Добрый день! Помогите, плз, разобраться в причинах пропуска Posfix клиента троянорассылателя при отсутствии HELO от клиента.Лог Postfix:
Nov 19 11:04:57 mail postfix/smtpd[31010]: connect from unknown[217.69.213.236]
Nov 19 11:04:58 mail postfix/smtpd[31010]: NOQUEUE: reject: RCPT from unknown[217.69.213.236]: 554 <mydomen.ru>: Helo command rejected: 554 You are not me ; from=<info@mydomen.ru> to=<brenda@mydomen.ru> proto=ESMTP helo=<mydomen.ru>
Nov 19 11:04:58 mail postfix/smtpd[31010]: lost connection after RCPT from unknown[217.69.213.236]
Nov 19 11:04:58 mail postfix/smtpd[31010]: disconnect from unknown[217.69.213.236]Nov 19 11:04:58 mail postfix/smtpd[31010]: connect from unknown[217.69.213.236]
Nov 19 11:04:58 mail postfix/smtpd[31010]: warning: Connection rate limit exceeded: 3 from unknown[217.69.213.236] for service smtp
Nov 19 11:04:58 mail postfix/smtpd[31010]: disconnect from unknown[217.69.213.236]Nov 19 11:04:58 mail postfix/smtpd[31010]: connect from unknown[217.69.213.236]
Nov 19 11:04:58 mail postfix/smtpd[31010]: warning: Connection rate limit exceeded: 4 from unknown[217.69.213.236] for service smtp
Nov 19 11:04:58 mail postfix/smtpd[31010]: disconnect from unknown[217.69.213.236]
Nov 19 11:08:18 mail postfix/anvil[31011]: statistics: max connection rate 4/60s for (smtp:217.69.213.236) at Nov 19 11:04:58
Nov 19 11:08:18 mail postfix/anvil[31011]: statistics: max connection count 1 for (smtp:217.69.213.236) at Nov 19 11:04:57
Nov 19 11:08:18 mail postfix/anvil[31011]: statistics: max message rate 2/60s for (smtp:217.69.213.236) at Nov 19 11:04:57
Nov 19 11:08:18 mail postfix/anvil[31011]: statistics: max cache size 1 at Nov 19 11:04:57---!!!!!! ---
Nov 19 11:08:40 mail postfix/smtpd[31013]: connect from unknown[217.69.213.236]
Nov 19 11:08:41 mail postfix/smtpd[31013]: 08CECBDAB: client=unknown[217.69.213.236]
Nov 19 11:08:41 mail postfix/cleanup[31016]: 08CECBDAB: message-id=<20051119080840.08CECBDAB@mail.mydomen.ru>
Nov 19 11:08:43 mail postfix/smtpd[31013]: disconnect from unknown[217.69.213.236]
Nov 19 11:08:43 mail postfix/qmgr[612]: 08CECBDAB: from=<service@mydomen.ru>, size=39354, nrcpt=1 (queue active)
Nov 19 11:08:43 mail postfix/cleanup[31016]: E357FBDAE: message-id=<20051119080840.08CECBDAB@mail.mydomen.ru>
Nov 19 11:08:44 mail postfix/local[31017]: 08CECBDAB: to=<maxim@mydomen.ru>, relay=local, delay=4, status=sent (forwarded as E357FBDAE)
Nov 19 11:08:44 mail postfix/qmgr[612]: E357FBDAE: from=<service@mydomen.ru>, size=39481, nrcpt=1 (queue active)
Nov 19 11:08:44 mail postfix/qmgr[612]: 08CECBDAB: removed
Nov 19 11:08:44 mail postfix/local[31018]: E357FBDAE: to=<maximms@mydomen.ru>, orig_to=<maxim@mydomen.ru>, relay=local, delay=1, status=sent (delivered to command: procmail -a "$EXTENSION")
Nov 19 11:08:44 mail postfix/qmgr[612]: E357FBDAE: removed
---!!!!!---Nov 19 11:10:01 mail postfix/smtpd[31013]: connect from unknown[217.69.213.236]
Nov 19 11:10:01 mail postfix/smtpd[31013]: NOQUEUE: reject: RCPT from unknown[217.69.213.236]: 554 <mydomen.ru>: Helo command rejected: 554 You are not me ; from=<register@mydomen.ru> to=<mary@mydomen.ru> proto=ESMTP helo=<mydomen.ru>
Nov 19 11:10:01 mail postfix/smtpd[31013]: lost connection after RCPT from unknown[217.69.213.236]
Nov 19 11:10:01 mail postfix/smtpd[31013]: disconnect from unknown[217.69.213.236]
В main.cf:smtpd_helo_required = yes
disable_vrfy_command = yes
smptd_delay_reject = yessmtpd_client_restrictions =
smptd_helo_restrictions =
smtpd_sender_restrictions =
smtpd_recipient_restrictions =
permit_mynetworks,
reject_unauth_destination,
check_client_access regexp:/etc/postfix/check_zone_pcre,
check_helo_access hash:/etc/postfix/helo_checks,
check_helo_access regexp:/etc/postfix/helo_checks_pcre,
reject_unknown_client,
reject_invalid_hostname,
reject_unknown_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_non_fqdn_recipient,
permitsmtpd_data_restrictions =
reject_unauth_pipelining,
permit
>Nov 19 11:04:58 mail postfix/smtpd[31010]: connect from unknown[217.69.213.236]
>Nov 19 11:04:58 mail postfix/smtpd[31010]: warning: Connection rate limit exceeded: 3 from
>unknown[217.69.213.236] for service smtp
>Nov 19 11:04:58 mail postfix/smtpd[31010]: disconnect from unknown[217.69.213.236]
В данном случае unknown означает, что postfix не смог определить имя клиента в обратной зоне DNS (PTR-запись). В заголовках принятого письма можете посмотреть, какое имя клиент указал в HELO/EHLO.
Заголовки принятого письма:Return-Path: <service@mydomen.ru>
X-Original-To: maxim@mydomen.ru
Delivered-To: maximms@mydomen.ru
Received: by mail.mydomen.ru (Postfix)
id E357FBDAE; Sat, 19 Nov 2005 11:08:43 +0300 (MSK)
Delivered-To: maximms@mydomen.ruReceived: from mydomen.ru (unknown [217.69.213.236])
by mail.mydomen.ru (Postfix) with ESMTP id 08CECBDAB
for <maxim@mydomen.ru>; Sat, 19 Nov 2005 11:08:40 +0300 (MSK)From: service@mydomen.ru
To: maxim@mydomen.ru
Subject: Important Notification
Date: Sat, 19 Nov 2005 11:08:54 +0300
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0012_E478FFE1.A598E762"
X-Priority: 3
X-MSMail-Priority: Normal
Message-Id: <20051119080840.08CECBDAB@mail.mydomen.ru>
X-UIDL: (WQ!!'TJ!!LU#"!g\^!!
Status: O
X-Status:
X-Keywords:
X-UID: 39
>Received: from mydomen.ru (unknown [217.69.213.236])
[217.69.213.236] - клиент
unknown - PTR-запись не обнаружена
mydomen.ru - указал в HELO/EHLO
Что надо изменить/добавить в настройках, чтобы исключить подобную ситуацию?в helo_checks имеется:
mydoman.ru REJECT 554 You are not me
mail.mydomen.ru REJECT 554 You are not me
localhost REJECT 554 You are not me
195.XXX.XX.XX REJECT 554 You are not me
127.0.0.1 REJECT 554 You are not me
Мне хватает этогоmydomain.ru 504 Don't use our domains
mydomain.ru. 504 Don't use our domains
.mydomain.ru 504 Don't use our domains
.mydomain.ru. 504 Don't use our domains
1.2.3.4 504 Don't use my IP
Спасибо, надо попробовать, только устранит ли это причину пропуска?
Что мешает самому проверить HELO/EHLO через telnet host 25?
проверяем c машины чужой сети:
telnet mailmydomen.ru 251.
220 mail.mydomen.ru
mail from: test@test.test
503 Error: send HELO/EHLO first
------------------
2.
220 mail.mydomen.ru
HELO
510 Syntax: HELO hostname
------------------
3.
220 mail.mydomen.ru
HELO <>
250 mail.mydomen.ru
mail from: test@test.test
250 ok
rcpt to: maxim@mydomen.ru
250 ok
data
354....письмо проходит, в заголовках письма:
Return-Path: <test@test.test>
X-Original-To: maxim@mydomen.ru
Delivered-To: maxim@mydomen.ru
Received: by mail.mydomen.ru (Postfix)
id D1989BDAE; Tue, 22 Nov 2005 17:51:29 +0300 (MSK)
Delivered-To: maxim@mydomen.ru
Received: from ?? (unknown [1.2.3.4])
by mail.mydomen.ru (Postfix) with SMTP id DF8D3B7D3
for <maxim@mydomen.ru>; Tue, 22 Nov 2005 17:51:12 +0300 (MSK)
Message-Id: <20051122145112.DF8D3B7D3@mail.mydomen.ru>
Date: Tue, 22 Nov 2005 17:51:12 +0300 (MSK)
From: test@test.test
To: undisclosed-recipients:;
X-UIDL: ^d*!!ZIj"!Al,"!89<"!варианты
HELO .
Received: from . (unknown [1.2.3.4])HELO "
Received: from ? (unknown [1.2.3.4])
reject_non_fqdn_hostname
reject_invalid_hostname
reject_unknown_helo_hostname
Ok, спасибо!
не все ок,
warning: unknown smptd restriction: "reject_unknown_helo_hostname"
и лог:Out: 220 mail.mydomain.ru ESMTP Postfix (Debian/GNU)
In: HELO mx.mydomain.ru
Out: 250 mail.mydomain.ru
In: MAIL FROM: <hopqggkvtei@hotmail.com>
Out: 250 Ok
In: RCPT TO: <damer@mydomain.ru>
Out: 451 Server configuration error
In: data
Out: 554 Error: no valid recipientsSession aborted, reason: lost connection
Вроде бы эта директива не работает в Postfix 2.4
reject_unknown_helo_hostname (with Postfix < 2.3: reject_unknown_hostname)
reject_unknown_hostname включена в main.cf, но почему-то не сработала