K-ny13 | Bonjour à tous,
J'ai constaté en consultant les logs de mon serveur Postfix qu'il y a des envois depuis et vers un domaine autre que le mien présent.
J'ai du mal à identifier d'où peut venir le problème, où est la "faille" dans ma configuration ?
Voici un extrait de log pour un de ces envois :
Code :
- Apr 10 13:28:27 smtpsash03 postfix/smtpd[5151]: 4BBCC60007: client=unknown[195.83.252.24]
- Apr 10 13:28:27 smtpsash03 postfix/cleanup[5278]: 4BBCC60007: warning: header Received: from UK (unknown [195.83.252.24])??by smtpsortant.MONDOMAINE.fr (Postfix) with ESMTP id 4BBCC60007??for <mabkais@yahoo.com>; Mon, 10 Apr 2017 13:28:27 +0200 (CEST) from unknown[195.83.252.24]; from=<ny-rep_lay.lnc@ld.anazom.com> to=<mabkais@yahoo.com> proto=ESMTP helo=<UK>
- Apr 10 13:28:27 smtpsash03 postfix/cleanup[5278]: 4BBCC60007: warning: header Message-ID: <039df503-42835-15034780936227@uk> from unknown[195.83.252.24]; from=<ny-rep_lay.lnc@ld.anazom.com> to=<mabkais@yahoo.com> proto=ESMTP helo=<UK>
- Apr 10 13:28:27 smtpsash03 postfix/cleanup[5278]: 4BBCC60007: message-id=<039df503-42835-15034780936227@uk>
- Apr 10 13:28:27 smtpsash03 postfix/cleanup[5278]: 4BBCC60007: warning: header From: "eBay" <ny-rep_lay.lnc@ld.anazom.com> from unknown[195.83.252.24]; from=<ny-rep_lay.lnc@ld.anazom.com> to=<mabkais@yahoo.com> proto=ESMTP helo=<UK>
- Apr 10 13:28:27 smtpsash03 postfix/cleanup[5278]: 4BBCC60007: warning: header Subject: =?utf-8?Q?=E2=9C=94?= [ Apple ] Important - We noticed unusual activity? in your Apple ID from unknown[195.83.252.24]; from=<ny-rep_lay.lnc@ld.anazom.com> to=<mabkais@yahoo.com> proto=ESMTP helo=<UK>
- Apr 10 13:28:27 smtpsash03 postfix/cleanup[5278]: 4BBCC60007: warning: header Date: Mon, 10 Apr 2017 11:27:27 +0000 from unknown[195.83.252.24]; from=<ny-rep_lay.lnc@ld.anazom.com> to=<mabkais@yahoo.com> proto=ESMTP helo=<UK>
- Apr 10 13:28:27 smtpsash03 opendkim[32419]: 4BBCC60007: [195.83.252.24] [195.83.252.24] not internal
- Apr 10 13:28:27 smtpsash03 opendkim[32419]: 4BBCC60007: not authenticated
- Apr 10 13:28:27 smtpsash03 opendkim[32419]: 4BBCC60007: no signature data
- Apr 10 13:28:27 smtpsash03 postfix/qmgr[1606]: 4BBCC60007: from=<ny-rep_lay.lnc@ld.anazom.com>, size=2656, nrcpt=1 (queue active)
- Apr 10 13:28:27 smtpsash03 postfix/pipe[5280]: 4BBCC60007: to=<mabkais@yahoo.com>, relay=spamassassin, delay=0.11, delays=0.05/0/0/0.06, dsn=2.0.0, status=sent (delivered via spamassassin service)
- Apr 10 13:28:27 smtpsash03 postfix/qmgr[1606]: 4BBCC60007: removed
- Apr 10 13:28:27 smtpsash03 postfix/cleanup[5278]: 6479B60008: warning: header Received: from UK (unknown [195.83.252.24])??by smtpsortant.MONDOMAINE.fr (Postfix) with ESMTP id 4BBCC60007??for <mabkais@yahoo.com>; Mon, 10 Apr 2017 13:28:27 +0200 (CEST) from local; from=<ny-rep_lay.lnc@ld.anazom.com> to=<mabkais@yahoo.com>
- Apr 10 13:28:27 smtpsash03 postfix/pickup[5275]: 6479B60008: uid=500 from=<ny-rep_lay.lnc@ld.anazom.com>
- Apr 10 13:28:27 smtpsash03 postfix/cleanup[5278]: 6479B60008: warning: header Received: by smtpsortant.MONDOMAINE.fr (Postfix, from userid 500)??id 6479B60008; Mon, 10 Apr 2017 13:28:27 +0200 (CEST) from local; from=<ny-rep_lay.lnc@ld.anazom.com> to=<mabkais@yahoo.com>
- Apr 10 13:28:27 smtpsash03 postfix/cleanup[5278]: 6479B60008: warning: header Return-Path: <ny-rep_lay.lnc@ld.anazom.com> from local; from=<ny-rep_lay.lnc@ld.anazom.com> to=<mabkais@yahoo.com>
- Apr 10 13:28:27 smtpsash03 postfix/cleanup[5278]: 6479B60008: warning: header X-Spam-Status: No, hits=-1.0 from local; from=<ny-rep_lay.lnc@ld.anazom.com> to=<mabkais@yahoo.com>
- Apr 10 13:28:27 smtpsash03 postfix/cleanup[5278]: 6479B60008: warning: header Received: from UK (unknown [195.83.252.24])??by smtpsortant.MONDOMAINE.fr (Postfix) with ESMTP id 4BBCC60007??for <mabkais@yahoo.com>; Mon, 10 Apr 2017 13:28:27 +0200 (CEST) from local; from=<ny-rep_lay.lnc@ld.anazom.com> to=<mabkais@yahoo.com>
- Apr 10 13:28:27 smtpsash03 postfix/cleanup[5278]: 6479B60008: warning: header Message-ID: <039df503-42835-15034780936227@uk> from local; from=<ny-rep_lay.lnc@ld.anazom.com> to=<mabkais@yahoo.com>
- Apr 10 13:28:27 smtpsash03 postfix/cleanup[5278]: 6479B60008: message-id=<039df503-42835-15034780936227@uk>
- Apr 10 13:28:27 smtpsash03 postfix/cleanup[5278]: 6479B60008: warning: header From: "eBay" <ny-rep_lay.lnc@ld.anazom.com> from local; from=<ny-rep_lay.lnc@ld.anazom.com> to=<mabkais@yahoo.com>
- Apr 10 13:28:27 smtpsash03 postfix/cleanup[5278]: 6479B60008: warning: header Subject: =?utf-8?Q?=E2=9C=94?= [ Apple ] Important - We noticed unusual activity? in your Apple ID from local; from=<ny-rep_lay.lnc@ld.anazom.com> to=<mabkais@yahoo.com>
- Apr 10 13:28:27 smtpsash03 postfix/cleanup[5278]: 6479B60008: warning: header Date: Mon, 10 Apr 2017 11:27:27 +0000 from local; from=<ny-rep_lay.lnc@ld.anazom.com> to=<mabkais@yahoo.com>
- Apr 10 13:28:27 smtpsash03 opendkim[32419]: 6479B60008: no signing table match for 'ny-rep_lay.lnc@ld.anazom.com'
- Apr 10 13:28:27 smtpsash03 opendkim[32419]: 6479B60008: no signature data
- Apr 10 13:28:27 smtpsash03 postfix/qmgr[1606]: 6479B60008: from=<ny-rep_lay.lnc@ld.anazom.com>, size=2815, nrcpt=1 (queue active)
- Apr 10 13:28:27 smtpsash03 postfix/error[5287]: 6479B60008: to=<mabkais@yahoo.com>, relay=none, delay=0.06, delays=0.05/0/0/0, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mta6.am0.yahoodns.net[98.138.112.33] while sending RCPT TO)
- Apr 10 13:37:08 smtpsash03 postfix/qmgr[1606]: 6479B60008: from=<ny-rep_lay.lnc@ld.anazom.com>, size=2815, nrcpt=1 (queue active)
- Apr 10 13:37:08 smtpsash03 postfix/error[5364]: 6479B60008: to=<mabkais@yahoo.com>, relay=none, delay=521, delays=521/0.02/0/0.01, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mta5.am0.yahoodns.net[66.196.118.240] while sending RCPT TO)
- Apr 10 13:47:08 smtpsash03 postfix/qmgr[1606]: 6479B60008: from=<ny-rep_lay.lnc@ld.anazom.com>, size=2815, nrcpt=1 (queue active)
- Apr 10 13:47:08 smtpsash03 postfix/error[5446]: 6479B60008: to=<mabkais@yahoo.com>, relay=none, delay=1121, delays=1121/0.01/0/0.01, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mta6.am0.yahoodns.net[98.138.112.38] while sending RCPT TO)
- Apr 10 14:07:08 smtpsash03 postfix/qmgr[1606]: 6479B60008: from=<ny-rep_lay.lnc@ld.anazom.com>, size=2815, nrcpt=1 (queue active)
- Apr 10 14:07:08 smtpsash03 postfix/error[5572]: 6479B60008: to=<mabkais@yahoo.com>, relay=none, delay=2321, delays=2321/0.02/0/0, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mta5.am0.yahoodns.net[98.138.112.32] while sending RCPT TO)
- Apr 10 14:47:08 smtpsash03 postfix/qmgr[1606]: 6479B60008: from=<ny-rep_lay.lnc@ld.anazom.com>, size=2815, nrcpt=1 (queue active)
- Apr 10 14:47:08 smtpsash03 postfix/error[5860]: 6479B60008: to=<mabkais@yahoo.com>, relay=none, delay=4721, delays=4721/0.01/0/0.01, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mta5.am0.yahoodns.net[98.136.216.25] while sending RCPT TO)
|
Contenu du fichier main.cf
Code :
- smtpd_helo_required = yes
- # Remettre la ligne ci-dessous pour activer le blocage si adresse non MONDOMAINE.fr
- #smtpd_sender_login_maps = ldap:/configuration/postfix/ldap-loginsasl.cf
- smtpd_sender_restrictions =
- # Remettre la ligne ci-dessous pour activer le blocage si adresse non MONDOMAINE.fr
- # reject_authenticated_sender_login_mismatch
- smtpd_recipient_restrictions =
- reject_non_fqdn_recipient,
- reject_unknown_sender_domain,
- reject_non_fqdn_sender,
- reject_unknown_recipient_domain,
- #reject_invalid_hostname,
- permit_mynetworks,
- permit_sasl_authenticated,
- reject_non_fqdn_helo_hostname,
- reject_unauth_destination,
- check_sender_access regexp:/configuration/postfix/sender_access,
- check_recipient_access regexp:/configuration/postfix/recipient_access,
- reject_rbl_client zen.spamhaus.org,
- reject_rbl_client dnsbl.njabl.net,
- reject_rbl_client dnsbl.sorbs.net,
- #reject_rbl_client bl.spamcop.net,
- permit
- smtpd_data_restrictions =
- reject_unauth_pipelining,
- permit
- ###########################################################################
- ### Ralentir l'envoi vers certains domaines (voir fichier "transport" ) ###
- ###########################################################################
- slow_destination_recipient_limit = 20
- slow_destination_concurrency_limit = 2
- ######################################################
- ## Definition des parametres de chiffrement via TLS ##
- ######################################################
- # Smtp ( OUTGOING )
- smtp_tls_loglevel = 1
- smtp_tls_security_level = may
- smtp_tls_CAfile = /configuration/ssl/DigiCertCA.crt
- #smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
- smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
- smtp_tls_protocols = !SSLv2, !SSLv3
- smtp_tls_mandatory_ciphers = high
- smtp_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
- # ---------------------------------------------------------------------------------------------------
- # Smtpd ( INCOMING )
- smtpd_tls_loglevel = 1
- smtpd_use_tls = yes
- smtpd_tls_security_level = may
- smtpd_tls_received_header = yes
- smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
- smtpd_tls_protocols = !SSLv2, !SSLv3
- smtpd_tls_mandatory_ciphers = high
- smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
- smtpd_tls_CAfile = /configuration/ssl/DigiCertCA.crt
- #smtpd_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
- smtpd_tls_cert_file = /configuration/ssl/smtp.MONDOMAINE.fr.crt
- smtpd_tls_key_file = /configuration/ssl/smtp.MONDOMAINE.fr.nopass.key
- smtpd_tls_eecdh_grade = ultra
- tls_eecdh_strong_curve = prime256v1
- tls_eecdh_ultra_curve = secp521r1
- tls_preempt_cipherlist = yes
- tls_random_source = dev:/dev/urandom
- smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
- smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
- lmtp_tls_session_cache_database = btree:${data_directory}/lmtp_scache
- smtpd_tls_session_cache_timeout = 3600s
- # TLS Cipher List
- tls_high_cipherlist = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
- ##################################
- ## Parametres de connexion SASL ##
- ##################################
- smtpd_sasl_auth_enable = yes
- smtpd_sasl_path = smtpd
- smtpd_sasl_security_options = noanonymous
- smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
- smtpd_sasl_local_domain = $mydomain
- smtpd_sasl_authenticated_header = yes
- broken_sasl_auth_clients = yes
- ####################
- ## Transport maps ##
- ####################
- transport_maps = hash:/configuration/postfix/transport
- ##################################################
- ## Re-ecriture d'adresse pour les sous-domaines ##
- ##################################################
- sender_canonical_maps=hash:/configuration/postfix/sender_canonical
- #######################################################
- ### Regles de filtrage du contenu de chaque message ###
- #######################################################
- body_checks = regexp:/configuration/postfix/body_checks
- ##############################################################################
- ## Test du parametre process a cause des mails qui restent en boite d'envoi ##
- ##############################################################################
- default_process_limit = 200
- #######################################
- ## Taille limite des messages = 30Mo ##
- #######################################
- message_size_limit = 30000000
- ##############
- ## OpenDKIM ##
- ##############
- milter_protocol = 6
- milter_default_action = accept
- smtpd_milters = unix:/var/spool/postfix/opendkim/opendkim.sock
- non_smtpd_milters = unix:/var/spool/postfix/opendkim/opendkim.sock
|
Remarque :
Vous remarquerez que j'ai désactivé smtpd_sender_login_maps et reject_authenticated_sender_login_mismatch (qui permet de vérifier que l'adresse mail d'envoi correspond bien au compte authentifié) parce que je ne peux pas utilisé cette fonctionnalité actuellement au sein de ma société pour des raisons de "politique administrative" on va dire...
Contenu du fichier master.cf
Merci d'avance pour votre aide Message édité par K-ny13 le 26-04-2017 à 09:54:03
|