스팸릴레이를 막으려고 분투중입니다. 도와주세요~^
저의 구성은 postfix + imap + sasl + procmail 입니다.
아웃룩에서 받는메일(pop3)는 995번포트로 받구요 보내는것은 25번포트로 보내고 있습니다.
현재 mail 받는것은 25번 smtp로 받아들이고, client에서 읽어보는건 imap, 보낼때는 smtps로 하고 있습니다. 그런데 서버가 비정기적으로 다운되어 원인을 점검한 끝에 스팸릴레이 때문이라는 것을 알아냈습니다.
잠깐동안 실행시키는 중에도 아래와같은 메일로그가 쌓이더군요...
========================================
Jan 17 16:09:53 greatearth postfix/postfix-script: starting the Postfix mail system
Jan 17 16:09:53 greatearth postfix/master[7593]: daemon started -- version 2.1.1
Jan 17 16:09:53 greatearth postfix/qmgr[7595]: AF804B223E: from=<>, size=4937, nrcpt=1 (queue active)
Jan 17 16:09:53 greatearth postfix/qmgr[7595]: 9A616B2202: from=<>, size=5184, nrcpt=1 (queue active)
Jan 17 16:09:53 greatearth postfix/qmgr[7595]: 28D08B221A: from=<>, size=10144, nrcpt=1 (queue active)
Jan 17 16:09:53 greatearth postfix/qmgr[7595]: 324DAB2239: from=<>, size=10209, nrcpt=1 (queue active)
Jan 17 16:09:53 greatearth postfix/qmgr[7595]: 80CC3B222D: from=<>, size=30970, nrcpt=1 (queue active)
Jan 17 16:09:53 greatearth postfix/qmgr[7595]: 06C04B2238: from=<>, size=5271, nrcpt=1 (queue active)
Jan 17 16:09:53 greatearth postfix/qmgr[7595]: 073C6B2224: from=<>, size=3892, nrcpt=1 (queue active)
Jan 17 16:09:53 greatearth postfix/qmgr[7595]: BD1F3B21F7: from=<>, size=3663, nrcpt=1 (queue active)
Jan 17 16:09:53 greatearth postfix/qmgr[7595]: DD893B2227: from=<>, size=4186, nrcpt=1 (queue active)
Jan 17 16:09:53 greatearth postfix/qmgr[7595]: D1CECB223A: from=<>, size=6290, nrcpt=1 (queue active)
Jan 17 16:09:53 greatearth postfix/qmgr[7595]: ED823B2225: from=<>, size=31012, nrcpt=1 (queue active)
Jan 17 16:09:53 greatearth postfix/qmgr[7595]: E5D69B223D: from=<>, size=3824, nrcpt=1 (queue active)
Jan 17 16:09:53 greatearth postfix/qmgr[7595]: 42B06B2234: from=<>, size=6699, nrcpt=1 (queue active)
Jan 17 16:09:53 greatearth postfix/qmgr[7595]: 621DFB222B: from=<>, size=10182, nrcpt=1 (queue active)
Jan 17 16:09:53 greatearth postfix/qmgr[7595]: 77BD5B224D: from=<>, size=5064, nrcpt=1 (queue active)
Jan 17 16:09:53 greatearth postfix/qmgr[7595]: 5C1CAB223B: from=<>, size=4407, nrcpt=1 (queue active)
Jan 17 16:09:53 greatearth postfix/smtp[7605]: connect to mail.hyoksung.com[61.250.91.67]: Connection refused (port 25)
Jan 17 16:09:53 greatearth postfix/smtp[7609]: connect to yecamail.yeca.com[203.246.176.22]: Connection refused (port 25)
Jan 17 16:09:54 greatearth postfix/smtp[7597]: warning: valid_hostname: empty hostname
Jan 17 16:09:54 greatearth postfix/smtp[7597]: warning: malformed domain name in resource data of MX record for yahoo.net:
Jan 17 16:09:54 greatearth postfix/smtp[7602]: warning: valid_hostname: empty hostname
Jan 17 16:09:54 greatearth postfix/smtp[7602]: warning: malformed domain name in resource data of MX record for yahoo.net:
Jan 17 16:09:54 greatearth postfix/smtp[7613]: connect to no5.zoensesang1.com[211.234.122.11]: Connection refused (port 25)
Jan 17 16:09:54 greatearth postfix/smtp[7605]: DD893B2227: to=<nobody@hyoksung.com>, relay=none, delay=274633, status=deferred (connect to mail.hyoksung.com[61.250.91.67]: Connection refused)
Jan 17 16:09:54 greatearth postfix/smtp[7597]: AF804B223E: to=<jsk08191s@yahoo.net>, relay=none, delay=350487, status=deferred (Name service error for name=yahoo.net type=MX: Malformed name server reply)
Jan 17 16:09:54 greatearth postfix/smtp[7609]: 42B06B2234: to=<return@yeca.com>, relay=none, delay=394240, status=deferred (connect to yecamail.yeca.com[203.246.176.22]: Connection refused)
Jan 17 16:09:54 greatearth postfix/smtp[7613]: 5C1CAB223B: to=<rrvxlfsro@no5.zoensesang1.com>, relay=none, delay=426121, status=deferred (connect to no5.zoensesang1.com[211.234.122.11]: Connection refused)
Jan 17 16:09:54 greatearth postfix/smtp[7602]: 06C04B2238: to=<jsk08191s@yahoo.net>, relay=none, delay=340771, status=deferred (Name service error for name=yahoo.net type=MX: Malformed name server reply)
Jan 17 16:09:54 greatearth postfix/smtp[7612]: 77BD5B224D: to=<bigbeng@westernpower.co.kr>, relay=rx1.westernpower.co.kr[61.32.236.171], delay=308261, status=deferred (lost connection with rx1.westernpower.co.kr[61.32.236.171] while sending MAIL FROM)
Jan 17 16:09:55 greatearth postfix/smtp[7598]: 9A616B2202: to=<godhouse3310@hanmir.com>, relay=mailex10.paran.com[211.41.82.75], delay=4689, status=sent (250 ok: Message 106772087 accepted)
Jan 17 16:09:55 greatearth postfix/qmgr[7595]: 9A616B2202: removed
Jan 17 16:09:58 greatearth postfix/smtp[7603]: 073C6B2224: to=<whcheong@kapanet.co.kr>, relay=mail.kapanet.co.kr[210.98.146.17], delay=237986, status=deferred (lost connection with mail.kapanet.co.kr[210.98.146.17] while sending MAIL FROM)
Jan 17 16:10:23 greatearth postfix/smtp[7608]: connect to naver.co.kr[211.218.150.250]: Connection timed out (port 25)
Jan 17 16:10:24 greatearth postfix/smtp[7601]: connect to mass.gretech.net[221.148.56.250]: Connection timed out (port 25)
Jan 17 16:10:24 greatearth postfix/smtp[7606]: connect to rogn.com[64.62.166.78]: Connection timed out (port 25)
Jan 17 16:10:24 greatearth postfix/smtp[7601]: 80CC3B222D: to=<deskmaster@mass.gretech.net>, relay=none, delay=230879, status=deferred (connect to mass.gretech.net[221.148.56.250]: Connection timed out)
Jan 17 16:10:24 greatearth postfix/smtp[7607]: connect to mass.gretech.net[221.148.56.250]: Connection timed out (port 25)
Jan 17 16:10:24 greatearth postfix/smtp[7606]: D1CECB223A: to=<rpgm@rogn.com>, relay=none, delay=320446, status=deferred (connect to rogn.com[64.62.166.78]: Connection timed out)
Jan 17 16:10:24 greatearth postfix/smtp[7607]: ED823B2225: to=<deskmaster@mass.gretech.net>, relay=none, delay=231123, status=deferred (connect to mass.gretech.net[221.148.56.250]: Connection timed out)
Jan 17 16:10:24 greatearth postfix/smtp[7604]: connect to daun.net[64.74.96.243]: Connection timed out (port 25)
Jan 17 16:10:24 greatearth postfix/smtp[7600]: connect to dreamwiz.gnway.net[221.3.39.49]: Connection timed out (port 25)
Jan 17 16:10:24 greatearth postfix/smtp[7611]: connect to empal.gnway.net[221.3.54.194]: Connection timed out (port 25)
Jan 17 16:10:24 greatearth postfix/smtp[7599]: connect to chol.gnway.net[221.3.54.149]: Connection timed out (port 25)
Jan 17 16:10:24 greatearth postfix/smtp[7604]: BD1F3B21F7: to=<han343434343ermi@daun.net>, relay=none, delay=12955, status=deferred (connect to daun.net[64.74.96.243]: Connection timed out)
Jan 17 16:10:24 greatearth postfix/smtp[7611]: 621DFB222B: to=<apvrcmkoeec@empal.gnway.net>, relay=none, delay=250984, status=deferred (connect to empal.gnway.net[221.3.54.194]: Connection timed out)
Jan 17 16:10:24 greatearth postfix/smtp[7600]: 324DAB2239: to=<lamdjgfmpmneus@dreamwiz.gnway.net>, relay=none, delay=318968, status=deferred (connect to dreamwiz.gnway.net[221.3.39.49]: Connection timed out)
Jan 17 16:10:24 greatearth postfix/smtp[7599]: 28D08B221A: to=<gqpmmrqnhgd@chol.gnway.net>, relay=none, delay=188862, status=deferred (connect to chol.gnway.net[221.3.54.149]: Connection timed out)
Jan 17 16:10:53 greatearth postfix/smtp[7608]: connect to naver.co.kr[211.218.150.200]: Connection timed out (port 25)
Jan 17 16:10:53 greatearth postfix/smtp[7608]: E5D69B223D: to=<jin7113jin7113jin7113jun7503zzanga77077jun7503jun7503bmw4518hailan410hailan410bmw4518@naver.co.kr>, relay=none, delay=392945, status=deferred (connect to naver.co.kr[211.218.150.200]: Connection timed out)
Jan 17 16:11:11 greatearth postfix/postfix-script: stopping the Postfix mail system
Jan 17 16:11:11 greatearth postfix/master[7593]: terminating on signal 15
========================================
고수님들의 조언 부탁드립니다. 참고로 저의 main.cf파일을 첨부합니다.
queue_directory=/var/spool/postfix
command_directory=/usr/sbin
daemon_directory=/usr/lib/postfix
mail_owner=postfix
myhostname=domain.co.kr
mydomain=domain.co.kr
myorigin=$mydomain
inet_interfaces = all
mydestination = $myhostname, $mydomain
local_recipient_maps =
unknown_local_recipient_reject_code=550
mynetworks_style = host
relay_domains = $mydestination
alias_maps=hash:/etc/aliases
alias_database=hash:/etc/aliases
mail_spool_directory = /var/spool/mail
mailbox_command = /usr/bin/procmail -a "$EXTENSION"
header_checks=regexp:/etc/postfix/header_checks
smtpd_banner=$myhostname ESMTP $mail_name
debug_peer_level=2
debugger_command=PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path=/usr/sbin/sendmail
newaliases_path=/usr/bin/newaliases
mailq_path=/usr/bin/mailq
setgid_group=maildrop
html_directory=/usr/share/doc/packages/postfix/html
html_directory=/usr/share/doc/packages/postfix/html
sample_directory=/usr/share/doc/packages/postfix/samples
readme_directory=/usr/share/doc/packages/postfix/README_FILES
mailbox_size_limit=0
message_size_limit=10240000
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_alias_domains = domain.co.kr
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_recipient_restriction = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
smtpd_sender_restrictions = reject_unknown_sender_domain
check_sender_access = hash:/etc/postfix/sender_access
notify_classes = delay, policy, protocol, resource, software
그럼 부탁드립니다...~^^^^
저도 postfix를 쓰면서 그냥 두었더니 비 정상적으로 접근하는 로그가
저도 postfix를 쓰면서 그냥 두었더니 비 정상적으로 접근하는 로그가 엄청 많이 쌓이더군요. 이게 메일을 진짜 릴레이하는 건지 아닌지도 정확하게 판단하지 못하겠고, 그래서 메뉴얼을 좀 찾아보니 릴레이시 클라이언트의 접근 제한을 하는 옵션이 있길래 걸어보았습니다.
이 옵션들을 추가한 뒤부터는 만 이틀되었군요, 우연인지 모르겠지만 아직까진 비정상 접속 시도에 대한 로그가 안나오고 있습니다.
해박님의 조언 감사드립니다.
조언해주신 부분을 반영했는데 저에게 문제가 되고있는 로그는 계속 들어오고 있습니다.
warning: valid_hostname: empty hostname
warning: malformed domain name in resource data of MX record for yahoo.net:
mail.warn파일에 보면 위의 로그가 남구요~ from=<>로 들어온 릴레이 시도는 차단되지 않고 들어옵니다. 아마도 이 문제에 관한 경고가 valid_hostname: empty hostname인 것 같습니다.
이 문제를 해결하려면 어떤 부분을 설정해주어야 되는지요~ 고수님들의 조언 부탁드립니다.
그게여..
저도 쓰다가 그런적이 많아서 알아봤는데여
그거에 대한 주이유는 스팸 릴레이 때문입니다.
위엣 분이 잘 설명 해주셨는데 저것은 릴레이시 클라이언트의 접근 제한을 하는 옵션이고요 제가 알기로는 저것과 연관된 옵션들이 한 4 개 있습니다. 전 우연히 그 4 개중 하나를 걸어 봤는데 많이 나아진 것 같습니다.
댓글 달기