Mon Postfix est devenu sauvage, est-ce compromis

Aujourd'hui, j'ai trouvé que mon serveur ne pouvait pas fonctionner car il était rempli. J'ai vérifié les journaux et ils ont énormément augmenté, je les ai supprimés afin que les choses puissent fonctionner. Maintenant, avec les journaux actuels, je vois beaucoup d'activité suspecte.

Journal de courrier

Aug 18 23:09:29 veepiz postfix/smtpd[16724]: match_list_match: unknown: no match Aug 18 23:09:29 veepiz postfix/smtpd[16904]: match_hostaddr: 61.67.184.122 ~? 10.182.130.68/32 Aug 18 23:09:29 veepiz postfix/smtpd[13321]: input attribute name: nexthop Aug 18 23:09:29 veepiz postfix/smtpd[12192]: private/rewrite socket: wanted attribute: flags Aug 18 23:09:29 veepiz postfix/smtpd[12800]: input attribute value: (end) Aug 18 23:09:29 veepiz postfix/smtpd[17483]: private/anvil: wanted attribute: rate Aug 18 23:09:29 veepiz postfix/smtpd[12468]: smtp_get: EOF Aug 18 23:09:29 veepiz postfix/smtpd[17928]: send attr milter_actions = 17 Aug 18 23:09:29 veepiz postfix/smtpd[16135]: generic_checks: name=reject_unauth_destination Aug 18 23:09:29 veepiz postfix/smtpd[19163]: input attribute value: 7476A1659B3 Aug 18 23:09:29 veepiz postfix/smtpd[14164]: private/rewrite socket: wanted attribute: flags Aug 18 23:09:29 veepiz postfix/smtpd[19366]: input attribute value: smtp Aug 18 23:09:29 veepiz postfix/smtpd[15307]: match_hostname: dsl093-059-178.blt1.dsl.speakeasy.net ~? 127.0.0.1/32 Aug 18 23:09:29 veepiz postfix/smtpd[15951]: milter8_connect: milter inet:127.0.0.1:20209 version 2 Aug 18 23:09:29 veepiz postfix/smtpd[15865]: send attr ident = smtp:202.91.239.165 Aug 18 23:09:29 veepiz postfix/smtpd[15569]: ctable_locate: leave existing entry key ycliu6000@yahoo.com.tw Aug 18 23:09:29 veepiz postfix/smtpd[12901]: disconnect from dsl093-059-178.blt1.dsl.speakeasy.net[66.93.59.178] Aug 18 23:09:29 veepiz postfix/smtpd[13166]: match_hostaddr: 202.53.71.60 ~? 127.0.0.1/32 Aug 18 23:09:29 veepiz postfix/smtpd[18364]: match_hostname: unknown ~? 50.57.111.177/32 Aug 18 23:09:29 veepiz postfix/smtpd[12205]: input attribute value: 2048 Aug 18 23:09:29 veepiz postfix/smtpd[14859]: match_list_match: unknown: no match Aug 18 23:09:29 veepiz postfix/smtpd[18082]: generic_checks: name=permit_mynetworks Aug 18 23:09:29 veepiz opendkim[19722]: OpenDKIM Filter: Unable to create listening socket on conn inet:20209@localhost Aug 18 23:09:29 veepiz postfix/smtpd[19586]: name_mask: resource Aug 18 23:09:29 veepiz postfix/smtpd[14764]: match_hostaddr: 122.201.66.80 ~? 127.0.0.1/32 Aug 18 23:09:29 veepiz postfix/smtpd[12265]: input attribute name: count Aug 18 23:09:29 veepiz postfix/smtpd[19034]: match_hostaddr: 82.71.212.10 ~? 10.182.130.68/32 Aug 18 23:09:29 veepiz postfix/smtpd[18460]: match_hostaddr: 190.146.184.219 ~? 10.182.130.68/32 Aug 18 23:09:29 veepiz postfix/smtpd[17099]: match_hostaddr: 178.83.29.189 ~? 50.57.111.177/32 Aug 18 23:09:29 veepiz postfix/smtpd[17710]: match_hostname: unknown ~? 50.57.111.177/32 Aug 18 23:09:29 veepiz postfix/smtpd[14232]: disconnect event to all milters Aug 18 23:09:29 veepiz postfix/smtpd[15782]: input attribute name: (end) Aug 18 23:09:29 veepiz postfix/smtpd[18174]: milter_macro_lookup: "v" Aug 18 23:09:29 veepiz postfix/smtpd[12122]: send attr sender = Aug 18 23:09:29 veepiz postfix/smtpd[16633]: match_hostname: unknown ~? 127.0.0.1/32 Aug 18 23:09:29 veepiz postfix/smtpd[15479]: private/rewrite socket: wanted attribute: flags Aug 18 23:09:29 veepiz postfix/smtpd[13872]: event: SMFIC_CONNECT; macros: j=veepiz.com {daemon_name}=veepiz.com v=Postfix 2.3.3 Aug 18 23:09:29 veepiz postfix/smtpd[15132]: input attribute name: (end) Aug 18 23:09:29 veepiz postfix/smtpd[16806]: E5A4C1654DE: reject: RCPT from unknown[59.163.57.239]: 554 5.7.1 <someone09102004@yahoo.com.tw>: Relay access denied; from=<mjjjr@googlegroups.com> to=<someone09102004@yahoo.com.tw> proto=SMTP helo=<59.163.57.239.static.vsnl.net.in> Aug 18 23:09:29 veepiz postfix/smtpd[14527]: match_hostname: unknown ~? 10.182.130.68/32 Aug 18 23:09:29 veepiz postfix/smtpd[12222]: match_list_match: gmail.com: no match Aug 18 23:09:29 veepiz postfix/smtpd[15648]: private/rewrite socket: wanted attribute: address Aug 18 23:09:29 veepiz postfix/smtpd[13525]: match_string: hotmail.com ~? veepiz.com Aug 18 23:09:29 veepiz postfix/smtpd[12639]: permit_auth_destination: barbarita98@hotmail.com Aug 18 23:09:29 veepiz postfix/smtpd[18793]: milter8_connect: milter inet:127.0.0.1:20209 version 2 Aug 18 23:09:29 veepiz postfix/smtpd[13076]: input attribute name: (end) Aug 18 23:09:29 veepiz postfix/smtpd[17002]: private/rewrite socket: wanted attribute: (list terminator) Aug 18 23:09:29 veepiz postfix/smtpd[18678]: generic_checks: name=reject_unauth_destination Aug 18 23:09:29 veepiz postfix/smtpd[13243]: milter_macro_lookup: "{rcpt_addr}" Aug 18 23:09:29 veepiz postfix/smtpd[13626]: private/rewrite socket: wanted attribute: (list terminator) Aug 18 23:09:29 veepiz postfix/smtpd[18566]: match_hostaddr: 112.166.135.242 ~? 50.57.111.177/32 Aug 18 23:09:29 veepiz postfix/smtpd[18913]: public/cleanup socket: wanted attribute: queue_id Aug 18 23:09:29 veepiz postfix/smtpd[16226]: < unknown[61.19.246.53]: RCPT TO: <nico12261@hotmail.com> Aug 18 23:09:29 veepiz postfix/smtpd[12213]: ctable_locate: leave existing entry key big_resist99@hotmail.com Aug 18 23:09:29 veepiz postfix/smtpd[13785]: match_list_match: 61.133.8.74: no match Aug 18 23:09:29 veepiz postfix/smtpd[16360]: < unknown[200.68.18.101]: RCPT TO: <kingntust@msn.com> Aug 18 23:09:29 veepiz postfix/smtpd[14682]: send attr ident = smtp:201.236.80.197 Aug 18 23:09:29 veepiz postfix/smtpd[13712]: input attribute value: (end) Aug 18 23:09:29 veepiz postfix/smtpd[12331]: > unknown[200.6.252.70]: 250 2.0.0 Ok Aug 18 23:09:29 veepiz postfix/smtpd[17297]: milter8_connect: milter inet:127.0.0.1:20209 version 2 Aug 18 23:09:29 veepiz postfix/smtpd[13946]: report connect to all milters Aug 18 23:09:29 veepiz postfix/smtpd[12980]: send attr address = leopard100@seed.net.tw Aug 18 23:09:29 veepiz postfix/smtpd[15223]: send attr address = 26bc2@yahoo.com.tw Aug 18 23:09:29 veepiz postfix/smtpd[16046]: input attribute name: address Aug 18 23:09:29 veepiz postfix/smtpd[13423]: match_hostaddr: 110.74.129.159 ~? 10.182.130.68/32 Aug 18 23:09:29 veepiz postfix/smtpd[18264]: match_hostaddr: 200.160.111.154 ~? 10.182.130.68/32 Aug 18 23:09:29 veepiz postfix/smtpd[12158]: input attribute name: flags Aug 18 23:09:29 veepiz postfix/smtpd[14952]: generic_checks: name=permit_mynetworks Aug 18 23:09:29 veepiz postfix/smtpd[15045]: reply: SMFIR_CONTINUE data 0 bytes Aug 18 23:09:29 veepiz postfix/smtpd[14014]: ctable_locate: install entry key beautiijunkii@hotmail.com Aug 18 23:09:29 veepiz postfix/smtpd[12165]: match_hostaddr: 189.7.37.81 ~? 50.57.111.177/32 Aug 18 23:09:29 veepiz postfix/smtpd[15390]: < unknown[77.91.195.16]: RSET Aug 18 23:09:29 veepiz postfix/smtpd[14083]: match_list_match: unknown: no match Aug 18 23:09:29 veepiz postfix/smtpd[16450]: match_string: gmail.com ~? veepiz.com Aug 18 23:09:29 veepiz postfix/qmgr[12109]: B868E165652: to=<ndsghyoarkvfr@kimo.com>, relay=none, delay=13716, delays=13522/194/0/0, dsn=4.7.0, status=deferred (delivery temporarily suspended: host mx1.mail.tw.yahoo.com[203.188.197.119] refused to talk to me: 421 4.7.0 [TS01] Messages from 50.57.111.177 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html) Aug 18 23:09:29 veepiz postfix/smtpd[12150]: permit_mynetworks: ks390655.kimsufi.com 188.165.248.79 Aug 18 23:09:29 veepiz postfix/smtpd[16724]: match_list_match: 208.87.240.34: no match Aug 18 23:09:29 veepiz postfix/smtpd[16904]: match_list_match: 61-67-184-host122.kbtelecom.net.tw: no match Aug 18 23:09:29 veepiz postfix/smtpd[12192]: input attribute name: flags Aug 18 23:09:29 veepiz postfix/smtpd[13321]: input attribute value: gmail.com Aug 18 23:09:29 veepiz postfix/smtpd[12800]: public/cleanup socket: wanted attribute: (list terminator) Aug 18 23:09:29 veepiz postfix/smtpd[17483]: input attribute name: rate Aug 18 23:09:29 veepiz postfix/smtpd[12468]: match_hostname: unknown ~? 127.0.0.1/32 Aug 18 23:09:29 veepiz postfix/smtpd[17928]: send attr milter_events = 0 Aug 18 23:09:29 veepiz postfix/smtpd[16135]: reject_unauth_destination: 8654321@yahoo.com.tw Aug 18 23:09:29 veepiz postfix/smtpd[19163]: public/cleanup socket: wanted attribute: (list terminator) Aug 18 23:09:29 veepiz postfix/smtpd[14164]: input attribute name: flags Aug 18 23:09:29 veepiz postfix/smtpd[19366]: private/rewrite socket: wanted attribute: nexthop Aug 18 23:09:29 veepiz postfix/smtpd[15307]: match_hostaddr: 66.93.59.178 ~? 127.0.0.1/32 Aug 18 23:09:29 veepiz postfix/smtpd[15951]: milter8_connect: events Aug 18 23:09:29 veepiz postfix/smtpd[15865]: private/anvil: wanted attribute: status Aug 18 23:09:29 veepiz postfix/smtpd[15569]: NOQUEUE: reject: RCPT from unknown[195.239.156.234]: 554 5.7.1 <ycliu6000@yahoo.com.tw>: Relay access denied; from=<ftink@aol.com> to=<ycliu6000@yahoo.com.tw> proto=SMTP helo=<mail.bkrb.ru> Aug 18 23:09:29 veepiz postfix/smtpd[12901]: master_notify: status 1 Aug 18 23:09:29 veepiz postfix/smtpd[13166]: match_hostname: unknown ~? 50.57.111.177/32 Aug 18 23:09:29 veepiz postfix/smtpd[18364]: match_hostaddr: 190.26.210.23 ~? 50.57.111.177/32 Aug 18 23:09:29 veepiz postfix/smtpd[12205]: private/rewrite socket: wanted attribute: (list terminator) Aug 18 23:09:29 veepiz postfix/smtpd[14859]: match_list_match: 98.142.210.165: no match Aug 18 23:09:29 veepiz postfix/smtpd[18082]: permit_mynetworks: unknown 124.95.140.14 Aug 18 23:09:29 veepiz opendkim[19722]: smfi_opensocket() failed Aug 18 23:09:29 veepiz postfix/smtpd[12713]: < unknown[190.182.52.113]: RCPT TO: <6n6m@yahoo.com.tw> Aug 18 23:09:29 veepiz postfix/smtpd[19586]: name_mask: software Aug 18 23:09:29 veepiz postfix/smtpd[14764]: match_hostname: unknown ~? 50.57.111.177/32 Aug 18 23:09:29 veepiz postfix/smtpd[12265]: input attribute value: 1 Aug 18 23:09:29 veepiz postfix/smtpd[19034]: match_list_match: pancake.2280.net: no match Aug 18 23:09:29 veepiz postfix/smtpd[18460]: match_list_match: unknown: no match Aug 18 23:09:29 veepiz postfix/smtpd[17099]: match_hostname: 178-83-29-189.dynamic.hispeed.ch ~? 10.182.130.68/32 Aug 18 23:09:29 veepiz postfix/smtpd[17710]: match_hostaddr: 61.155.164.76 ~? 50.57.111.177/32 Aug 18 23:09:29 veepiz postfix/smtpd[15715]: < unknown[202.91.239.165]: RCPT TO: <a0286260095@yahoo.com.tw> Aug 18 23:09:29 veepiz postfix/smtpd[15782]: rewrite_clnt: local: 216328@yahoo.com.tw -> 216328@yahoo.com.tw Aug 18 23:09:29 veepiz postfix/smtpd[18174]: milter_macro_lookup: result "Postfix 2.3.3" Aug 18 23:09:29 veepiz postfix/smtpd[12122]: send attr address = darlage917@hotmail.com Aug 18 23:09:29 veepiz postfix/smtpd[16633]: match_hostaddr: 96.9.160.96 ~? 127.0.0.1/32 Aug 18 23:09:29 veepiz postfix/smtp[19166]: D8DCA164E37: to=<fj677@gmail.com>, relay=gmail-smtp-in.l.google.com[74.125.67.27]:25, delay=572, delays=342/214/0.11/16, dsn=5.1.1, status=bounced (host gmail-smtp-in.l.google.com[74.125.67.27] said: 550-5.1.1 The email account that you tried to reach does not exist. Please try 550-5.1.1 double-checking the recipient's email address for typos or 550-5.1.1 unnecessary spaces. Learn more at 550 5.1.1 http://mail.google.com/support/bin/answer.py?answer=6596 l14si8292456ybg.13 (in reply to RCPT TO command)) Aug 18 23:09:29 veepiz postfix/smtpd[14232]: milter8_disc_event: quit milter inet:127.0.0.1:20209 Aug 18 23:09:29 veepiz postfix/smtpd[15479]: input attribute name: flags Aug 18 23:09:29 veepiz postfix/smtpd[13872]: reply: SMFIR_CONTINUE data 0 bytes Aug 18 23:09:29 veepiz postfix/smtpd[15132]: resolve_clnt: `' -> `7964@yahoo.com.tw' -> transp=`smtp' host=`yahoo.com.tw' rcpt=`7964@yahoo.com.tw' flags= class=default Aug 18 23:09:29 veepiz postfix/smtpd[16806]: generic_checks: name=reject_unauth_destination status=2 Aug 18 23:09:29 veepiz postfix/smtpd[14527]: match_hostaddr: 189.16.128.130 ~? 10.182.130.68/32 Aug 18 23:09:29 veepiz postfix/smtpd[12222]: maps_find: virtual_alias_maps: @gmail.com: not found Aug 18 23:09:29 veepiz postfix/smtpd[15648]: input attribute name: address Aug 18 23:09:29 veepiz postfix/smtpd[13525]: match_string: hotmail.com ~? localhost.com Aug 18 23:09:29 veepiz postfix/smtpd[12639]: ctable_locate: leave existing entry key barbarita98@hotmail.com Aug 18 23:09:29 veepiz postfix/smtpd[18793]: milter8_connect: events Aug 18 23:09:29 veepiz postfix/smtpd[13076]: resolve_clnt: `' -> `buttsex101@hotmail.com' -> transp=`relay' host=`hotmail.com' rcpt=`buttsex101@hotmail.com' flags= class=relay Aug 18 23:09:29 veepiz postfix/smtpd[17002]: input attribute name: (end) Aug 18 23:09:29 veepiz postfix/smtpd[18678]: reject_unauth_destination: chamundapharma@hotmail.com Aug 18 23:09:29 veepiz postfix/smtpd[13243]: milter_macro_lookup: result "boysor2005@hotmail.com" Aug 18 23:09:29 veepiz postfix/smtpd[13626]: input attribute name: (end) Aug 18 23:09:29 veepiz postfix/smtpd[18566]: match_hostname: unknown ~? 10.182.130.68/32 Aug 18 23:09:29 veepiz postfix/smtpd[18913]: input attribute name: queue_id Aug 18 23:09:29 veepiz postfix/smtpd[16226]: extract_addr: input: <nico12261@hotmail.com> Aug 18 23:09:29 veepiz postfix/smtpd[12213]: generic_checks: name=reject_unauth_destination status=0 Aug 18 23:09:29 veepiz postfix/smtpd[13785]: send attr request = disconnect Aug 18 23:09:29 veepiz postfix/smtpd[16360]: extract_addr: input: <kingntust@msn.com> Aug 18 23:09:29 veepiz postfix/smtpd[14682]: private/anvil: wanted attribute: status Aug 18 23:09:29 veepiz postfix/smtpd[13712]: public/cleanup socket: wanted attribute: (list terminator) Aug 18 23:09:29 veepiz postfix/smtpd[17297]: milter8_connect: events Aug 18 23:09:29 veepiz postfix/smtpd[13946]: milter_macro_lookup: "j" Aug 18 23:09:30 veepiz postfix/smtpd[12980]: private/rewrite socket: wanted attribute: flags Aug 18 23:09:30 veepiz postfix/smtpd[15223]: private/rewrite socket: wanted attribute: flags Aug 18 23:09:30 veepiz postfix/smtpd[16046]: input attribute value: caroline_louise1982@hotmail.com Aug 18 23:09:30 veepiz postfix/smtpd[13423]: match_list_match: unknown: no match Aug 18 23:09:30 veepiz postfix/smtpd[18264]: match_list_match: unknown: no match Aug 18 23:09:30 veepiz postfix/smtpd[12158]: input attribute value: 0 Aug 18 23:09:30 veepiz postfix/smtpd[14952]: permit_mynetworks: li371-14.members.linode.com 96.126.122.14 Aug 18 23:09:30 veepiz postfix/smtpd[15045]: > unknown[187.105.132.234]: 250 2.1.5 Ok Aug 18 23:09:30 veepiz postfix/smtpd[14014]: extract_addr: in: <beautiijunkii@hotmail.com>, result: beautiijunkii@hotmail.com Aug 18 23:09:30 veepiz postfix/smtpd[12165]: match_hostname: unknown ~? 10.182.130.68/32 Aug 18 23:09:30 veepiz postfix/smtpd[15390]: abort all milters Aug 18 23:09:30 veepiz postfix/smtpd[14083]: match_list_match: 190.147.205.152: no match Aug 18 23:09:30 veepiz postfix/smtpd[16450]: match_string: gmail.com ~? localhost.com Aug 18 23:09:30 veepiz postfix/smtpd[12150]: match_hostname: ks390655.kimsufi.com ~? 127.0.0.1/32 Aug 18 23:09:30 veepiz postfix/smtpd[16724]: send attr request = disconnect Aug 18 23:09:30 veepiz postfix/smtpd[16904]: match_list_match: 61.67.184.122: no match Aug 18 23:09:30 veepiz postfix/qmgr[12109]: C1E66164A28: to=<gjwgshgdhktfu@kimo.com>, relay=none, delay=79045, delays=78851/194/0/0, dsn=4.7.0, status=deferred (delivery temporarily suspended: host mx1.mail.tw.yahoo.com[203.188.197.119] refused to talk to me: 421 4.7.0 [TS01] Messages from 50.57.111.177 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html) Aug 18 23:09:30 veepiz postfix/smtpd[12192]: input attribute value: 0 Aug 18 23:09:30 veepiz postfix/smtpd[13321]: private/rewrite socket: wanted attribute: recipient Aug 18 23:09:30 veepiz postfix/smtpd[12800]: input attribute name: (end) Aug 18 23:09:30 veepiz postfix/smtpd[17483]: input attribute value: 1 Aug 18 23:09:30 veepiz postfix/smtpd[12468]: match_hostaddr: 46.181.195.57 ~? 127.0.0.1/32 Aug 18 23:09:30 veepiz postfix/smtpd[17928]: send attr milter_non_events = 4294967040 Aug 18 23:09:30 veepiz postfix/smtpd[16135]: permit_auth_destination: 8654321@yahoo.com.tw Aug 18 23:09:30 veepiz postfix/smtpd[19163]: input attribute name: (end) Aug 18 23:09:30 veepiz postfix/smtpd[14164]: input attribute value: 4096 Aug 18 23:09:30 veepiz postfix/smtpd[19366]: input attribute name: nexthop Aug 18 23:09:30 veepiz postfix/smtpd[15307]: match_hostname: dsl093-059-178.blt1.dsl.speakeasy.net ~? 50.57.111.177/32 Aug 18 23:09:30 veepiz postfix/smtpd[15951]: milter8_connect: requests SMFIF_ADDHDRS SMFIF_CHGHDRS Aug 18 23:09:30 veepiz postfix/smtpd[15865]: input attribute name: status Aug 18 23:09:30 veepiz postfix/smtpd[15569]: generic_checks: name=reject_unauth_destination status=2 Aug 18 23:09:30 veepiz postfix/smtpd[12901]: connection closed Aug 18 23:09:30 veepiz postfix/smtpd[13166]: match_hostaddr: 202.53.71.60 ~? 50.57.111.177/32 Aug 18 23:09:30 veepiz postfix/smtpd[18364]: match_hostname: unknown ~? 10.182.130.68/32 Aug 18 23:09:30 veepiz postfix/smtpd[12205]: input attribute name: (end) Aug 18 23:09:30 veepiz postfix/smtpd[14859]: generic_checks: name=permit_mynetworks status=0 Aug 18 23:09:30 veepiz postfix/smtpd[18082]: match_hostname: unknown ~? 127.0.0.1/32 Aug 18 23:09:30 veepiz opendkim[12241]: exited with status 69, restarting Aug 18 23:09:30 veepiz postfix/smtpd[12331]: < unknown[200.6.252.70]: MAIL FROM: <agmikjkvnqjkay@yahoo.com> Aug 18 23:09:30 veepiz postfix/smtpd[12713]: extract_addr: input: <6n6m@yahoo.com.tw> Aug 18 23:09:30 veepiz postfix/smtpd[14764]: match_hostaddr: 122.201.66.80 ~? 50.57.111.177/32 Aug 18 23:09:30 veepiz postfix/smtpd[12265]: private/anvil: wanted attribute: rate Aug 18 23:09:30 veepiz postfix/smtpd[19034]: match_list_match: 82.71.212.10: no match Aug 18 23:09:30 veepiz postfix/smtpd[18460]: match_list_match: 190.146.184.219: no match Aug 18 23:09:30 veepiz postfix/smtpd[19723]: dict_eval: const mail Aug 18 23:09:30 veepiz postfix/smtpd[17099]: match_hostaddr: 178.83.29.189 ~? 10.182.130.68/32 Aug 18 23:09:30 veepiz postfix/smtpd[17710]: match_hostname: unknown ~? 10.182.130.68/32 Aug 18 23:09:30 veepiz postfix/smtpd[15715]: extract_addr: input: <a0286260095@yahoo.com.tw> Aug 18 23:09:30 veepiz postfix/smtpd[15782]: send attr request = resolve Aug 18 23:09:30 veepiz postfix/smtpd[18174]: milter8_connect: non-protocol events for protocol version 2: SMFIP_NOUNKNOWN SMFIP_NODATA 0xfffffc00 Aug 18 23:09:30 veepiz postfix/smtpd[12122]: private/rewrite socket: wanted attribute: flags Aug 18 23:09:30 veepiz postfix/smtpd[16633]: match_hostname: unknown ~? 50.57.111.177/32 Aug 18 23:09:30 veepiz postfix/smtpd[14232]: disconnect from unknown[202.53.71.60] Aug 18 23:09:30 veepiz postfix/smtpd[15479]: input attribute value: 0 Aug 18 23:09:30 veepiz postfix/smtpd[13872]: > unknown[123.30.186.36]: 220 veepiz.com ESMTP Postfix Aug 18 23:09:30 veepiz postfix/smtpd[19586]: connect from unknown[196.46.27.11] Aug 18 23:09:30 veepiz postfix/smtpd[15132]: ctable_locate: install entry key 7964@yahoo.com.tw Aug 18 23:09:30 veepiz postfix/smtpd[16806]: > unknown[59.163.57.239]: 554 5.7.1 <someone09102004@yahoo.com.tw>: Relay access denied Aug 18 23:09:30 veepiz postfix/smtpd[14527]: match_list_match: unknown: no match Aug 18 23:09:30 veepiz postfix/smtpd[12222]: mail_addr_find: sun.chengyuan@gmail.com -> (not found) Aug 18 23:09:30 veepiz postfix/smtpd[15648]: input attribute value: ast187@yahoo.com.tw 

Je continue d'obtenir des courriels comme ceci:

 Subject: Postfix SMTP server: errors from unknown[81.24.210.138] From: "Mail Delivery System" <MAILER-DAEMON@veepiz.com> Date: Thu, August 18, 2011 1:03 pm To: "Postmaster" <postmaster@veepiz.com> Priority: Normal Options: View Full Header | View Printable Version | Download this as a file Transcript of session follows. In: RSET Out: 250 2.0.0 Ok In: MAIL FROM: <yrgwpwmq@googlegroups.com> Out: 250 2.1.0 Ok In: RCPT TO: <jjconstant@hotmail.com> Out: 250 2.1.5 Ok In: RCPT TO: <kaissy57@hotmail.com> Out: 250 2.1.5 Ok In: RCPT TO: <jsmiles38@hotmail.com> Out: 250 2.1.5 Ok In: RCPT TO: <jaikudoiberica@gmail.com> Out: 250 2.1.5 Ok In: RCPT TO: <jljcm4321@hotmail.com> Out: 250 2.1.5 Ok In: RCPT TO: <jackson.mccarter@hotmail.com> Out: 250 2.1.5 Ok In: RCPT TO: <lahiii@hotmail.com> Out: 250 2.1.5 Ok In: RCPT TO: <jheyblacksoul@msn.com> Out: 250 2.1.5 Ok In: RCPT TO: <jacquelineduyck@gmail.com> Out: 250 2.1.5 Ok In: RCPT TO: <k501319@ms17.hinet.net> Out: 554 5.7.1 <k501319@ms17.hinet.net>: Relay access denied In: RSET Out: 250 2.0.0 Ok In: MAIL FROM: <dulfhixfgwpvv@gmail.com> Out: 452 4.3.1 Insufficient system storage In: RSET Out: 250 2.0.0 Ok In: MAIL FROM: <uuiipcrauy@kimo.com> Out: 452 4.3.1 Insufficient system storage In: QUIT Out: 221 2.0.0 Bye 

J'ai contacté les administrateurs dans les rackspace mais ils ne peuvent m'offrir aucune aide pour les serveurs non gérés. Je suis vidé et je veux arrêter cette activité étrange. Aucun conseil ?

Vous avez un relais ouvert. Modifiez la variable mynetworks sur mynetworks = 127.0.0.1 . Réinitialisez tous les mots de passe (juste pour vous assurer).

Ensuite, vérifiez SMTP pour votre serveur à http://mxtoolbox.com et regardez s'il reste un relais ouvert.

En passant, réduisez la journalisation sur la valeur standard. Un autre conseil: collez les journaux directement à cette question la prochaine fois, réécrivez votre question en anglais lisible (!). Et acceptez les réponses à vos questions précédentes.

modifier

La journalisation peut être réinitialisée par défaut par (re) réglage

 debug_peer_level = 2 debug_peer_list = 

(Oui, la dernière ligne se termine par le signe égal)

Modifier 2

J'ai oublié de mentionner les paramètres dans master.cf où il y a peut-être des lignes se terminant par smtpd -v ou même plus d'une -v . Supprimez les -v s.

En regardant le journal et l'email postmaster, il semble que vous utilisez un relais ouvert – c'est le problème n ° 1 qui doit être corrigé. En n'étant pas un gourou postfix, je peux seulement vous signaler à la documentation de Postix relative aux contrôles d'accès .

Le problème n ° 2 est que vous n'avez plus d'espace disque sur n'importe quel lecteur qui fait la queue de votre courrier. Vous pouvez probablement résoudre ce problème en déversant votre file d'attente postfix. (Que je sais faire – exécutez la commande postsuper -d ALL tant que root).


Vous devez résoudre le problème du relais ouvert: les relais ouverts sont mauvais pour vous et pour l' environnement internet. Si votre serveur reste un relais ouvert pour toute durée, vous serez listé sur une multitude de listes de blocage de spam. Vérifiez le statut de votre liste noire sur mxtoolbox ou un site similaire une fois que vous avez résolu les problèmes ci-dessus et prenez les mesures nécessaires pour nettoyer tout gâchage qui a pu être effectué.

J'ai utilisé wireshack pour trouver un script utilisé pour l'envoi par la poste. Il s'est avéré être mon formulaire de contact. J'ai utilisé reCAPTCHA pour le sécuriser. Je voudrais également partager plus de connaissances sur la façon dont je l'ai corrigé.

  • J'ai fait ce que mailq et voretag7 ont suggéré.
  • J'ai modifié ce script que j'ai mis sur Internet, pour bloquer ces adresses IP de spam. Créez spamblock.sh , donnez les autorisations administratives appropriées et l' spamblock.sh sur un cron toutes les 10 minutes

.

 #!/bin/bash IPT=/sbin/iptables LIMIT=10 #cd /root/Filters # first get one minute of log grep "`date +"%b %d %H:%M:" --date="1 minutes ago"`" /var/log/maillog > minutelog # now extract the rejected attempts, sort and count uniq ip cat minutelog | grep "reject:" | cut -d" " -f10 | cut -d"[" -f2 | cut -d"]" -f 1 | sort | uniq -c | sort -n | sed 's/^[ \t]*//' > tmp1 # for each line in result while read line do MYCOUNT=`echo $line | cut -d" " -f1` MYIP=`echo $line | cut -d" " -f2` if [ $MYCOUNT -lt $LIMIT ] ; then echo $MYIP is ok: $MYCOUNT attempts else echo blocking the spammer at $MYIP with $MYCOUNT attempts $IPT -I INPUT -i eth0 --proto tcp -s $MYIP --destination-port 25 -j DROP echo $MYIP >> blocked.smtp fi done < tmp1 rm -f minutelog rm -f tmp1 
  • Créé un script pour exécuter périodiquement cette commande. Effacer les files d'attente

.

 postfix flush postsuper -d ALL deferred 

Avant de savoir quel script était, je recommande de faire ce qui précède. Thanx pour votre aide les gars.