Fórum Root.cz

Hlavní témata => Server => Téma založeno: teiwaz 30. 08. 2011, 10:54:19

Název: Server se dostává do blacklistů
Přispěvatel: teiwaz 30. 08. 2011, 10:54:19

V poslednej dobe sa dostavame casto do blacklistu barracudy a lashback.

Snazim sa vystopovat ci to ma na svedomi neaky PC v sieti alebo samotny server.

Siet a mail server mam pod inimy verejnimy pevnymi IPckami.

Konfiguracia postfixu

Kód: [Vybrat]

root@gw:/etc/rc.d# postconf -n
alias_maps = mysql:/etc/postfix/mysql-aliases.cf
allow_untrusted_routing = no
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
disable_vrfy_command = yes
home_mailbox = Maildir/
html_directory = no
local_recipient_maps = $alias_maps $virtual_mailbox_maps unix:passwd.byname
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
message_size_limit = 20240000
mydestination = $myhostname
mydomain = gw.alldeco.sk
myhostname = gw.alldeco.sk
mynetworks = 213.215.83.0/24, 213.215.84.0/24, 213.215.85.0/24, 127.0.0.0/8, 192.168.0.0/16, 62.152.229.35/32, 62.152.230.198/32, 10.0.0.0/8
mynetworks_style = subnet
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = no
relay_domains = $transport_maps
relocated_maps = mysql:/etc/postfix/mysql-relocated.cf
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_banner = ESMTP
smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-client.cf
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_etrn_restrictions = reject
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-sender.cf
transport_maps = mysql:/etc/postfix/mysql-transport.cf
unknown_local_recipient_reject_code = 550
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual.cf
virtual_gid_maps = mysql:/etc/postfix/mysql-virtual-gid.cf
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-maps.cf
virtual_transport = maildrop
virtual_uid_maps = mysql:/etc/postfix/mysql-virtual-uid.cf
root@gw:/etc/rc.d#



Kód: [Vybrat]

Aug 30 09:45:40 gw postfix/smtp[29304]: connect to mailserver.headlands.co.uk[92.60.105.18]: Connection timed out (port 25)
Aug 30 09:45:40 gw postfix/smtp[29304]: 9E38847DDC9: to=<>, relay=none, delay=69330, delays=69299/1.3/30/0, dsn=4.4.1, status=deferred (connect to mailserver.headlands.co.uk[92.60.105.18]: Connection timed out)
Aug 30 09:45:40 gw postfix/smtp[29311]: connect to mail.satobsys.co.uk[216.92.112.181]: Connection timed out (port 25)
Aug 30 09:45:40 gw postfix/smtp[29311]: 923EB47DF2B: to=<>, relay=none, delay=67571, delays=67539/1.3/30/0, dsn=4.4.1, status=deferred (connect to mail.satobsys.co.uk[216.92.112.181]: Connection timed out)
Aug 30 09:45:40 gw postfix/smtp[29312]: connect to fdd0027.fdd.co.uk[213.165.157.131]: Connection timed out (port 25)
Aug 30 09:45:40 gw postfix/smtp[29312]: 9F6FA47D888: to=<>, relay=none, delay=116213, delays=116181/1.3/30/0, dsn=4.4.1, status=deferred (connect to fdd0027.fdd.co.uk[213.165.157.131]: Connection timed out)
Aug 30 09:45:40 gw postfix/smtp[29245]: connect to mailgate.ecti.co.uk[62.49.184.34]: Connection timed out (port 25)
Aug 30 09:45:40 gw postfix/smtp[29157]: connect to excorts.co.uk[216.8.179.25]: Connection timed out (port 25)
Aug 30 09:45:40 gw postfix/smtp[29157]: 9E38847DDC9: to=<>, relay=none, delay=69331, delays=69299/1.3/30/0, dsn=4.4.1, status=deferred (connect to excorts.co.uk[216.8.179.25]: Connection timed out)
Aug 30 09:45:40 gw postfix/smtp[29299]: connect to mx.fakemx.net[46.4.35.23]: Connection timed out (port 25)
Aug 30 09:45:40 gw postfix/smtp[29111]: connect to rsc.co.uk[194.73.130.2]: Connection timed out (port 25)
Aug 30 09:45:40 gw postfix/smtp[29111]: A941F47DF8B: to=<>, relay=none, delay=67121, delays=67089/1.4/30/0, dsn=4.4.1, status=deferred (connect to rsc.co.uk[194.73.130.2]: Connection timed out)
Aug 30 09:45:40 gw postfix/smtp[29113]: connect to edina.co.uk[216.8.179.25]: Connection timed out (port 25)
Aug 30 09:45:40 gw postfix/smtp[29113]: 9F6FA47D888: to=<>, relay=none, delay=116213, delays=116181/1.4/30/0, dsn=4.4.1, status=deferred (connect to edina.co.uk[216.8.179.25]: Connection timed out)
Aug 30 09:45:40 gw postfix/smtp[29295]: connect to edgardunn.co.uk[216.248.198.26]: Connection timed out (port 25)
Aug 30 09:45:40 gw postfix/smtp[29295]: 9F6FA47D888: to=<>, relay=none, delay=116213, delays=116181/1.4/30/0, dsn=4.4.1, status=deferred (connect to edgardunn.co.uk[216.248.198.26]: Connection timed out)
Aug 30 09:45:40 gw postfix/smtp[29186]: connect to topwebsite.co.uk[216.8.179.25]: Connection timed out (port 25)
Aug 30 09:45:40 gw postfix/smtp[29186]: A5C3847D3C3: to=<>, relay=none, delay=116145, delays=116113/1.6/30/0, dsn=4.4.1, status=deferred (connect to topwebsite.co.uk[216.8.179.25]: Connection timed out)




Kód: [Vybrat]


root@gw:/etc/rc.d# postcat -q A5C3847D3C3 | less
*** ENVELOPE RECORDS deferred/A/A5C3847D3C3 ***
message_size:           50603            5499              50               0           50603
message_arrival_time: Mon Aug 29 01:29:55 2011
create_time: Mon Aug 29 01:29:55 2011
named_attribute: rewrite_context=remote
named_attribute: sasl_method=LOGIN
named_attribute: sasl_username=test@mojadomena.sk
sender: update@rbs.co.uk
named_attribute: log_client_name=212.199.167.21.forward.012.net.il
named_attribute: log_client_address=212.199.167.21
named_attribute: log_message_origin=212.199.167.21.forward.012.net.il[212.199.167.21]
named_attribute: log_helo_name=User
named_attribute: log_protocol_name=ESMTP
named_attribute: client_name=212.199.167.21.forward.012.net.il
named_attribute: reverse_client_name=212.199.167.21.forward.012.net.il
named_attribute: client_address=212.199.167.21
named_attribute: helo_name=User
named_attribute: client_address_type=2
named_attribute: dsn_orig_rcpt=rfc822;davis@toonarmyforever.co.uk
original_recipient: davis@toonarmyforever.co.uk
done_recipient: davis@toonarmyforever.co.uk
named_attribute: dsn_orig_rcpt=rfc822;davis@top100.fslife.co.uk
original_recipient: davis@top100.fslife.co.uk
done_recipient: davis@top100.fslife.co.uk
named_attribute: dsn_orig_rcpt=rfc822;davis@top50.co.uk
original_recipient: davis@top50.co.uk
done_recipient: davis@top50.co.uk
named_attribute: dsn_orig_rcpt=rfc822;davis@topai.demon.co.uk
original_recipient: davis@topai.demon.co.uk
done_recipient: davis@topai.demon.co.uk
named_attribute: dsn_orig_rcpt=rfc822;davis@topaz.karoo.co.uk
original_recipient: davis@topaz.karoo.co.uk
done_recipient: davis@topaz.karoo.co.uk
named_attribute: dsn_orig_rcpt=rfc822;davis@topaz.primex.co.uk
original_recipient: davis@topaz.primex.co.uk
done_recipient: davis@topaz.primex.co.uk
named_attribute: dsn_orig_rcpt=rfc822;davis@topbanana.co.uk
original_recipient: davis@topbanana.co.uk
done_recipient: davis@topbanana.co.uk
named_attribute: dsn_orig_rcpt=rfc822;davis@topchart.demon.co.uk
original_recipient: davis@topchart.demon.co.uk
done_recipient: davis@topchart.demon.co.uk
named_attribute: dsn_orig_rcpt=rfc822;davis@topchefs.fslife.co.uk
original_recipient: davis@topchefs.fslife.co.uk
done_recipient: davis@topchefs.fslife.co.uk
named_attribute: dsn_orig_rcpt=rfc822;davis@topdesign.fsbusiness.co.uk
original_recipient: davis@topdesign.fsbusiness.co.uk
done_recipient: davis@topdesign.fsbusiness.co.uk
named_attribute: dsn_orig_rcpt=rfc822;davis@topdop.demon.co.uk
original_recipient: davis@topdop.demon.co.uk
done_recipient: davis@topdop.demon.co.uk
named_attribute: dsn_orig_rcpt=rfc822;davis@topexpress.demon.co.uk
original_recipient: davis@topexpress.demon.co.uk
done_recipient: davis@topexpress.demon.co.uk
named_attribute: dsn_orig_rcpt=rfc822;davis@tophat.karoo.co.uk
original_recipient: davis@tophat.karoo.co.uk
done_recipient: davis@tophat.karoo.co.uk
named_attribute: dsn_orig_rcpt=rfc822;davis@topjobs.co.uk
original_recipient: davis@topjobs.co.uk
done_recipient: davis@topjobs.co.uk
named_attribute: dsn_orig_rcpt=rfc822;davis@topley.demon.co.uk
original_recipient: davis@topley.demon.co.uk


Název: Re: Linux spam server
Přispěvatel: teiwaz 30. 08. 2011, 10:54:40

Budem moc vdacny ak mi niekto pomoze

Název: Re: Linux spam server
Přispěvatel: teiwaz 30. 08. 2011, 10:59:40

Dakujem vyriesene. Uzivatela som zmazal a cez iptables blokol adresu. Dakujem

Název: Re: Linux spam server
Přispěvatel: and 30. 08. 2011, 11:06:37

Citace: teiwaz  30. 08. 2011, 10:59:40

Dakujem vyriesene. Uzivatela som zmazal a cez iptables blokol adresu. Dakujem

Nechci te strasit, ale je pomerne pravdepodobne, ze utocnik si vytvori brzy nove jmeno stejnou dirou jakou pouzil poprve. Skontroluj, jak se ti tam dostal... tipnul bych si do sveta otevrena databaze s default ci zadnym heslem....

Název: Re: Server se dostává do blacklistů
Přispěvatel: teiwaz 30. 08. 2011, 12:49:39

Dakujem za odpoved, ale  databaze mam celkom slusne heslo.

A databaza pozera aj z vonka ale v routri som to zablokoval.

Kód: [Vybrat]

netstat -tapn
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN     3074/mysqld