Probleme de sécurité avec postfix

Questions relatives à la sécurité de votre système : firewall, SELinux, etc...
Avatar de l’utilisateur
neowdj1
Messages : 262
Inscription : 25 octobre 2009, 23:30
Localisation : Lille

Probleme de sécurité avec postfix

Message par neowdj1 » 31 janvier 2010, 22:47

Bonsoir, j'ai l'impression que mon serveur postfix a un problème de sécurité.
j'ai installé fail2ban et j'ai laissé les configs par default de fail2ban

voici une partie de mon maillog

Code : Tout sélectionner

Jan 31 20:08:15 zeus postfix/qmgr[21953]: BA07438F2BA: to=<greatdevil@tomail.com.tw>, relay=none, delay=3.9, delays=3.8/0.06/0/0, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to localhost[82.216.111.15]: Connection timed out)
Jan 31 20:08:15 zeus postfix/qmgr[21953]: BA07438F2BA: to=<herov3688@tomail.com.tw>, relay=none, delay=3.9, delays=3.8/0.07/0/0, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to localhost[82.216.111.15]: Connection timed out)
Jan 31 20:08:15 zeus postfix/qmgr[21953]: BA07438F2BA: to=<salo2850@tomail.com.tw>, relay=none, delay=3.9, delays=3.8/0.08/0/0, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to localhost[82.216.111.15]: Connection timed out)
Jan 31 20:08:15 zeus postfix/qmgr[21953]: BA07438F2BA: to=<shaho@tomail.com.tw>, relay=none, delay=3.9, delays=3.8/0.08/0/0, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to localhost[82.216.111.15]: Connection timed out)
Jan 31 20:08:15 zeus postfix/qmgr[21953]: BA07438F2BA: to=<tayjih@tomail.com.tw>, relay=none, delay=3.9, delays=3.8/0.09/0/0, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to localhost[82.216.111.15]: Connection timed out)
Jan 31 20:08:15 zeus postfix/qmgr[21953]: BA07438F2BA: to=<ufdanger@tomail.com.tw>, relay=none, delay=3.9, delays=3.8/0.1/0/0, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to localhost[82.216.111.15]: Connection timed out)
Jan 31 20:08:15 zeus postfix/qmgr[21953]: BA07438F2BA: to=<yj3152@tomail.com.tw>, relay=none, delay=3.9, delays=3.8/0.11/0/0, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to localhost[82.216.111.15]: Connection timed out)
Jan 31 20:17:30 zeus postfix/qmgr[21953]: 0556738F2F4: from=<jhqhlrwhsroysp@pchome.com.tw>, size=2826, nrcpt=1 (queue active)
Jan 31 20:17:32 zeus postfix/smtp[25654]: 9F26438F2F8: to=<jhqhlrwhsroysp@pchome.com.tw>, relay=mxs.pchome.com.tw[211.20.188.150]:25, delay=1.4, delays=0.05/0.01/0.98/0.34, dsn=5.1.1, status=bounced (host mxs.pchome.com.tw[211.20.188.150] said: 550 5.1.1 <jhqhlrwhsroysp@pchome.com.tw>: Recipient address rejected: User unknown in relay recipient table (in reply to RCPT TO command))
Jan 31 20:28:50 zeus postfix/qmgr[21953]: 7D9FD38F2F4: from=<nbdyurgwdqgh@pchome.com.tw>, size=2571, nrcpt=1 (queue active)
Jan 31 20:28:50 zeus postfix/smtp[25837]: 7D9FD38F2F4: to=<acer1984@mail.seeder.net.tw>, relay=none, delay=1.7, delays=1.4/0.11/0.2/0, dsn=5.4.6, status=bounced (mail for mail.seeder.net.tw loops back to myself)
Jan 31 20:28:53 zeus postfix/smtp[25837]: EBA0A38F2F8: to=<nbdyurgwdqgh@pchome.com.tw>, relay=mxs.pchome.com.tw[211.20.188.150]:25, delay=2.2, delays=0.03/0/0.97/1.2, dsn=5.1.1, status=bounced (host mxs.pchome.com.tw[211.20.188.150] said: 550 5.1.1 <nbdyurgwdqgh@pchome.com.tw>: Recipient address rejected: User unknown in relay recipient table (in reply to RCPT TO command))

Code : Tout sélectionner

[root@mail ~]# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = all
mail_owner = postfix
manpage_directory = /usr/share/man
mydestination = $myhostname,localhost.$mydomain,localhost,zeus.**********.com, *******
mydomain = ************
myhostname = mail.*******
myorigin = zeus.***********
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /save01/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
relay_domains = $mydestination, **************
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks,check_relay_domains
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname, *********, **********, **********
unknown_local_recipient_reject_code = 550
virtual_gid_maps = static:504
virtual_mailbox_base = /save01/vbox
virtual_mailbox_domains = $mydomain,*****************
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox
virtual_minimum_uid = 100
virtual_uid_maps = static:504

une idée pour eviter ce genre de problème ?

Avatar de l’utilisateur
neowdj1
Messages : 262
Inscription : 25 octobre 2009, 23:30
Localisation : Lille

Re: Probleme de sécurité avec postfix

Message par neowdj1 » 02 février 2010, 15:49

une idée ?

Avatar de l’utilisateur
nouvo09
Messages : 2171
Inscription : 20 octobre 2009, 08:14
Localisation : Paris, France

Re: Probleme de sécurité avec postfix

Message par nouvo09 » 02 février 2010, 17:40

Bonsoir, j'ai l'impression que mon serveur postfix a un problème de sécurité.
Qu'est ce qui te fait supposer ça au juste ?
C'est pas parce que c'est difficile qu'on ose pas,
c'est parce qu'on ose pas que c'est difficile !

Avatar de l’utilisateur
neowdj1
Messages : 262
Inscription : 25 octobre 2009, 23:30
Localisation : Lille

Re: Probleme de sécurité avec postfix

Message par neowdj1 » 02 février 2010, 19:38

mon maillog


Code : Tout sélectionner

[root@mail ~]# postqueue -p
*-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
98FF738F2DB     2482 Fri Jan 29 13:39:40  ahbcfi@hotmail.com      
                   (connect to localhost[82.216.111.15]: Connection timed out)
                                         j02017@tomail.com.tw                 
                                         johnes2266@tomail.com.tw             
                                         maneisboy@tomail.com.tw              
                                         ufiycc@tomail.com.tw                 

9622A38F2E0     2586 Sat Jan 30 00:04:13  lpemhqeyob@pchome.com.tw
                   (connect to localhost[82.216.111.15]: Connection timed out)
                                         coolnic@tomail.com.tw                
                                         greatfu@tomail.com.tw                
                                         kib13250@tomail.com.tw               
                                         leo183@tomail.com.tw                 
                                         linetham@tomail.com.tw               
                                         lingling1222@tomail.com.tw           
                                         silent9@tomail.com.tw                

9D9D538F32A     6607 Mon Feb  1 08:22:40  MAILER-DAEMON
(host a.mx.mail.yahoo.com[67.195.168.31] refused to talk to me: 553 5.7.1 [BL21] Connections not accepted from 85.170.254.184 due to being on Spamhaus; see http://postmaster.yahoo.com/550-bl23.html)                                                                                                                    
                                         qhevtmqe@yahoo.com                                                                                                  

9597C38F292     2502 Sat Jan 30 14:08:50  nvhyk@yahoo.com
                   (connect to localhost[82.216.111.15]: Connection timed out)
                                         bullman@tomail.com.tw                
                                         koyoko@tomail.com.tw                 
                                         ufdyc033@tomail.com.tw               
                                         uhunzc@tomail.com.tw                 
                                         v8626101@tomail.com.tw               

9850738F2C1     5195 Tue Feb  2 14:32:27  MAILER-DAEMON
(host c.mx.mail.yahoo.com[206.190.54.127] refused to talk to me: 553 5.7.1 [BL21] Connections will not be accepted from 85.170.254.184, because the ip is in Spamhaus's list; see http://postmaster.yahoo.com/550-bl23.html)                                                                                              
                                         kpyhincpoq@yahoo.com                                                                                                

9BA8938F31A     2869 Sun Jan 31 03:49:01  MAILER-DAEMON
(host b.mx.mail.yahoo.com[74.6.136.65] refused to talk to me: 553 5.7.1 [BL21] Connections not accepted from 85.170.254.184 due to being on Spamhaus; see http://postmaster.yahoo.com/550-bl23.html)                                                                                                                      
                                         gdnwd@yahoo.com                                                                                                     

974ED38F2A2     3166 Sun Jan 31 22:34:54  juimglqxkglfti@hotmail.com
                   (connect to localhost[82.216.111.15]: Connection timed out)
                                         b863002@tomail.com.tw                
                                         coco4986@tomail.com.tw               
                                         dorothychen@tomail.com.tw            
                                         lib06@tomail.com.tw                  
                                         rosiel3@tomail.com.tw                
                                         v8626101@tomail.com.tw               

97D6938F2BE     2209 Fri Jan 29 23:54:57  lwkpqtblyy@gmail.com
                   (connect to localhost[82.216.111.15]: Connection timed out)
                                         e8615216@tomail.com.tw               
                                         gnursing@tomail.com.tw               
                                         jami0506@tomail.com.tw               
                                         joann333@tomail.com.tw               
                                         lib03@tomail.com.tw                  
                                         tswu4631@tomail.com.tw               

9BBBC38F2FB     7825 Sat Jan 30 16:55:21  MAILER-DAEMON
(host c.mx.mail.yahoo.com[206.190.54.127] refused to talk to me: 553 5.7.1 [BL21] Connections will not be accepted from 85.170.254.184, because the ip is in Spamhaus's list; see http://postmaster.yahoo.com/550-bl23.html)                                                                                              
                                         xulie@yahoo.com                                                                                                     

AA14F38F2AD     2496 Tue Feb  2 12:14:26  laqjigkfasegwj@pchome.com.tw
                   (connect to localhost[82.216.111.15]: Connection timed out)
                                         crash0312@tomail.com.tw              
                                         yhamboc@tomail.com.tw                

A885538F285     5910 Sat Jan 30 23:45:54  MAILER-DAEMON
(host c.mx.mail.yahoo.com[206.190.54.127] refused to talk to me: 553 5.7.1 [BL21] Connections will not be accepted from 85.170.254.184, because the ip is in Spamhaus's list; see http://postmaster.yahoo.com/550-bl23.html)                                                                                              
                                         ifzvcymtrlx@yahoo.com                                                                                               

ABF8738F2F7     5786 Mon Feb  1 05:21:39  MAILER-DAEMON
(host c.mx.mail.yahoo.com[206.190.54.127] refused to talk to me: 553 5.7.1 [BL21] Connections will not be accepted from 85.170.254.184, because the ip is in Spamhaus's list; see http://postmaster.yahoo.com/550-bl23.html)                                                                                              
                                         titqpnqf@yahoo.com                                                                                                  

A163D38F2E7     4370 Sat Jan 30 02:26:32  MAILER-DAEMON
(delivery temporarily suspended: host c.mx.mail.yahoo.com[206.190.54.127] refused to talk to me: 553 5.7.1 [BL21] Connections will not be accepted from 85.170.254.184, because the ip is in Spamhaus's list; see http://postmaster.yahoo.com/550-bl23.html)                                                              
                                         xfzmdea@yahoo.com                                                                                                   

A39E638F312     2570 Sat Jan 30 22:01:19  lcenqigtlimlf@pchome.com.tw
                   (connect to localhost[82.216.111.15]: Connection timed out)
                                         885775@tomail.com.tw                 
                                         fotoworker@tomail.com.tw             
                                         laiangustw@tomail.com.tw             
                                         utux0315@tomail.com.tw               
                                         yhangyc@tomail.com.tw                

20ED238F2CD     7299 Sun Jan 31 17:50:01  MAILER-DAEMON
(delivery temporarily suspended: host c.mx.mail.yahoo.com[206.190.54.127] refused to talk to me: 553 5.7.1 [BL21] Connections will not be accepted from 85.170.254.184, because the ip is in Spamhaus's list; see http://postmaster.yahoo.com/550-bl23.html)                                                              
                                         obrulf@yahoo.com                                                                                                    

27D4638F2B8     8094 Mon Feb  1 23:47:34  MAILER-DAEMON
(host h.mx.mail.yahoo.com[66.94.236.34] refused to talk to me: 553 5.7.1 [BL21] Connections not accepted from 85.170.254.184 due to being on Spamhaus; see http://postmaster.yahoo.com/550-bl23.html)                                                                                                                     
                                         levavtnl@yahoo.com                                                                                                  

2AC6938F29E     2836 Sat Jan 30 11:32:29  lcwxixbljzksne@pchome.com.tw
                   (connect to localhost[82.216.111.15]: Connection timed out)
                                         cony726@tomail.com.tw                
                                         joy0813@tomail.com.tw                
                                         miffytc@tomail.com.tw                
                                         wfcafl@tomail.com.tw                 
                                         x210532@tomail.com.tw                
                                         yush222@tomail.com.tw                

261D438F29D     2626 Sun Jan 31 23:02:27  gymmdtvqylur@pchome.com.tw
                   (connect to localhost[82.216.111.15]: Connection timed out)
                                         32736@tomail.com.tw                  
                                         cat977@tomail.com.tw                 
                                         faraway2000@tomail.com.tw            
                                         hopewish@tomail.com.tw               
                                         joarmani@tomail.com.tw               
                                         wanwenlo@tomail.com.tw               
                                         yollv@tomail.com.tw                  

2073538F2F3     2617 Mon Feb  1 11:09:05  gzoddputdvp@pchome.com.tw
(delivery temporarily suspended: connect to localhost[82.216.111.15]: Connection timed out)
                                         rwitzes@tomail.com.tw                             
                                         yang0626@tomail.com.tw                            

2BBF438F327     4740 Mon Feb  1 09:56:23  MAILER-DAEMON
(delivery temporarily suspended: host c.mx.mail.yahoo.com[206.190.54.127] refused to talk to me: 553 5.7.1 [BL21] Connections will not be accepted from 85.170.254.184, because the ip is in Spamhaus's list; see http://postmaster.yahoo.com/550-bl23.html)                                                              
                                         awsvch@yahoo.com                                                                                                    

21A3338F2DE     5194 Fri Jan 29 07:37:37  MAILER-DAEMON
(delivery temporarily suspended: host c.mx.mail.yahoo.com[206.190.54.127] refused to talk to me: 553 5.7.1 [BL21] Connections will not be accepted from 85.170.254.184, because the ip is in Spamhaus's list; see http://postmaster.yahoo.com/550-bl23.html)                                                              
                                         iftvkpvecavvvz@yahoo.com                                                                                            

2510E38F2FD     2563 Sat Jan 30 18:25:11  ijqlye@pchome.com.tw
(delivery temporarily suspended: connect to localhost[82.216.111.15]: Connection timed out)
                                         may-cf@tomail.com.tw                              

213F238F2B3     4846 Sat Jan 30 11:56:07  MAILER-DAEMON
(delivery temporarily suspended: host c.mx.mail.yahoo.com[206.190.54.127] refused to talk to me: 553 5.7.1 [BL21] Connections will not be accepted from 85.170.254.184, because the ip is in Spamhaus's list; see http://postmaster.yahoo.com/550-bl23.html)                                                              
                                         bubsjrzey@yahoo.com                                                                                                 

57BEE38F2E2     2971 Sat Jan 30 12:43:40  MAILER-DAEMON
(delivery temporarily suspended: host c.mx.mail.yahoo.com[206.190.54.127] refused to talk to me: 553 5.7.1 [BL21] Connections will not be accepted from 85.170.254.184, because the ip is in Spamhaus's list; see http://postmaster.yahoo.com/550-bl23.html)                                                              
                                         ruiuty@yahoo.com                                                                                                    

5654B38F2E5     8244 Sun Jan 31 11:36:51  MAILER-DAEMON
(delivery temporarily suspended: host c.mx.mail.yahoo.com[206.190.54.127] refused to talk to me: 553 5.7.1 [BL21] Connections will not be accepted from 85.170.254.184, because the ip is in Spamhaus's list; see http://postmaster.yahoo.com/550-bl23.html)                                                              
                                         wircbcscxzsm@yahoo.com                                                                                              

5CB5D38F2EE     8171 Sat Jan 30 14:22:50  MAILER-DAEMON
(delivery temporarily suspended: host c.mx.mail.yahoo.com[206.190.54.127] refused to talk to me: 553 5.7.1 [BL21] Connections will not be accepted from 85.170.254.184, because the ip is in Spamhaus's list; see http://postmaster.yahoo.com/550-bl23.html)                                                              
                                         mhzlfpfteks@yahoo.com                                                                                               

5B3AD38F2B7     3391 Tue Feb  2 12:33:21  mqscsvvj@yahoo.com
(delivery temporarily suspended: connect to localhost[82.216.111.15]: Connection timed out)
                                         1985linda@tomail.com.tw                           
                                         beryl777@tomail.com.tw                            
                                         cw103@tomail.com.tw                               
                                         homwaylin@tomail.com.tw                           
                                         iuser@tomail.com.tw                               
                                         lup2000@tomail.com.tw                             
                                         miakayuuki@tomail.com.tw                          
                                         uobinhsr@tomail.com.tw                            

597E038F300     4540 Sat Jan 30 18:34:11  MAILER-DAEMON
(delivery temporarily suspended: host c.mx.mail.yahoo.com[206.190.54.127] refused to talk to me: 553 5.7.1 [BL21] Connections will not be accepted from 85.170.254.184, because the ip is in Spamhaus's list; see http://postmaster.yahoo.com/550-bl23.html)                                                              
                                         iwurnpzybcladc@yahoo.com                                                                                            

54BB538F2A8     4184 Fri Jan 29 22:04:48  MAILER-DAEMON
(delivery temporarily suspended: host c.mx.mail.yahoo.com[206.190.54.127] refused to talk to me: 553 5.7.1 [BL21] Connections will not be accepted from 85.170.254.184, because the ip is in Spamhaus's list; see http://postmaster.yahoo.com/550-bl23.html)                                                              
                                         mzpyeryfcavcg@yahoo.com                                                                                             

B745038F2FE     2474 Sat Jan 30 20:41:19  qxxomchvn@pchome.com.tw
                   (connect to localhost[82.216.111.15]: Connection timed out)
                                         comord@tomail.com.tw                 
                                         end3456@tomail.com.tw                
                                         ufau0219@tomail.com.tw               
                                         wchinw@tomail.com.tw                 

B7AB838F31E     4859 Mon Feb  1 02:08:19  MAILER-DAEMON
(host d.mx.mail.yahoo.com[209.191.88.254] refused to talk to me: 553 5.7.1 [BL21] Connections not accepted from 85.170.254.184 due to being on Spamhaus; see http://postmaster.yahoo.com/550-bl23.html)                                                                                                                   
                                         qobqbqkgkvncv@yahoo.com                                                                                             

B2DF138F25E     6277 Fri Jan 29 18:02:34  MAILER-DAEMON
(delivery temporarily suspended: host c.mx.mail.yahoo.com[206.190.54.127] refused to talk to me: 553 5.7.1 [BL21] Connections will not be accepted from 85.170.254.184, because the ip is in Spamhaus's list; see http://postmaster.yahoo.com/550-bl23.html)                                                              
                                         acfxonxzqyd@yahoo.com                                                                                               

BD60538F2BC     2554 Tue Feb  2 13:16:25  abqftanw@hotmail.com
                   (connect to localhost[82.216.111.15]: Connection timed out)
                                         885775@tomail.com.tw                 
                                         jane41@tomail.com.tw                 
                                         mokey25@tomail.com.tw                

BB79238F2C4     4505 Sun Jan 31 20:01:23  MAILER-DAEMON
(delivery temporarily suspended: host c.mx.mail.yahoo.com[206.190.54.127] refused to talk to me: 553 5.7.1 [BL21] Connections will not be accepted from 85.170.254.184, because the ip is in Spamhaus's list; see http://postmaster.yahoo.com/550-bl23.html)                                                              
                                         ricnkyksjz@yahoo.com                                                                                                

BA07438F2BA     2666 Sun Jan 31 20:08:11  uenwafvitmqws@pchome.com.tw
(delivery temporarily suspended: connect to localhost[82.216.111.15]: Connection timed out)
                                         dream7235@tomail.com.tw                           
                                         greatdevil@tomail.com.tw                          
                                         herov3688@tomail.com.tw                           
                                         salo2850@tomail.com.tw                            
                                         shaho@tomail.com.tw                               
                                         tayjih@tomail.com.tw                              
                                         ufdanger@tomail.com.tw                            
                                         yj3152@tomail.com.tw      

 [...]  

Avatar de l’utilisateur
nouvo09
Messages : 2171
Inscription : 20 octobre 2009, 08:14
Localisation : Paris, France

Re: Probleme de sécurité avec postfix

Message par nouvo09 » 02 février 2010, 20:02

Pour ma part je ne vois rien d'inquiétant là-dedans, non.
C'est pas parce que c'est difficile qu'on ose pas,
c'est parce qu'on ose pas que c'est difficile !

foobar47
Messages : 4
Inscription : 05 février 2010, 13:20

Re: Probleme de sécurité avec postfix

Message par foobar47 » 05 février 2010, 15:44

Oui au contraire, les spams sont bloqués, ton postfix ne sert pas de relais de messagerie, donc tout va bien...

Avatar de l’utilisateur
neowdj1
Messages : 262
Inscription : 25 octobre 2009, 23:30
Localisation : Lille

Re: Probleme de sécurité avec postfix

Message par neowdj1 » 05 février 2010, 18:14

certainement mais vu que l'ip de mon FAI m'est en dynamique et que cette ip est blacklister je suis obliger de passer mais le smtp de mon fai

Avatar de l’utilisateur
nouvo09
Messages : 2171
Inscription : 20 octobre 2009, 08:14
Localisation : Paris, France

Re: Probleme de sécurité avec postfix

Message par nouvo09 » 05 février 2010, 18:27

neowdj1 a écrit :certainement mais vu que l'ip de mon FAI m'est en dynamique et que cette ip est blacklister je suis obliger de passer mais le smtp de mon fai
et en clair ça signifie quoi ça ?
C'est pas parce que c'est difficile qu'on ose pas,
c'est parce qu'on ose pas que c'est difficile !

Verrouillé