제 메일서버가 스팸 발송으로 사용되어 지고 있는것 같아서, 문의좀 드립니다.
글쓴이: jungkiri / 작성시간: 금, 2012/08/03 - 3:06오후
제 메일서버가 스팸 발송으로 사용되어 지고 있는것 같아서,
메일릴레이도 테스트 해봤으나, 닫혀 있네요.
메일로그를 보니 201.2.72.116(브라질쪽) 이쪽 아이피에서
제 메일서버를 통해서 외부로 발송을 계속하는것으로 보이네요.
Postfix helo_access 쪽에 설정을 만져줘도 마찬가지네요.
(이렇게 하는게 맞는지는 모르겠지만...)
# Reject who use IP address as helo.
# Correct: [xxx.xxx.xxx.xxx]
# Incorrect: xxx.xxx.xxx.xxx
/^[0-9.]+$/ REJECT Go away, bad guy (not RFC compliant).
201.2.72.116 REJECT Go away, bad guy
어떻게 처리해야 되는지 궁금해서 글 남겨봅니다.
제가 사용중인 서버환경은 Postfix, Dovecot 입니다.
/var/log/maillog
--------------------------
Aug 3 00:00:26 www postfix/cleanup[27781]: 2C34C80B098: message-id=<20120802150026.2C34C80B098@www.test.com>
Aug 3 00:00:26 www amavis[27995]: (27995-15) Passed CLEAN {RelayedOutbound}, MYUSERS LOCAL [201.2.72.116]:4705 [201.2.72.116] <test@test.com> -> <brivecco@aol.co
m>, mail_id: Z9UKq5HjsbeD, Hits: -79.591, size: 2902, queued_as: 2C34C80B098, dkim_new=dkim:test.com, 6355 ms
/var/log/maillog: unmodified: line 1
Aug 3 00:00:01 www newsyslog[28049]: logfile turned over
Aug 3 00:00:03 www postfix/smtpd[27911]: DCFEC80B092: client=localhost[127.0.0.1]
Aug 3 00:00:03 www postfix/cleanup[27618]: DCFEC80B092: message-id=<20120802150003.DCFEC80B092@www.test.com>
Aug 3 00:00:03 www amavis[27991]: (27991-13) Passed CLEAN {RelayedOutbound}, MYUSERS LOCAL [201.2.72.116]:4707 [201.2.72.116] <test@test.com> -> <brllense55@peoplepc.com>, mail_id: OhgFAgUr3mFE, Hits: -79
.591, size: 2902, queued_as: DCFEC80B092, dkim_new=dkim:test.com, 6406 ms
Aug 3 00:00:03 www postfix/smtp[27960]: 4D39A7B56AE: to=<brllense55@peoplepc.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=96205, delays=18/96181/0/6.4, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0
.0.1]:10025): 250 2.0.0 Ok: queued as DCFEC80B092)
Aug 3 00:00:03 www amavis[27991]: (27991-14) (!)loading policy bank "MYUSERS": unknown field "warnspamsender"
Aug 3 00:00:03 www amavis[27991]: (27991-14) (!)loading policy bank "MYUSERS": unknown field "warnvirussender"
Aug 3 00:00:07 www postfix/smtpd[27737]: 0D18680B093: client=localhost[127.0.0.1]
Aug 3 00:00:07 www postfix/cleanup[27781]: 0D18680B093: message-id=<20120802150007.0D18680B093@www.test.com>
Aug 3 00:00:07 www amavis[27995]: (27995-12) Passed CLEAN {RelayedOutbound}, MYUSERS LOCAL [201.2.72.116]:4707 [201.2.72.116] <test@test.com> -> <brlmmoore@aol.com>, mail_id: Y7vGZjhsj7mq, Hits: -79.591,
size: 2902, queued_as: 0D18680B093, dkim_new=dkim:test.com, 6371 ms
Aug 3 00:00:07 www postfix/smtp[28040]: 4D39A7B56AE: to=<brlmmoore@aol.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=96208, delays=18/96184/0/6.4, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:
10025): 250 2.0.0 Ok: queued as 0D18680B093)
Aug 3 00:00:07 www amavis[27995]: (27995-13) (!)loading policy bank "MYUSERS": unknown field "warnspamsender"
Aug 3 00:00:07 www amavis[27995]: (27995-13) (!)loading policy bank "MYUSERS": unknown field "warnvirussender"
Aug 3 00:00:10 www postfix/smtpd[27911]: 4938780B094: client=localhost[127.0.0.1]
Aug 3 00:00:10 www postfix/cleanup[27618]: 4938780B094: message-id=<20120802150010.4938780B094@www.test.com>
Aug 3 00:00:10 www amavis[27991]: (27991-14) Passed CLEAN {RelayedOutbound}, MYUSERS LOCAL [201.2.72.116]:4707 [201.2.72.116] <test@test.com> -> <brlyober4@yahoo.com>, mail_id: WtgHhBHimXl3, Hits: -79.591
, size: 2902, queued_as: 4938780B094, dkim_new=dkim:test.com, 6385 ms
Aug 3 00:00:10 www postfix/smtp[28063]: 4D39A7B56AE: to=<brlyober4@yahoo.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=96212, delays=18/96188/0/6.4, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1
]:10025): 250 2.0.0 Ok: queued as 4938780B094)
Aug 3 00:00:10 www amavis[27991]: (27991-15) (!)loading policy bank "MYUSERS": unknown field "warnspamsender"
Aug 3 00:00:10 www amavis[27991]: (27991-15) (!)loading policy bank "MYUSERS": unknown field "warnvirussender"
Aug 3 00:00:13 www postfix/smtpd[27737]: 6A32880B095: client=localhost[127.0.0.1]
Aug 3 00:00:13 www postfix/cleanup[27781]: 6A32880B095: message-id=<20120802150013.6A32880B095@www.test.com>
Aug 3 00:00:13 www amavis[27995]: (27995-13) Passed CLEAN {RelayedOutbound}, MYUSERS LOCAL [201.2.72.116]:4707 [201.2.72.116] <test@test.com> -> <brmgre@yahoo.com>, mail_id: ux9tPHyMqhDU, Hits: -79.591, s
ize: 2902, queued_as: 6A32880B095, dkim_new=dkim:test.com, 6374 ms
Aug 3 00:00:13 www postfix/smtp[28040]: 4D39A7B56AE: to=<brmgre@yahoo.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=96215, delays=18/96191/0/6.4, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:1
0025): 250 2.0.0 Ok: queued as 6A32880B095)
Aug 3 00:00:13 www amavis[27995]: (27995-14) (!)loading policy bank "MYUSERS": unknown field "warnspamsender"
Aug 3 00:00:13 www amavis[27995]: (27995-14) (!)loading policy bank "MYUSERS": unknown field "warnvirussender"
Aug 3 00:00:16 www postfix/smtpd[27911]: C3D2F7B5696: client=localhost[127.0.0.1]
Aug 3 00:00:16 www postfix/cleanup[27618]: C3D2F7B5696: message-id=<20120802150016.C3D2F7B5696@www.test.com>
Aug 3 00:00:16 www amavis[27991]: (27991-15) Passed CLEAN {RelayedOutbound}, MYUSERS LOCAL [201.2.72.116]:4707 [201.2.72.116] <test@test.com> -> <brmont1@aol.com>, mail_id: GtrTKjE1mc4d, Hits: -79.591, si
ze: 2902, queued_as: C3D2F7B5696, dkim_new=dkim:test.com, 6493 ms
Aug 3 00:00:16 www postfix/smtp[28063]: 4D39A7B56AE: to=<brmont1@aol.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=96218, delays=18/96194/0/6.5, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10
025): 250 2.0.0 Ok: queued as C3D2F7B5696)
Aug 3 00:00:16 www amavis[27991]: (27991-16) (!)loading policy bank "MYUSERS": unknown field "warnspamsender"
Aug 3 00:00:16 www amavis[27991]: (27991-16) (!)loading policy bank "MYUSERS": unknown field "warnvirussender"
Aug 3 00:00:19 www postfix/smtpd[27737]: C489E80B096: client=localhost[127.0.0.1]
Aug 3 00:00:19 www postfix/cleanup[27781]: C489E80B096: message-id=<20120802150019.C489E80B096@www.test.com>
Aug 3 00:00:19 www amavis[27995]: (27995-14) Passed CLEAN {RelayedOutbound}, MYUSERS LOCAL [201.2.72.116]:4707 [201.2.72.116] <test@test.com> -> <brn3846@yahoo.com>, mail_id: RfRG69ivHMaS, Hits: -79.591,
size: 2902, queued_as: C489E80B096, dkim_new=dkim:test.com, 6362 ms
Aug 3 00:00:19 www postfix/smtp[28040]: 4D39A7B56AE: to=<brn3846@yahoo.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=96221, delays=18/96197/0/6.4, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:
10025): 250 2.0.0 Ok: queued as C489E80B096)
Aug 3 00:00:19 www postfix/qmgr[1173]: 4D39A7B56AE: removed
Aug 3 00:00:19 www postfix/qmgr[1173]: A8AC97BB225: from=<test@test.com>, size=2907, nrcpt=10 (queue active)
Aug 3 00:00:19 www amavis[27995]: (27995-15) (!)loading policy bank "MYUSERS": unknown field "warnspamsender"
Aug 3 00:00:19 www amavis[27995]: (27995-15) (!)loading policy bank "MYUSERS": unknown field "warnvirussender"
Aug 3 00:00:22 www postfix/smtpd[27911]: 2CD2780B097: client=localhost[127.0.0.1]
Aug 3 00:00:22 www postfix/cleanup[27618]: 2CD2780B097: message-id=<20120802150022.2CD2780B097@www.test.com>
Aug 3 00:00:22 www amavis[27991]: (27991-16) Passed CLEAN {RelayedOutbound}, MYUSERS LOCAL [201.2.72.116]:4705 [201.2.72.116] <test@test.com> -> <brivard7@aol.com>, mail_id: 8uc7QYU0-fQm, Hits: -79.591, s
ize: 2902, queued_as: 2CD2780B097, dkim_new=dkim:test.com, 5363 ms
Aug 3 00:00:22 www postfix/smtp[28063]: 3FCC37B56AD: to=<brivard7@aol.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=96224, delays=18/96200/0/5.4, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:1
0025): 250 2.0.0 Ok: queued as 2CD2780B097)
Aug 3 00:00:22 www amavis[27991]: (27991-17) (!)loading policy bank "MYUSERS": unknown field "warnspamsender"
Aug 3 00:00:22 www amavis[27991]: (27991-17) (!)loading policy bank "MYUSERS": unknown field "warnvirussender"
Aug 3 00:00:26 www postfix/smtpd[27737]: 2C34C80B098: client=localhost[127.0.0.1]
Aug 3 00:00:26 www postfix/cleanup[27781]: 2C34C80B098: message-id=<20120802150026.2C34C80B098@www.test.com>
Aug 3 00:00:26 www amavis[27995]: (27995-15) Passed CLEAN {RelayedOutbound}, MYUSERS LOCAL [201.2.72.116]:4705 [201.2.72.116] <test@test.com> -> <brivecco@aol.com>, mail_id: Z9UKq5HjsbeD, Hits: -79.591, s
ize: 2902, queued_as: 2C34C80B098, dkim_new=dkim:test.com, 6355 msFile attachments:
| 첨부 | 파일 크기 |
|---|---|
 test.jpg | 433.18 KB |
Forums:
[냉무] 여기는 수다 떠는 방인데요.
[냉무] 여기는 수다 떠는 방인데요.
이런글도 나쁘지않은것 같네요.
이런글도 나쁘지않은것 같네요.
---------------------------------------------------------------------------------
C(++)과 php 펄등을 공부하고있습니다.
반갑습니다! 리눅스 :-)
dovecot 설정을 바꾸시면...
저도 개인적으로 운영하는 메일 서버가 postfix/dovecot으로 운영중입니다.
Mysql을 사용하신다면 잘 모르겠지만 그냥 로컬 유저인식방법이라면
/etc/dovecot/dovecot.conf 파일을 확인해 보세요.
(제 경우 인원이 한정되어 있으며 유저와 비밀번호가 거의 바뀌지 않는 환경이라
이런 형태로 사용합니다.)
/etc/dovecot/dovecot.conf
base_dir = /var/run/dovecot/ protocols = imap pop3 disable_plaintext_auth = no shutdown_clients = yes log_path = /var/log/dovecot info_log_path = /var/log/dovecot.info log_timestamp = "%Y-%m-%d %H:%M:%S " ssl_disable = yes login_dir = /var/run/dovecot/login login_chroot = yes login_user = dovecot login_greeting = Dovecot ready. mail_location = maildir:/home/vmail/%d/%n mmap_disable = no valid_chroot_dirs = /var/spool/vmail protocol imap { login_executable = /usr/lib/dovecot/imap-login mail_executable = /usr/lib/dovecot/imap } protocol pop3 { login_executable = /usr/lib/dovecot/pop3-login mail_executable = /usr/lib/dovecot/pop3 pop3_uidl_format = %08Xu%08Xv } auth_executable = /usr/lib/dovecot/dovecot-auth auth_verbose = yes auth default { mechanisms = plain digest-md5 passdb passwd-file { args = /etc/dovecot/passwd } userdb passwd-file { args = /etc/dovecot/users } user = root }/etc/dovecot/users의 형식은
이며
/etc/dovecot/passwd의 형식은
입니다.
좀더 자세한 사항은 'ubuntu postfix dovecot' 등을 검색해보시면 좀더 자세한
설명이나 해결방법이 나올 수 있습니다.
------------------------------
좋은 하루 되세요.