Email
Postfix 本地主機伺服器向自己發送垃圾郵件
我有一個執行 Postfix 的 iRedMail 伺服器,並試圖確定其垃圾郵件問題的根源。
此後,我更改了域上接收垃圾郵件的地址的 MX 記錄,好消息是沒有垃圾郵件通過第二台伺服器。然而,儘管 MX 記錄發生了變化,新的垃圾郵件仍然出現在舊伺服器上。這怎麼可能?
以下是其中一封垃圾郵件的標題:
Content-Type: multipart/alternative; boundary="6656864_13052705_6656864" Mime-Version: 1.0 Return-Path: <Macys@yuijdd.stablecheck.party> Content-Transfer-Encoding: 8bit X-Virus-Scanned: Debian amavisd-new at myserverdomain.com Received: from localhost (localhost [127.0.0.1]) by myserverdomain.com (Postfix) with ESMTP id 293FD6B977 for <nick@emaildomain.com>; Tue, 12 Jan 2016 20:45:14 -0700 (MST) Received: from myserverdomain.com ([127.0.0.1]) by localhost (myserverdomain.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G3TC68wvWWEK for <nick@emailaddress.com>; Tue, 12 Jan 2016 20:45:13 -0700 (MST) Received: from yuijdd.stablecheck.party (unknown [46.166.133.21]) by myserverdomain.com (Postfix) with ESMTP id 480626B976 for <nick@emaildomain.com>; Tue, 12 Jan 2016 20:45:12 -0700 (MST) Delivered-To: nick@emaildomain.com Message-Id: <Lackadaisical.0300b221f33a2b213a8dc0ee683baadac.Obsecratorynick@emaildomain.com> Re: Macy's is giving out a $50 voucher to start 2016
這似乎來自我自己的伺服器嗎?還是來自這個IP?:46.166.133.21。該 IP 在 Spamhaus 上被列入黑名單,我已將後綴設置為查詢。
這是我
/var/logs/mail.log
文件的一部分Jan 13 03:45:11 mailhost postfix/smtpd[4796]: connect from unknown[46.166.133.21] Jan 13 03:45:12 mailhost postfix/smtpd[4796]: 480626B976: client=unknown[46.166.133.21] Jan 13 03:45:12 mailhost postfix/cleanup[4806]: 480626B976: message-id=<Lackadaisical.0300b221f33a2b213a8dc0ee683baadac.Obsecratorynick@emaildomain.com> Jan 13 03:45:13 mailhost postfix/qmgr[9274]: 480626B976: from=<Macys@yuijdd.stablecheck.party>, size=5484, nrcpt=1 (queue active) Jan 13 03:45:13 mailhost postfix/smtpd[4796]: disconnect from unknown[46.166.133.21] Jan 13 03:45:14 mailhost postfix/smtpd[4815]: connect from localhost[127.0.0.1] Jan 13 03:45:14 mailhost postfix/smtpd[4815]: 293FD6B977: client=localhost[127.0.0.1] Jan 13 03:45:14 mailhost postfix/cleanup[4806]: 293FD6B977: message-id=<Lackadaisical.0300b221f33a2b213a8dc0ee683baadac.Obsecratorynick@emaildomain.com> Jan 13 03:45:14 mailhost postfix/qmgr[9274]: 293FD6B977: from=<Macys@yuijdd.stablecheck.party>, size=5943, nrcpt=1 (queue active) Jan 13 03:45:14 mailhost postfix/smtpd[4815]: disconnect from localhost[127.0.0.1] Jan 13 03:45:14 mailhost amavis[31884]: (31884-08) Passed CLEAN, LOCAL [46.166.133.21] [46.166.133.21] <Macys@yuijdd.stablecheck.party> -> <nick@emaildomain.com>, Message-ID: <Lackadaisical.0300b221f33a2b213a8dc0ee683baadac.Obsecratorynick@emaildomain.com>, mail_id: G3TC68wvWWEK, Hits: -0.546, size: 5482, queued_as: 293FD6B977, 568 ms Jan 13 03:45:14 mailhost postfix/smtp[4812]: 480626B976: to=<nick@emaildomain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=2, delays=1.4/0.01/0.01/0.58, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 293FD6B977) Jan 13 03:45:14 mailhost postfix/qmgr[9274]: 480626B976: removed Jan 13 03:45:14 mailhost postfix/pipe[4816]: 293FD6B977: to=<nick@emaildomain.com>, relay=dovecot, delay=0.09, delays=0.01/0.01/0/0.07, dsn=2.0.0, status=sent (delivered via dovecot service)
我還認為發送此郵件的某個地方可能有一個 PHP 腳本,所以我安裝並執行了 Linux Malware Detect,但它什麼也沒找到。
謝謝你的幫助!
編輯:我在 main.cf 中有黑名單過濾
smtpd_recipient_restrictions = reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client cbl.abuseat.org, reject_rbl_client b.barracudacentral.org, reject_invalid_hostname, reject_unknown_sender_domain, reject_unknown_recipient_domain, check_policy_service inet:127.0.0.1:7777, check_policy_service inet:127.0.0.1:10031, reject_non_fqdn_sender, reject_non_fqdn_hostname, reject_non_fqdn_recipient, reject_unlisted_recipient, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, permit
此電子郵件來自您的伺服器外部,來自指定的 IP 地址。
Postfix 被配置為將其傳遞給 Amavis 進行病毒掃描,完成後,Amavis 將其傳遞回 Postfix 進行傳遞。
這就是為什麼有兩個 localhost Received: 行。一個由 Amavis 在處理消息時添加,另一個在 Postfix 從 Amavis 重新接受它以進行最終傳遞時添加。