maillog:
Dec 26 06:20:52 mail postfix/smtpd[19316]: NOQUEUE: reject: RCPT from unknown[194.136.193.154]: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [194.136.193.154]; from=<announce-bounces@mariadb.org> to=<test@mydomain.com> proto=ESMTP helo=<hasky.askmonty.org>
這個 450 4.7.1 Client host rejected: cannot find your reverse hostname
採用下面是擋不到的
failregex = \[<HOST>\]: SASL (PLAIN|LOGIN) authentication failed
lost connection after (AUTH|UNKNOWN|EHLO) from (.*)\[<HOST>\]
reject: RCPT from .*\[<HOST>\]: .*: Relay access denied
reject: RCPT from .*\[<HOST>\]: .*: Sender address rejected: Domain not found
reject: RCPT from .*\[<HOST>\]: .*: Helo command rejected: Host not found
reject: RCPT from .*\[<HOST>\]: .*: Helo command rejected: need fully-qualified hostname
reject: RCPT from .*\[<HOST>\]: 554 5.7.1
reject: RCPT from .*\[<HOST>\]:\d+: 550 5.5.1 Protocol error
warning: Illegal address syntax from (.*)\[<HOST>\] in RCPT command
from \[<HOST>\]:.*: EHLO ylmf-pc
請問版主:
1).上面訊息的IP , 要擋嗎? 或加白名單?
以下分析:
就 announce-bounces@mariadb.org 寄信者:
#host -t mx mariadb.org
mariadb.org mail is handled by 1 mail.askmonty.org.
#host mail.askmonty.org
mail.askmonty.org has address 173.203.201.185
mail.askmonty.org mail is handled by 1 mail.askmonty.org.
# host hasky.askmonty.org
hasky.askmonty.org has address 194.136.193.154
hasky.askmonty.org mail is handled by 1 hasky.askmonty.org.
helo 為 hasky.askmonty.org , 和查詢mariadb.org 的MX , mail.askmonty.org 兩個IP是不一樣 .
194.136.193.154 hasky.askmonty.org 要檔 ?
若來信為173.203.201.185 , 加白名單?
2). 若確實要擋, fail2ban 是無法擋住的
我網域管理者, 收到很多這樣的信件:
主旨:
"Postfix SMTP server: errors from unknown[194.136.193.154]"
信件內容:
Transcript of session follows.
Out: 220 mail.mydomain.com ESMTP Postfix
In: EHLO hasky.askmonty.org
Out: 250-mail.mydomain.com
Out: 250-PIPELINING
Out: 250-SIZE 104857600
Out: 250-ETRN
Out: 250-STARTTLS
Out: 250-ENHANCEDSTATUSCODES
Out: 250-8BITMIME
Out: 250 DSN
In: STARTTLS
Out: 220 2.0.0 Ready to start TLS
In: EHLO hasky.askmonty.org
Out: 250-mail.mydomain.com
Out: 250-PIPELINING
Out: 250-SIZE 104857600
Out: 250-ETRN
Out: 250-ENHANCEDSTATUSCODES
Out: 250-8BITMIME
Out: 250 DSN
In: MAIL FROM:<announce-bounces@mariadb.org> SIZE=5863 BODY=7BIT
Out: 250 2.1.0 Ok
In: RCPT TO:<test@mydomain.com> ORCPT=rfc822;test@mydomain.com
Out: 451 4.3.5 Server configuration error
In: DATA
Out: 554 5.5.1 Error: no valid recipients
In: RSET
Out: 250 2.0.0 Ok
In: QUIT
Out: 221 2.0.0 Bye
最後改回我原來的設定 , 並加入
reject: RCPT from \S+\[<HOST>\]: 450 4.7.1 Client host rejected: cannot find your hostname, (\[\S*\]); from=<\S*> to=<\S+> proto=ESMTP helo=<\S*>$
reject: RCPT from \S+\[<HOST>\]: 450 4.7.1 Client host rejected: cannot find your reverse hostname, (\[\S*\]); from=<\S*> to=<\S+> proto=ESMTP helo=<\S*>$
煩請版主 ,幫忙解惑!
Thank's