Debian
防止入侵者發送我自己的電子郵件(Postfix)
最近,我們成為了一個簡單的網路釣魚的受害者。雖然很簡單,但對某些使用者來說可能會很嚇人,我不知道如何阻止它。
入侵者通過 telnet 連接到我們的郵件伺服器,並將網路釣魚電子郵件從本地地址發送到同一地址。似乎中繼對本地連接是開放的,我找不到在哪裡禁用它或至少需要身份驗證。
他們這樣做的方式很簡單
telnet server 25 helo domain MAIL FROM: <mail@domain> RCPT TO: <mail@domain> data mail content ,
完成此操作後,會將郵件內容髮送到同一地址。
我使用以下設置進行了嘗試:
smtp_sender_restrictions = permit_mynetworks permit_sasl_authenticated check_sender_access
但我仍然可以重現此錯誤。伺服器正在執行 postfix,並具有 DKIM、SPF 和 DMARC。
我已經沒有想法了,也看到了這篇文章,我也嘗試了這些設置,但再次沒有成功。
編輯
在順茨先生髮表評論後。以下內容已更改
smtp_sender_restrictions
->smtpd_sender_restrictions
例如,我無法接收來自 gmail 的郵件,所以我恢復了這些更改。正如 Shunz 先生在這裡問的,我的 main.cf
main.cf:
smtpd_banner = reverseIP. biff = no append_dot_mydomain = no alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases mydestination = mail.domain, localhost, localhost.localdomain relayhost = mynetworks = 127.0.0.0/8 [::1]/128 inet_interfaces = all recipient_delimiter = + strict_rfc821_envelopes = yes smtpd_data_restrictions = reject_unauth_pipelining smtpd_delay_reject = yes policy-spf_time_limit = 3600s postscreen_greet_action = enforce readme_directory = /usr/share/doc/postfix html_directory = /usr/share/doc/postfix/html virtual_alias_domains = virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf virtual_mailbox_base = /var/vmail virtual_uid_maps = mysql:/etc/postfix/mysql-virtual_uids.cf virtual_gid_maps = mysql:/etc/postfix/mysql-virtual_gids.cf sender_bcc_maps = proxy:mysql:/etc/postfix/mysql-virtual_outgoing_bcc.cf inet_protocols = all smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_restriction_classes = greylisting greylisting = check_policy_service inet:127.0.0.1:10023 smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_recipient_domain, reject_unauth_destination, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, che$ smtpd_use_tls = yes smtpd_tls_security_level = may smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_tls_key_file = /etc/postfix/smtpd.key transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender_login_maps.cf proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_$ smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/tag_as_originating.re , permit_mynetworks ,inline:{ student@domain=reject_unauth_destination }, permit_sasl_authenticated, check_sende$ smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_client_hostname, check_client_access mysql:/etc/postfix/mysql-virtual_client.cf, reject_rbl_client cbl.abuseat.org, rej$ smtpd_client_message_rate_limit = 100 maildrop_destination_concurrency_limit = 1 maildrop_destination_recipient_limit = 1 virtual_transport = dovecot header_checks = regexp:/etc/postfix/header_checks mime_header_checks = regexp:/etc/postfix/mime_header_checks nested_header_checks = regexp:/etc/postfix/nested_header_checks body_checks = regexp:/etc/postfix/body_checks owner_request_special = no smtp_tls_security_level = may smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_protocols = !SSLv2,!SSLv3 smtp_tls_protocols = !SSLv2,!SSLv3 smtpd_tls_exclude_ciphers = RC4, aNULL smtp_tls_exclude_ciphers = RC4, aNULL myhostname = mail.domain dovecot_destination_recipient_limit = 1 smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth content_filter = amavis:[127.0.0.1]:10024 receive_override_options = no_address_mappings mailbox_size_limit = 0 message_size_limit = 0 smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination
在對伺服器故障網站進行一些探勘後,答案得到了解決。使用的方法是此答案中可用的第三種方法: https ://serverfault.com/a/689940/439892
現在,如果我通過 telnet 嘗試相同的步驟,我會收到以下消息:
553 5.7.1 <mail@domain>: Sender address rejected: not logged in
這正是我想要的。對不起,如果我的問題沒有足夠明確。