postfix, spam dziwne ip netstat

Konfiguracja serwerów, usług, itp.
mojnik
Beginner
Posty: 122
Rejestracja: 10 maja 2013, 12:54

postfix, spam dziwne ip netstat

Post autor: mojnik »

Posiadam serwer pocztowy, dostałem informacje o tym że mój serwer rozsyła spam (SPAMCOP)

netstat:

Kod: Zaznacz cały

Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 185.**.**.12:53        0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:6010          0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:8891          0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:993             0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:995             0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:10024         0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:10025         0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:10026         0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:10027         0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:587             0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:11211         0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:53803           0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:110             0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:783           0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:143             0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:465             0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:8081            0.0.0.0:*               LISTEN     
tcp        0      0 185.**.**.12:22        91.247.99.69:34532      ESTABLISHED
tcp        0      0 185.**.**.12:22        85.234.121.87:47509     ESTABLISHED
tcp        0      0 185.**.**.12:40498     193.105.37.142:25       CLOSE_WAIT 
tcp        0      0 185.**.**.12:22        94.247.62.18:41441      ESTABLISHED
tcp        0      0 185.**.**.12:22        188.19.207.164:56415    ESTABLISHED
tcp        0      0 185.**.**.12:443       188.47.127.74:30475     ESTABLISHED
tcp        0      0 185.**.**.12:22        178.213.9.48:37314      ESTABLISHED
tcp        0      0 185.**.**.12:22        188.18.206.10:39205     ESTABLISHED
tcp        0      0 185.**.**.12:53930     81.95.136.220:25        CLOSE_WAIT 
tcp        0      0 185.**.**.12:55199     94.141.98.166:25        TIME_WAIT  
tcp        0      0 127.0.0.1:38417         127.0.0.1:3306          ESTABLISHED
tcp        0      0 127.0.0.1:38435         127.0.0.1:3306          ESTABLISHED
tcp        0      0 185.**.**.12:44887     178.16.153.211:25       CLOSE_WAIT
Czym są te ostatnie adresy prowadzące do rosyjskich stron? I jak u licha się tu znalazły?

mail.log:

Kod: Zaznacz cały

Oct 25 16:17:46 xxx postfix/smtp[16207]: 21D12394340D: to=<cristiebraxd28@qip.ru>, relay=mx.qip.ru[185.79.118.153]:25, delay=0.97, delays=0.04/0/0.19/0.74, dsn=5.0.0, status=bounced (host mx.qip.ru[185.79.118.153] said: 550 Addresses failed: cristiebraxd28@qip.ru     (in reply to end of DATA command))
Oct 25 16:17:46 xxx postfix/qmgr[31119]: 21D12394340D: removed
Na serwerze nie ma żadnych skrzynek w domenie qip.ru
Awatar użytkownika
LordRuthwen
Moderator
Posty: 2302
Rejestracja: 18 września 2009, 21:45
Lokalizacja: klikash?

Re: postfix, spam dziwne ip netstat

Post autor: LordRuthwen »

Pokaż konfigurację postfixa, bo to tu jest problem.
mojnik
Beginner
Posty: 122
Rejestracja: 10 maja 2013, 12:54

Re: postfix, spam dziwne ip netstat

Post autor: mojnik »

main.cf

Kod: Zaznacz cały

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = /usr/share/doc/postfix

# TLS parameters
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

smtpd_helo_required = yes
smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, reject_invalid_hostname, reject_non_fqdn_hostname, check_helo_access regexp:/etc/postfix/blacklist_helo
#smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = MOJA_DOMENA
alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
myorigin = /etc/mailname
mydestination = $myhostname, localhost, localhost.localdomain
relayhost = 
mynetworks = 127.0.0.0/8 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
html_directory = /usr/share/doc/postfix/html
virtual_alias_domains = 
virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /var/vmail
virtual_uid_maps = mysql:/etc/postfix/mysql-virtual_uids.cf
virtual_gid_maps = mysql:/etc/postfix/mysql-virtual_gids.cf
inet_protocols = all
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination
smtpd_tls_security_level = may
transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps
smtpd_sender_restrictions = hash:/etc/postfix/sender_checks, check_sender_access regexp:/etc/postfix/tag_as_originating.re , permit_mynetworks, permit_sasl_authenticated, check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf, check_sender_access regexp:/etc/postfix/tag_as_foreign.re
smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf
smtpd_client_message_rate_limit = 100
maildrop_destination_concurrency_limit = 1
maildrop_destination_recipient_limit = 1
virtual_transport = dovecot
header_checks = regexp:/etc/postfix/header_checks
mime_header_checks = regexp:/etc/postfix/mime_header_checks
nested_header_checks = regexp:/etc/postfix/nested_header_checks
body_checks = regexp:/etc/postfix/body_checks
owner_request_special = no
smtp_tls_security_level = may
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2,!SSLv3
smtp_tls_protocols = !SSLv2,!SSLv3
dovecot_destination_recipient_limit = 1
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
#content_filter = amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings
message_size_limit = 0
sender_bcc_maps = proxy:mysql:/etc/postfix/mysql-virtual_outgoing_bcc.cf
smtpd_restriction_classes = greylisting
greylisting = check_policy_service inet:127.0.0.1:10023
smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender_login_maps.cf
smtpd_tls_exclude_ciphers = RC4, aNULL
smtp_tls_exclude_ciphers = RC4, aNULL
content_filter = amavis:[127.0.0.1]:10024
mailbox_command = procmail -a "$EXTENSION"


#smtpd_milters = unix:/spamass/spamass.sock, inet:localhost:12301
#non_smtpd_milters = unix:/spamass/spamass.sock, inet:localhost:12301

smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891

milter_protocol = 6
milter_default_action = accept
ODPOWIEDZ