Danke,
du hattest Recht. Meine Servereinstellungen waren alle in Ordnung. Leider wurde mein Server durch ein unsicheres HTML-Formular teil eines Botnetzes. Ich denke jeder Anfänger muss sowas erstmal erleben, bis er Sicherheitswarnungen ernst nimmt 
Beiträge von night182
-
-
Hallo,
der anonyme Relay Check auf meinen Server ergab das alle Relay-Anfragen zurückgewiesen wurden. Nachfolgend noch die Dateien main.cf und master.cf:
main.cf:
Code
Alles anzeigen# Postfix programs paths settings command_directory = /usr/sbin daemon_directory = /usr/lib/postfix program_directory = /usr/lib/postfix sendmail_path = /usr/sbin/sendmail ## General Postfix configuration # should be the default domain from your provider eg. "server100.provider.tld" mydomain = <meinServer>.yourvserver.net # should be different from $mydomain eg. "mail.$mydomain" myhostname = <meinServer>.yourvserver.net mydestination = $myhostname, $mydomain, localhost.$myhostname, localhost.$mydomain, localhost mynetworks = 127.0.0.0/8 inet_interfaces = all append_dot_mydomain = no biff = no # Postfix performance settings default_destination_concurrency_limit = 20 local_destination_concurrency_limit = 2 # SMTPD Settings smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) smtpd_helo_required = yes smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unauth_pipelining, reject_non_fqdn_recipient smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_hostname, reject_unknown_recipient_domain, reject_unknown_sender_domain smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_client # Maximum size of Message in bytes (50MB) message_size_limit = 52428800 ## SASL Auth Settings smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes ## Dovecot Settings for deliver, SASL Auth and virtual transport ## uncomment those line to use Dovecot #mailbox_command = /usr/lib/dovecot/deliver #virtual_transport = dovecot #dovecot_destination_recipient_limit = 1 # Virtual delivery settings virtual_mailbox_base = /var/kunden/mail/ virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual_mailbox_maps.cf virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual_mailbox_domains.cf virtual_alias_maps = mysql:/etc/postfix/mysql-virtual_alias_maps.cf virtual_uid_maps = static:2000 virtual_gid_maps = static:2000 # Local delivery settings local_transport = local alias_database = hash:/etc/aliases alias_maps = $alias_database # Default Mailbox size, is set to 0 which means unlimited! mailbox_size_limit = 50000000 ### TLS settings ### ## TLS for outgoing mails from the server to another server #smtp_use_tls = yes #smtp_tls_note_starttls_offer = yes ## TLS for email client #smtpd_tls_cert_file = /etc/ssl/server/<meinServer>.yourvserver.net.pem #smtpd_tls_key_file = /etc/ssl/server/<meinServer>.yourvserver.net.pem #smtpd_tls_CAfile = /etc/ssl/cacert.class3.crt # Just an example for CACert.org #smtpd_tls_auth_only = no #smtpd_tls_loglevel = 1 #smtpd_tls_received_header = yes #smtpd_tls_session_cache_timeout = 3600s #tls_random_source = dev:/dev/urandom debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5master.cf:
Code
Alles anzeigen# # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: "man 5 master"). # # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== smtp inet n - - - - smtpd #submission inet n - - - - smtpd # -o smtpd_enforce_tls=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject #smtps inet n - - - - smtpd # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject #628 inet n - - - - qmqpd pickup fifo n - - 60 1 pickup cleanup unix n - - - 0 cleanup qmgr fifo n - n 300 1 qmgr #qmgr fifo n - - 300 1 oqmgr tlsmgr unix - - - 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - - - 0 bounce defer unix - - - - 0 bounce trace unix - - - - 0 bounce verify unix - - - - 1 verify flush unix n - - 1000? 0 flush proxymap unix - - n - - proxymap smtp unix - - - - - smtp # When relaying mail as backup MX, disable fallback_relay to avoid MX loops relay unix - - - - - smtp -o fallback_relay= # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - - - - showq error unix - - - - - error discard unix - - - - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - - - - lmtp anvil unix - - - - 1 anvil scache unix - - - - 1 scache # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # Many of the following services use the Postfix pipe(8) delivery # agent. See the pipe(8) man page for information about ${recipient} # and other message envelope options. # ==================================================================== # # maildrop. See the Postfix MAILDROP_README file for details. # Also specify in main.cf: maildrop_destination_recipient_limit=1 # maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} # # See the Postfix UUCP_README file for configuration details. # uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) # # Other external delivery methods. # ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} mailman unix - n n - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user} -
Inhalt der /var/log/mail.log (Ausschnitte):
Code
Alles anzeigenNov 15 10:17:01 <meinServer> postfix/qmgr[16164]: B6F4C71A61B: from=<root@<meinServer>.yourvserver.net>, size=661, nrcpt=1 (queue active) Nov 15 10:17:01 <meinServer> postfix/local[26691]: B6F4C71A61B: to=<root@<meinServer>.yourvserver.net>, orig_to=<root>, relay=local, delay=0.08, delays=0.05/0.01/0/0.02, dsn=2.0.0, status=sent (delivered to mailbox) Nov 15 10:17:01 <meinServer> postfix/qmgr[16164]: B6F4C71A61B: removed Nov 15 10:26:09 <meinServer> postfix/master[16126]: warning: process /usr/lib/postfix/virtual pid 4309 exit status 1 Nov 15 10:26:09 <meinServer> postfix/master[16126]: warning: /usr/lib/postfix/virtual: bad command startup -- throttling Nov 15 10:26:15 <meinServer> postfix/qmgr[16164]: 8D40F71A1A7: from=<>, size=5004, nrcpt=1 (queue active) Nov 15 10:26:36 <meinServer> postfix/smtp[4315]: connect to eftps.gov[216.66.209.176]: Connection timed out (port 25) Nov 15 10:26:36 <meinServer> postfix/smtp[4315]: 8D40F71A1A7: to=<customers7921@eftps.gov>, relay=none, delay=164159, delays=164138/0.01/21/0, dsn=4.4.1, status=deferred (connect to eftps.gov[216.66.209.176]: Connection timed out) Nov 15 10:27:09 <meinServer> postfix/virtual[5442]: fatal: main.cf configuration error: virtual_mailbox_limit is smaller than message_size_limit Nov 15 11:17:00 <meinServer> postfix/master[16126]: warning: process /usr/lib/postfix/virtual pid 3584 exit status 1 Nov 15 11:17:00 <meinServer> postfix/master[16126]: warning: /usr/lib/postfix/virtual: bad command startup -- throttling Nov 15 11:17:01 <meinServer> postfix/pickup[1930]: EEDB071A61B: uid=0 from=<root> Nov 15 11:17:01 <meinServer> postfix/cleanup[4034]: EEDB071A61B: message-id=<20101115101701.EEDB071A61B@<meinServer>.yourvserver.net> Nov 15 11:17:01 <meinServer> postfix/qmgr[16164]: EEDB071A61B: from=<root@<meinServer>.yourvserver.net>, size=661, nrcpt=1 (queue active) Nov 15 11:17:02 <meinServer> postfix/local[4036]: EEDB071A61B: to=<root@<meinServer>.yourvserver.net>, orig_to=<root>, relay=local, delay=0.07, delays=0.05/0.01/0/0.01, dsn=2.0.0, status=sent (delivered to mailbox) Nov 15 11:17:02 <meinServer> postfix/qmgr[16164]: EEDB071A61B: removed Nov 15 11:18:00 <meinServer> postfix/virtual[5184]: fatal: main.cf configuration error: virtual_mailbox_limit is smaller than message_size_limit Nov 15 11:32:15 <meinServer> postfix/master[16126]: warning: process /usr/lib/postfix/virtual pid 22598 exit status 1 Nov 15 11:32:15 <meinServer> postfix/master[16126]: warning: /usr/lib/postfix/virtual: bad command startup -- throttling Nov 15 11:32:55 <meinServer> postfix/qmgr[16164]: 9DD6871A262: from=<>, size=5065, nrcpt=1 (queue active) Nov 15 11:32:55 <meinServer> postfix/qmgr[16164]: 7DEBF71A1B9: from=<>, size=4417, nrcpt=1 (queue active) Nov 15 11:32:55 <meinServer> postfix/qmgr[16164]: ACA0871A0D9: from=<>, size=4530, nrcpt=1 (queue active) Nov 15 11:32:55 <meinServer> postfix/qmgr[16164]: 648DF71A5DD: from=<>, size=4502, nrcpt=1 (queue active) Nov 15 11:33:15 <meinServer> postfix/virtual[23861]: fatal: main.cf configuration error: virtual_mailbox_limit is smaller than message_size_limit Nov 15 11:33:16 <meinServer> postfix/master[16126]: warning: process /usr/lib/postfix/virtual pid 23861 exit status 1 Nov 15 11:33:16 <meinServer> postfix/master[16126]: warning: /usr/lib/postfix/virtual: bad command startup -- throttling Nov 15 11:33:17 <meinServer> postfix/smtp[23210]: connect to eftps.gov[216.66.209.176]: Connection timed out (port 25) Nov 15 11:33:17 <meinServer> postfix/smtp[23207]: connect to lws02.ldn5.groupnbt.net[62.128.158.5]: Connection timed out (port 25) Nov 15 11:33:17 <meinServer> postfix/smtp[23208]: connect to eftps.gov[216.66.209.176]: Connection timed out (port 25) Nov 15 11:33:17 <meinServer> postfix/smtp[23209]: connect to eftps.gov[216.66.209.176]: Connection timed out (port 25) Nov 15 11:33:17 <meinServer> postfix/smtp[23209]: ACA0871A0D9: to=<customers2615@eftps.gov>, relay=none, delay=140158, delays=140137/0.01/21/0, dsn=4.4.1, status=deferred (connect to eftps.gov[216.66.209.176]: Connection timed out) Nov 15 11:33:17 <meinServer> postfix/smtp[23210]: 648DF71A5DD: to=<customers9602@eftps.gov>, relay=none, delay=147160, delays=147139/0.01/21/0, dsn=4.4.1, status=deferred (connect to eftps.gov[216.66.209.176]: Connection timed out) Nov 15 11:33:17 <meinServer> postfix/smtp[23208]: 7DEBF71A1B9: to=<customers6645@eftps.gov>, relay=none, delay=76154, delays=76132/0.01/21/0, dsn=4.4.1, status=deferred (connect to eftps.gov[216.66.209.176]: Connection timed out) Nov 15 11:33:17 <meinServer> postfix/smtp[23207]: 9DD6871A262: to=<user29933@lws02.ldn5.groupnbt.net>, relay=none, delay=246163, delays=246142/0.01/21/0, dsn=4.4.1, status=deferred (connect to lws02.ldn5.groupnbt.net[62.128.158.5]: Connection timed out) Nov 15 11:38:21 <meinServer> postfix/master[16126]: warning: process /usr/lib/postfix/virtual pid 29241 exit status 1 Nov 15 11:38:21 <meinServer> postfix/master[16126]: warning: /usr/lib/postfix/virtual: bad command startup -- throttling Nov 15 11:38:41 <meinServer> postfix/smtpd[29782]: connect from unknown[186.122.248.247] Nov 15 11:38:42 <meinServer> postfix/smtpd[29782]: NOQUEUE: reject: RCPT from unknown[186.122.248.247]: 450 4.7.1 Client host rejected: cannot find your hostname, [186.122.248.247]; from=<EnlargePenis.pleased2@yahoo.com> to=<info@czar1.de> proto=SMTP helo=<produccion> Nov 15 11:38:42 <meinServer> postfix/smtpd[29782]: lost connection after RCPT from unknown[186.122.248.247] Nov 15 11:38:42 <meinServer> postfix/smtpd[29782]: disconnect from unknown[186.122.248.247] Nov 15 11:39:21 <meinServer> postfix/virtual[30605]: fatal: main.cf configuration error: virtual_mailbox_limit is smaller than message_size_limit Nov 15 11:41:24 <meinServer> postfix/master[16126]: warning: process /usr/lib/postfix/virtual pid 520 exit status 1 Nov 15 11:41:24 <meinServer> postfix/master[16126]: warning: /usr/lib/postfix/virtual: bad command startup -- throttling Nov 15 11:42:02 <meinServer> postfix/anvil[29793]: statistics: max connection rate 1/60s for (smtp:186.122.248.247) at Nov 15 11:38:41 Nov 15 11:42:02 <meinServer> postfix/anvil[29793]: statistics: max connection count 1 for (smtp:186.122.248.247) at Nov 15 11:38:41 Nov 15 11:42:02 <meinServer> postfix/anvil[29793]: statistics: max cache size 1 at Nov 15 11:38:41 Nov 15 11:42:24 <meinServer> postfix/virtual[1577]: fatal: main.cf configuration error: virtual_mailbox_limit is smaller than message_size_limit Nov 15 11:49:32 <meinServer> postfix/master[16126]: warning: process /usr/lib/postfix/virtual pid 9350 exit status 1 Nov 15 11:49:32 <meinServer> postfix/master[16126]: warning: /usr/lib/postfix/virtual: bad command startup -- throttling Nov 15 11:49:36 <meinServer> postfix/qmgr[16164]: 8D40F71A1A7: from=<>, size=5004, nrcpt=1 (queue active) Nov 15 11:49:57 <meinServer> postfix/smtp[9354]: connect to eftps.gov[216.66.209.176]: Connection timed out (port 25) Nov 15 11:49:57 <meinServer> postfix/smtp[9354]: 8D40F71A1A7: to=<customers7921@eftps.gov>, relay=none, delay=169160, delays=169139/0.01/21/0, dsn=4.4.1, status=deferred (connect to eftps.gov[216.66.209.176]: Connection timed out) Nov 15 11:50:32 <meinServer> postfix/virtual[10696]: fatal: main.cf configuration error: virtual_mailbox_limit is smaller than message_size_limit Nov 15 12:04:48 <meinServer> postfix/master[16126]: warning: process /usr/lib/postfix/virtual pid 26405 exit status 1 Nov 15 12:04:48 <meinServer> postfix/master[16126]: warning: /usr/lib/postfix/virtual: bad command startup -- throttling Nov 15 12:05:42 <meinServer> postfix/smtpd[27895]: connect from 114-45-53-77.dynamic.hinet.net[114.45.53.77] Nov 15 12:05:43 <meinServer> postfix/smtpd[27895]: NOQUEUE: reject: RCPT from 114-45-53-77.dynamic.hinet.net[114.45.53.77]: 450 4.7.1 <meineIP>: Helo command rejected: Host not found; from=<z2007tw@yahoo.com.tw> to=<vkihwpdh@yahoo.com.tw> proto=SMTP helo=<meineIP> Nov 15 12:05:44 <meinServer> postfix/smtpd[27895]: lost connection after RCPT from 114-45-53-77.dynamic.hinet.net[114.45.53.77] Nov 15 12:05:44 <meinServer> postfix/smtpd[27895]: disconnect from 114-45-53-77.dynamic.hinet.net[114.45.53.77] Nov 15 12:05:48 <meinServer> postfix/virtual[27916]: fatal: main.cf configuration error: virtual_mailbox_limit is smaller than message_size_limit Nov 15 12:09:04 <meinServer> postfix/anvil[27900]: statistics: max connection count 1 for (smtp:114.45.53.77) at Nov 15 12:05:42 Nov 15 12:09:04 <meinServer> postfix/anvil[27900]: statistics: max cache size 1 at Nov 15 12:05:42 Nov 15 12:09:52 <meinServer> postfix/virtual[32479]: fatal: main.cf configuration error: virtual_mailbox_limit is smaller than message_size_limit -
Hallo,
ich erhielt vor kurzem eine Nachricht von Netcup in der man mich darauf hinwies, dass über meinen vServer Spammails verschickt werden. Ich kann dafür garantieren das ich lediglich meiner Familie Zugriff zum Server gewähre. Leider habe ich keine Einträge zu den betroffenen Emailadressen (die ich nie angelegt habe) gefunden. Ich verwende Postfix und Dovecot, leite meine Mails aber seit Kurzem per MX-Eintrag zu Google Mail um.
Ich habe lediglich in den unten angehängten Dateien verdächtige Einträge gefunden. Vor allem der Eintrag von EnlargePenis scheint mir auffällig zu sein.
Was kann ich dagegen unternehmen?
Inhalt der /var/log/mail.info (Ausschnitte):
Code
Alles anzeigenNov 15 10:09:56 <meinServer> postfix/smtp[18005]: connect to eftps.gov[216.66.209.176]: Connection timed out (port 25) Nov 15 10:09:56 <meinServer> postfix/smtp[18002]: 9DD6871A262: to=<user29933@lws02.ldn5.groupnbt.net>, relay=none, delay=241162, delays=241141/0.01/21/0, dsn=4.4.1, status=deferred (connect to lws02.ldn5.groupnbt.net[62.128.158.5]: Connection timed out) Nov 15 10:09:56 <meinServer> postfix/smtp[18004]: ACA0871A0D9: to=<customers2615@eftps.gov>, relay=none, delay=135157, delays=135136/0.01/21/0, dsn=4.4.1, status=deferred (connect to eftps.gov[216.66.209.176]: Connection timed out) Nov 15 10:09:56 <meinServer> postfix/smtp[18003]: 7DEBF71A1B9: to=<customers6645@eftps.gov>, relay=none, delay=71153, delays=71132/0.01/21/0, dsn=4.4.1, status=deferred (connect to eftps.gov[216.66.209.176]: Connection timed out) Nov 15 10:09:56 <meinServer> postfix/smtp[18005]: 648DF71A5DD: to=<customers9602@eftps.gov>, relay=none, delay=142159, delays=142138/0.01/21/0, dsn=4.4.1, status=deferred (connect to eftps.gov[216.66.209.176]: Connection timed out) Nov 15 10:10:52 <meinServer> postfix/virtual[19418]: fatal: main.cf configuration error: virtual_mailbox_limit is smaller than message_size_limit Nov 15 10:26:09 <meinServer> postfix/master[16126]: warning: process /usr/lib/postfix/virtual pid 4309 exit status 1 Nov 15 10:26:09 <meinServer> postfix/master[16126]: warning: /usr/lib/postfix/virtual: bad command startup -- throttling Nov 15 10:26:15 <meinServer> postfix/qmgr[16164]: 8D40F71A1A7: from=<>, size=5004, nrcpt=1 (queue active) Nov 15 10:26:36 <meinServer> postfix/smtp[4315]: connect to eftps.gov[216.66.209.176]: Connection timed out (port 25) Nov 15 10:26:36 <meinServer> postfix/smtp[4315]: 8D40F71A1A7: to=<customers7921@eftps.gov>, relay=none, delay=164159, delays=164138/0.01/21/0, dsn=4.4.1, status=deferred (connect to eftps.gov[216.66.209.176]: Connection timed out) Nov 15 10:27:09 <meinServer> postfix/virtual[5442]: fatal: main.cf configuration error: virtual_mailbox_limit is smaller than message_size_limit 140137/0.01/21/0, dsn=4.4.1, status=deferred (connect to eftps.gov[216.66.209.176]: Connection timed out) Nov 15 11:33:17 <meinServer> postfix/smtp[23210]: 648DF71A5DD: to=<customers9602@eftps.gov>, relay=none, delay=147160, delays=147139/0.01/21/0, dsn=4.4.1, status=deferred (connect to eftps.gov[216.66.209.176]: Connection timed out) Nov 15 11:33:17 <meinServer> postfix/smtp[23208]: 7DEBF71A1B9: to=<customers6645@eftps.gov>, relay=none, delay=76154, delays=76132/0.01/21/0, dsn=4.4.1, status=deferred (connect to eftps.gov[216.66.209.176]: Connection timed out) Nov 15 11:33:17 <meinServer> postfix/smtp[23207]: 9DD6871A262: to=<user29933@lws02.ldn5.groupnbt.net>, relay=none, delay=246163, delays=246142/0.01/21/0, dsn=4.4.1, status=deferred (connect to lws02.ldn5.groupnbt.net[62.128.158.5]: Connection timed out) Nov 15 11:49:32 <meinServer> postfix/master[16126]: warning: process /usr/lib/postfix/virtual pid 9350 exit status 1 Nov 15 11:49:32 <meinServer> postfix/master[16126]: warning: /usr/lib/postfix/virtual: bad command startup -- throttling Nov 15 11:49:36 <meinServer> postfix/qmgr[16164]: 8D40F71A1A7: from=<>, size=5004, nrcpt=1 (queue active) Nov 15 11:49:57 <meinServer> postfix/smtp[9354]: connect to eftps.gov[216.66.209.176]: Connection timed out (port 25) Nov 15 11:49:57 <meinServer> postfix/smtp[9354]: 8D40F71A1A7: to=<customers7921@eftps.gov>, relay=none, delay=169160, delays=169139/0.01/21/0, dsn=4.4.1, status=deferred (connect to eftps.gov[216.66.209.176]: Connection timed out) Nov 15 11:50:32 <meinServer> postfix/virtual[10696]: fatal: main.cf configuration error: virtual_mailbox_limit is smaller than message_size_limit -
Zitat
Tür und Tor für Angriffe geöffnet
Naja, aber es ist ja nicht so, dass das ganze jetzt offen ist. Das ganze ist doch immernoch mit einem sehr langen und kryptischen Passwort gesichert. Bis das per Brute-Force ermittelt ist, gibts es die schon kein Linux mehr.. Ausserdem sind die Rechte des Syscp-Benutzers auch begrenzt, von mir aus kann jemand dort alles zerschießen, aber richtigen Schaden auf den anderen Datenbanken kann er doch nicht anrichten, oder:confused: -
Hey,
also ich hatte dasselbe Problem und habe als Anfänger ein paar Stunden daran gesessen. Die endgültige Lösung war dann, mich als root bei phpmyadmin einzuloggen und dem Nutzer syscp die Rechte zuzuteilen unabhängig vom Host (also Option "Jeder Host" aktivieren), davor war es nur dem localhost erlaubt.
Jetzt empfange ich wieder Emails und nach kurzer Wartezeit funktionierte auch die Weiterleitung an Yahooo wieder blendend
MfG night
