cli
1877 postfix 20 0 80856 3528 2632 S 0.7 0.1 0:00.08 error
2024 postfix 20 0 80856 3536 2632 S 0.7 0.1 0:00.04 error
2152 postfix 20 0 80880 3492 2608 S 0.7 0.1 0:00.02 bounce
2158 postfix 20 0 80880 3496 2608 D 0.7 0.1 0:00.02 bounce
2162 root 20 0 15160 1428 1000 R 0.7 0.0 0:00.02 top
446 postfix 20 0 94400 5172 3604 S 0.3 0.1 0:00.18 smtpd
455 postfix 20 0 80988 3640 2712 S 0.3 0.1 0:00.10 cleanup
463 postfix 20 0 94400 5144 3576 S 0.3 0.1 0:00.16 smtpd
465 postfix 20 0 80988 3636 2712 S 0.3 0.1 0:00.10 cleanup
1018 postfix 20 0 80988 3640 2712 S 0.3 0.1 0:00.07 cleanup
1035 postfix 20 0 94400 5120 3548 S 0.3 0.1 0:00.09 smtpd
1040 postfix 20 0 94400 5140 3568 S 0.3 0.1 0:00.14 smtpd
1469 postfix 20 0 80856 3532 2632 S 0.3 0.1 0:00.22 error
1836 postfix 20 0 80856 3528 2632 S 0.3 0.1 0:00.09 error
1900 postfix 20 0 80856 3536 2632 S 0.3 0.1 0:00.06 error
1903 postfix 20 0 80856 3528 2632 S 0.3 0.1 0:00.06 error
1924 postfix 20 0 80856 3528 2632 S 0.3 0.1 0:00.06 error
1939 postfix 20 0 80856 3532 2632 S 0.3 0.1 0:00.05 error
1960 postfix 20 0 80856 3528 2632 S 0.3 0.1 0:00.05 error
1967 postfix 20 0 80856 3532 2632 S 0.3 0.1 0:00.05 error
1973 postfix 20 0 80856 3528 2632 S 0.3 0.1 0:00.05 error
1977 postfix 20 0 80856 3532 2632 S 0.3 0.1 0:00.04 error
2090 postfix 20 0 80880 3500 2608 D 0.3 0.1 0:00.01 bounce
2153 postfix 20 0 80880 3500 2608 D 0.3 0.1 0:00.01 bounce
2161 postfix 20 0 80880 3492 2608 D 0.3 0.1 0:00.01 bounce
2163 postfix 20 0 80880 3492 2608 D 0.3 0.1 0:00.01 bounce
2164 postfix 20 0 80880 3492 2608 D 0.3 0.1 0:00.01 bounce
2165 postfix 20 0 80880 3492 2608 D 0.3 0.1 0:00.01 bounce
2169 postfix 20 0 80880 3496 2608 D 0.3 0.1 0:00.01 bounce
2170 postfix 20 0 80880 3496 2608 D 0.3 0.1 0:00.01 bounce
2176 postfix 20 0 80880 3492 2608 D 0.3 0.1 0:00.01 bounce
1 root 20 0 19232 1088 820 S 0.0 0.0 0:00.87 init
2 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kthreadd
先停下 postfix 服务, 看看被转发的垃圾邮件的内容:
[root@www /]# postcat -q 847D9E8238
*** ENVELOPE RECORDS deferred/8/847D9E8238 ***
message_size: 6545 3068 26 0 6545
message_arrival_time: Sun Aug 17 10:15:10 2014
create_time: Sun Aug 17 10:15:10 2014
named_attribute: rewrite_context=remote
sender: tymgobzrck@yahoo.com.tw
named_attribute: log_client_name=36-224-134-61.dynamic-ip.hinet.net
named_attribute: log_client_address=36.224.134.61
named_attribute: log_client_port=2806
named_attribute: log_message_origin=36-224-134-61.dynamic-ip.hinet.net[36.224.134.61]
named_attribute: log_helo_name=115.28.81.191
named_attribute: log_protocol_name=SMTP
named_attribute: client_name=36-224-134-61.dynamic-ip.hinet.net
named_attribute: reverse_client_name=36-224-134-61.dynamic-ip.hinet.net
named_attribute: client_address=36.224.134.61
named_attribute: client_port=2806
named_attribute: helo_name=115.28.81.191
named_attribute: protocol_name=SMTP
named_attribute: client_address_type=2
named_attribute: dsn_orig_rcpt=rfc822;joyce_107@yahoo.com.tw
original_recipient: joyce_107@yahoo.com.tw
recipient: joyce_107@yahoo.com.tw
named_attribute: dsn_orig_rcpt=rfc822;lucky-maggie@yahoo.com.tw
original_recipient: lucky-maggie@yahoo.com.tw
recipient: lucky-maggie@yahoo.com.tw
named_attribute: dsn_orig_rcpt=rfc822;joey31333@yahoo.com.tw
original_recipient: joey31333@yahoo.com.tw
recipient: joey31333@yahoo.com.tw
named_attribute: dsn_orig_rcpt=rfc822;mszzgundam@yahoo.com.tw
original_recipient: mszzgundam@yahoo.com.tw
recipient: mszzgundam@yahoo.com.tw
named_attribute: dsn_orig_rcpt=rfc822;ldmr@yahoo.com.tw
original_recipient: ldmr@yahoo.com.tw
recipient: ldmr@yahoo.com.tw
named_attribute: dsn_orig_rcpt=rfc822;ljhdavid@yahoo.com.tw
original_recipient: ljhdavid@yahoo.com.tw
recipient: ljhdavid@yahoo.com.tw
named_attribute: dsn_orig_rcpt=rfc822;jiangdixin@yahoo.com.tw
original_recipient: jiangdixin@yahoo.com.tw
recipient: jiangdixin@yahoo.com.tw
named_attribute: dsn_orig_rcpt=rfc822;leert1@yahoo.com.tw
original_recipient: leert1@yahoo.com.tw
recipient: leert1@yahoo.com.tw
named_attribute: dsn_orig_rcpt=rfc822;keychain882002@yahoo.com.tw
original_recipient: keychain882002@yahoo.com.tw
recipient: keychain882002@yahoo.com.tw
named_attribute: dsn_orig_rcpt=rfc822;pjyz@yahoo.com.tw
original_recipient: pjyz@yahoo.com.tw
recipient: pjyz@yahoo.com.tw
named_attribute: dsn_orig_rcpt=rfc822;lcru1214@yahoo.com.tw
original_recipient: lcru1214@yahoo.com.tw
recipient: lcru1214@yahoo.com.tw
named_attribute: dsn_orig_rcpt=rfc822;ice99954452002@yahoo.com.tw
original_recipient: ice99954452002@yahoo.com.tw
recipient: ice99954452002@yahoo.com.tw
named_attribute: dsn_orig_rcpt=rfc822;leslyn07@yahoo.com.tw
original_recipient: leslyn07@yahoo.com.tw
recipient: leslyn07@yahoo.com.tw
named_attribute: dsn_orig_rcpt=rfc822;markshow2004@yahoo.com.tw
original_recipient: markshow2004@yahoo.com.tw
recipient: markshow2004@yahoo.com.tw
named_attribute: dsn_orig_rcpt=rfc822;kk102055@yahoo.com.tw
original_recipient: kk102055@yahoo.com.tw
recipient: kk102055@yahoo.com.tw
named_attribute: dsn_orig_rcpt=rfc822;maggiewu321@yahoo.com.tw
original_recipient: maggiewu321@yahoo.com.tw
recipient: maggiewu321@yahoo.com.tw
named_attribute: dsn_orig_rcpt=rfc822;sentai@yahoo.com.tw
original_recipient: sentai@yahoo.com.tw
recipient: sentai@yahoo.com.tw
named_attribute: dsn_orig_rcpt=rfc822;pp7029@yahoo.com.tw
original_recipient: pp7029@yahoo.com.tw
recipient: pp7029@yahoo.com.tw
named_attribute: dsn_orig_rcpt=rfc822;jhleeahwon@yahoo.com.tw
original_recipient: jhleeahwon@yahoo.com.tw
recipient: jhleeahwon@yahoo.com.tw
named_attribute: dsn_orig_rcpt=rfc822;luominyou@yahoo.com.tw
original_recipient: luominyou@yahoo.com.tw
recipient: luominyou@yahoo.com.tw
named_attribute: dsn_orig_rcpt=rfc822;luckyherb0108@yahoo.com.tw
original_recipient: luckyherb0108@yahoo.com.tw
recipient: luckyherb0108@yahoo.com.tw
named_attribute: dsn_orig_rcpt=rfc822;linlin5155@yahoo.com.tw
original_recipient: linlin5155@yahoo.com.tw
recipient: linlin5155@yahoo.com.tw
named_attribute: dsn_orig_rcpt=rfc822;joey_lin2002@yahoo.com.tw
original_recipient: joey_lin2002@yahoo.com.tw
recipient: joey_lin2002@yahoo.com.tw
named_attribute: dsn_orig_rcpt=rfc822;fionhsu30@yahoo.com.tw
original_recipient: fionhsu30@yahoo.com.tw
recipient: fionhsu30@yahoo.com.tw
named_attribute: dsn_orig_rcpt=rfc822;redkid228@yahoo.com.tw
original_recipient: redkid228@yahoo.com.tw
recipient: redkid228@yahoo.com.tw
named_attribute: dsn_orig_rcpt=rfc822;l0925930862@yahoo.com.tw
original_recipient: l0925930862@yahoo.com.tw
recipient: l0925930862@yahoo.com.tw
*** MESSAGE CONTENTS deferred/8/847D9E8238 ***
Received: from 115.28.81.191 (36-224-134-61.dynamic-ip.hinet.net [36.224.134.61])
by mail.sintie.com (Postfix) with SMTP id 847D9E8238;
Sun, 17 Aug 2014 10:15:10 +0800 (CST)
Received: from 65.64.252.253 by ; Sun, 17 Aug 2014 06:09:08 +0400
postfix 非常强大, 又一次把安全认证相关的东西设置,提高安全级别。
经过又一次配置。 进行了认证之后 , 再看日志 :
Aug 17 10:52:49 www postfix/smtpd[5864]: NOQUEUE: reject: RCPT from 114-45-30-4.dynamic.hinet.net[114.45.30.4]: 504 5.5.2 <115.28.81.191>: Helo command rejected: need fully-qualified hostname; from=<yiysoemvhj@pchome.com.tw> to=<pk789561@yahoo.com.tw> proto=SMTP helo=<115.28.81.191>
Aug 17 10:52:49 www postfix/smtpd[5863]: NOQUEUE: reject: RCPT from 118-161-251-198.dynamic.hinet.net[118.161.251.198]: 504 5.5.2 <115.28.81.191>: Helo command rejected: need fully-qualified hostname; from=<umnijixejf@yahoo.com.tw> to=<duckface@yahoo.com.tw> proto=SMTP helo=<115.28.81.191>
Aug 17 10:52:50 www postfix/smtpd[5865]: connect from 118-161-241-28.dynamic.hinet.net[118.161.241.28]
Aug 17 10:52:50 www postfix/smtpd[5863]: NOQUEUE: reject: RCPT from 118-161-251-198.dynamic.hinet.net[118.161.251.198]: 504 5.5.2 <115.28.81.191>: Helo command rejected: need fully-qualified hostname; from=<umnijixejf@yahoo.com.tw> to=<cnmed@yahoo.com.tw> proto=SMTP helo=<115.28.81.191>
Aug 17 10:52:50 www postfix/smtpd[5864]: NOQUEUE: reject: RCPT from 114-45-30-4.dynamic.hinet.net[114.45.30.4]: 504 5.5.2 <115.28.81.191>: Helo command rejected: need fully-qualified hostname; from=<yiysoemvhj@pchome.com.tw> to=<rf54893@yahoo.com.tw> proto=SMTP helo=<115.28.81.191>
Aug 17 10:52:50 www postfix/smtpd[5864]: NOQUEUE: reject: RCPT from 114-45-30-4.dynamic.hinet.net[114.45.30.4]: 504 5.5.2 <115.28.81.191>: Helo command rejected: need fully-qualified hostname; from=<yiysoemvhj@pchome.com.tw> to=<pneg_lung_family@yahoo.com.tw> proto=SMTP helo=<115.28.81.191>
Aug 17 10:52:50 www postfix/smtpd[5865]: NOQUEUE: reject: RCPT from 118-161-241-28.dynamic.hinet.net[118.161.241.28]: 504 5.5.2 <115.28.81.191>: Helo command rejected: need fully-qualified hostname; from=<ifzivt@yahoo.com.tw> to=<petwear2002@yahoo.com.tw> proto=SMTP helo=<115.28.81.191>
Aug 17 10:52:50 www postfix/smtpd[5865]: NOQUEUE: reject: RCPT from 118-161-241-28.dynamic.hinet.net[118.161.241.28]: 504 5.5.2 <115.28.81.191>: Helo command rejected: need fully-qualified hostname; from=<ifzivt@yahoo.com.tw> to=<pooh0208tw@yahoo.com.tw> proto=SMTP helo=<115.28.81.191>
Aug 17 10:52:50 www postfix/smtpd[5865]: NOQUEUE: reject: RCPT from 118-161-241-28.dynamic.hinet.net[118.161.241.28]: 504 5.5.2 <115.28.81.191>: Helo command rejected: need fully-qualified hostname; from=<ifzivt@yahoo.com.tw> to=<shadowbear1@yahoo.com.tw> proto=SMTP helo=<115.28.81.191>
Aug 17 10:52:51 www postfix/smtpd[5859]: NOQUEUE: reject: RCPT from 114-45-30-4.dynamic.hinet.net[114.45.30.4]: 504 5.5.2 <115.28.81.191>: Helo command rejected: need fully-qualified hostname; from=<fxhxukrxxfhv@pchome.com.tw> to=<robeak@yahoo.com.tw> proto=SMTP helo=<115.28.81.191>
Aug 17 10:52:51 www postfix/smtpd[5865]: NOQUEUE: reject: RCPT from 118-161-241-28.dynamic.hinet.net[118.161.241.28]: 504 5.5.2 <115.28.81.191>: Helo command rejected: need fully-qualified hostname; from=<ifzivt@yahoo.com.tw> to=<u.rmp@yahoo.com.tw> proto=SMTP helo=<115.28.81.191>
Aug 17 10:52:51 www postfix/smtpd[5863]: NOQUEUE: reject: RCPT from 118-161-251-198.dynamic.hinet.net[118.161.251.198]: 504 5.5.2 <115.28.81.191>: Helo command rejected: need fully-qualified hostname; from=<umnijixejf@yahoo.com.tw> to=<cpnel@yahoo.com.tw> proto=SMTP helo=<115.28.81.191>
Aug 17 10:52:51 www postfix/smtpd[5865]: NOQUEUE: reject: RCPT from 118-161-241-28.dynamic.hinet.net[118.161.241.28]: 504 5.5.2 <115.28.81.191>: Helo command rejected: need fully-qualified hostname; from=<ifzivt@yahoo.com.tw> to=<saicvb@yahoo.com.tw> proto=SMTP helo=<115.28.81.191>
Aug 17 10:52:51 www postfix/smtpd[5864]: NOQUEUE: reject: RCPT from 114-45-30-4.dynamic.hinet.net[114.45.30.4]: 504 5.5.2 <115.28.81.191>: Helo command rejected: need fully-qualified hostname; from=<yiysoemvhj@pchome.com.tw> to=<pellucid_space@yahoo.com.tw> proto=SMTP helo=<115.28.81.191>
Aug 17 10:52:51 www postfix/smtpd[5865]: NOQUEUE: reject: RCPT from 118-161-241-28.dynamic.hinet.net[118.161.241.28]: 504 5.5.2 <115.28.81.191>: Helo command rejected: need fully-qualified hostname; from=<ifzivt@yahoo.com.tw> to=<sal-love@yahoo.com.tw> proto=SMTP helo=<115.28.81.191>
是被server拒绝了。
要是再可以动态分析这个日志 。 吧这个IP放入到防火墙里, 直接把它PASS掉就完美了。
以下把解决的方法整理一下:
第一个是加入黑名单, 把 from 为 yahoo.com.tw 的 REJECT掉, 把 to 为 yahoo.com.tw 的 REJECT掉 。
第二个是启用防火墙, 把乱七八糟的台湾的IP地址直接用防火墙过滤掉。
黑名单的配置例如以下;
smtpd_sender_restrictions = reject_sender_login_mismatch,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
check_sender_access hash:/etc/postfix/sender_access,
check_recipient_access hash:/etc/postfix/recver_access
sender_access和recver_access的内容例如以下:
[root@www postfix]# more sender_access
mail2000.com.tw REJECT
yahoo.com.tw REJECT
yahoo.com.jp REJECT
pchome.com.tw REJECT
[root@www postfix]#
[root@www postfix]#
[root@www postfix]#
[root@www postfix]#
[root@www postfix]# more recver_access
yahoo.com.tw REJECT
[root@www postfix]#
记得要用 postmap 生成 key-value形式的二进制文件。
防火墙通用脚本例如以下所看到的:
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP iptables -A OUTPUT -p tcp --sport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables -A OUTPUT -p tcp --sport 25 -j ACCEPT
iptables -A INPUT -p tcp --dport 25 -j ACCEPT iptables -A OUTPUT -p tcp --sport 110 -j ACCEPT
iptables -A INPUT -p tcp --dport 110 -j ACCEPT iptables -A OUTPUT -p tcp --sport 143 -j ACCEPT
iptables -A INPUT -p tcp --dport 143 -j ACCEPT iptables -A OUTPUT -p tcp --sport 3306 -j ACCEPT
iptables -A INPUT -p tcp --dport 3306 -j ACCEPT iptables -A OUTPUT -p tcp --sport 21 -j ACCEPT
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 20 -j ACCEPT
iptables -A INPUT -p tcp --dport 20 -j ACCEPT iptables -A OUTPUT -p tcp --sport 993 -j ACCEPT
iptables -A INPUT -p tcp --dport 993 -j ACCEPT iptables -A OUTPUT -p tcp --sport 995 -j ACCEPT
iptables -A INPUT -p tcp --dport 995 -j ACCEPT iptables -A INPUT -p udp --sport 53 -j ACCEPT
iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
iptables -A INPUT -p udp --dport 53 -j ACCEPT
iptables -A OUTPUT -p udp --sport 53 -j ACCEPT iptables -A OUTPUT -p icmp -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT iptables -A INPUT -i lo -p all -j ACCEPT
iptables -A OUTPUT -o lo -p all -j ACCEPT iptables -A INPUT -p tcp --sport 31337 -j DROP
iptables -A OUTPUT -p tcp --dport 31337 -j DROP iptables -A INPUT -p tcp --sport 137 -j DROP
iptables -A OUTPUT -p tcp --dport 137 -j DROP iptables -A INPUT -p tcp --sport 138 -j DROP
iptables -A OUTPUT -p tcp --dport 138 -j DROP iptables -A INPUT -p tcp --sport 139 -j DROP
iptables -A OUTPUT -p tcp --dport 139 -j DROP iptables -A INPUT -p tcp --sport 2049 -j DROP
iptables -A OUTPUT -p tcp --dport 2049 -j DROP iptables -A FORWARD -f -m limit --limit 100/s --limit-burst 100 -j ACCEPT
iptables -A FORWARD -p icmp -m limit --limit 1/s --limit-burst 10 -j ACCEPT iptables -I INPUT -s 36.224.139.122 -j DROP
iptables -I INPUT -s 36.224.138.68 -j DROP
iptables -I INPUT -s 114.45.27.171 -j DROP
iptables -I INPUT -s 36.224.130.95 -j DROP
iptables -I INPUT -s 114.45.30.249 -j DROP
要禁止的IP就继续在这里加入
配置好了后, 重新启动 postfix, 基本就没有啥大问题了。
用Postfix + Dovecot 搭建的邮件server被垃圾邮件其中转server的处理的更多相关文章
- RHEL6.4 postfix+dovecot搭建邮件服务器
实验需求:为公司搭建一台能够收信和发信的邮件服务器(192.168.100.1),为员工提供服务,公司域名为jinjianjun.com. 一.修改DNS服务器(192.168.100.2)上mx邮件 ...
- Postfix+dovecot搭建简单邮箱服务器
实验环境: (1)修改主机名:hostnamectl set-hostname mail.meilintong.com 退出,重新登陆 (2)关闭selinux (3)关闭防火墙 1.安装postfi ...
- 手动搭建apache james邮件服务器,实现邮件功能
最近一直在搞邮件这块,本来我们邮件发送是用的腾讯免费的企业邮箱,邮件功能没有问题,但是由于邮件的限制,如下: 这些限制导致我们的部分客户是收不到邮件的,哪怕付费,这样的固定频率限制也是无法解决的,可以 ...
- postfix反垃圾邮件说明
参考地址:http://guailele.blog.51cto.com/1156442/780223 1.打开 smtp 的认证模块 在/etc/postfix/main.cf文件最后加上: sm ...
- Linux安全应用之防垃圾邮件server的构建
Linux安全应用之防垃圾邮件server的构建 一.垃圾邮件产生的原因 垃圾邮件(SPAM) 也称作UCE(Unsoticited Commercial Email.未经许可的商业电子邮件)或UBE ...
- postfix 被当作垃圾邮件中转站
磁盘 io 总是满的状态 该服务器只有监控和邮件elk在上面. 发现邮件日志 疯狂的输出 tail -f /var/log/maillog 大致都是来自于 yahoo.com.tw的东西 清空了 /v ...
- Exchange2010---反垃圾邮件配置
Exchange2010---反垃圾邮件配置 Exchange2010---反垃圾邮件配置 本文以Exchange Server 2010作为反垃圾邮件配置实例为例. 其实,在微软发布的Exc ...
- 论垃圾邮件危害性及U-Mail邮件系统必杀技
阿里集团今年“双十一电商节”又一次突破了去年营收,创造了新的历史.相信在电商日益渗入生 活的今天,你在日常工作中一定收到过某店铺发来的推广邮件,的确,邮件如今被电商广泛应用于消费者购物各环节,但是在其 ...
- Machine Learning for hackers读书笔记(三)分类:垃圾邮件过滤
#定义函数,打开每一个文件,找到空行,将空行后的文本返回为一个字符串向量,该向量只有一个元素,就是空行之后的所有文本拼接之后的字符串 #很多邮件都包含了非ASCII字符,因此设为latin1就可以读取 ...
随机推荐
- Error : The specified component was not reported by the VSS writer (Error 517) in Windows Server 2012 Backup
Error : The specified component was not reported by the VSS writer (Error 517) in Windows Server 201 ...
- HTML5 vs FLASH vs SILVERLIGHT
Introduction HTML5 kills off flash; HTML5 kills off Silverlight; HTML5 makes the dinner and does the ...
- nyoj 164&&poj2084 Game of Connections 【卡特兰】
题意:将1~2n个数依照顺时针排列好.用一条线将两个数字连接起来要求:线之间不能有交点.同一个点仅仅同意被连一次. 最后问给出一个n,有多少种方式满足条件. 分析: ans[n]表示n的中的种类数. ...
- 25LINQ拾遗及实例
投影 □ 遍历数组索引,Select获取 int[] indexes = {0, 2}; string[] strs = {"a", "b", " ...
- Spring初始化完成后直接执行一个方法,初始化数据(解决方法被重复执行两次的情况)
在做WEB项目时,经常在项目第一次启动时利用WEB容器的监听.Servlet加载初始化等切入点为数据库准备数据,这些初始化数据 是系统开始运行前必须的数据,例如权限组.系统选项.默认管理员等等.但是项 ...
- arcgis runtime 100 Create geometries
1 /* Copyright 2016 EsriEsri 2 * 3 * Licensed under the Apache License, Version 2.0 (the "Licen ...
- .NET:CLR via C# User-Mode Constructs
The CLR guarantees that reads and writes to variables of the following data types are atomic: Boolea ...
- js自动补全实例
var oInputField ,oPopDiv , oColorsUl,aColors; //初始化变量 function initVars(modelId,divId,ulId){ oInputF ...
- jaxb使用
一.前言 JAXB——Java Architecture for XML Binding,是一项可以根据XML Schema产生Java类的技术.JAXB提供将XML实例文档反向生成Java对象树的方 ...
- PHP命名空间学习笔记
命名空间的支持版本:PHP 5 > 5.3.0,PHP 7 . 什么是命名空间 从广义上来说,命名空间是一种封装事物的方法.在很多地方都可以见到这种抽象概念.例如,在操作系统中目录用来将相关文件 ...