Jemand spamt von meinem Server? und Auth Problem!

Post by **screamfine** » 2015-01-17 23:57

Jemand spamt von meinem Server?

Hallo,

ich habe in der mail.log sehr viele solcher Einträge:

Jan 16 16:35:18 srv postfix/qmgr[21681]: DA19C239976D: from=<angeline_ortiz@EMAILHIDDEN.de>, size=727, nrcpt=1 (queue active)
Jan 16 16:35:18 srv postfix/qmgr[21681]: DC6F41992C35: from=<marie_greene@EMAILHIDDEN.de>, size=752, nrcpt=1 (queue active)
Jan 16 16:35:18 srv postfix/qmgr[21681]: D3C101992BAC: from=<vivian_kerr@EMAILHIDDEN.de>, size=744, nrcpt=1 (queue active)
Jan 16 16:35:18 srv postfix/qmgr[21681]: D9C042152905: from=<beatriz_puckett@EMAILHIDDEN.de>, size=893, nrcpt=1 (queue active)
Jan 16 16:35:18 srv postfix/qmgr[21681]: D65D62153F90: from=<rosalyn_levy@EMAILHIDDEN.de>, size=751, nrcpt=1 (queue active)
Jan 16 16:35:18 srv postfix/qmgr[21681]: DF06C1B52B45: from=<nina_mccormick@EMAILHIDDEN.de>, size=721, nrcpt=1 (queue active)
Jan 16 16:35:18 srv postfix/qmgr[21681]: D596B1992C46: from=<marie_greene@EMAILHIDDEN.de>, size=759, nrcpt=1 (queue active)
Jan 16 16:35:18 srv postfix/qmgr[21681]: DA50A19D23AA: from=<bianca_nicholson@EMAILHIDDEN.de>, size=1035, nrcpt=1 (queue active)
Jan 16 16:35:18 srv postfix/qmgr[21681]: DD1B119631C5: from=<fay_harris@EMAILHIDDEN.de>, size=689, nrcpt=1 (queue active)
Jan 16 16:35:18 srv postfix/qmgr[21681]: DAFFB1A5283A: from=<aurora_russo@EMAILHIDDEN.de>, size=701, nrcpt=1 (queue active)
Jan 16 16:35:18 srv postfix/qmgr[21681]: D35551973F5F: from=<fern_love@EMAILHIDDEN.de>, size=915, nrcpt=1 (queue active)
Jan 16 16:35:18 srv postfix/qmgr[21681]: D73701992506: from=<noreen_bright@EMAILHIDDEN.de>, size=807, nrcpt=1 (queue active)
Jan 16 16:35:18 srv postfix/qmgr[21681]: D68EE1B52AD4: from=<rose_hale@EMAILHIDDEN.de>, size=705, nrcpt=1 (queue active)
Jan 16 16:35:18 srv postfix/qmgr[21681]: DE6651956F40: from=<andrea_snider@EMAILHIDDEN.de>, size=750, nrcpt=1 (queue active)
Jan 16 16:35:18 srv postfix/qmgr[21681]: DC7421972752: from=<sheena_mcclure@EMAILHIDDEN.de>, size=765, nrcpt=1 (queue active)
Jan 16 16:35:18 srv postfix/qmgr[21681]: D9B3A1963DF3: from=<goldie_byers@EMAILHIDDEN.de>, size=692, nrcpt=1 (queue active)
Jan 16 16:35:18 srv postfix/qmgr[21681]: D94AE1D53443: from=<lorna_christian@EMAILHIDDEN.de>, size=763, nrcpt=1 (queue active)
Jan 16 16:35:18 srv postfix/qmgr[21681]: D253A19726DA: from=<ruthie_taylor@EMAILHIDDEN.de>, size=1028, nrcpt=1 (queue active)
Jan 16 16:35:18 srv postfix/qmgr[21681]: D68D719570DF: from=<christi_atkinson@EMAILHIDDEN.de>, size=788, nrcpt=1 (queue active)
Jan 16 16:35:18 srv postfix/smtp[23772]: A1E8C1B526AA: host gmail-smtp-in.l.google.com[74.125.136.27] said: 421-4.7.0 [188.40.57.189 15] Our system has detected an unusual rate of 421-4.7.0 unsolicited mail originating from your IP address. To protect our 421-4.7.0 users from spam, mail sent from your IP address has been temporarily 421-4.7.0 rate limited. Please visit 421-4.7.0 http://www.google.com/mail/help/bulk_mail.html to review our Bulk 421 4.7.0 Email Senders Guidelines. r3si4777508wix.30 - gsmtp (in reply to end of DATA command)

Ich bekomme auch hin und wieder Abuse-Emails von meinem Serveranbieter weitergeleitet.
(Ich habe die richtige eMail mit EMAILHIDDEN.de ausgetauscht, also bitte nicht wundern.)

Und meine zweite Frage:

Wenn ich eMails versenden möchte kommt immer eine Fehlermeldung vom Server:

> 17/01/2015, 09:38:12: SEND - authenticating (software CRAM-MD5)...
> 17/01/2015, 09:38:14: SEND - Server reports error. The response is: 5.7.8 Error: authentication failed:
> 17/01/2015, 09:38:16: SEND - Server reports error. The response is: 5.7.8 Error: authentication failed:
> 17/01/2015, 09:38:16: SEND - authenticating (login)...

Einstellungen im eMail Programm sind alle korrekt, habe ich durch den Hersteller prüfen lassen. Muss ein Server-Fehler sein. Was genau muss ich denn fixen?

Post by **screamfine** » 2015-01-18 00:51

Hier noch meine postfix main.cf:

myhostname = mail.HIDDENEMAIL.de
myorigin = $myhostname
mydestination = $myhostname
mynetworks = 127.0.0.0/8

inet_protocols = ipv4
biff = no
append_dot_mydomain = no

alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases

smtpd_banner = $myhostname ESMTP Mailserver
smtpd_helo_required = yes
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_unverified_recipient,
reject_unauth_destination,
#check_policy_service inet:127.0.0.1:10023,
#check_policy_service inet:127.0.0.1:12525,
permit

strict_rfc821_envelopes = yes

smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =

smtp_sasl_auth_enable = no
broken_sasl_auth_clients = yes

virtual_mailbox_base = /var/www/mails/
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual_mailbox_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual_mailbox_domains.cf
virtual_alias_domains =
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual_alias_maps.cf
virtual_uid_maps = static:2000
virtual_gid_maps = static:2000

dovecot_destination_recipient_limit = 1
virtual_transport = dovecot

----

Ist hier vielleicht eine Lücke, die ich schließen sollte?

Post by **Joe User** » 2015-01-18 03:01

Keine Ahnung welches veraltete und unvollständige HowTo Du Dir als Quelle ausgesucht hast, aber eine brauchbare main.cf sieht eher so aus:

Code: Select all

allow_percent_hack = no
biff = no
broken_sasl_auth_clients = yes
command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
daemon_directory = /usr/local/libexec/postfix
data_directory = /data/db/postfix
disable_vrfy_command = yes
dovecot_destination_recipient_limit = 1
enable_long_queue_ids = yes
fast_flush_domains =
home_mailbox = .maildir/
html_directory = no
inet_interfaces = all
inet_protocols = all
mail_owner = postfix
mail_spool_directory = /data/vmail
mailbox_size_limit = 0
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
masquerade_domains = $mydomain
masquerade_exceptions = root, mailer-daemon
message_size_limit = 0
mydestination = $myhostname, localhost.$mydomain, localhost
mydomain = example.org
myhostname = mail.$mydomain
mynetworks_style = host
newaliases_path = /usr/local/bin/newaliases
notify_classes = data, protocol, resource, software
postscreen_access_list = permit_mynetworks
postscreen_blacklist_action = ignore
postscreen_greet_action = enforce
postscreen_non_smtp_command_enable = yes
postscreen_pipelining_enable = yes
queue_directory = /data/spool/postfix
readme_directory = no
recipient_delimiter = +
remote_header_rewrite_domain = domain.invalid
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
show_user_unknown_table_name = no
smtp_address_preference = ipv4
smtp_tls_CAfile = /usr/local/share/certs/ca-root-nss.crt
smtp_tls_ciphers = medium
smtp_tls_exclude_ciphers = CAMELLIA, RC4, 3DES, IDEA, SEED, PSK, SRP, DSS, eNULL, aNULL, MEDIUM, LOW, EXP
smtp_tls_loglevel = 1
smtp_tls_mandatory_ciphers = medium
smtp_tls_mandatory_exclude_ciphers = CAMELLIA, RC4, 3DES, IDEA, SEED, PSK, SRP, DSS, eNULL, aNULL, MEDIUM, LOW, EXP
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
smtp_tls_note_starttls_offer = yes
smtp_tls_protocols = !SSLv2, !SSLv3
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:/data/db/postfix/smtp_scache
smtp_use_tls = yes
smtpd_client_port_logging = yes
smtpd_client_restrictions =
  sleep 1,
  reject_unknown_reverse_client_hostname,
  permit
smtpd_data_restrictions =
  reject_unauth_pipelining,
  permit
smtpd_etrn_restrictions =
  reject
smtpd_helo_required = yes
smtpd_helo_restrictions =
  reject_invalid_helo_hostname,
  reject_non_fqdn_helo_hostname,
  permit
smtpd_recipient_restrictions =
  permit_mynetworks,
  permit_sasl_authenticated,
  reject_non_fqdn_recipient,
  reject_unknown_recipient_domain,
  check_recipient_mx_access cidr:/usr/local/etc/postfix/mx_access,
  check_recipient_access pcre:/usr/local/etc/postfix/recipient_checks.pcre,
  reject_rbl_client cbl.abuseat.org,
  reject_rbl_client ix.dnsbl.manitu.net,
  reject_rbl_client zen.spamhaus.org,
  permit
smtpd_relay_restrictions =
  permit_mynetworks,
  permit_sasl_authenticated,
  defer_unauth_destination,
  permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = private/auth
smtpd_sender_restrictions =
  reject_non_fqdn_sender,
  reject_unknown_sender_domain,
  permit
smtpd_tls_CAfile = /data/pki/ca/component-ca-chain.pem
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /data/pki/certs/mail.example.org.crt
smtpd_tls_ciphers = medium
smtpd_tls_dh1024_param_file = /data/pki/certs/dh_params.pem
smtpd_tls_dh512_param_file = /data/pki/certs/dh_params.pem
smtpd_tls_eecdh_grade = strong
smtpd_tls_exclude_ciphers = CAMELLIA, RC4, 3DES, IDEA, SEED, PSK, SRP, DSS, eNULL, aNULL, MEDIUM, LOW, EXP
smtpd_tls_key_file = /data/pki/private/mail.example.org.key
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_mandatory_exclude_ciphers = CAMELLIA, RC4, 3DES, IDEA, SEED, PSK, SRP, DSS, eNULL, aNULL, MEDIUM, LOW, EXP
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:/data/db/postfix/smtpd_scache
smtpd_use_tls = yes
strict_rfc821_envelopes = yes
tls_daemon_random_bytes = 64
tls_high_cipherlist = EECDH+CHACHA20 EECDH+AESGCM EECDH+SHA384 EECDH+SHA256 EECDH+SHA ECDH+CHACHA20 ECDH+AESGCM ECDH+SHA384 ECDH+SHA256 ECDH+SHA EDH+CHACHA20 EDH+AESGCM EDH+SHA384 EDH+SHA256 EDH+SHA
tls_medium_cipherlist = EECDH+CHACHA20 EECDH+AESGCM EECDH+SHA384 EECDH+SHA256 EECDH+SHA ECDH+CHACHA20 ECDH+AESGCM ECDH+SHA384 ECDH+SHA256 ECDH+SHA EDH+CHACHA20 EDH+AESGCM EDH+SHA384 EDH+SHA256 EDH+SHA CHACHA20 AESGCM SHA384 SHA256 SHA
tls_preempt_cipherlist = yes
tls_random_bytes = 64
tls_ssl_options = NO_COMPRESSION
unknown_local_recipient_reject_code = 450
virtual_alias_domains = hash:/usr/local/etc/postfix/virtual_alias_domains
virtual_alias_maps = hash:/usr/local/etc/postfix/virtual_alias_maps
virtual_gid_maps = static:5000
virtual_mailbox_base = /data/vmail
virtual_mailbox_domains = hash:/usr/local/etc/postfix/virtual_mailbox_domains
virtual_mailbox_limit = 0
virtual_mailbox_maps = hash:/usr/local/etc/postfix/virtual_mailbox_maps
virtual_minimum_uid = 5000
virtual_transport = dovecot
virtual_uid_maps = static:5000

Dazu die master.cf entsprechend anpassen:

Code: Select all

submission inet n       -       n       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o milter_macro_daemon_name=ORIGINATING
dovecot   unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail:vmail argv=/usr/local/libexec/dovecot/dovecot-lda -f ${sender} -a ${recipient} -d ${user}@${nexthop}

Bitte nicht blind übernehmen, sondern mit der offiziellen Dokumentation und dem eigenen System abgleichen.

Dovecot wirst Du wohl ebenso ungünstig konfiguriert haben, also bitte auch dort nacharbeiten.

Dein Logauszug ist unvollständig, es fehlen die relevanten Einlieferungen und gegebenenfalls Logins.
Auf Grund Deiner main.cf vermute ich mal stark, dass Du einen offenen Relay betreibst...

RootForum Community

Jemand spamt von meinem Server? und Auth Problem!

Jemand spamt von meinem Server? und Auth Problem!

Re: Jemand spamt von meinem Server? und Auth Problem!

Re: Jemand spamt von meinem Server? und Auth Problem!