小贝子编程

Postfix通过限制阻止IP,iptables不阻止垃圾邮件发送者IP



我似乎收到了很多来自俄罗斯的连接尝试,这些尝试试图访问我的Postfix服务器。现在我正试图通过iptables在Postfix端屏蔽这个IP地址。

这是日志条目:

Jul 21 16:31:46 netcup postfix/smtps/smtpd[3347]: warning: unknown[193.35.48.18]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Jul 21 16:31:46 netcup postfix/smtps/smtpd[3349]: warning: unknown[193.35.48.18]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Jul 21 16:31:46 netcup postfix/smtps/smtpd[3347]: lost connection after AUTH from unknown[193.35.48.18]
Jul 21 16:31:46 netcup postfix/smtps/smtpd[3347]: disconnect from unknown[193.35.48.18] ehlo=1 auth=0/1 commands=1/2
Jul 21 16:31:46 netcup postfix/smtps/smtpd[3349]: lost connection after AUTH from unknown[193.35.48.18]
Jul 21 16:31:46 netcup postfix/smtps/smtpd[3349]: disconnect from unknown[193.35.48.18] ehlo=1 auth=0/1 commands=1/2
Jul 21 16:31:46 netcup postfix/smtps/smtpd[3347]: connect from unknown[193.35.48.18]
Jul 21 16:31:46 netcup postfix/smtps/smtpd[3349]: connect from unknown[193.35.48.18]
Jul 21 16:31:48 netcup postfix/smtps/smtpd[3347]: Anonymous TLS connection established from unknown[193.35.48.18]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Jul 21 16:31:48 netcup postfix/smtps/smtpd[3349]: Anonymous TLS connection established from unknown[193.35.48.18]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Jul 21 16:31:54 netcup postfix/smtps/smtpd[3349]: warning: unknown[193.35.48.18]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Jul 21 16:31:54 netcup postfix/smtps/smtpd[3347]: warning: unknown[193.35.48.18]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Jul 21 16:31:54 netcup postfix/smtps/smtpd[3349]: lost connection after AUTH from unknown[193.35.48.18]
Jul 21 16:31:54 netcup postfix/smtps/smtpd[3347]: lost connection after AUTH from unknown[193.35.48.18]
Jul 21 16:31:54 netcup postfix/smtps/smtpd[3349]: disconnect from unknown[193.35.48.18] ehlo=1 auth=0/1 commands=1/2
Jul 21 16:31:54 netcup postfix/smtps/smtpd[3347]: disconnect from unknown[193.35.48.18] ehlo=1 auth=0/1 commands=1/2

Iptables规则:

Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:imap
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:imaps
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:pop3
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:pop3s
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:urd
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:submission
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https
ACCEPT     icmp --  anywhere             my.domain.com        icmp echo-request ctstate NEW,RELATED,ESTABLISHED
DROP       all  --  193.35.48.18         anywhere            
Chain FORWARD (policy DROP)
target     prot opt source               destination         
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Postfix main.cf:中的限制

# HELO restrictions:
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions =
reject_unknown_helo_hostname,
reject_non_fqdn_helo_hostname,
reject_invalid_helo_hostname,
permit_mynetworks,
permit_sasl_authenticated,
permit
# Sender restrictions:
smtpd_sender_restrictions =
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_unknown_reverse_client_hostname,
permit_mynetworks,
permit_sasl_authenticated,
permit
# Client restrictions
smtpd_client_restrictions =
check_client_access hash:/etc/postfix/client_checks,
permit
# Recipient restrictions:
smtpd_recipient_restrictions =
check_sender_access hash:/etc/postfix/sender_access,
reject_invalid_hostname,
reject_unauth_pipelining,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_unauth_destination,
check_policy_service unix:private/policy-spf,
reject_rhsbl_client blackhole.securitysage.com,
reject_rhsbl_sender blackhole.securitysage.com,
reject_rbl_client relays.ordb.org,
reject_rbl_client blackholes.easynet.nl,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client proxies.blackholes.wirehub.net,
reject_rbl_client bl.spamcop.net,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client opm.blitzed.org,
reject_rbl_client dnsbl.njabl.org,
reject_rbl_client list.dsbl.org,
reject_rbl_client multihop.dsbl.org,
reject_rbl_client zen.spamhaus.org,
permit_mynetworks,
permit_sasl_authenticated,
permit

客户端检查文件内容:

193.35.48.18    REJECT Your IP is spam

所有规则都不会阻止该IP地址访问Postfix。我在这里做错了什么?

您尝试过fail2ban吗。我打赌你一定会大吃一惊。我确实在centos 7上试过,效果很好。

  • 在服务器中安装fail2ban软件包
  • 启动并启用服务
  • 将jail.conf复制到jail.local
  • 根据自己的喜好设置戏谑时间和找时间
  • 激活/启用服务(postfix-sasl、postfix、postfix-rbl、sshd)你想和fail2ban一起工作。并完成

如果你在centos7上运行,你可以访问这个网站或这个网站,或者为了删除这个链接,或者你可以在谷歌上搜索并访问最符合你要求的网站安装失败2的

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium