relais de spams+postfix - Sécurité - Systèmes & Réseaux Pro
MarshPosté le 28-04-2008 à 18:12:54
Bonjour tout le monde,
J'ai un serveur de messagerie postfix installé sur une debian. la queue des messages est pleines avec les spams, j'ai essayé de vider la queue mais tjr pleine.j'ai spamassain comme antisapm
mon main.cf est comme suit ############# # See /usr/share/postfix/main.cf.dist for a commented, more complete version smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no setgid_group = postdrop # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h alias_maps = hashetc/aliases alias_database = hashetc/aliases local_recipient_maps = mydomain = lll.lll myhostname = lll.lll.lll myorigin = /etc/mailname mydestination = $mydomain, $myhostname, localhost.localdomain, localhost #mynetworks=hashetc/postfix/relay_hosts mynetworks = 127.0.0.1, 196.lll.lll.0/24, 10.0.0.0/8 #relay_domains=$mydestination $mynetworks mailbox_command = procmail -a "$EXTENSION" mailbox_size_limit = 0 recipient_delimiter = + # -- ajoute pour clamsmtp -- content_filter = scan:127.0.0.1:10025 receive_override_options = no_address_mappings # -- end -- #queue_run_delay=3600 #header_checks=regexpetc/postfix/header_checks
master.cf ########## # # Postfix master process configuration file. Each logical line # describes how a Postfix daemon program should be run. # # A logical line starts with non-whitespace, non-comment text. # Empty lines and whitespace-only lines are ignored, as are comment # lines whose first non-whitespace character is a `#'. # A line that starts with whitespace continues a logical line. # # The fields that make up each line are described below. A "-" field # value requests that a default value be used for that field. # # Service: any name that is valid for the specified transport type # (the next field). With INET transports, a service is specified as # host:port. The host part (and colon) may be omitted. Either host # or port may be given in symbolic form or in numeric form. Examples # for the SMTP server: localhost:smtp receives mail via the loopback # interface only; 10025 receives mail on port 10025. # # Transport type: "inet" for Internet sockets, "unix" for UNIX-domain # sockets, "fifo" for named pipes. # # Private: whether or not access is restricted to the mail system. # Default is private service. Internet (inet) sockets can't be private. # # Unprivileged: whether the service runs with root privileges or as # the owner of the Postfix system (the owner name is controlled by the # mail_owner configuration variable in the main.cf file). Only the # pipe, virtual and local delivery daemons require privileges. # # Chroot: whether or not the service runs chrooted to the mail queue # directory (pathname is controlled by the queue_directory configuration # variable in the main.cf file). Presently, all Postfix daemons can run # chrooted, except for the pipe, virtual and local delivery daemons. # The proxymap server can run chrooted, but doing so defeats most of # the purpose of having that service in the first place. # The files in the examples/chroot-setup subdirectory describe how # to set up a Postfix chroot environment for your type of machine. # # Wakeup time: automatically wake up the named service after the # specified number of seconds. A ? at the end of the wakeup time # field requests that wake up events be sent only to services that # are actually being used. Specify 0 for no wakeup. Presently, only # the pickup, queue manager and flush daemons need a wakeup timer. # # Max procs: the maximum number of processes that may execute this # service simultaneously. Default is to use a globally configurable # limit (the default_process_limit configuration parameter in main.cf). # Specify 0 for no process count limit. # # Command + args: the command to be executed. The command name is # relative to the Postfix program directory (pathname is controlled by # the daemon_directory configuration variable). Adding one or more # -v options turns on verbose logging for that service; adding a -D # option enables symbolic debugging (see the debugger_command variable # in the main.cf configuration file). See individual command man pages # for specific command-line options, if any. # # General main.cf options can be overridden for specific services. # To override one or more main.cf options, specify them as arguments # below, preceding each option by "-o". There must be no whitespace # in the option itself (separate multiple values for an option by # commas). # # In order to use the "uucp" message tranport below, set up entries # in the transport table. # # In order to use the "cyrus" message transport below, configure it # in main.cf as the mailbox_transport. # # SPECIFY ONLY PROGRAMS THAT ARE WRITTEN TO RUN AS POSTFIX DAEMONS. # ALL DAEMONS SPECIFIED HERE MUST SPEAK A POSTFIX-INTERNAL PROTOCOL. # # DO NOT SHARE THE POSTFIX QUEUE BETWEEN MULTIPLE POSTFIX INSTANCES. # # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== smtp inet n - n - - smtpd -o content_filter=spamassassin #127.0.0.1:smtp-backdoor inet n -n - - smtpd -o content_filter= #submission inet n - - - - smtpd -v # -o smtpd_etrn_restrictions=reject #628 inet n - - - - qmqpd pickup fifo n - - 60 1 pickup cleanup unix n - - - 0 cleanup qmgr fifo n - - 300 1 qmgr #qmgr fifo n - - 300 1 oqmgr rewrite unix - - - - - trivial-rewrite bounce unix - - - - 0 bounce defer unix - - - - 0 bounce trace unix - - - - 0 bounce verify unix - - - - 1 verify flush unix n - - 1000? 0 flush proxymap unix - - - - - proxymap smtp unix - - - - - smtp relay unix - - - - - smtp # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - - - - showq error unix - - - - - error local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil # # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # maildrop. See the Postfix MAILDROP_README file for details. # maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -d -t$nexthop -f$sender $recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
# only used by postfix-tls #tlsmgr fifo - - n 300 1 tlsmgr #smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes #587 inet n - n - - smtpd -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes # -- Ajoute pour clamsmtp-- scan unix - - n - 16 smtp -o smtp_send_xforward_command=yes 127.0.0.1:10026 inet n - n - 16 smtpd -o content_filter= -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o smtpd_helo_restrictions= -o smtpd_client_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks_style=host -o smtpd_authorized_xforward_hosts=127.0.0.0/8 # -- spamassassin unix - n n - - pipe user=spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
##########
il marchait trés bien
qd je met
tail /var/log/mail.log me donne pleine
AF9BD2056B4 5240 Sun Apr 27 15:24:40 MAILER-DAEMON (delivery temporarily suspended: host vmx.terra.com[208.70.188.60] refused to talk to me: 450 Client host rejected: cannot find your hostname, [ll.lll.lll.lll]) jasminebashaw@terra.com
AE833421 5268 Sun Apr 27 15:25:16 MAILER-DAEMON (delivery temporarily suspended: host vmx.terra.com[208.70.188.60] refused to talk to me: 450 Client host rejected: cannot find your hostname, [lll.lll.lll.lll]) manuelabashaw@terra.com
Marsh Posté le 28-04-2008 à 18:12:54
Bonjour tout le monde,
J'ai un serveur de messagerie postfix installé sur une debian. la queue des messages est pleines avec les spams, j'ai essayé de vider la queue mais tjr pleine.j'ai spamassain comme antisapm
mon main.cf est comme suit
#############
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
setgid_group = postdrop
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
alias_maps = hashetc/aliases
alias_database = hashetc/aliases
local_recipient_maps =
mydomain = lll.lll
myhostname = lll.lll.lll
myorigin = /etc/mailname
mydestination = $mydomain, $myhostname, localhost.localdomain, localhost
#mynetworks=hashetc/postfix/relay_hosts
mynetworks = 127.0.0.1, 196.lll.lll.0/24, 10.0.0.0/8
#relay_domains=$mydestination $mynetworks
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
# -- ajoute pour clamsmtp --
content_filter = scan:127.0.0.1:10025
receive_override_options = no_address_mappings
# -- end --
#queue_run_delay=3600
#header_checks=regexpetc/postfix/header_checks
smtpd_recipient_restrictions = permit_mynetworks , reject_unauth_destination
##############
master.cf
##########
#
# Postfix master process configuration file. Each logical line
# describes how a Postfix daemon program should be run.
#
# A logical line starts with non-whitespace, non-comment text.
# Empty lines and whitespace-only lines are ignored, as are comment
# lines whose first non-whitespace character is a `#'.
# A line that starts with whitespace continues a logical line.
#
# The fields that make up each line are described below. A "-" field
# value requests that a default value be used for that field.
#
# Service: any name that is valid for the specified transport type
# (the next field). With INET transports, a service is specified as
# host:port. The host part (and colon) may be omitted. Either host
# or port may be given in symbolic form or in numeric form. Examples
# for the SMTP server: localhost:smtp receives mail via the loopback
# interface only; 10025 receives mail on port 10025.
#
# Transport type: "inet" for Internet sockets, "unix" for UNIX-domain
# sockets, "fifo" for named pipes.
#
# Private: whether or not access is restricted to the mail system.
# Default is private service. Internet (inet) sockets can't be private.
#
# Unprivileged: whether the service runs with root privileges or as
# the owner of the Postfix system (the owner name is controlled by the
# mail_owner configuration variable in the main.cf file). Only the
# pipe, virtual and local delivery daemons require privileges.
#
# Chroot: whether or not the service runs chrooted to the mail queue
# directory (pathname is controlled by the queue_directory configuration
# variable in the main.cf file). Presently, all Postfix daemons can run
# chrooted, except for the pipe, virtual and local delivery daemons.
# The proxymap server can run chrooted, but doing so defeats most of
# the purpose of having that service in the first place.
# The files in the examples/chroot-setup subdirectory describe how
# to set up a Postfix chroot environment for your type of machine.
#
# Wakeup time: automatically wake up the named service after the
# specified number of seconds. A ? at the end of the wakeup time
# field requests that wake up events be sent only to services that
# are actually being used. Specify 0 for no wakeup. Presently, only
# the pickup, queue manager and flush daemons need a wakeup timer.
#
# Max procs: the maximum number of processes that may execute this
# service simultaneously. Default is to use a globally configurable
# limit (the default_process_limit configuration parameter in main.cf).
# Specify 0 for no process count limit.
#
# Command + args: the command to be executed. The command name is
# relative to the Postfix program directory (pathname is controlled by
# the daemon_directory configuration variable). Adding one or more
# -v options turns on verbose logging for that service; adding a -D
# option enables symbolic debugging (see the debugger_command variable
# in the main.cf configuration file). See individual command man pages
# for specific command-line options, if any.
#
# General main.cf options can be overridden for specific services.
# To override one or more main.cf options, specify them as arguments
# below, preceding each option by "-o". There must be no whitespace
# in the option itself (separate multiple values for an option by
# commas).
#
# In order to use the "uucp" message tranport below, set up entries
# in the transport table.
#
# In order to use the "cyrus" message transport below, configure it
# in main.cf as the mailbox_transport.
#
# SPECIFY ONLY PROGRAMS THAT ARE WRITTEN TO RUN AS POSTFIX DAEMONS.
# ALL DAEMONS SPECIFIED HERE MUST SPEAK A POSTFIX-INTERNAL PROTOCOL.
#
# DO NOT SHARE THE POSTFIX QUEUE BETWEEN MULTIPLE POSTFIX INSTANCES.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd -o content_filter=spamassassin
#127.0.0.1:smtp-backdoor inet n -n - - smtpd -o content_filter=
#submission inet n - - - - smtpd -v
# -o smtpd_etrn_restrictions=reject
#628 inet n - - - - qmqpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - - 300 1 qmgr
#qmgr fifo n - - 300 1 oqmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - - - - proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
#
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# maildrop. See the Postfix MAILDROP_README file for details.
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -d -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
# only used by postfix-tls
#tlsmgr fifo - - n 300 1 tlsmgr
#smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#587 inet n - n - - smtpd -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
# -- Ajoute pour clamsmtp--
scan unix - - n - 16 smtp
-o smtp_send_xforward_command=yes
127.0.0.1:10026 inet n - n - 16 smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks_style=host
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
# --
spamassassin unix - n n - - pipe
user=spamd argv=/usr/bin/spamc -f -e
/usr/sbin/sendmail -oi -f ${sender} ${recipient}
##########
il marchait trés bien
qd je met
tail /var/log/mail.log me donne pleine
AF9BD2056B4 5240 Sun Apr 27 15:24:40 MAILER-DAEMON
(delivery temporarily suspended: host vmx.terra.com[208.70.188.60] refused to talk to me: 450 Client host rejected: cannot find your hostname, [ll.lll.lll.lll])
jasminebashaw@terra.com
AE833421 5268 Sun Apr 27 15:25:16 MAILER-DAEMON
(delivery temporarily suspended: host vmx.terra.com[208.70.188.60] refused to talk to me: 450 Client host rejected: cannot find your hostname, [lll.lll.lll.lll])
manuelabashaw@terra.com
Aidez moi svp je suis bloquée !!!
Message édité par ami22 le 29-04-2008 à 10:45:10