Security

我的 Postfix 郵件伺服器收到來自未知使用者的登錄嘗試(蠻力嘗試) - 該怎麼辦?

  • August 24, 2017

我有一個 postfix + dovecot 郵件伺服器,今天在檢查我的日誌時,我看到來自未知使用者/IP 地址的登錄嘗試,我想這一定是暴力攻擊。

我怎樣才能停止並最終阻止這種情況?

幫助將不勝感激!

日誌:

Aug 24 15:36:34 mail dovecot: auth: passwd-file(zamudio,201.222.55.26): unknown user (SHA1 of given password: f72ac0)
Aug 24 15:36:36 mail postfix/smtpd[12568]: warning: unknown[201.222.55.26]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Aug 24 15:36:36 mail postfix/smtpd[12568]: disconnect from unknown[201.222.55.26] helo=1 auth=0/1 quit=1 commands=2/3
Aug 24 15:38:38 mail postfix/anvil[12413]: statistics: max connection rate 1/60s for (smtp:200.124.242.82) at Aug 24 15:30:49
Aug 24 15:38:38 mail postfix/anvil[12413]: statistics: max connection count 1 for (smtp:200.124.242.82) at Aug 24 15:30:49
Aug 24 15:38:38 mail postfix/anvil[12413]: statistics: max cache size 1 at Aug 24 15:30:49
Aug 24 15:39:34 mail postfix/smtpd[12571]: connect from unknown[190.117.185.251]
Aug 24 15:39:35 mail dovecot: auth: passwd-file(helene,190.117.185.251): unknown user (SHA1 of given password: cb4a0f)
Aug 24 15:39:37 mail postfix/smtpd[12571]: warning: unknown[190.117.185.251]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Aug 24 15:39:37 mail postfix/smtpd[12571]: disconnect from unknown[190.117.185.251] helo=1 auth=0/1 quit=1 commands=2/3
Aug 24 15:42:17 mail postfix/smtpd[12574]: connect from unknown[175.140.139.233]
Aug 24 15:42:18 mail dovecot: auth: passwd-file(payroll,175.140.139.233): unknown user (SHA1 of given password: 4de472)
Aug 24 15:42:20 mail postfix/smtpd[12574]: warning: unknown[175.140.139.233]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Aug 24 15:42:20 mail postfix/smtpd[12574]: disconnect from unknown[175.140.139.233] helo=1 auth=0/1 quit=1 commands=2/3

您的伺服器正在嘗試用作開放中繼。您需要定義smtpd_relay_restrictions選項。預設情況下,它使用規則:

smtpd_relay_restrictions = permit_mynetworks,
                          permit_sasl_authenticated, 
                          defer_unauth_destination

這意味著打開的繼電器關閉。

由於您的伺服器是公開的,因此您需要對網際網路機器人不斷嘗試通過您的伺服器發送郵件保持謙虛。

或者,如果您的伺服器僅用作測試環境,您可以阻止其他 ips 並僅允許受信任的 ips/網路

引用自:https://unix.stackexchange.com/questions/388138

相關問答

Email

尋找支持 mysql ssl 連接的電子郵件伺服器

  • April 8, 2015
檢視問答
Email

在郵件投遞過程中,MTA、MDA、POP/IMAP如何相互連接?

  • September 22, 2021
檢視問答
Linux

Dovecot Active:由於 ssl_cert 而失敗:無法打開文件 /etc/dovecot/private/dovecot.pem:權限被拒絕。為什麼?

  • November 27, 2020
檢視問答
Centos

CentOS 7 中 dovecot 和 postfix 的 ACL/MAC 權限

  • January 24, 2020
檢視問答
Postfix

如何使用 certbots 添加子域到letsencrypt?

  • January 3, 2020
檢視問答
Linux

dovecot: imap-login: Disconnected auth failed user=<>

  • July 7, 2019
檢視問答