[LØST]Postfix mailserver problemer

peque
Antal: 915
Tilmeldt:
20-04-2005
User is offline
[LØST]Postfix mailserver problemer

Hejsa.
Jeg er over de seneste par dage blevet bombet med mails der returneres til mit domæne
jeg har slettet over 70000mails der sendes retur fra forkerte mailadresser.
såsom:

6C2DD3F46      7723 Wed Apr 20 10:52:34  june_ramirez@webmeup.dk
(delivery temporarily suspended: lost connection with mta6.am0.yahoodns.net[98.138.112.33] while sending RCPT TO)
                                         smeegheadred@yahoo.com
643593CCC      7641 Wed Apr 20 10:48:06  betty_fox@wedele.dk
(host mx-eu.mail.am0.yahoodns.net[188.125.69.79] said: 421 4.7.1 [TS03] All messages from 5.103.130.40 will be permanently deferred; Retrying will NOT succeed. See https://help.yahoo.com/kb/postmaster/SLN3436.html (in reply to MAIL FROM command))
                                         dandcj1@yahoo.co.uk
E56246FED      8607 Wed Apr 20 10:54:53  latoya_zimmerman@wedele.dk
(delivery temporarily suspended: host mailin-04.mx.aol.com[152.163.0.67] refused to talk to me: 421 4.7.1 : (DYN:T1) https://postmaster.aol.com/error-codes#421dynt1)
                                         kdow7170@aol.com

Hvad kan jeg gøre i denne situation.
Jeg ved min server ikke er kompromiteret - og kan ikke lige se hvorfor jeg skal blokkkes pga den mængde mails der ryger igennem lige nu .

Hvad kan jeg umiddelbart gøre ved dette
P
Hvad kan jeg gøre


lbm
lbm's picture
Antal: 811
Tilmeldt:
14-06-2006
User is offline

peque
Antal: 915
Tilmeldt:
20-04-2005
User is offline
Hmmmm Det er jo helt vildt

Hmmmm Det er jo helt vildt som vi bombarderes totalt lige pt - og bliver blokeret på flere mailservere - da den ikke vil modtage i disse mængder

Nu har jeg sat min mailserver op med virtuelle domæner igennem postfixadmin
Jeg har prøvet at tilføje følgende linier i min main.cf

local_transport = virtual
local_recipient_maps = $virtual_mailbox_maps

har opsat header_checks og body_checks som ser således ud:

header_checks
# Do not indent the patterns between "if" and "endif".
if /^Received:/
/^Received: +from +(webmeup\.dk) +/
reject forged client name in Received: header: $1
/^Received: +from +[^ ]+ +\(([^ ]+ +[he]+lo=|[he]+lo +)(webmeup\.dk)\)/
reject forged client name in Received: header: $2
/^Received:.* +by +(webmeup\.dk)\b/
reject forged mail server name in Received: header: $1
endif
/^Message-ID:.* <!&!/ DUNNO
/^Message-ID:.*@(webmeup\.dk)/
reject forged domain name in Message-ID: header: $1
/^(From|Return-Path):.*\b(user@domain\.tld)\b/
reject forged sender address in $1: header: $2

body_checks
# Do not indent the patterns between "if" and "endif".
if /^[> ]*Received:/
/^[> ]*Received: +from +(webmeup\.dk) /
reject forged client name in Received: header: $1
/^[> ]*Received: +from +[^ ]+ +\(([^ ]+ +[he]+lo=|[he]+lo +)(webmeup\.dk)\)/
reject forged client name in Received: header: $2
/^[> ]*Received:.* +by +(webmeup\.dk)\b/
reject forged mail server name in Received: header: $1
endif
/^[> ]*Message-ID:.* <!&!/ DUNNO
/^[> ]*Message-ID:.*@(webmeup\.dk)/
reject forged domain name in Message-ID: header: $1
/^[> ]*(From|Return-Path):.*\b(user@domain\.tld)\b/
reject forged sender address in $1: header: $2

Men får disse fejl når den tester - men som jeg kan se dette er det OK - at der ikke er et erstatningsord

Apr 27 12:17:50 quasimodo postfix/cleanup[13553]: warning: /etc/postfix/header_checks, line 3: no replacement text: using empty string
Apr 27 12:17:50 quasimodo postfix/cleanup[13553]: warning: pcre map /etc/postfix/header_checks, line 4: ignoring unrecognized request
Apr 27 12:17:50 quasimodo postfix/cleanup[13553]: warning: /etc/postfix/header_checks, line 5: no replacement text: using empty string
Apr 27 12:17:50 quasimodo postfix/cleanup[13553]: warning: pcre map /etc/postfix/header_checks, line 6: ignoring unrecognized request
Apr 27 12:17:50 quasimodo postfix/cleanup[13553]: warning: /etc/postfix/header_checks, line 7: no replacement text: using empty string
Apr 27 12:17:50 quasimodo postfix/cleanup[13553]: warning: pcre map /etc/postfix/header_checks, line 8: ignoring unrecognized request
Apr 27 12:17:50 quasimodo postfix/cleanup[13553]: warning: /etc/postfix/header_checks, line 11: no replacement text: using empty string
Apr 27 12:17:50 quasimodo postfix/cleanup[13553]: warning: pcre map /etc/postfix/header_checks, line 14: ignoring unrecognized request
Apr 27 12:17:50 quasimodo postfix/cleanup[13553]: warning: /etc/postfix/header_checks, line 15: no replacement text: using empty string
Apr 27 12:17:50 quasimodo postfix/cleanup[13553]: warning: pcre map /etc/postfix/header_checks, line 16: ignoring unrecognized request
Apr 27 12:17:50 quasimodo postfix/cleanup[13553]: warning: /etc/postfix/body_checks, line 3: no replacement text: using empty string
Apr 27 12:17:50 quasimodo postfix/cleanup[13553]: warning: pcre map /etc/postfix/body_checks, line 4: ignoring unrecognized request
Apr 27 12:17:50 quasimodo postfix/cleanup[13553]: warning: /etc/postfix/body_checks, line 5: no replacement text: using empty string
Apr 27 12:17:50 quasimodo postfix/cleanup[13553]: warning: pcre map /etc/postfix/body_checks, line 6: ignoring unrecognized request
Apr 27 12:17:50 quasimodo postfix/cleanup[13553]: warning: /etc/postfix/body_checks, line 7: no replacement text: using empty string
Apr 27 12:17:50 quasimodo postfix/cleanup[13553]: warning: pcre map /etc/postfix/body_checks, line 8: ignoring unrecognized request
Apr 27 12:17:50 quasimodo postfix/cleanup[13553]: warning: /etc/postfix/body_checks, line 11: no replacement text: using empty string
Apr 27 12:17:50 quasimodo postfix/cleanup[13553]: warning: pcre map /etc/postfix/body_checks, line 14: ignoring unrecognized request
Apr 27 12:17:50 quasimodo postfix/cleanup[13553]: warning: /etc/postfix/body_checks, line 15: no replacement text: using empty string
Apr 27 12:17:50 quasimodo postfix/cleanup[13553]: warning: pcre map /etc/postfix/body_checks, line 16: ignoring unrecognized request

Men syntes stadig jeg får en masse spam retur som denne:

Apr 27 13:19:33 quasimodo postfix/pickup[19266]: BF79934AB: uid=33 from=<arlene_tucker@webmeup.dk>
Apr 27 13:19:33 quasimodo postfix/cleanup[19047]: BF79934AB: message-id=<4c02c101208fdc722549fc5ea5e9dd3a@webmeup.dk>
Apr 27 13:19:33 quasimodo postfix/qmgr[18169]: BF79934AB: from=<arlene_tucker@webmeup.dk>, size=7635, nrcpt=1 (queue active)
Apr 27 13:19:34 quasimodo postfix/smtp[19103]: BF79934AB: to=<sky198716@gmail.com>, relay=gmail-smtp-in.l.google.com[74.125.133.27]:25, delay=0.71, delays=0/0/0.37/0.33, dsn=5.7.1, status=bounced (host gmail-smtp-in.l.google.com[74.125.133.27] said: 550-5.7.1 [5.103.130.40      18] Our system has detected that this message is 550-5.7.1 likely suspicious due to the very low reputation of the sending IP 550-5.7.1 address. To best protect our users from spam, the message has been 550-5.7.1 blocked. Please visit 550 5.7.1  https://support.google.com/mail/answer/188131 for more information. o16si30215409wme.6 - gsmtp (in reply to end of DATA command))
Apr 27 13:19:34 quasimodo postfix/bounce[19391]: BF79934AB: sender non-delivery notification: 775C83482
Apr 27 13:19:34 quasimodo postfix/qmgr[18169]: BF79934AB: removed

Hvordan kan jeg blokere dette således jeg ikke komme i denne knibe konstant og blir rejected af de fleste mailservere!

Hele min postfix/main.cf ser således ud:

# See /usr/share/postfix/main.cf.dist for a commented, more complete version

# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = static-5-103-130-40.seas-nve.net
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/etc/postfix/certs/smtpd.crt
smtpd_tls_key_file=/etc/postfix/certs/smtpd.key
smtpd_tls_CAfile = /etc/postfix/certs/cacert.pem
smtpd_use_tls=yes
smtp_use_tls = yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
smtpd_tls_loglevel = 1
smtpd_tls_session_cache_timeout = 3600s
tls_random_exchange_name = /var/run/prng_exch
tls_random_source = dev:/dev/random
#tls_smtp_use_tls = no
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth-client
smtpd_sasl_authenticated_header = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes

# Timeout Params
smtpd_timeout = 70s
smtp_connect_timeout = 60s
smtp_data_done_timeout = 60s
smtp_data_init_timeout = 60s
smtp_data_xfer_timeout = 60s
smtp_helo_timeout = 60s
smtp_mail_timeout = 60s
smtp_quit_timeout = 60s
smtp_rcpt_timeout = 60s

myhostname = quasimodo.webmeup.dk
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 quasimodo.webmeup.dk
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
#message_size_limit = 251658240
message_size_limit = 52428800

##### SASL bits #####
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_recipient_restrictions =
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_unauth_destination
        check_sender_access hash:/etc/postfix/access.cf
smtpd_client_restrictions =
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_non_fqdn_recipient,
        reject_unknown_recipient_domain,
        reject_unauth_destination
smtpd_delay_reject = yes
broken_sasl_auth_clients = yes
# debug_peer_list = 127.0.0.1
local_transport = virtual
local_recipient_maps = $virtual_mailbox_maps

######### Virtual User Configurations ##########
virtual_alias_maps              = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_mailbox_domains         = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_maps            = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_mailbox_limit           = 5120000000
virtual_minimum_uid             = 5000
virtual_uid_maps                = static:5000
virtual_gid_maps                = static:5000
virtual_mailbox_base            = /storage
virtual_transport               = virtual

###### Additional support for Quota
#virtual_create_maildirsize     = yes
#virtual_mailbox_extended       = yes
#virtual_mailbox_limit_maps     = mysql:/etc/postfix/mysql_virtual_limit_maps.cf
# virtual_maildir_limit_message = Sorry - The maildir has overdrawn the diskspace quota - free up some spaces of your mailbox and try again...
#virtual_overquota_bounce       = yes

######### Spamfilter & Scanning
content_filter = smtp-amavis:[127.0.0.1]:10024
default_destination_recipient_limit = 20

# Vacation definitions
transport_maps = hash:/etc/postfix/transport

inet_protocols = ipv4

header_checks = pcre:/etc/postfix/header_checks
body_checks = pcre:/etc/postfix/body_checks

# Added by BitDefender on søn mar 22 14:31:14 CET 2015
smtpd_milters=unix:/var/spool/postfix/BitDefender/bdmilterd.sock
milter_protocol = 2
milter_default_action = tempfail
milter_connect_timeout = 30s
milter_command_timeout = 30s
milter_content_timeout = 30s
# End of added lines

Er der ikke mere jeg kan gøre - for at få slettet alle de mails der kommer ind og sendes fra et domæne jeg har - således at jeg kommer væk fra de blokeringer der ligges for min IP