Dotaz: postfix přijímá tisíce spamů

Zdravim .. mam takovej menší problém najednou mám ve frontě 25000 spamů, nevíte kde bych mohl mít chybu? Lámu si s tim hlavu celej den.

main.cf

smtpd_banner = Apocaliptic.cz ESMTP $mail_name (Debian/GNU)
biff = no
append_dot_mydomain = no
delay_warning_time = 1h
# myhostname = apocaliptic.cz
# myorigin = apocaliptic.cz
# mydestination = $myhostname, localhost.$mydomain, $mydomain, localhost
mydestination = 
relayhost =
mynetworks = 127.0.0.1, 192.168.0.0/16
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
#relay_domains = $mydestiantion
sender_canonical_maps = hash:/etc/postfix/sender_canonical
local_transport = virtual
local_recipient_maps = $virtual_mailbox_maps
#transport_maps = proxy:mysql:$config_direcotory/mysql

# Virtual mailbox settings
virtual_mailbox_domains = proxy:mysql:$config_directory/mysql_virtual_domains_maps.cf
virtual_mailbox_base = /var/vmail
virtual_mailbox_maps = proxy:mysql:$config_directory/mysql_virtual_mailbox_maps.cf
virtual_alias_maps = proxy:mysql:$config_directory/mysql_virtual_alias_maps.cf
virtual_minimum_uid = 150
virtual_uid_maps = static:150
virtual_gid_maps = static:8
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
# SASL Authentication

smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,
    	reject_non_fqdn_hostname,
        reject_invalid_hostname,
        permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_exceptions_networks = $mynetworks
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth

smtpd_recipient_restrictions =
    permit_sasl_authenticated,
    reject_non_fqdn_hostname,
    reject_non_fqdn_sender,
    reject_non_fqdn_recipient,
    reject_unknown_sender_domain,
    reject_unknown_recipient_domain,
    permit_mynetworks,
    reject_unauth_destination,
    reject_rbl_client sbl.spamhaus.org,
    reject_rbl_client bl.spamcop.net,
    permit
                           
smtpd_error_sleep_time = 1s
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 20

smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/access, reject_unknown_sender_domain

#getting rid of slow hosts
transport_maps = hash:/etc/postfix/transport
deadbeats_destination_concurrency_limit = 50

master.cf

#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       -       -       -       smtpd
#submission inet n       -       -       -       -       smtpd
#  -o smtpd_enforce_tls=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#smtps     inet  n       -       -       -       -       smtpd
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#628      inet  n       -       -       -       -       qmqpd
pickup    fifo  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       -       300     1       oqmgr
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       -       -       -       smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay     unix  -       -       -       -       -       smtp
	-o fallback_relay=
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
discard   unix  -       -       -       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       -       -       -       lmtp
anvil     unix  -       -       -       -       1       anvil
scache	  unix	-	-	-	-	1	scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix	-	n	n	-	2	pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}

dovecot unix - n n - - pipe flags=DRhu user=vmail:mail argv=/usr/lib/dovecot/deliver -d $(recipient)
retry     unix  -       -       -       -       -       error
deadbeats         unix  -       -       n       -       -       smtp -o smtp_connect_timeout=5 -o smtp_helo_timeout=5
smtp inet n - n - - smtpd  -o content_filter=spamfilter:dummy
spamfilter unix - n n - - pipe  flags=Rq user=spamfilter argv=/usr/local/bin/spamfilter.sh -f ${sender} -- ${recipient}

No pokud se spoléháš jenom na spamlisty, tak se není čemu divit. Doporučuju zaintegrovat např. ještě SpamAssassin, nebo rovnou Amavis a SpamAssassin jako jeden z jeho modulů. Z dalších modulů použivám Pyzor, DCC, Razor, FuzzyOCR a další.

Zdravim,

pokud Vam prijma postfix spamy, je to tim, ze nemate filtery, cili spam a virovy filtr. Mohu tedy doporucit amavis, spamassassin a clamav. Pokud tohle budete tedy resit, jen pripominam, ze v debianu si pridejte repozitare volatile, coz jsou repozitare, kde jsou aktualni verze softwaru jako je antivir apod, pokud by jste toto neudelal, tak clam vam bude delat potize, je to chybou, ktera je spravena ve verzi prave v volatile repozitarich.

Nyni jste v situaci ze Vam postfix prijme vse az na drobnosti, jako je spatny HELO command apod.Je nutne tedy nastavit omezeni jak na strane postfixu, coz by melo byt v poradku ve Vasich konfiguracich, tak take doplnit o vyse uvedene reseni. Pak by uz spam mel prestat.

Spamassassin uz v masteru vidim, je pak otazka jak je nastaven, co ma s mailem udelat, v amavisu mam napr. nastavene, ze pokud je spam, tak pred odeslanim na muj server zamitnout. Lze ale prijmout, zahodit apod.

jsem to teď doplnil podle tohodle návodu a furt se mě to tam cpe.. LINK + příloha

Zkontrolujte, zdali bezi vsechny demony, amavis a spamasassin, clam. Pote muzete zkusit v /etc/amavis/conf.d/20-debian_defaults zmenit na $final_spam_destiny = D_REJECT, pokud to neni relay server. Pote vyzkousejte.

May 24 22:47:40 sophia postfix/master[30189]: warning: process /usr/lib/postfix/qmgr pid 32423 exit status 1
May 24 22:47:40 sophia postfix/qmgr[32425]: fatal: bad numerical configuration: deadbeats_destination_concurrency_limit = 50content_filter = amavis:[127.0.0.1]:10024
May 24 22:47:41 sophia postfix/master[30189]: warning: process /usr/lib/postfix/qmgr pid 32425 exit status 1
May 24 22:47:41 sophia postfix/qmgr[32429]: fatal: bad numerical configuration: deadbeats_destination_concurrency_limit = 50content_filter = amavis:[127.0.0.1]:10024

Zkontrolujte jeste syntaxi v main.cf, osobne bych na chvili zkusit zakomentovat deadbeats_destination_concurrency_limit = 50, http://www.postfix.org/faq.html , viz tento odkaz prave info k tomu limitu. Mozna problem zmizi, nevim, co presne jste chtel zamezit timto limitem, pocet smtp spojeni jsem resil pres jiny prikaz, zkuste pohledat neco jako smtpd_connection_rate_limit.

Přesně to jsem před 10ti minutama udělal a už ty mejly padaj dolu.. Teď se trochu potí procesor...Díky za nakopnutí.

Tak pak jeste staci poladit v tom amavisu $final_virus_destiny = D_DISCARD; a ostatni hodnoty na Vami pozadovane reseni, viz napoveda zakomentovana primo v tom konfiguraku. Tomu je treba venovat velikou pozornost, protoze pokud spamy rovnou zahazuje, tak se muze stat, ze zahodi i dobry mail, ktery je tesne za hranici spamu. To same s ostatnimi hodnotami, poladte podle toho co potrebujete.

Logy rostou, to je normalni pri takove zatezi, ale to se resi samo, vsimete si ze ve /var/log/ mate mail.info.1.gz, takze kvuli usetreni mista to zabali log a myslim ze az to dojde na info.6.gz, tak pri dalsim logrotate ten posledni odstrani. Pokud by to ale nedelal, tak si muzete dat do cronu jednoduchy skriptik, ktery logy promaze.

Doporučil bych přidat/doplnit do main.cfg následující:

smtpd_helo_restrictions = permit_mynetworks,
    reject_rbl_client sbl-xbl.spamhaus.org,
    reject_rbl_client list.dsbl.org,
    reject_non_fqdn_hostname,
    reject_invalid_hostname,
    permit

To spolehlivě odfiltruje značnou část spamu už na vstupu, v LOGu pak bude SERVICE UNVAILABLE.

Toto používám a spamassasin má o 90% méně práce