postfix 关闭open-relay

Posted by wxianfeng Sat, 21 Aug 2010 20:54:00 GMT

环境:centos 5.5 + postfix 2.3.3

[root@li165-150 ~]# postconf mail_version
mail_version = 2.3.3

上次,http://wxianfeng.com/2010/08/20/linode-mysql-got-error-28-from-storage-engine,刚刚解决了blog不能访问的问题 , 由于磁盘占满的原因 ,一天时间没到我的磁盘又被占满了,还是maillog在一直增长的原因,经过查找原因,原来我的mail server变成了肉鸡,被人拿来发送大量的垃圾邮件了,刚开始配的时候不太懂,没注意 open relay的情况 , http://wxianfeng.com/2010/08/01/centos-install-mail-server,所以,必须关系open replay功能~!

1,什么是open – relay ?
顾名思义,relay的转发的意思 , Open-Relay(开放转发或匿名转发)是指由于邮件服务器不理会邮件发送者或邮件接受者的是否为系统所设定的用户,而对所有的入站邮件一律进行转发(RELAY)的功能。通常,若邮件服务器的此功能开放,则我们一般称此邮件服务器是Open-Relay的

2,怎么测我的mail server 是不是 open relay 的 ?

[root@li165-150 ~]# telnet mail.wxianfeng.com 25
Trying 173.230.155.150...
Connected to mail.wxianfeng.com.
Escape character is '^]'.
220 mail.wxianfeng.com ESMTP Postfix
mail from:ss@163.com
250 2.1.0 Ok
rcpt to:wang.fl_1429@gmail.com
554 5.7.1 <wang.fl_1429@gmail.com>: Relay access denied

上面出现了 Relay access denied , 则说明你的mail server 不是 open replay的 ,如果可以成功发送email , 则说明 你的mail server 是 open replay的 ,另外 , 还可以通过以下网址测试:
http://verify.abuse.net/relay.html
直接输入 mail.wxianfeng.com 测试

3,open-relay 后 , 被人盗寄的症状

>mailq 查看邮件队列,会发现里面有大量的邮件等待发送

>tail -f /var/log/maillog

出现了大量的像下面这样的log:

2010-08-21T05:52:31.424284-04:00 li165-150 postfix/qmgr[8366]: 0C50427536: to=<xlgaga@yahoo.com.tw>, relay=none, delay=141354, delays=141354/0.04/0/0, dsn=4.7.1, status=deferred 

(delivery temporarily suspended: host mx2.mail.tw.yahoo.com[203.188.197.10] refused to talk to me: 421 4.7.1 [TS03] All messages from 173.230.155.150 will be permanently 

deferred; Retrying will NOT succeed. See http://postmaster.yahoo.com/errors/421-ts03.html)
2010-08-21T05:52:31.425279-04:00 li165-150 postfix/qmgr[8366]: 0C50427536: to=<xocy@yahoo.com.tw>, relay=none, delay=141354, delays=141354/0.04/0/0, dsn=4.7.1, status=deferred 

(delivery temporarily suspended: host mx2.mail.tw.yahoo.com[203.188.197.10] refused to talk to me: 421 4.7.1 [TS03] All messages from 173.230.155.150 will be permanently 

deferred; Retrying will NOT succeed. See http://postmaster.yahoo.com/errors/421-ts03.html)
2010-08-21T05:52:31.426311-04:00 li165-150 postfix/qmgr[8366]: 0C50427536: to=<xup6ru4vm0@yahoo.com.tw>, relay=none, delay=141354, delays=141354/0.04/0/0, dsn=4.7.1, 

status=deferred (delivery temporarily suspended: host mx2.mail.tw.yahoo.com[203.188.197.10] refused to talk to me: 421 4.7.1 [TS03] All messages from 173.230.155.150 will be 

permanently deferred; Retrying will NOT succeed. See http://postmaster.yahoo.com/errors/421-ts03.html)
2010-08-21T05:52:31.427198-04:00 li165-150 postfix/qmgr[8366]: 0C50427536: to=<y2003625@yahoo.com.tw>, relay=none, delay=141354, delays=141354/0.05/0/0, dsn=4.7.1, 

status=deferred (delivery temporarily suspended: host mx2.mail.tw.yahoo.com[203.188.197.10] refused to talk to me: 421 4.7.1 [TS03] All messages from 173.230.155.150 will be 

permanently deferred; Retrying will NOT succeed. See http://postmaster.yahoo.com/errors/421-ts03.html)
2010-08-21T05:52:31.428079-04:00 li165-150 postfix/qmgr[8366]: 0C50427536: to=<yck1012.tw@yahoo.com.tw>, relay=none, delay=141354, delays=141354/0.05/0/0, dsn=4.7.1, 

status=deferred (delivery temporarily suspended: host mx2.mail.tw.yahoo.com[203.188.197.10] refused to talk to me: 421 4.7.1 [TS03] All messages from 173.230.155.150 will be 

permanently deferred; Retrying will NOT succeed. See http://postmaster.yahoo.com/errors/421-ts03.html)
2010-08-21T05:52:31.429149-04:00 li165-150 postfix/qmgr[8366]: 0C50427536: to=<yfjtommu@yahoo.com.tw>, relay=none, delay=141354, delays=141354/0.05/0/0, dsn=4.7.1, 

status=deferred (delivery temporarily suspended: host mx2.mail.tw.yahoo.com[203.188.197.10] refused to talk to me: 421 4.7.1 [TS03] All messages from 173.230.155.150 will be 

permanently deferred; Retrying will NOT succeed. See http://postmaster.yahoo.com/errors/421-ts03.html)
2010-08-21T05:52:31.430203-04:00 li165-150 postfix/qmgr[8366]: 0C50427536: to=<yfk134@yahoo.com.tw>, relay=none, delay=141354, delays=141354/0.05/0/0, dsn=4.7.1, status=deferred 

(delivery temporarily suspended: host mx2.mail.tw.yahoo.com[203.188.197.10] refused to talk to me: 421 4.7.1 [TS03] All messages from 173.230.155.150 will be permanently 

deferred; Retrying will NOT succeed. See http://postmaster.yahoo.com/errors/421-ts03.html)
2010-08-21T05:52:31.431290-04:00 li165-150 postfix/qmgr[8366]: 0C50427536: to=<yi05@yahoo.com.tw>, relay=none, delay=141354, delays=141354/0.05/0/0, dsn=4.7.1, status=deferred 

(delivery temporarily suspended: host mx2.mail.tw.yahoo.com[203.188.197.10] refused to talk to me: 421 4.7.1 [TS03] All messages from 173.230.155.150 will be permanently 

deferred; Retrying will NOT succeed. See http://postmaster.yahoo.com/errors/421-ts03.html)

从log中可以看出 , 你的mail server 正在发往yahoo的email,但是全部被拒绝了 ,

4,为什么 会被人盗寄?

网络上 会有很多人用 port scan工具扫描端口 , 当你的25端口, 被人测出是open relay的,这些人就会 充分利用你的mail server 来发垃圾邮件 ,发垃圾邮件的后果 ,可能会导致你的 ip被封 , 被世界垃圾邮件组织 把你ip 拉入黑名单 , 这时你的mail server 也就是废物了。

5,如果关闭 盗寄 的邮件?
我的mail server 有大量的 发送队列, 怎么清除 ,用下面命令

[root@li165-150 mail]# postsuper -d ALL
postsuper: Deleted: 61178 messages

发现我清楚了 61178 封垃圾邮件队列 , 这样你的log 应该会停止了, 不会再狂刷了。。。

6,如何关闭open-relay ?
配置 postfix的 mynetworks

mynetworks = 127.0.0.1/32 # ip/netmask

我的整个 postfix main.cf 配置 :

[root@li165-150 ~]# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
home_mailbox = Maildir/
html_directory = no
inet_interfaces = $myhostname, localhost , 173.230.155.150 # 设置postfix服务监听的网络接口 通常是将所有的网络接口都开放,以便接收任何网络接口的邮件
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname,$mydomain,localhost.$mydomain , localhost ,  $mydomain,mail.$mydomain,www.$mydomain # 设置可接收邮件的主机名称或域名
mydomain = wxianfeng.com # 邮件域名
myhostname = mail.wxianfeng.com # 邮件主机名
mynetworks = 127.0.0.1/32 # 设置可转发(Relay)哪些网络的邮件
myorigin = $mydomain  # 由本机寄出的域名
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
relay_domains = $mydestination # 设置可转发哪些网域的邮件
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
smtpd_sasl_auth_enable = yes # SASL来完成SMTP的SMTP-AUTH功能,postfix 本身没有认证机制
smtpd_sasl_local_domain = wxianfeng.com
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
unknown_local_recipient_reject_code = 550
virtual_mailbox_domains = $mydomain

See:
http://www.raidenhttpd.com/jlbb/viewtopic.php?p=82160&sid=661a10a71ded2a6280fdd5ad6ba20101
http://www.linuxgoo.com/2005/66127/10433644999.html
http://blog.csdn.net/daisy_cheung/archive/2009/01/16/3795087.aspx
http://www.cnblogs.com/newversion/articles/1490910.html