postfix stmp账号被破解,疯狂往外发诈骗邮件

最新推荐文章于 2023-07-28 21:21:54 发布
最新推荐文章于 2023-07-28 21:21:54 发布
阅读量1.2k 收藏
点赞数
文章标签: 开发工具
原文链接:http://www.cnblogs.com/pangziyibudong/p/5944761.html
版权

今天tail -f /var/log/maillog  发现,不停的在产生记录,不停地往外发邮件。

通过log文件中的一条记录,取得其中的一条任务id:39E46C6D4B

使用postcat -q 39E46C6D4B获取到详细信息,如下:

  1 *** ENVELOPE RECORDS active/39E46C6D4B ***
  2 message_size:            1458            4815              50               0            1458
  3 message_arrival_time: Thu Oct  6 20:34:49 2016
  4 create_time: Thu Oct  6 20:34:49 2016
  5 named_attribute: log_ident=39E46C6D4B
  6 named_attribute: rewrite_context=remote
  7 named_attribute: sasl_method=LOGIN
  8 named_attribute: sasl_username=test@test.com  #被破解的stmp账号
  9 sender: petermhmith@comcast.net     #伪造的发件人
 10 named_attribute: log_client_name=unknown
 11 named_attribute: log_client_address=52.175.17.187  #入侵者ip,我就不隐藏了
 12 named_attribute: log_client_port=61991
 13 named_attribute: log_message_origin=unknown[52.175.17.187]
 14 named_attribute: log_helo_name=User
 15 named_attribute: log_protocol_name=ESMTP
 16 named_attribute: client_name=unknown
 17 named_attribute: reverse_client_name=unknown
 18 named_attribute: client_address=52.175.17.187
 19 named_attribute: client_port=61991
 20 named_attribute: helo_name=User
 21 named_attribute: protocol_name=ESMTP
 22 named_attribute: client_address_type=2
 23 named_attribute: dsn_orig_rcpt=rfc822;rads60@aol.com
 24 original_recipient: rads60@aol.com
 25 recipient: rads60@aol.com
 26 named_attribute: dsn_orig_rcpt=rfc822;radsal@yahoo.com
 27 original_recipient: radsal@yahoo.com      #一大群收件人
 28 recipient: radsal@yahoo.com
 29 named_attribute: dsn_orig_rcpt=rfc822;radsar562@aol.com
 30 original_recipient: radsar562@aol.com
 31 recipient: radsar562@aol.com
 32 named_attribute: dsn_orig_rcpt=rfc822;radscrapbookz@yahoo.com
 33 original_recipient: radscrapbookz@yahoo.com
 34 recipient: radscrapbookz@yahoo.com
 35 named_attribute: dsn_orig_rcpt=rfc822;radscream@cox.net
 36 original_recipient: radscream@cox.net
 37 recipient: radscream@cox.net
 38 named_attribute: dsn_orig_rcpt=rfc822;radsk84mad@gmail.com
 39 original_recipient: radsk84mad@gmail.com
 40 done_recipient: radsk84mad@gmail.com
 41 named_attribute: dsn_orig_rcpt=rfc822;radskadork@aol.com
 42 original_recipient: radskadork@aol.com
 43 recipient: radskadork@aol.com
 44 named_attribute: dsn_orig_rcpt=rfc822;radsmomma@aol.com
 45 original_recipient: radsmomma@aol.com
 46 recipient: radsmomma@aol.com
 47 named_attribute: dsn_orig_rcpt=rfc822;radsmsm27@aol.com
 48 original_recipient: radsmsm27@aol.com
 49 recipient: radsmsm27@aol.com
 50 named_attribute: dsn_orig_rcpt=rfc822;radsosa@sbcglobal.net
 51 original_recipient: radsosa@sbcglobal.net
 52 done_recipient: radsosa@sbcglobal.net
 53 named_attribute: dsn_orig_rcpt=rfc822;radsoudi@yahoo.com
 54 original_recipient: radsoudi@yahoo.com
 55 recipient: radsoudi@yahoo.com
 56 named_attribute: dsn_orig_rcpt=rfc822;radstang89@yahoo.com
 57 original_recipient: radstang89@yahoo.com
 58 recipient: radstang89@yahoo.com
 59 named_attribute: dsn_orig_rcpt=rfc822;radstyle@yahoo.com
 60 original_recipient: radstyle@yahoo.com
 61 recipient: radstyle@yahoo.com
 62 named_attribute: dsn_orig_rcpt=rfc822;radsxegrl21@yahoo.com
 63 original_recipient: radsxegrl21@yahoo.com
 64 recipient: radsxegrl21@yahoo.com
 65 named_attribute: dsn_orig_rcpt=rfc822;radsyscorp@worldnet.att.net
 66 original_recipient: radsyscorp@worldnet.att.net
 67 done_recipient: radsyscorp@worldnet.att.net
 68 named_attribute: dsn_orig_rcpt=rfc822;radtad44@msn.com
 69 original_recipient: radtad44@msn.com
 70 done_recipient: radtad44@msn.com
 71 named_attribute: dsn_orig_rcpt=rfc822;radtad90@yahoo.com
 72 original_recipient: radtad90@yahoo.com
 73 recipient: radtad90@yahoo.com
 74 named_attribute: dsn_orig_rcpt=rfc822;radtadd@hotmail.com
 75 original_recipient: radtadd@hotmail.com
 76 done_recipient: radtadd@hotmail.com
 77 named_attribute: dsn_orig_rcpt=rfc822;radtanline@aol.com
 78 original_recipient: radtanline@aol.com
 79 recipient: radtanline@aol.com
 80 named_attribute: dsn_orig_rcpt=rfc822;radtaz77@yahoo.com
 81 original_recipient: radtaz77@yahoo.com
 82 recipient: radtaz77@yahoo.com
 83 named_attribute: dsn_orig_rcpt=rfc822;radtec@hotmail.com
 84 original_recipient: radtec@hotmail.com
 85 done_recipient: radtec@hotmail.com
 86 named_attribute: dsn_orig_rcpt=rfc822;radtechmay@earthlink.com
 87 original_recipient: radtechmay@earthlink.com
 88 done_recipient: radtechmay@earthlink.com
 89 named_attribute: dsn_orig_rcpt=rfc822;radtek53@aol.com
 90 original_recipient: radtek53@aol.com
 91 recipient: radtek53@aol.com
 92 named_attribute: dsn_orig_rcpt=rfc822;radtke@juno.com
 93 original_recipient: radtke@juno.com
 94 recipient: radtke@juno.com
 95 named_attribute: dsn_orig_rcpt=rfc822;radtke1@worldnet.att.net
 96 original_recipient: radtke1@worldnet.att.net
 97 done_recipient: radtke1@worldnet.att.net
 98 named_attribute: dsn_orig_rcpt=rfc822;radtogo2@aol.com
 99 original_recipient: radtogo2@aol.com
100 recipient: radtogo2@aol.com
101 named_attribute: dsn_orig_rcpt=rfc822;radtoys@aol.com
102 original_recipient: radtoys@aol.com
103 recipient: radtoys@aol.com
104 named_attribute: dsn_orig_rcpt=rfc822;radtrans05@yahoo.com
105 original_recipient: radtrans05@yahoo.com
106 recipient: radtrans05@yahoo.com
107 named_attribute: dsn_orig_rcpt=rfc822;radu.oancea@onsaleonline.com
108 original_recipient: radu.oancea@onsaleonline.com
109 done_recipient: radu.oancea@onsaleonline.com
110 named_attribute: dsn_orig_rcpt=rfc822;radu@op.net
111 original_recipient: radu@op.net
112 recipient: radu@op.net
113 named_attribute: dsn_orig_rcpt=rfc822;radu_henegar@yahoo.com
114 original_recipient: radu_henegar@yahoo.com
115 recipient: radu_henegar@yahoo.com
116 named_attribute: dsn_orig_rcpt=rfc822;radu_rengle@yahoo.com
117 original_recipient: radu_rengle@yahoo.com
118 recipient: radu_rengle@yahoo.com
119 named_attribute: dsn_orig_rcpt=rfc822;radu123@hotmail.com
120 original_recipient: radu123@hotmail.com
121 done_recipient: radu123@hotmail.com
122 named_attribute: dsn_orig_rcpt=rfc822;raduariton@yahoo.com
123 original_recipient: raduariton@yahoo.com
124 recipient: raduariton@yahoo.com
125 named_attribute: dsn_orig_rcpt=rfc822;raducerbu@worldnet.att.net
126 original_recipient: raducerbu@worldnet.att.net
127 done_recipient: raducerbu@worldnet.att.net
128 named_attribute: dsn_orig_rcpt=rfc822;raducristian30@yahoo.com
129 original_recipient: raducristian30@yahoo.com
130 recipient: raducristian30@yahoo.com
131 named_attribute: dsn_orig_rcpt=rfc822;radue77@hotmail.com
132 original_recipient: radue77@hotmail.com
133 done_recipient: radue77@hotmail.com
134 named_attribute: dsn_orig_rcpt=rfc822;radum94@hotmail.com
135 original_recipient: radum94@hotmail.com
136 done_recipient: radum94@hotmail.com
137 named_attribute: dsn_orig_rcpt=rfc822;radumond@aol.com
138 original_recipient: radumond@aol.com
139 recipient: radumond@aol.com
140 named_attribute: dsn_orig_rcpt=rfc822;radumps@gmail.com
141 original_recipient: radumps@gmail.com
142 recipient: radumps@gmail.com
143 named_attribute: dsn_orig_rcpt=rfc822;rae_lbc@yahoo.com
144 original_recipient: rae_lbc@yahoo.com
145 recipient: rae_lbc@yahoo.com
146 named_attribute: dsn_orig_rcpt=rfc822;rae_liu2002@yahoo.com
147 original_recipient: rae_liu2002@yahoo.com
148 recipient: rae_liu2002@yahoo.com
149 named_attribute: dsn_orig_rcpt=rfc822;rae_lynnette@hotmail.com
150 original_recipient: rae_lynnette@hotmail.com
151 done_recipient: rae_lynnette@hotmail.com
152 named_attribute: dsn_orig_rcpt=rfc822;rae_of_sunlight@hotmail.com
153 original_recipient: rae_of_sunlight@hotmail.com
154 done_recipient: rae_of_sunlight@hotmail.com
155 named_attribute: dsn_orig_rcpt=rfc822;rae_rae33@hotmail.com
156 original_recipient: rae_rae33@hotmail.com
157 done_recipient: rae_rae33@hotmail.com
158 named_attribute: dsn_orig_rcpt=rfc822;rae_scheer@yahoo.com
159 original_recipient: rae_scheer@yahoo.com
160 recipient: rae_scheer@yahoo.com
161 named_attribute: dsn_orig_rcpt=rfc822;rae090785@yahoo.com
162 original_recipient: rae090785@yahoo.com
163 recipient: rae090785@yahoo.com
164 named_attribute: dsn_orig_rcpt=rfc822;rae0fsun23@hotmail.com
165 original_recipient: rae0fsun23@hotmail.com
166 done_recipient: rae0fsun23@hotmail.com
167 named_attribute: dsn_orig_rcpt=rfc822;rae11455@aol.com
168 original_recipient: rae11455@aol.com
169 recipient: rae11455@aol.com
170 named_attribute: dsn_orig_rcpt=rfc822;rae12@aol.com
171 original_recipient: rae12@aol.com
172 recipient: rae12@aol.com
173 *** MESSAGE CONTENTS active/39E46C6D4B ***
174 Received: from User (unknown [52.175.17.187])
175     by mail.lejucd.com (Postfix) with ESMTPA id 39E46C6D4B;
176     Thu,  6 Oct 2016 20:34:49 +0800 (CST)
177 Reply-To: <petermm111@1email.eu>
178 From: "Mr. Hikmet"<petermhmith@comcast.net>
179 Subject: <<WESTERN UNION COMPENSATION >
180 Date: Thu, 6 Oct 2016 12:34:49 -0000
181 MIME-Version: 1.0
182 Content-Type: text/html;
183     charset="Windows-1251"
184 Content-Transfer-Encoding: 7bit
185 X-Priority: 3
186 X-MSMail-Priority: Normal
187 X-Mailer: Microsoft Outlook Express 6.00.2600.0000
188 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
189 #一篇诈骗邮件,翻译过来大致就是说要退款,然后来联系进行诈骗
190 <p>Attn:<br /><br />We are writing you from the desk of Mr. Hikmet Ersek, Chief<br />Executive Officer and President of The Western Union<br />Company,this letter is to notify you about your compensation<br />as one of the scam victim that sent money via our<br />service(Western Union Money Transfer)and (Money Gram) to<br />fraudsters.<br /><br />We found your email Address in our data base,that is why we<br />are contacting you.This have been agreed upon and have been<br />approved by Pamela H. Patsley Chief Executive Officer of<br />Money gram International Inc to compensate you as one of the<br />scam victim.<br /><br />You are here by advised to acknowledge this mail and help us<br />to reconfirm your identity for security reasons.<br /><br />Kindly acknowledge the receipt of this email&nbsp; as soon<br />as you receive it.<br /><br />Yours faithfully,<br />Mr. Hikmet Ersek,</p>
191 *** HEADER EXTRACTED active/39E46C6D4B ***
192 *** MESSAGE FILE END active/39E46C6D4B ***

从详细信息中我们看到,stmp中的test账号被破解了,使用test账号登录之后伪造成其他发件人不断向大量的收件人发送诈骗邮件,登录者的ip是 52.175.17.187 ,查看其他任务id,得到的依然是此结果。

解决:

1.将此ip拉入服务器黑名单:iptables -I INPUT -s 52.175.17.187 -j DROP  (要解封使用 :iptables -D INPUT -s 52.175.17.187 -j DROP )

2.删除stmp中test账号并重启postfix:

saslpasswd2 -d test@test.com

service postfix reload

3.清除所有缓存垃圾邮件,阻止邮件服务器继续偿试外发

查看邮件缓存目录:du -sh /var/spool/postfix/*

1.1G    /var/spool/postfix/defer

1.7G    /var/spool/postfix/deferred

延迟发送的邮件占用了2.8个g的空间!

清除邮件中的所有队列:postsuper -d ALL 

再次查看缓存目录,容量终于恢复正常值。
du -sh /var/spool/postfix/*
4K /var/spool/postfix/defer
4K /var/spool/postfix/deferred

4.禁止认证用户假冒发信人外发

vim /etc/postfix/main.cf
mynetworks = 127.0.0.0/8
smtpd_sender_restrictions =
  permit_mynetworks,
  reject_sender_login_mismatch,
  reject_non_fqdn_sender,
  reject_authenticated_sender_login_mismatch,
  reject_unauthenticated_sender_login_mismatch,
  reject_non_fqdn_recipient,
  reject_invalid_hostname,
  reject_unknown_sender_domain,
  check_sender_access hash:/etc/postfix/sender_access
postfix reload

参考原文地址:http://www.51itstudy.com/34465.html

感谢此文章帮我解决问题。

转载于:https://www.cnblogs.com/pangziyibudong/p/5944761.html

dblp98860
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
SMTP配置 postfix
alliswell95的博客
05-23 2650
postfix提供smtp协议用来投递邮件 默认端口25 /var/log/maillog    ##服务日志 mail root@westos.com Subject: hello hello world .        #用"."来结束录入内容并送 mailq        ##查看邮件队列 postqueue -f    ##重新处理邮件队列 默认情况下邮件端口只
postfix防伪造件人
weixin_33895475的博客
09-23 304
1) $ vim /etc/postfix/main.cf ##############SASL#################### smtpd_sasl_auth_enable = yes smtpd_sasl2_auth_enable = yes smtpd_sasl_security_options = noanonymous broken_sa...
postfix 防攻击
小树苗
01-17 607
大量TIME_WAIT netstat -n | awk '/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}' vim /etc/sysctl.conf net.ipv4.tcp_tw_reuse = 1 和 net.ipv4.tcp_tw_recycle = 1 的开启都是为了回收处于TIME_WAIT状态的资源。 单独删除postfi...
阿里云centos 7 创建postfix服务器,并进行stmp验证,并结合phpmailer进行邮件送...
dblp98860的博客
09-23 404
由于centos默认会自带sendmail,而sendmail存在安全性问题和使用复杂的问题,故而选择postfix服务器,由于暂时没有收邮件的需求,故未安装dovecot。 1.[root@postfix-server ~]# yum remove sendmail -y #卸载自带的sendmail 2.[root@postfix-server ~] #yuminstall...
一、Postfix[安装与配置、smtp认证、Python邮件以及防垃圾邮件方法、使用腾讯云邮件服务]
最新发布
黑日里不灭的light
07-28 5258
Debian 11。
实验Postfix邮件共享服务
10-30
Postfix邮件共享服务。 RHEL-3 上搭建postfix邮件系统,dovecot收邮件服务 windows7作为客户端,测试收邮件
详解阿里云CentOS Linux服务器上用postfix搭建邮件服务器
09-15
在搭建邮件服务器之前,你需要为你的域名添加DNS解析记录,包括A记录(指向服务器的IP地址),MX记录(指定邮件服务器),以及TXT记录(用于SPF验证,防止邮件被标记为垃圾邮件)。例如,如果你的域名是`cnblogs....
PHP处理postfix邮件内容的方法
12-18
本文实例讲述了PHP处理postfix邮件内容的方法。分享给大家供大家参考。具体如下: <?php //从输入读取到所有的邮件内容 $email = ""; $fd = fopen("php://stdin", "r"); while (!feof($fd)) { $email ....
SMTP破解器(25.80.465.587端口)
05-17
邮件破解器,支持国内所有邮箱类型,破解速度快!软件占用内存小,适合服务器批量登陆
postfix邮件服务器安全
weixin_34319374的博客
04-14 394
为防止postfix邮件服务器被人冒用,使用它送伪造的垃圾邮件,进行了以下实验,添加了smtp验证。 分析smtp送 把内部IP从邮件 的信任网络中去掉, 然后测试邮件送(依靠邮件件人) root@slackbox[~]#telnetmail.XXXXXX.com25Trying10.70.253.52...Connectedtomail...
破壳(shellshock)漏洞的一些汇总
瞎几把学
12-07 1519
原理与基本情况不再赘述 一、shellshock存在的环境 一个攻击者能够控制的环境变量,特别是该变量以 () { 开始。必须调用bash系统必须存在bash漏洞 二、目前证实适用的一些场景; CGI-based web server CGI处理文档请求的时候,使用环境变量处理请求,如果处理使用bash脚本,或者使用了系统调用,bash将接受系统变量并进行
SPF邮件伪造漏洞测试脚本
dcx3291777的博客
08-09 806
测试脚本: # -*- coding: utf-8 -*- import socket,select,base64,os,re,time,datetime class mail: def __init__(self): self.errmsg = '' def send(self, buf): try: ...
Linux之POSTFIX邮件服务
日积月累
09-01 1883
     邮件是我们互联网上是最基本的服务之一,诞生很早,用非常广泛,展迅速。      邮件服务器也采用的是C/S工作模式,通过SMTP,POP,IMAP协议来是实现邮件送和接收的。      电子邮件在互联网上是如何传输的: 每个邮件系统主要由4部分组成: MUA:邮件用户代理,客户端收邮件的软件 MDA:邮件投递代理,在邮件服务器上将邮件存放到相
SMTP邮件postfix
xiaojun_Fairy的博客
05-23 5187
基本电子邮件送 服务器使用SMTP协议将电子邮件提交至TCP端口25,或由本地客户端通过/usr/bin/sendmail程序进行提交。如果该MTA是最终目标位置,邮件将传递至MDA。否则,将使用MX记录在DNS中查找下一个MTA,并使用SMTP进行转。 MDA:“邮件送代理”。MDA将邮件送至收件人的本地邮件存储位置(默认情况下是/var/spool/mail/user)。Postfix
Postfix+SMTP 配置邮件
weixin_30566149的博客
08-14 822
  如果出现SASL authentication failed; cannot authenticate to server 错误,请安装cyrus-sasl-plain $res = CommonHelper::sendmail($sendto, $sendtitle, $sendfrom, $sendcontent); publicstaticfunctionsend...
ubuntu搭建postfix smtp邮箱服务为站点邮件
daliycode的专栏
11-08 5143
需求很简单,也不搞得那么麻烦。不需要接收邮件,仅仅利用PHP类库PHPMailer送验证码邮件,接收邮件可以用什么qq,网易的。还有一点如果配置接收邮件,还需要考虑什么安全,垃圾邮件啥的。   正文开始   1 解析域名 (防止邮件被扔进垃圾邮箱) mail.daliycode.com A记录到 123.123.123.123(你的服务器ip) @    MX记录到 mail.dal...
postfix下的SMTP认证
weixin_33881140的博客
09-03 981
SMTP认证(接着上个实验做的Postfix)向邮件时针对件人进行认证(仅针对邮件生效)SMTP认证================================================================第一步:设置CyrusSASL函数库,并启动saslauthd服务[root@mail~]#vim/usr/lib/sasl2...
HTB靶场系列 linux靶机 Beep靶机
m0_57221101的博客
01-15 1229
这个靶场真的很厉害,学到了非常多的东西 需要学习的技能 nmap扫描具体端口 -sC -sV -p 223 searchspoilt 打开文件 -x sslscan ip 探测目标机器 ssl版本 勘探 首先还是一样用nmap大致扫描,再用nmap对扫出的端口进行细致扫描 nmap nmapshows a bunch of ports open on the box: root@kali# nmap -sT -p- --min-rate 5000 -oA nmap/alltcp 10..
ubuntu 邮件服务器配置
04-06
ubuntu 邮件服务器配置,postfix+dovecot+squiremail,搭建LIUNX自己的邮件服务器

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值