Contenu | Rechercher | Menus

Annonce

Si vous avez des soucis pour rester connecté, déconnectez-vous puis reconnectez-vous depuis ce lien en cochant la case
Me connecter automatiquement lors de mes prochaines visites.

À propos de l'équipe du forum.

Pages : 1

#1 Le 16/09/2015, à 01:50

merrow

Resolu Serveur Posfix envoi des spam

Bonjour,

------Résolution-----
Enlever dans la ligne suivante (mon-adresse-reseau-public/24)
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mon-adresse-reseau-public/24

En effet elle faisait relai de mes postes/serveurs sur mon réseau sans authentification.
Après lecture des logs j'ai vue que c'est mon système de visio-conférence qui était corrompu
Merci à tous pour votre aide. Je vais mettre un système de monitoring et revoir mon reseau
---------------------

Ca fait plusieurs jours que mon serveur de mail postfix est considéré comme envoyant du spam.
En effet quand je fais un pflogsumm /var/log/mail.log il y a eu un gros envoie de mail.
De 19h00 à 20h00 48483 mail envoyé

J'ai vérifié si je n'étais pas en open-relay et je ne le suis pas.
D’après le site mxtoolbox (SMTP Open Relay     OK - Not an open relay.)
J'utilise postfix/dovecot/saslauth.

Ma configuration de postfix

#====================================
#         generic parameters
#====================================
#Texte qui suit le code de statut 220 dans la banniere d'accueil (ajout d'info)
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)

#Ce service envoie des notifications "nouveau message" aux utilisateurs qui ont demande (ici no pour perf)
biff = no

#On ne rajoute pas le domaine car c'est le boulot du client mail
append_dot_mydomain = no

#Permet d'envoyer un email a l'emetteur si son mail n'est pas parti au bout d'un certain temps
#delay_warning_time = 4h

#L'emplacement des fichiers README 
readme_directory = no

#============================================
#              TLS parameters
#============================================
#L'endroit ou se trouve les certificats
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key

#SMTPD annonce le support STARTTLS aux clients SMTP mais n'exige pas que les clients l'utilisent
smtpd_use_tls=yes

#Fichier contenant le cache optionnel des sessions TLS du serveur SMTP de Postfix
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache

#Cache TLS pour le client SMTP de Postfix
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

#Le serveur informe du support startls au client
smtpd_tls_security_level = may

#Requiere que postfix produise une en-tete avec les info du protocole et du chiffrement utilise
smtpd_tls_received_header = yes
#=======================================
#            General parameters
#=======================================
#Le nom de machine Internet de ce systeme de messagerie
myhostname = nom de mon serveur de messagerie+nom de domaine

#Le nom de domaine des mails (ce qu'il y a apres le @)
mydomain = mon domaine

#Le domaine par defaut utilise pour les messages postes localement
myorigin = $mydomain

#Definit la liste des adresses valides du domaine (ajout 14/09/2015)
relay_domains = $mydomain

#Liste des domaines livre par le transporteur de messages
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, mail.$mydomain

#La machine par defaut ou livrer le courrier exterieur (si vide pas de relais, mail parte directement)
relayhost =

#La liste des clients SMTP "internes" qui ont plus de privileges que les etrangers (accepte d'acheminer les mails)
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mon-adresse-reseau-public/24 

#La taille maximale des fichiers boites-aux-lettres locaux ou zero (pas de limite)
mailbox_size_limit = 0

#Taille maximale d'un message en octets, y compris les informations de l'enveloppe
message_size_limit = 56000000

#Le separateur entre noms d'utilisateurs et extensions d'adresse
recipient_delimiter = +

#Les adresses reseau par lesquelles le systeme de messagerie recoit les messages
inet_interfaces = all

#Le nom d'un transporteur du courrier qui filtre les messages apres mise en file d'attente
content_filter = amavisfeed:[127.0.0.1]:10024

#Le depot des emails dans les boites aux lettres est confie a procmail (cas du format mbox)
mailbox_command = /usr/bin/procmail -a "$EXTENSION"

#Code numerique de reponse du serveur SMTP lorsque les adresse sont local mais pas trouver dans la table de correspondance
unknown_local_recipient_reject_code = 450

#======================================
#       Tables parameters
#======================================
#La map et la base des alias 
alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases

#Tables optionnelle de correspondance des adresses pour les en-tetes de message et les enveloppes
canonical_maps = hash:/etc/postfix/revaliases.map

#Liste optionnelle de domaines dont la structure des sous-domaines sera masque dans les adresses
masquerade_domains = $my_domain

#Temps au dela duquel l'expediteur recoit les en-tete d'un message toujours en file d'attente
delay_warning_time = 2h

#Le code numerique de reponse du serveur SMTP de Postfix lorsqu'une requete d'un client SMTP distant est bloque par une restriction
maps_rbl_reject_code = 454

# Tables de correspondances, indexe par adresses IP des clients SMTP exterieurs, contenant une liste insensible a la casse des mots-clefs EHLO (pipelining, starttls, auth, etc.) que le serveur SMTP n'enverra pas dans les reponses EHLO aux clients SMTP distants
smtpd_discard_ehlo_keyword_address_maps = hash:/etc/postfix/discard_ehlo

#=============================================
#            Restriction
#=============================================
#Restrictions d'acce que le serveur SMTP de Postfix applique dans le contexte d'une commande RCPT TO (reception)
smtpd_recipient_restrictions =  permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination,
    check_policy_service unix:private/policy-spf,
    check_client_access hash:/etc/postfix/client_homologue.map,
    check_recipient_access hash:/etc/postfix/insiders_only.map,
    check_client_access hash:/etc/postfix/client_accepted.map,
    check_client_access regexp:/etc/postfix/client_rejected.exp,
    reject_unknown_sender_domain,
    check_client_access hash:/etc/postfix/client_accepted_despite_sorbs.map,
    reject_rbl_client zen.spamhaus.org,
    check_policy_service inet:127.0.0.1:10023

#Restrictions que le serveur SMTP de Postfix applique dans le contexte des commandes MAIL FROM (envoi)
smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, check_client_access hash:/etc/postfix/client_accepted.map,
reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_destination, check_sender_access hash:/etc/postfix/sender_access

#Restrictions d'acce optionelles du serveur SMTP pour les requete de connexion au service SMTP
smtpd_client_restrictions = permit_mynetworks, check_client_access hash:/etc/postfix/client_accepted.map,
        reject_non_fqdn_sender, reject_unknown_sender_domain

#Bloquer les clients qui parlent trop tot
smtpd_data_restrictions = reject_unauth_pipelining

#Restrictions optionnelles que le serveur SMTP de Postfix applique dans le contexte de la commande SMTP HELO
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, reject_unknown_hostname

#==========================================
#            sasl parameters
#==========================================
#Active l'authentification SASL
smtpd_sasl_auth_enable = yes

#Options de securite SASL (Interdit l'authentification anonyme )
smtpd_sasl_security_options = noanonymous

#Nom de domaine d'authentification SASL local
smtpd_sasl_local_domain = $myhostname

#Postfix indique le support de AUTH de maniere non-standard pour windows
broken_sasl_auth_clients = yes

# Le plug-in dont se sert postfix pour l'authetification SASL
smtpd_sasl_type = dovecot

#Endroit du fichier de configuration de sasl
smtpd_sasl_path = /var/run/dovecot/auth

#Clients SMTP pour lesquels Postfix ne proposera pas le support AUTH.
smtpd_sasl_exceptions_networks = ip/24

#================================================
# Pour tester et pour eviter les probleme
#================================================

#Si probleme
# soft_bounce = yes
# defer_transports = local

#Tables de correspondances optionnelles contenant la politique d'emploi de TLS pour le client SMTP 
smtp_tls_per_site = hash:/etc/postfix/hosts_no_tls.map

#Active l'enregistrement additionnel de l'activite TLS du serveur SMTP de Postfix (selon niv 0-1-2 oui 3 mode debug 4 trop)
smtpd_tls_loglevel = 1
smtp_tls_loglevel = 1

#Valeur d'increment du niveau de verbiage des logs
debug_peer_level = 2

#==========================================
#            test spam
#==========================================

#Nombre maximum de livraisons paralles via le transport local au meme destinataire
local_destination_concurrency_limit = 2

#Le nombre maximal par defaut de livraisons paralleles vers la meme destination
default_destination_concurrency_limit = 10

# Attend la commande RCPT TO avant d'evaluer (smtpd_client_restriction...) a yes autorise a enregistrer l'adresse de destination lors d'un rejet, facilitant ainsi l'analyse
smtpd_delay_reject = yes

#Max de mail envoye par minute
smtpd_client_message_rate_limit = 50

#Delais a partir duquel les taux de connexion client sont calcule
anvil_rate_time_unit = 60s

# Frequence de verification du statu de anvil
anvil_status_update_time = 600s

#Ajout de la fonction SPF (Sender Policy Framework) norme contre spammer, alonge le delai de la politique de SPF 
policy-spf_time_limit = 3600s

Ma configuration de dovecot 

#==============================================================================
#                                GENERAL
#==============================================================================
# Les Protocols lancé par dovecot: imap imaps pop3 pop3s 

protocols = imap imaps pop3 pop3s

# Permet la connection avec mots de passe en clair sans ssl (compatiblité Msoft)
disable_plaintext_auth = no


# Format du timestamp des logs
log_timestamp = "%Y-%m-%d %H:%M:%S "

# Donne la permition à dovecot de créer des fichier dotlock dans le repertoire 
mail_privileged_group = mail

# Permet de conserver l'index des fichiers stockés dans NFS
mmap_disable = yes

# Don't use fsync() or fdatasync() calls. This makes the performance better
# at the cost of potential data loss if the server (or the file server)
# goes down.
fsync_disable = no

# Mail storage exists in NFS. Set this to yes to make Dovecot flush NFS caches
# whenever needed. If you're using only a single mail server this isn't needed.
mail_nfs_storage = yes
# Mail index files also exist in NFS. Setting this to yes requires
# mmap_disable=yes and fsync_disable=no.
mail_nfs_index = yes

# Connection des utilisateurs a partir de cette uid (evite les connections par demons)
first_valid_uid = 100

#Log lors de l'identification
auth_debug_passwords = yes
#========================================================================
#                                 PROTOCOL
#========================================================================

##
## IMAP specific settings
##

protocol imap {
  # Maximum number of IMAP connections allowed for a user from each IP address.
  # NOTE: The username is compared case-sensitively.
  mail_max_userip_connections = 20
}
  
##
## POP3 specific settings
##

protocol pop3 {
  #%08Xv analyse en base 10 converti en hexa IMAP Mail UID
  #%08Xu analyse en base 10 converti en hexa UIDVALIDITY IMAP de boîtes aux lettres 
  pop3_uidl_format = %08Xu%08Xv
}

##
## ManageSieve specific settings
##

protocol managesieve {
}

##
## LDA specific settings
##

protocol lda {
# adresse lors de rejet  
postmaster_address = liebgott@cpt.univ-mrs.fr
}

##
## Authentication processes
##

auth default {
  # NOTE: See also disable_plaintext_auth setting.
  mechanisms = plain login 
  passdb pam {
  }
  userdb passwd {
  }
  user = root
 socket listen { 
  client {
       # Assuming the default Postfix $queue_directory setting
       path = /var/spool/postfix/var/run/dovecot/auth
       mode = 0660
       # Assuming the default Postfix user and group
       user = postfix
       group = postfix
      }
    }
}

dict {
}

##
## Plugin settings
##

plugin {
}

# Config files can also be included. deliver doesn't support them currently.
#!include /etc/dovecot/conf.d/*.conf
# Optional configurations, don't give an error if it's not found:
#!include_try /etc/dovecot/extra.conf

Je poste une partie du fichier de mail.log (commençant à 19h)

Sep 15 19:00:01 mail postfix/smtpd[11451]: connect from mail.ncaor.gov.in[14.139.119.20]
Sep 15 19:00:01 mail postfix/smtpd[11451]: setting up TLS connection from mail.ncaor.gov.in[14.139.119.20]
Sep 15 19:00:01 mail postfix/smtpd[11451]: Anonymous TLS connection established from mail.ncaor.gov.in[14.139.119.20]: TLSv1 with cipher AES128-SHA (128/128 bits)
Sep 15 19:00:02 mail postfix/smtpd[11451]: NOQUEUE: reject: RCPT from mail.ncaor.gov.in[14.139.119.20]: 450 4.7.1 <mailserver2.ictdncaor.net>: Helo command rejected: Host not found; from=<anish@ncaor.gov.in> to=<dyn98@cpt.univ-mrs.fr> proto=ESMTP helo=<mailserver2.ictdncaor.net>
Sep 15 19:00:02 mail postfix/smtpd[11451]: disconnect from mail.ncaor.gov.in[14.139.119.20]
Sep 15 19:00:07 mail postfix/smtpd[14000]: connect from unusoctonovem.mu.eccluster.com[91.192.42.189]
Sep 15 19:00:07 mail policyd-spf[9180]: Pass; identity=helo; client-ip=91.192.42.189; helo=unusoctonovem.mu.eccluster.com; envelope-from=g-2523162240-2597-1300885139-1442336407352@bounce.emailing.vilage-conseil.com; receiver=richard.guerrier@cpt.univ-mrs.fr 
Sep 15 19:00:07 mail policyd-spf[9180]: Pass; identity=mailfrom; client-ip=91.192.42.189; helo=unusoctonovem.mu.eccluster.com; envelope-from=g-2523162240-2597-1300885139-1442336407352@bounce.emailing.vilage-conseil.com; receiver=richard.guerrier@cpt.univ-mrs.fr 
Sep 15 19:00:07 mail postgrey[1086]: action=pass, reason=triplet found, client_name=unusoctonovem.mu.eccluster.com, client_address=91.192.42.189, sender=g-2523162240-2597-1300885139-1442336407352@bounce.emailing.vilage-conseil.com, recipient=richard.guerrier@cpt.univ-mrs.fr
Sep 15 19:00:07 mail postfix/smtpd[14000]: C9F791BF37B: client=unusoctonovem.mu.eccluster.com[91.192.42.189]
Sep 15 19:00:07 mail postfix/cleanup[11028]: C9F791BF37B: message-id=<fslp8d.ielluuk8o317ebt@emailing.vilage-conseil.com>
Sep 15 19:00:07 mail postfix/qmgr[2793]: C9F791BF37B: from=<g-2523162240-2597-1300885139-1442336407352@bounce.emailing.vilage-conseil.com>, size=14333, nrcpt=1 (queue active)
Sep 15 19:00:07 mail postfix/smtpd[19564]: connect from localhost[127.0.0.1]
Sep 15 19:00:07 mail postfix/smtpd[19564]: F158D1BF478: client=localhost[127.0.0.1]
Sep 15 19:00:07 mail postfix/cleanup[11032]: F158D1BF478: message-id=<fslp8d.ielluuk8o317ebt@emailing.vilage-conseil.com>
Sep 15 19:00:08 mail postfix/smtpd[19564]: disconnect from localhost[127.0.0.1]
Sep 15 19:00:08 mail postfix/qmgr[2793]: F158D1BF478: from=<g-2523162240-2597-1300885139-1442336407352@bounce.emailing.vilage-conseil.com>, size=14819, nrcpt=1 (queue active)
Sep 15 19:00:08 mail amavis[31980]: (31980-03) Passed CLEAN, [91.192.42.189] [91.192.42.189] <g-2523162240-2597-1300885139-1442336407352@bounce.emailing.vilage-conseil.com> -> <richard.guerrier@cpt.univ-mrs.fr>, Message-ID: <fslp8d.ielluuk8o317ebt@emailing.vilage-conseil.com>, mail_id: wthISa3MJIIb, Hits: -, size: 14331, queued_as: F158D1BF478, 118 ms
Sep 15 19:00:08 mail postfix/smtp[15654]: C9F791BF37B: to=<richard.guerrier@cpt.univ-mrs.fr>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.49, delays=0.37/0/0/0.12, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=31980-03, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as F158D1BF478)
Sep 15 19:00:08 mail postfix/qmgr[2793]: C9F791BF37B: removed
Sep 15 19:00:08 mail postfix/local[15692]: F158D1BF478: to=<guerrier@cpt.univ-mrs.fr>, orig_to=<richard.guerrier@cpt.univ-mrs.fr>, relay=local, delay=0.09, delays=0.02/0/0/0.06, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail -a "$EXTENSION")
Sep 15 19:00:08 mail postfix/qmgr[2793]: F158D1BF478: removed
Sep 15 19:00:11 mail postfix/smtpd[14000]: disconnect from unusoctonovem.mu.eccluster.com[91.192.42.189]
Sep 15 19:00:12 mail postfix/smtpd[10412]: connect from mail.ncaor.gov.in[14.139.119.21]
Sep 15 19:00:13 mail postfix/smtpd[10412]: setting up TLS connection from mail.ncaor.gov.in[14.139.119.21]
Sep 15 19:00:13 mail postfix/smtpd[10412]: Anonymous TLS connection established from mail.ncaor.gov.in[14.139.119.21]: TLSv1 with cipher AES128-SHA (128/128 bits)
Sep 15 19:00:13 mail postfix/smtpd[10412]: NOQUEUE: reject: RCPT from mail.ncaor.gov.in[14.139.119.21]: 450 4.7.1 <mailserver1.ictdncaor.net>: Helo command rejected: Host not found; from=<anish@ncaor.gov.in> to=<jacques.soffer@cpt.univ-mrs.fr> proto=ESMTP helo=<mailserver1.ictdncaor.net>
Sep 15 19:00:13 mail postfix/smtpd[10584]: connect from server11.club-des-deals.com[104.130.231.201]
Sep 15 19:00:13 mail postfix/smtpd[10412]: disconnect from mail.ncaor.gov.in[14.139.119.21]
Sep 15 19:00:14 mail postfix/smtpd[10440]: connect from s15434454.onlinehome-server.com[74.208.72.135]
Sep 15 19:00:14 mail policyd-spf[19402]: None; identity=helo; client-ip=104.130.231.201; helo=server11.club-des-deals.com; envelope-from=bounce@client.club-des-deals.com; receiver=rossignol@cpt.univ-mrs.fr 
Sep 15 19:00:14 mail policyd-spf[19402]: Permerror; identity=mailfrom; client-ip=104.130.231.201; helo=server11.club-des-deals.com; envelope-from=bounce@client.club-des-deals.com; receiver=rossignol@cpt.univ-mrs.fr 
Sep 15 19:00:14 mail postgrey[1086]: action=pass, reason=triplet found, client_name=server11.club-des-deals.com, client_address=104.130.231.201, sender=bounce@client.club-des-deals.com, recipient=rossignol@cpt.univ-mrs.fr
Sep 15 19:00:14 mail postfix/smtpd[10584]: NOQUEUE: reject: RCPT from server11.club-des-deals.com[104.130.231.201]: 450 4.1.1 <rossignol@cpt.univ-mrs.fr>: Recipient address rejected: User unknown in local recipient table; from=<bounce@client.club-des-deals.com> to=<rossignol@cpt.univ-mrs.fr> proto=ESMTP helo=<server11.club-des-deals.com>
Sep 15 19:00:14 mail policyd-spf[19402]: None; identity=helo; client-ip=104.130.231.201; helo=server11.club-des-deals.com; envelope-from=bounce@client.club-des-deals.com; receiver=bacry@cpt.univ-mrs.fr
Sep 15 19:00:14 mail postgrey[1086]: action=pass, reason=triplet found, client_name=server11.club-des-deals.com, client_address=104.130.231.201, sender=bounce@client.club-des-deals.com, recipient=rossignol@cpt.univ-mrs.fr
Sep 15 19:00:14 mail postfix/smtpd[10584]: NOQUEUE: reject: RCPT from server11.club-des-deals.com[104.130.231.201]: 450 4.1.1 <rossignol@cpt.univ-mrs.fr>: Recipient address rejected: User unknown in local recipient table; from=<bounce@client.club-des-deals.com> to=<rossignol@cpt.univ-mrs.fr> proto=ESMTP helo=<server11.club-des-deals.com>
Sep 15 19:00:14 mail policyd-spf[19402]: None; identity=helo; client-ip=104.130.231.201; helo=server11.club-des-deals.com; envelope-from=bounce@client.club-des-deals.com; receiver=bacry@cpt.univ-mrs.fr 
Sep 15 19:00:14 mail policyd-spf[19402]: Permerror; identity=mailfrom; client-ip=104.130.231.201; helo=server11.club-des-deals.com; envelope-from=bounce@client.club-des-deals.com; receiver=bacry@cpt.univ-mrs.fr 
Sep 15 19:00:14 mail postgrey[1086]: action=pass, reason=triplet found, client_name=server11.club-des-deals.com, client_address=104.130.231.201, sender=bounce@client.club-des-deals.com, recipient=bacry@cpt.univ-mrs.fr
Sep 15 19:00:14 mail postfix/smtpd[10584]: NOQUEUE: reject: RCPT from server11.club-des-deals.com[104.130.231.201]: 450 4.1.1 <bacry@cpt.univ-mrs.fr>: Recipient address rejected: User unknown in local recipient table; from=<bounce@client.club-des-deals.com> to=<bacry@cpt.univ-mrs.fr> proto=ESMTP helo=<server11.club-des-deals.com>
Sep 15 19:00:14 mail postfix/smtpd[10584]: disconnect from server11.club-des-deals.com[104.130.231.201]
Sep 15 19:00:18 mail postfix/smtpd[13643]: warning: 98.126.23.126: hostname 98.126.23.126.static.krypt.com verification failed: Name or service not known
Sep 15 19:00:18 mail postfix/smtpd[13643]: connect from unknown[98.126.23.126]
Sep 15 19:00:18 mail policyd-spf[13287]: None; identity=helo; client-ip=98.126.23.126; helo=scioa.org; envelope-from=dr.k.mark@sciarticles.org; receiver=tassi.emanuele@cpt.univ-mrs.fr 
Sep 15 19:00:18 mail policyd-spf[13287]: None; identity=mailfrom; client-ip=98.126.23.126; helo=scioa.org; envelope-from=dr.k.mark@sciarticles.org; receiver=tassi.emanuele@cpt.univ-mrs.fr 
Sep 15 19:00:18 mail postgrey[1086]: action=pass, reason=client AWL, client_name=unknown, client_address=98.126.23.126, sender=Dr.K.Mark@sciarticles.org, recipient=tassi.emanuele@cpt.univ-mrs.fr
Sep 15 19:00:18 mail postfix/smtpd[13643]: NOQUEUE: reject: RCPT from unknown[98.126.23.126]: 450 4.1.1 <tassi.emanuele@cpt.univ-mrs.fr>: Recipient address rejected: User unknown in local recipient table; from=<Dr.K.Mark@sciarticles.org> to=<tassi.emanuele@cpt.univ-mrs.fr> proto=ESMTP helo=<scioa.org>
Sep 15 19:00:18 mail postfix/smtpd[13643]: disconnect from unknown[98.126.23.126]
Sep 15 19:00:19 mail postfix/smtpd[10440]: warning: s15434454.onlinehome-server.com[74.208.72.135]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Sep 15 19:00:19 mail postfix/smtpd[10440]: lost connection after AUTH from s15434454.onlinehome-server.com[74.208.72.135]
Sep 15 19:00:19 mail postfix/smtpd[10440]: disconnect from s15434454.onlinehome-server.com[74.208.72.135]
Sep 15 19:00:20 mail postfix/smtpd[10584]: connect from smtp5.bouygues-telecom.fr[62.201.139.77]
Sep 15 19:00:20 mail postfix/smtpd[10584]: setting up TLS connection from smtp5.bouygues-telecom.fr[62.201.139.77]
Sep 15 19:00:20 mail postfix/smtpd[10584]: Anonymous TLS connection established from smtp5.bouygues-telecom.fr[62.201.139.77]: TLSv1 with cipher AES128-SHA (128/128 bits)
Sep 15 19:00:20 mail postfix/smtpd[10584]: NOQUEUE: reject: RCPT from smtp5.bouygues-telecom.fr[62.201.139.77]: 450 4.7.1 <BT1SHKII.prod.service.bouygues-telecom.fr>: Helo command rejected: Host not found; from=<espaceclient@bouyguestelecom.fr> to=<catherine.levet@cpt.univ-mrs.fr> proto=ESMTP helo=<BT1SHKII.prod.service.bouygues-telecom.fr>
Sep 15 19:00:20 mail postfix/smtpd[10584]: disconnect from smtp5.bouygues-telecom.fr[62.201.139.77]
Sep 15 19:00:25 mail postfix/smtpd[10556]: connect from mail-io0-f178.google.com[209.85.223.178]
Sep 15 19:00:25 mail postfix/smtpd[1470]: connect from smtp5.bouygues-telecom.fr[62.201.139.77]
Sep 15 19:00:25 mail postfix/smtpd[1470]: setting up TLS connection from smtp5.bouygues-telecom.fr[62.201.139.77]
Sep 15 19:00:25 mail postfix/smtpd[1470]: Anonymous TLS connection established from smtp5.bouygues-telecom.fr[62.201.139.77]: TLSv1 with cipher AES128-SHA (128/128 bits)
Sep 15 19:00:25 mail postfix/smtpd[1470]: NOQUEUE: reject: RCPT from smtp5.bouygues-telecom.fr[62.201.139.77]: 450 4.7.1 <BT1SHKII.prod.service.bouygues-telecom.fr>: Helo command rejected: Host not found; from=<espaceclient@bouyguestelecom.fr> to=<catherine.levet@cpt.univ-mrs.fr> proto=ESMTP helo=<BT1SHKII.prod.service.bouygues-telecom.fr>
Sep 15 19:00:25 mail postfix/smtpd[1470]: disconnect from smtp5.bouygues-telecom.fr[62.201.139.77]
Sep 15 19:00:25 mail postfix/smtpd[10556]: setting up TLS connection from mail-io0-f178.google.com[209.85.223.178]
Sep 15 19:00:25 mail postfix/smtpd[10556]: Anonymous TLS connection established from mail-io0-f178.google.com[209.85.223.178]: TLSv1 with cipher RC4-SHA (128/128 bits)
Sep 15 19:00:26 mail policyd-spf[16101]: None; identity=helo; client-ip=209.85.223.178; helo=mail-io0-f178.google.com; envelope-from=laurent.lellouch@gmail.com; receiver=christian.torrero@cpt.univ-mrs.fr 
Sep 15 19:00:26 mail postgrey[1086]: action=pass, reason=client whitelist, client_name=mail-io0-f178.google.com, client_address=209.85.223.178, sender=laurent.lellouch@gmail.com, recipient=christian.torrero@cpt.univ-mrs.fr
Sep 15 19:00:26 mail postfix/smtpd[10556]: 494B31BF37B: client=mail-io0-f178.google.com[209.85.223.178]
Sep 15 19:00:26 mail postfix/cleanup[11102]: 494B31BF37B: message-id=<CAGoM=f55WdDKdLmUYZvxXXBrrb9ud8HJ6DbmHHHRnrrEZyWx9A@mail.gmail.com>
Sep 15 19:00:26 mail postfix/qmgr[2793]: 494B31BF37B: from=<laurent.lellouch@gmail.com>, size=13866, nrcpt=1 (queue active)
Sep 15 19:00:26 mail postfix/smtpd[19564]: connect from localhost[127.0.0.1]
Sep 15 19:00:26 mail postfix/smtpd[19564]: 9D07B1BF478: client=localhost[127.0.0.1]
Sep 15 19:00:26 mail postfix/cleanup[11052]: 9D07B1BF478: message-id=<CAGoM=f55WdDKdLmUYZvxXXBrrb9ud8HJ6DbmHHHRnrrEZyWx9A@mail.gmail.com>
Sep 15 19:00:26 mail postfix/smtpd[10556]: disconnect from mail-io0-f178.google.com[209.85.223.178]
Sep 15 19:00:26 mail postfix/qmgr[2793]: 9D07B1BF478: from=<laurent.lellouch@gmail.com>, size=14354, nrcpt=1 (queue active)
Sep 15 19:00:26 mail postfix/smtpd[19564]: disconnect from localhost[127.0.0.1]
Sep 15 19:00:26 mail amavis[10455]: (10455-20) Passed CLEAN, [209.85.223.178] [209.85.223.178] <laurent.lellouch@gmail.com> -> <christian.torrero@cpt.univ-mrs.fr>, Message-ID: <CAGoM=f55WdDKdLmUYZvxXXBrrb9ud8HJ6DbmHHHRnrrEZyWx9A@mail.gmail.com>, mail_id: 4HCeb9JxAOsp, Hits: -, size: 13865, queued_as: 9D07B1BF478, 128 ms
Sep 15 19:00:26 mail postfix/smtp[15654]: 494B31BF37B: to=<christian.torrero@cpt.univ-mrs.fr>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.51, delays=0.38/0/0/0.13, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=10455-20, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 9D07B1BF478)
Sep 15 19:00:26 mail postfix/qmgr[2793]: 494B31BF37B: removed
Sep 15 19:00:26 mail postfix/local[15692]: 9D07B1BF478: to=<torrero@cpt.univ-mrs.fr>, orig_to=<christian.torrero@cpt.univ-mrs.fr>, relay=local, delay=0.16, delays=0.02/0/0/0.14, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail -a "$EXTENSION")
Sep 15 19:00:26 mail postfix/qmgr[2793]: 9D07B1BF478: removed
Sep 15 19:00:36 mail postfix/smtpd[10567]: warning: 98.126.23.126: hostname 98.126.23.126.static.krypt.com verification failed: Name or service not known
Sep 15 19:00:36 mail postfix/smtpd[10567]: connect from unknown[98.126.23.126]
Sep 15 19:00:36 mail policyd-spf[19473]: None; identity=helo; client-ip=98.126.23.126; helo=scioa.org; envelope-from=dr.k.mark@sciarticles.org; receiver=tassi.emanuele@cpt.univ-mrs.fr 
Sep 15 19:00:36 mail policyd-spf[19473]: None; identity=mailfrom; client-ip=98.126.23.126; helo=scioa.org; envelope-from=dr.k.mark@sciarticles.org; receiver=tassi.emanuele@cpt.univ-mrs.fr 
Sep 15 19:00:36 mail postgrey[1086]: action=pass, reason=client AWL, client_name=unknown, client_address=98.126.23.126, sender=Dr.K.Mark@sciarticles.org, recipient=tassi.emanuele@cpt.univ-mrs.fr
Sep 15 19:00:36 mail postfix/smtpd[10567]: NOQUEUE: reject: RCPT from unknown[98.126.23.126]: 450 4.1.1 <tassi.emanuele@cpt.univ-mrs.fr>: Recipient address rejected: User unknown in local recipient table; from=<Dr.K.Mark@sciarticles.org> to=<tassi.emanuele@cpt.univ-mrs.fr> proto=ESMTP helo=<scioa.org>
Sep 15 19:00:36 mail postfix/smtpd[10567]: disconnect from unknown[98.126.23.126]
Sep 15 19:00:41 mail postfix/smtpd[26781]: connect from bon13-1-82-232-113-124.fbx.proxad.net[82.232.113.124]
Sep 15 19:00:42 mail postfix/smtpd[26781]: setting up TLS connection from bon13-1-82-232-113-124.fbx.proxad.net[82.232.113.124]
Sep 15 19:00:42 mail postfix/smtpd[26781]: Anonymous TLS connection established from bon13-1-82-232-113-124.fbx.proxad.net[82.232.113.124]: TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)
Sep 15 19:00:42 mail postfix/smtpd[26781]: NOQUEUE: reject: RCPT from bon13-1-82-232-113-124.fbx.proxad.net[82.232.113.124]: 450 4.7.1 <MacBook-Pro-de-Jose-Beltran.local>: Helo command rejected: Host not found; from=<Jose.Beltran@cpt.univ-mrs.fr> to=<oretatim@gmail.com> proto=ESMTP helo=<MacBook-Pro-de-Jose-Beltran.local>
Sep 15 19:00:46 mail dovecot: imap-login: Disconnected (no auth attempts): rip=86.193.59.178, lip=139.124.7.122, TLS handshaking: SSL_accept() failed: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown
Sep 15 19:00:48 mail dovecot: imap-login: Login: user=<beltran>, method=PLAIN, rip=82.232.113.124, lip=139.124.7.122, TLS
Sep 15 19:00:50 mail postfix/smtpd[14000]: warning: 54.225.238.79: address not listed for hostname mail.novo-biotech.com
Sep 15 19:00:50 mail postfix/smtpd[14000]: connect from unknown[54.225.238.79]
Sep 15 19:00:50 mail policyd-spf[9180]: None; identity=helo; client-ip=54.225.238.79; helo=novo-biotech.com; envelope-from=test@novo-biotech.com; receiver=shlosman@cpt.univ-mrs.fr 
Sep 15 19:00:50 mail policyd-spf[9180]: None; identity=mailfrom; client-ip=54.225.238.79; helo=novo-biotech.com; envelope-from=test@novo-biotech.com; receiver=shlosman@cpt.univ-mrs.fr 
Sep 15 19:00:50 mail postfix/smtpd[14000]: NOQUEUE: reject: RCPT from unknown[54.225.238.79]: 454 4.7.1 Service unavailable; Client host [54.225.238.79] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=54.225.238.79; from=<test@novo-biotech.com> to=<shlosman@cpt.univ-mrs.fr> proto=SMTP helo=<novo-biotech.com>
Sep 15 19:00:50 mail postfix/smtpd[14000]: lost connection after RCPT from unknown[54.225.238.79]
Sep 15 19:00:50 mail postfix/smtpd[14000]: disconnect from unknown[54.225.238.79]
Sep 15 19:00:51 mail postfix/smtpd[26781]: disconnect from bon13-1-82-232-113-124.fbx.proxad.net[82.232.113.124]
Sep 15 19:01:05 mail postfix/smtpd[21381]: connect from 120.info-pros.com[178.33.155.120]
Sep 15 19:01:05 mail postfix/smtpd[21381]: disconnect from 120.info-pros.com[178.33.155.120]
Sep 15 19:01:13 mail postfix/smtpd[10412]: connect from mail.ncaor.gov.in[14.139.119.20]
Sep 15 19:01:13 mail postfix/smtpd[10412]: setting up TLS connection from mail.ncaor.gov.in[14.139.119.20]
Sep 15 19:01:13 mail postfix/smtpd[10412]: Anonymous TLS connection established from mail.ncaor.gov.in[14.139.119.20]: TLSv1 with cipher AES128-SHA (128/128 bits)
Sep 15 19:01:14 mail postfix/smtpd[10412]: NOQUEUE: reject: RCPT from mail.ncaor.gov.in[14.139.119.20]: 450 4.7.1 <mailserver2.ictdncaor.net>: Helo command rejected: Host not found; from=<anish@ncaor.gov.in> to=<dyn98@cpt.univ-mrs.fr> proto=ESMTP helo=<mailserver2.ictdncaor.net>
Sep 15 19:01:14 mail postfix/smtpd[10412]: disconnect from mail.ncaor.gov.in[14.139.119.20]
Sep 15 19:01:15 mail postfix/smtpd[13394]: warning: 98.126.23.126: hostname 98.126.23.126.static.krypt.com verification failed: Name or service not known
Sep 15 19:01:15 mail postfix/smtpd[13394]: connect from unknown[98.126.23.126]
Sep 15 19:01:15 mail policyd-spf[13630]: None; identity=helo; client-ip=98.126.23.126; helo=scioa.org; envelope-from=dr.k.mark@sciarticles.org; receiver=tassi.emanuele@cpt.univ-mrs.fr 
Sep 15 19:01:15 mail policyd-spf[13630]: None; identity=mailfrom; client-ip=98.126.23.126; helo=scioa.org; envelope-from=dr.k.mark@sciarticles.org; receiver=tassi.emanuele@cpt.univ-mrs.fr 
Sep 15 19:01:15 mail postgrey[1086]: action=pass, reason=client AWL, client_name=unknown, client_address=98.126.23.126, sender=Dr.K.Mark@sciarticles.org, recipient=tassi.emanuele@cpt.univ-mrs.fr
Sep 15 19:01:15 mail postfix/smtpd[13394]: NOQUEUE: reject: RCPT from unknown[98.126.23.126]: 450 4.1.1 <tassi.emanuele@cpt.univ-mrs.fr>: Recipient address rejected: User unknown in local recipient table; from=<Dr.K.Mark@sciarticles.org> to=<tassi.emanuele@cpt.univ-mrs.fr> proto=ESMTP helo=<scioa.org>
Sep 15 19:01:16 mail postfix/smtpd[13394]: disconnect from unknown[98.126.23.126]
Sep 15 19:01:16 mail postfix/smtpd[14000]: connect from mail.ncaor.gov.in[14.139.119.21]
Sep 15 19:01:16 mail postfix/smtpd[14000]: setting up TLS connection from mail.ncaor.gov.in[14.139.119.21]
Sep 15 19:01:17 mail postfix/smtpd[14000]: Anonymous TLS connection established from mail.ncaor.gov.in[14.139.119.21]: TLSv1 with cipher AES128-SHA (128/128 bits)
Sep 15 19:01:17 mail postfix/smtpd[14000]: NOQUEUE: reject: RCPT from mail.ncaor.gov.in[14.139.119.21]: 450 4.7.1 <mailserver1.ictdncaor.net>: Helo command rejected: Host not found; from=<anish@ncaor.gov.in> to=<jacques.soffer@cpt.univ-mrs.fr> proto=ESMTP helo=<mailserver1.ictdncaor.net>
Sep 15 19:01:17 mail postfix/smtpd[14000]: disconnect from mail.ncaor.gov.in[14.139.119.21]
Sep 15 19:01:19 mail dovecot: imap-login: Login: user=<bharucha>, method=PLAIN, rip=185.13.106.76, lip=139.124.7.122, TLS
Sep 15 19:01:20 mail postfix/smtpd[10517]: connect from smtp5.bouygues-telecom.fr[62.201.139.77]
Sep 15 19:01:20 mail postfix/smtpd[10517]: setting up TLS connection from smtp5.bouygues-telecom.fr[62.201.139.77]
Sep 15 19:01:20 mail postfix/smtpd[10517]: Anonymous TLS connection established from smtp5.bouygues-telecom.fr[62.201.139.77]: TLSv1 with cipher AES128-SHA (128/128 bits)
Sep 15 19:01:20 mail postfix/smtpd[10517]: NOQUEUE: reject: RCPT from smtp5.bouygues-telecom.fr[62.201.139.77]: 450 4.7.1 <BT1SHKII.prod.service.bouygues-telecom.fr>: Helo command rejected: Host not found; from=<espaceclient@bouyguestelecom.fr> to=<catherine.levet@cpt.univ-mrs.fr> proto=ESMTP helo=<BT1SHKII.prod.service.bouygues-telecom.fr>
Sep 15 19:01:20 mail postfix/smtpd[10517]: disconnect from smtp5.bouygues-telecom.fr[62.201.139.77]
Sep 15 19:01:25 mail postfix/smtpd[11451]: connect from smtp5.bouygues-telecom.fr[62.201.139.77]
Sep 15 19:01:25 mail postfix/smtpd[11451]: setting up TLS connection from smtp5.bouygues-telecom.fr[62.201.139.77]
Sep 15 19:01:25 mail postfix/smtpd[11451]: Anonymous TLS connection established from smtp5.bouygues-telecom.fr[62.201.139.77]: TLSv1 with cipher AES128-SHA (128/128 bits)
Sep 15 19:01:25 mail postfix/smtpd[11451]: NOQUEUE: reject: RCPT from smtp5.bouygues-telecom.fr[62.201.139.77]: 450 4.7.1 <BT1SHKII.prod.service.bouygues-telecom.fr>: Helo command rejected: Host not found; from=<espaceclient@bouyguestelecom.fr> to=<catherine.levet@cpt.univ-mrs.fr> proto=ESMTP helo=<BT1SHKII.prod.service.bouygues-telecom.fr>
Sep 15 19:01:26 mail postfix/smtpd[11451]: disconnect from smtp5.bouygues-telecom.fr[62.201.139.77]
Sep 15 19:01:28 mail postfix/smtpd[21381]: connect from server2.enetgroup.org[92.48.88.254]
Sep 15 19:01:28 mail policyd-spf[4875]: Pass; identity=helo; client-ip=92.48.88.254; helo=server2.enetgroup.org; envelope-from=bounce+ikpres@server2.enetgroup.org; receiver=soccorsi@cpt.univ-mrs.fr 
Sep 15 19:01:28 mail policyd-spf[4875]: Pass; identity=mailfrom; client-ip=92.48.88.254; helo=server2.enetgroup.org; envelope-from=bounce+ikpres@server2.enetgroup.org; receiver=soccorsi@cpt.univ-mrs.fr 
Sep 15 19:01:28 mail postfix/smtpd[21381]: NOQUEUE: reject: RCPT from server2.enetgroup.org[92.48.88.254]: 454 4.7.1 Service unavailable; Client host [92.48.88.254] blocked using zen.spamhaus.org; http://www.spamhaus.org/sbl/query/SBLCSS; from=<bounce+ikpres@server2.enetgroup.org> to=<soccorsi@cpt.univ-mrs.fr> proto=ESMTP helo=<server2.enetgroup.org>

Pour l'instant je fais des pflogsumm, netstat, mailq et autre pour regarder mon serveur et empêcher cela.
J'ai installé rkhunter que j'ai lancé (je donne les warnings)

Warning: Found passwordless account in passwd file: +
Warning: The SSH and rkhunter configuration options should be the same:
         SSH configuration option 'PermitRootLogin': yes
         Rkhunter configuration option 'ALLOW_SSH_ROOT_USER': no
Warning: Syslog configuration file allows remote logging: *.*                           @log
Warning: Hidden directory found: /dev/.udev
Warning: Hidden directory found: /dev/.initramfs

Je ne sais pas si ça suffit ou si cela aidera. (S'il faut plus je peux donner plus d'info)
je suis en train de regarder pour mettre en place un filtre iptable.

#!/bin/sh
echo - Initialisation du firewall :

# Vider les tables actuelles
iptables -t filter -F

# Vider les regles personnelles
iptables -t filter -X

# Interdire toute connexion entrante et sortante
iptables -t filter -P INPUT DROP
iptables -t filter -P FORWARD DROP
iptables -t filter -P OUTPUT DROP

# ---

# Ne pas casser les connexions etablies
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# Autoriser loopback
iptables -t filter -A INPUT -i lo -j ACCEPT
iptables -t filter -A OUTPUT -o lo -j ACCEPT

# ICMP (Ping)
iptables -t filter -A INPUT -p icmp -j ACCEPT
iptables -t filter -A OUTPUT -p icmp -j ACCEPT

# NFS (Manque une partie)
iptables -t filter -A INPUT -p tcp 111 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp 111 -j ACCEPT
# SSH In
iptables -t filter -A INPUT -p tcp --dport 22 -j ACCEPT

# SSH Out
iptables -t filter -A OUTPUT -p tcp --dport 22 -j ACCEPT

# DNS In/Out
iptables -t filter -A OUTPUT -p tcp --dport 53 -j ACCEPT
iptables -t filter -A OUTPUT -p udp --dport 53 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 53 -j ACCEPT
iptables -t filter -A INPUT -p udp --dport 53 -j ACCEPT

# NTP Out
iptables -t filter -A OUTPUT -p udp --dport 123 -j ACCEPT

# Mail SMTP:25
iptables -t filter -A INPUT -p tcp --dport 25 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 25 -j ACCEPT

# Mail SMTPS:587
iptables -t filter -A INPUT -p tcp --dport 587 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 587 -j ACCEPT

# Mail POP3:110
iptables -t filter -A INPUT -p tcp --dport 110 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 110 -j ACCEPT

# Mail IMAP:143
iptables -t filter -A INPUT -p tcp --dport 143 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 143 -j ACCEPT

# Mail POP3S:995
iptables -t filter -A INPUT -p tcp --dport 995 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 995 -j ACCEPT

J'ai cherché sur plusieurs site, mais je ne vois pas de solution:
--> Certain dise que cela peut venir d'un script PHP mais la je ne le voie pas
--> Qu'un compte est compromi mais du coup je ne sais pas comment le voir
--> un robot ou un connexion d'un haker, mais pareil je ne sais pas trop comment le detecté.

Si quelqu'un pouvait m'aider et me dire ce que je peux faire pour empêcher que cela arrive encore je lui en serai extrémement reconnaissant.

Cordialement
Merrow

Dernière modification par merrow (Le 17/09/2015, à 19:38)

Hors ligne

#2 Le 16/09/2015, à 07:34

bruno

Re : Resolu Serveur Posfix envoi des spam

Bonjour,

Je n'ai pas examiné cela en détail mais il y a déjà ceci qui m'interpelle :

#La liste des clients SMTP "internes" qui ont plus de privileges que les etrangers (accepte d'acheminer les mails)
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mon-adresse-reseau-public/24

La directive mynetworks défini les hôtes qui sont autorisés à envoyer des courriels vers n'importe quelle destination (ceux qui n'en font pas partie peuvent seulement envoyer des courriels vers $mydestination).
Or tu autorises mon-adresse-reseau-public/24 (si ton IP est x.y.z.w tu autorises toute la plage x.y.z.0 - x.y.z.255) ce qui me paraît aussi inutile que dangereux…

Hors ligne

#3 Le 16/09/2015, à 09:01

merrow

Re : Resolu Serveur Posfix envoi des spam

Merci je viens de l'enlever dans la configuration. J'ai mis à la place l’adresse IP du serveur

Hors ligne

#4 Le 16/09/2015, à 09:44

bruno

Re : Resolu Serveur Posfix envoi des spam

Même l'Ip du serveur est inutile. En rpincipe on n'autorise que l'adresse locale 127.0.0./8 (éventuellement l'équivalent en IPv6) et ensuite uniquement si l'on en a besoin les IP des machines autorisées à utiliser ce serveur SMTP sans authentification.

À première vue tes logs ne montrent rien de particulier, en tous cas aucun envoi en masse de courriels vers des adresses variées… Il faut regarder plus loin dans tes logs et vérifier si tu n'as pas un script « troué » sur ton serveur qui permet à des intrus de l'utiliser (formulaire de contact sur une page web par exemple).

Hors ligne

#5 Le 16/09/2015, à 13:35

merrow

Re : Resolu Serveur Posfix envoi des spam

Ok j'enléve l'ip du serveur.

Avec la première modification les envoies on l'air de s’être calmé.
Je vais regarder les fichiers de log plus en amont pour voir si je trouve quelque chose.

Voila les logs plustôt dans la journée de hiers:

Sep 15 18:46:26 mail postfix/smtpd[32141]: NOQUEUE: reject: RCPT from 40.143-89-23.rdns.scalabledns.com[23.89.143.40]: 454 4.7.1 Service unavailable; Client ho
st [23.89.143.40] blocked using zen.spamhaus.org; http://www.spamhaus.org/sbl/query/SBLCSS; from=<return-a4-151-152-chandre=cpt.univ-mrs.fr=4-chandre=cpt.univ-
mrs.fr@biogrif.com> to=<chandre@cpt.univ-mrs.fr> proto=ESMTP helo=<vm5.biogrif.com>
Sep 15 18:46:26 mail postfix/smtpd[32141]: lost connection after RCPT from 40.143-89-23.rdns.scalabledns.com[23.89.143.40]
Sep 15 18:46:26 mail postfix/smtpd[32141]: disconnect from 40.143-89-23.rdns.scalabledns.com[23.89.143.40]
Sep 15 18:46:32 mail postfix/smtpd[19641]: connect from visio.cpt.univ-mrs.fr[139.124.7.236]
Sep 15 18:46:32 mail postfix/smtpd[1470]: connect from visio.cpt.univ-mrs.fr[139.124.7.236]
Sep 15 18:46:32 mail postfix/smtpd[32141]: connect from visio.cpt.univ-mrs.fr[139.124.7.236]
Sep 15 18:46:32 mail postfix/smtpd[10412]: connect from visio.cpt.univ-mrs.fr[139.124.7.236]
Sep 15 18:46:32 mail postfix/smtpd[10423]: connect from visio.cpt.univ-mrs.fr[139.124.7.236]
Sep 15 18:46:32 mail postfix/smtpd[10434]: connect from visio.cpt.univ-mrs.fr[139.124.7.236]
Sep 15 18:46:32 mail postfix/smtpd[10440]: connect from visio.cpt.univ-mrs.fr[139.124.7.236]
Sep 15 18:46:32 mail postfix/smtpd[10517]: connect from visio.cpt.univ-mrs.fr[139.124.7.236]
Sep 15 18:46:32 mail postfix/smtpd[10528]: connect from visio.cpt.univ-mrs.fr[139.124.7.236]
Sep 15 18:46:32 mail postfix/smtpd[10539]: connect from visio.cpt.univ-mrs.fr[139.124.7.236]
Sep 15 18:46:32 mail postfix/smtpd[10550]: connect from visio.cpt.univ-mrs.fr[139.124.7.236]
Sep 15 18:46:32 mail postfix/smtpd[10556]: connect from visio.cpt.univ-mrs.fr[139.124.7.236]
Sep 15 18:46:32 mail postfix/smtpd[10567]: connect from visio.cpt.univ-mrs.fr[139.124.7.236]
Sep 15 18:46:32 mail postfix/smtpd[10578]: connect from visio.cpt.univ-mrs.fr[139.124.7.236]
Sep 15 18:46:32 mail postfix/smtpd[10584]: connect from visio.cpt.univ-mrs.fr[139.124.7.236]
Sep 15 18:46:32 mail postfix/smtpd[10625]: connect from visio.cpt.univ-mrs.fr[139.124.7.236]
Sep 15 18:46:34 mail postfix/smtpd[19641]: 0C2201BF404: client=visio.cpt.univ-mrs.fr[139.124.7.236]
Sep 15 18:46:34 mail postfix/smtpd[1470]: 0C44C1BF41B: client=visio.cpt.univ-mrs.fr[139.124.7.236]
Sep 15 18:46:34 mail postfix/smtpd[10412]: 10F1A1BF422: client=visio.cpt.univ-mrs.fr[139.124.7.236]
Sep 15 18:46:34 mail postfix/smtpd[32141]: 156441BF433: client=visio.cpt.univ-mrs.fr[139.124.7.236]
Sep 15 18:46:34 mail postfix/smtpd[10423]: 19C081BF438: client=visio.cpt.univ-mrs.fr[139.124.7.236]
Sep 15 18:46:34 mail postfix/smtpd[10578]: 1E6791BF444: client=visio.cpt.univ-mrs.fr[139.124.7.236]
Sep 15 18:46:34 mail postfix/smtpd[10550]: 217C01BF445: client=visio.cpt.univ-mrs.fr[139.124.7.236]
Sep 15 18:46:34 mail postfix/smtpd[10584]: 25CC31BF451: client=visio.cpt.univ-mrs.fr[139.124.7.236]
Sep 15 18:46:34 mail postfix/smtpd[10567]: 29DD11BF456: client=visio.cpt.univ-mrs.fr[139.124.7.236]
Sep 15 18:46:34 mail postfix/smtpd[10625]: 2DC3F1BF464: client=visio.cpt.univ-mrs.fr[139.124.7.236]
Sep 15 18:46:34 mail postfix/smtpd[10528]: 327581BF46A: client=visio.cpt.univ-mrs.fr[139.124.7.236]
Sep 15 18:46:34 mail postfix/smtpd[10440]: 36BFF1BF477: client=visio.cpt.univ-mrs.fr[139.124.7.236]
Sep 15 18:46:34 mail postfix/smtpd[10539]: 3B1011BF478: client=visio.cpt.univ-mrs.fr[139.124.7.236]
Sep 15 18:46:34 mail postfix/smtpd[10517]: 3F5791BF47B: client=visio.cpt.univ-mrs.fr[139.124.7.236]
Sep 15 18:46:34 mail postfix/smtpd[10556]: 434911BF47F: client=visio.cpt.univ-mrs.fr[139.124.7.236]
Sep 15 18:46:34 mail postfix/smtpd[10434]: 468241BF486: client=visio.cpt.univ-mrs.fr[139.124.7.236]
Sep 15 18:46:34 mail postfix/smtpd[10423]: warning: Illegal address syntax from visio.cpt.univ-mrs.fr[139.124.7.236] in RCPT command: <aida.guerra@>
Sep 15 18:46:40 mail postfix/smtpd[13394]: connect from mail.georgecampbell.co.za[196.33.246.132]
Sep 15 18:46:41 mail postfix/smtpd[13643]: connect from mail.ncaor.gov.in[14.139.119.20]
Sep 15 18:46:41 mail postfix/smtpd[13643]: setting up TLS connection from mail.ncaor.gov.in[14.139.119.20]
Sep 15 18:46:41 mail postfix/smtpd[13643]: Anonymous TLS connection established from mail.ncaor.gov.in[14.139.119.20]: TLSv1 with cipher AES128-SHA (128/128 bits)
Sep 15 18:46:41 mail policyd-spf[13630]: None; identity=helo; client-ip=196.33.246.132; helo=mail.georgecampbell.co.za; envelope-from=notice@bgservices.com; receiver=mebkhout@cpt.univ-mrs.fr 
Sep 15 18:46:41 mail policyd-spf[13630]: None; identity=mailfrom; client-ip=196.33.246.132; helo=mail.georgecampbell.co.za; envelope-from=notice@bgservices.com; receiver=mebkhout@cpt.univ-mrs.fr 
Sep 15 18:46:42 mail postfix/smtpd[13643]: NOQUEUE: reject: RCPT from mail.ncaor.gov.in[14.139.119.20]: 450 4.7.1 <mailserver2.ictdncaor.net>: Helo command rejected: Host not found; from=<anish@ncaor.gov.in> to=<dyn98@cpt.univ-mrs.fr> proto=ESMTP helo=<mailserver2.ictdncaor.net>
Sep 15 18:46:42 mail postfix/smtpd[13394]: NOQUEUE: reject: RCPT from mail.georgecampbell.co.za[196.33.246.132]: 454 4.7.1 Service unavailable; Client host [196.33.246.132] blocked using zen.spamhaus.org; http://www.spamhaus.org/sbl/query/SBLCSS; from=<notice@bgservices.com> to=<mebkhout@cpt.univ-mrs.fr> proto=ESMTP helo=<mail.georgecampbell.co.za>
Sep 15 18:46:42 mail postfix/smtpd[14000]: connect from host212-200-static.36-88-b.business.telecomitalia.it[88.36.200.212]
Sep 15 18:46:42 mail postfix/smtpd[13394]: disconnect from mail.georgecampbell.co.za[196.33.246.132]
Sep 15 18:46:42 mail postfix/smtpd[13643]: disconnect from mail.ncaor.gov.in[14.139.119.20]
Sep 15 18:46:42 mail postfix/smtpd[14000]: NOQUEUE: reject: RCPT from host212-200-static.36-88-b.business.telecomitalia.it[88.36.200.212]: 450 4.7.1 <netbox.studioventurin.it>: Helo command rejected: Host not found; from=<radio@dflink.com.br> to=<jacques.soffer@cpt.univ-mrs.fr> proto=ESMTP helo=<netbox.studioventurin.it>
Sep 15 18:46:42 mail postfix/smtpd[13394]: connect from unknown[181.39.33.98]
Sep 15 18:46:42 mail postfix/smtpd[13643]: connect from postino3.roma1.infn.it[141.108.26.220]
Sep 15 18:46:43 mail postfix/smtpd[13643]: setting up TLS connection from postino3.roma1.infn.it[141.108.26.220]
Sep 15 18:46:43 mail postfix/smtpd[13643]: Anonymous TLS connection established from postino3.roma1.infn.it[141.108.26.220]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Sep 15 18:46:43 mail postfix/smtpd[14000]: disconnect from host212-200-static.36-88-b.business.telecomitalia.it[88.36.200.212]
Sep 15 18:46:43 mail policyd-spf[14365]: None; identity=helo; client-ip=141.108.26.220; helo=postino3.roma1.infn.it; envelope-from=francesco.syloslabini@roma1.infn.it; receiver=,rovelli@cpt.univ-mrs.fr 
Sep 15 18:46:43 mail policyd-spf[14365]: None; identity=mailfrom; client-ip=141.108.26.220; helo=postino3.roma1.infn.it; envelope-from=francesco.syloslabini@roma1.infn.it; receiver=,rovelli@cpt.univ-mrs.fr 
Sep 15 18:46:43 mail policyd-spf[13630]: None; identity=helo; client-ip=181.39.33.98; helo=[181.39.33.98]; envelope-from=divisionw34@bk.ru; receiver=crepieux@cpt.univ-mrs.fr 
Sep 15 18:46:43 mail postgrey[1086]: action=pass, reason=triplet found, client_name=postino3.roma1.infn.it, client_address=141.108.26.220, sender=Francesco.SylosLabini@roma1.infn.it, recipient=,rovelli@cpt.univ-mrs.fr
Sep 15 18:46:43 mail postfix/smtpd[13643]: NOQUEUE: reject: RCPT from postino3.roma1.infn.it[141.108.26.220]: 450 4.1.1 <,rovelli@cpt.univ-mrs.fr>: Recipient address rejected: User unknown in local recipient table; from=<Francesco.SylosLabini@roma1.infn.it> to=<,rovelli@cpt.univ-mrs.fr> proto=ESMTP helo=<postino3.roma1.infn.it>
Sep 15 18:46:43 mail policyd-spf[13630]: Softfail; identity=mailfrom; client-ip=181.39.33.98; helo=[181.39.33.98]; envelope-from=divisionw34@bk.ru; receiver=crepieux@cpt.univ-mrs.fr 
Sep 15 18:46:43 mail postfix/smtpd[13394]: 720BB1BF48B: client=unknown[181.39.33.98]
Sep 15 18:46:43 mail postfix/cleanup[14440]: 720BB1BF48B: message-id=<L548P0Q4U9HGYQWPS30F@localhost.localdomain>
Sep 15 18:46:43 mail postfix/qmgr[2793]: 720BB1BF48B: from=<divisionw34@bk.ru>, size=1323, nrcpt=1 (queue active)
Sep 15 18:46:43 mail postfix/smtpd[29087]: connect from localhost[127.0.0.1]
Sep 15 18:46:43 mail postfix/smtpd[29087]: B98C91BF48E: client=localhost[127.0.0.1]
Sep 15 18:46:43 mail postfix/cleanup[14440]: B98C91BF48E: message-id=<L548P0Q4U9HGYQWPS30F@localhost.localdomain>
Sep 15 18:46:43 mail postfix/qmgr[2793]: B98C91BF48E: from=<divisionw34@bk.ru>, size=1817, nrcpt=1 (queue active)
Sep 15 18:46:43 mail postfix/smtpd[29087]: disconnect from localhost[127.0.0.1]
Sep 15 18:46:43 mail amavis[29215]: (29215-04) Passed CLEAN, [181.39.33.98] [181.39.33.98] <divisionw34@bk.ru> -> <Adeline.Crepieux@cpt.univ-mrs.fr>, Message-ID: <L548P0Q4U9HGYQWPS30F@localhost.localdomain>, mail_id: yoSjob82rUvp, Hits: -, size: 1321, queued_as: B98C91BF48E, 114 ms
Sep 15 18:46:43 mail postfix/smtp[29054]: 720BB1BF48B: to=<Adeline.Crepieux@cpt.univ-mrs.fr>, orig_to=<crepieux@cpt.univ-mrs.fr>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.5, delays=0.38/0/0/0.12, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=29215-04, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as B98C91BF48E)
Sep 15 18:46:43 mail postfix/qmgr[2793]: 720BB1BF48B: removed
Sep 15 18:46:43 mail postfix/local[14539]: B98C91BF48E: to=<crepieux@cpt.univ-mrs.fr>, orig_to=<Adeline.Crepieux@cpt.univ-mrs.fr>, relay=local, delay=0.06, delays=0.02/0.01/0/0.03, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail -a "$EXTENSION")
Sep 15 18:46:43 mail postfix/qmgr[2793]: B98C91BF48E: removed
Sep 15 18:46:43 mail postfix/smtpd[13394]: disconnect from unknown[181.39.33.98]
Sep 15 18:46:44 mail postfix/smtpd[13643]: disconnect from postino3.roma1.infn.it[141.108.26.220]
Sep 15 18:46:51 mail postfix/cleanup[30368]: 0C44C1BF41B: message-id=<>
Sep 15 18:46:51 mail postfix/cleanup[29048]: 0C2201BF404: message-id=<>
Sep 15 18:46:51 mail postfix/qmgr[2793]: 0C2201BF404: from=<edwjjhdhjj@yahoo.com>, size=1081, nrcpt=50 (queue active)
Sep 15 18:46:51 mail postfix/qmgr[2793]: 0C44C1BF41B: from=<edwjjhdhjj@yahoo.com>, size=1081, nrcpt=50 (queue active)
Sep 15 18:46:51 mail postfix/postsuper[17462]: 0C44C1BF41B: removed
Sep 15 18:46:51 mail postfix/postsuper[17462]: Deleted: 1 message
Sep 15 18:46:51 mail postfix/smtpd[29087]: connect from localhost[127.0.0.1]
Sep 15 18:46:51 mail postfix/postsuper[17490]: D02A41BF48B: removed
Sep 15 18:46:51 mail postfix/postsuper[17490]: Deleted: 1 message
Sep 15 18:46:51 mail postfix/smtpd[29087]: DDB6E1BF48E: client=localhost[127.0.0.1]
Sep 15 18:46:51 mail amavis[29328]: (29328-03) Passed CLEAN, [139.124.7.236] [139.124.7.236] <edwjjhdhjj@yahoo.com> -> <ahughes@aconex.com>,<ahuffstetler@aol.com>,<ahumblepoet@aol.com>,<ahunneshagen8@aol.com>,<ahunnicutt@aol.com>,<ahufstedler@bellsouth.net>,<ahumbert@bellsouth.net>,<ahuggett@cardiologysw.com>,<ahumphrey@charter.net>,<ahughes@churchofgod.org>,<ahunt52@comcast.net>,<ahunt@councilroad.org>,<ahuffman@embarqmail.com>,<ahunter@gcta.com>,<ahumesky@gmail.com>,<ahummler@gmail.com>,<ahuneycutt@gmail.com>,<ahunt7609@gmail.com>,<ahunte@gmail.com>,<ahughes06@hotmail.com>,<ahughsey@hotmail.com>,<ahuitzotl13@hotmail.com>,<ahuliavadsenka@hotmail.com>,<ahulquist@hotmail.com>,<ahumanez@hotmail.com>,<ahund@hotmail.com>,<ahunni8@hotmail.com>,<ahunter2182005@hotmail.com>,<ahughes@kdhtsi.com>,<ahughes68@live.com>,<ahunt33@live.com>,<ahull@myway.com>,<ahuneau1@nycap.rr.com>,<ahunsaker@q.com>,<ahumphrey@rochester.rr.com>,<ahugwic@sbcglobal.net>,<ahumada14@sbcglobal.net>,<ahufham@towb.org>,<ahumphrey@twcny...
Sep 15 18:46:51 mail amavis[29328]: (29328-03) ....rr.com>,<ahunt@uswest.net>,<ahuizenga@woh.rr.com>,<ahuling69@yahoo.com>,<ahumada.angel@yahoo.com>,<ahumadaheather@yahoo.com>,<ahume01@yahoo.com>,<ahumphries68@yahoo.com>,<ahun128@yahoo.com>,<ahunsaker1978@yahoo.com>,<ahunter1042004@yahoo.com>,<ahumphrey@zoominternet.net>, mail_id: VASh18u8zJeo, Hits: -, size: 1080, queued_as: D02A41BF48B, 215 ms
Sep 15 18:46:51 mail postfix/cleanup[30368]: DDB6E1BF48E: message-id=<20150915164651.DDB6E1BF48E@mail.cpt.univ-mrs.fr>
Sep 15 18:46:51 mail postfix/smtp[29054]: 0C2201BF404: to=<ahughes@aconex.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=18, delays=18/0/0/0.22, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=29328-03, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as D02A41BF48B)
Sep 15 18:46:51 mail postfix/smtp[29054]: 0C2201BF404: to=<ahuffstetler@aol.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=18, delays=18/0/0/0.22, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=29328-03, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as D02A41BF48B)
Sep 15 18:46:51 mail postfix/smtp[29054]: 0C2201BF404: to=<ahumblepoet@aol.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=18, delays=18/0/0/0.22, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=29328-03, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as D02A41BF48B)
Sep 15 18:46:51 mail postfix/smtp[29054]: 0C2201BF404: to=<ahunneshagen8@aol.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=18, delays=18/0/0/0.22, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=29328-03, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as D02A41BF48B)
Sep 15 18:46:51 mail postfix/smtp[29054]: 0C2201BF404: to=<ahunnicutt@aol.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=18, delays=18/0/0/0.22, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=29328-03, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as D02A41BF48B)
Sep 15 18:46:51 mail postfix/smtp[29054]: 0C2201BF404: to=<ahufstedler@bellsouth.net>, relay=127.0.0.1[127.0.0.1]:10024, delay=18, delays=18/0/0/0.22, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=29328-03, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as D02A41BF48B)
Sep 15 18:46:51 mail postfix/smtp[29054]: 0C2201BF404: to=<ahumbert@bellsouth.net>, relay=127.0.0.1[127.0.0.1]:10024, delay=18, delays=18/0/0/0.22, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=29328-03, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as D02A41BF48B)
Sep 15 18:46:51 mail postfix/smtp[29054]: 0C2201BF404: to=<ahuggett@cardiologysw.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=18, delays=18/0/0/0.22, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=29328-03, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as D02A41BF48B)
Sep 15 18:46:51 mail postfix/smtp[29054]: 0C2201BF404: to=<ahumphrey@charter.net>, relay=127.0.0.1[127.0.0.1]:10024, delay=18, delays=18/0/0/0.22, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=29328-03, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as D02A41BF48B)
Sep 15 18:46:51 mail postfix/smtp[29054]: 0C2201BF404: to=<ahughes@churchofgod.org>, relay=127.0.0.1[127.0.0.1]:10024, delay=18, delays=18/0/0/0.22, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=29328-03, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as D02A41BF48B)
Sep 15 18:46:51 mail postfix/smtp[29054]: 0C2201BF404: to=<ahunt52@comcast.net>, relay=127.0.0.1[127.0.0.1]:10024, delay=18, delays=18/0/0/0.22, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=29328-03, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as D02A41BF48B)
Sep 15 18:46:51 mail postfix/smtp[29054]: 0C2201BF404: to=<ahunt@councilroad.org>, relay=127.0.0.1[127.0.0.1]:10024, delay=18, delays=18/0/0/0.22, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=29328-03, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as D02A41BF48B)
Sep 15 18:46:51 mail postfix/smtp[29054]: 0C2201BF404: to=<ahuffman@embarqmail.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=18, delays=18/0/0/0.22, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=29328-03, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as D02A41BF48B)
Sep 15 18:46:51 mail postfix/smtp[29054]: 0C2201BF404: to=<ahunter@gcta.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=18, delays=18/0/0/0.22, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=29328-03, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as D02A41BF48B)
Sep 15 18:46:51 mail postfix/smtp[29054]: 0C2201BF404: to=<ahumesky@gmail.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=18, delays=18/0/0/0.22, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=29328-03, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as D02A41BF48B)
Sep 15 18:46:51 mail postfix/smtp[29054]: 0C2201BF404: to=<ahummler@gmail.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=18, delays=18/0/0/0.22, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=29328-03, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as D02A41BF48B)
Sep 15 18:46:51 mail postfix/smtp[29054]: 0C2201BF404: to=<ahuneycutt@gmail.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=18, delays=18/0/0/0.22, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=29328-03, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as D02A41BF48B)
Sep 15 18:46:51 mail postfix/smtp[29054]: 0C2201BF404: to=<ahunt7609@gmail.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=18, delays=18/0/0/0.22, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=29328-03, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as D02A41BF48B)
Sep 15 18:46:51 mail postfix/smtp[29054]: 0C2201BF404: to=<ahunte@gmail.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=18, delays=18/0/0/0.22, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=29328-03, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as D02A41BF48B)
 status=sent (250 2.0.0 Ok, id=29328-03, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as D02A41BF48B)
Sep 15 18:46:51 mail postfix/smtp[29054]: 0C2201BF404: to=<ahunter1042004@yahoo.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=18, delays=18/0/0/0.22, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=29328-03, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as D02A41BF48B)
Sep 15 18:46:51 mail postfix/smtp[29054]: 0C2201BF404: to=<ahumphrey@zoominternet.net>, relay=127.0.0.1[127.0.0.1]:10024, delay=18, delays=18/0/0/0.22, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=29328-03, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as D02A41BF48B)
Sep 15 18:46:51 mail postfix/qmgr[2793]: 0C2201BF404: removed
Sep 15 18:46:51 mail postfix/smtpd[29087]: disconnect from localhost[127.0.0.1]
Sep 15 18:46:51 mail postfix/qmgr[2793]: DDB6E1BF48E: from=<edwjjhdhjj@yahoo.com>, size=1580, nrcpt=50 (queue active)
Sep 15 18:46:51 mail postfix/smtp[17492]: warning: open active D02A41BF48B: No such file or directory
Sep 15 18:46:51 mail postfix/smtp[17492]: warning: open active D02A41BF48B: No such file or directory
Sep 15 18:46:51 mail postfix/smtp[17492]: warning: open active D02A41BF48B: No such file or directory
Sep 15 18:46:51 mail postfix/smtp[17492]: warning: open active D02A41BF48B: No such file or directory
Sep 15 18:46:51 mail postfix/smtp[17492]: warning: open active D02A41BF48B: No such file or directory
Sep 15 18:46:51 mail postfix/smtp[17492]: warning: open active D02A41BF48B: No such file or directory
Sep 15 18:46:51 mail postfix/smtp[17492]: warning: open active D02A41BF48B: No such file or directory
Sep 15 18:46:51 mail postfix/smtp[17492]: warning: open active D02A41BF48B: No such file or directory
Sep 15 18:46:51 mail postfix/smtp[17492]: warning: open active D02A41BF48B: No such file or directory
Sep 15 18:46:51 mail postfix/smtp[17492]: warning: open active D02A41BF48B: No such file or directory
Sep 15 18:46:51 mail postfix/smtp[17492]: warning: open active D02A41BF48B: No such file or directory
Sep 15 18:46:51 mail postfix/smtp[17492]: warning: open active D02A41BF48B: No such file or directory
Sep 15 18:46:51 mail postfix/smtp[17492]: warning: open active D02A41BF48B: No such file or directory
Sep 15 18:46:51 mail postfix/smtp[17492]: warning: open active D02A41BF48B: No such file or directory
Sep 15 18:46:51 mail postfix/smtp[17492]: warning: open active D02A41BF48B: No such file or directory
Sep 15 18:46:51 mail postfix/smtp[17492]: warning: open active D02A41BF48B: No such file or directory
Sep 15 18:46:51 mail postfix/smtp[17492]: warning: open active D02A41BF48B: No such file or directory
Sep 15 18:46:51 mail postfix/smtp[17492]: warning: open active D02A41BF48B: No such file or directory
Sep 15 18:46:51 mail postfix/smtp[17492]: warning: open active D02A41BF48B: No such file or directory
Sep 15 18:46:51 mail postfix/smtp[17492]: warning: open active D02A41BF48B: No such file or directory
Sep 15 18:46:51 mail postfix/smtp[17492]: warning: open active D02A41BF48B: No such file or directory
Sep 15 18:46:51 mail postfix/smtp[17492]: warning: open active D02A41BF48B: No such file or directory
Sep 15 18:46:51 mail postfix/smtp[17492]: warning: open active D02A41BF48B: No such file or directory
Sep 15 18:46:51 mail amavis[29215]: (29215-05) Passed CLEAN, [139.124.7.236] [139.124.7.236] <edwjjhdhjj@yahoo.com> -> <ahuntley4848@aol.com>,<ahuntt@aol.com>,<ahurley22@aol.com>,<ahurrieta@aol.com>,<ahurry91@aol.com>,<ahusni@aol.com>,<ahustonc@aol.com>,<ahutchcrof@aol.com>,<ahutchi255@aol.com>,<ahuttenga@aol.com>,<ahurrell@att.net>,<ahutch1943@att.net>,<ahunz@charter.net>,<ahurd@comcast.net>,<ahvalec@comcast.net>,<ahuntsman@earthlink.net>,<ahutchinson@eicc.edu>,<ahuston@flash.net>,<ahunter2222@gmail.com>,<ahunter88@gmail.com>,<ahunterwells@gmail.com>,<ahurlburt@gmail.com>,<ahussein@gmail.com>,<ahutsell@gmail.com>,<ahuyser@gmail.com>,<ahuzey@gmail.com>,<ahutchins@highlandsphysicians.com>,<ahurtado73@hotmail.com>,<ahuskey83@hotmail.com>,<ahutto530@hotmail.com>,<ahurt3@ivytech.edu>,<ahuskovic@msn.com>,<ahuth@netscape.net>,<ahutsellzandell@netscape.net>,<ahuss@new.rr.com>,<ahursey@nwlink.com>,<ahurtado@rocketmail.com>,<ahunter4765@yahoo.com>,<ahupman@yahoo.com>,<ahusban@yahoo.com>,<ahusbandforhire@yah...
Sep 15 18:46:51 mail amavis[29215]: (29215-05) ...oo.com>,<ahusik@yahoo.com>,<ahuskey2002@yahoo.com>,<ahusted00@yahoo.com>,<ahusted@yahoo.com>,<ahuston24@yahoo.com>,<ahutcheson@yahoo.com>,<ahuxta@yahoo.com>,<ahuybert@yahoo.com>,<ahuye@yahoo.com>, mail_id: jxBKwY2UUEGq, Hits: -, size: 1080, queued_as: DDB6E1BF48E, 244 ms
Sep 15 18:46:51 mail postfix/smtp[17457]: 0C44C1BF41B: to=<ahuntley4848@aol.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=18, delays=18/0.02/0/0.25, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=29215-05, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as DDB6E1BF48E)
Sep 15 18:46:51 mail postfix/smtp[17457]: 0C44C1BF41B: to=<ahuntt@aol.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=18, delays=18/0.02/0/0.25, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=29215-05, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as DDB6E1BF48E)

Je vois que c'est la machine visio qui à l'air corrompu.
Est ce que ça te semble ça ?

Merci pour l'aide

Hors ligne

#6 Le 17/09/2015, à 09:03

bruno

Re : Resolu Serveur Posfix envoi des spam

Effectivement cette machine a envoyé une série de courriels plus que suspects wink
Il faudrait voir comment cette machine s'est connectée à ton serveur (on ne le voit pas dans l'extrait des logs) et pourquoi elle est autorisée à transférer des courriels vers n'importe quelle destination.

Hors ligne

#7 Le 17/09/2015, à 15:31

merrow

Re : Resolu Serveur Posfix envoi des spam

C'etait bien elle.

Merci pour l'info.

Je vais regarder la machine et analyser le problème.

En revanche je ne relais plus les mails des serveurs.
Est ce que quelqu'un sait comment faire pour qu'ils s'authentifient pour m'envoyer les notifications ?

Je pensai les mettre dans un sous réseau ?

Hors ligne

#8 Le 19/09/2015, à 15:56

LeoMajor

Re : Resolu Serveur Posfix envoi des spam

Bonjour,
A première vue, tes restrictions ne sont pas bonnes; à revoir. Il y en a trop
en vrac;
_Helo command rejected: Host not found, à cause de reject_unknown_hostname, qui précise
EHLO hostname has no DNS A or MX record; Tu bloques les postes utilisateurs (<MacBook-Pro-de-Jose-Beltran.local>).
_Tu utilises un vérificateur spf (policyd-spf), sauf que ton domaine n'a  pas de spf. Pas logique. En plus, certains MTA (outlook, hotmail, yahoo, ... ), un peu plus casse-pieds, le vérifient (cqfd ->softfail, hardfail)  

host -t mx cpt.univ-mrs.fr; host -t txt cpt.univ-mrs.fr; host -t spf cpt.univ-mrs.fr
cpt.univ-mrs.fr mail is handled by 15 mail.cpt.univ-mrs.fr.
cpt.univ-mrs.fr has no TXT record
cpt.univ-mrs.fr has no SPF record

_ check_*  *rejected
Pour les spammeurs, discard est plus efficace que reject, à cause du spoof ip.
_ *.telecomitalia.it est un spammeur connu.
_Tu déclares " je ne relais plus les mails des serveurs." ;
Je ne sais pas ce que tu entends par là;  un tiers MTA (relayhost, transport_maps, ... ) doit être déclaré dans les spf, sinon il y a des chances que tu sois considéré comme spammeur.
_Si tu sais te servir de pflogsumm (à mettre dans un cron), tu devrais connaître la source du problème.
+ mettre en mode bavard, dans le master.cf,  la commande/agent de transport,  suspectée
/etc/postfix/master.cf: exemple

    smtp      inet  n       -       n       -       -       smtpd -v

....

Hors ligne

#9 Le 19/09/2015, à 16:05

LeoMajor

Re : Resolu Serveur Posfix envoi des spam

les mails des serveurs ... Est ce que quelqu'un sait comment faire pour qu'ils s'authentifient pour m'envoyer les notifications ?

SPF, pour l'intégrité de la machine,
DKIM, pour l'intégrité du message.

Hors ligne

#10 Le 19/09/2015, à 19:55

merrow

Re : Resolu Serveur Posfix envoi des spam

Merci pour les infos.

Je vais essayer de refaire la configuration.
En effet je pensai aussi que j'avais mit trop de règles, je pense que je me suis un peu perdu dans la configuration :=)

Je veux bien que tu m'aides si tu peux, tu as l'air de t'y connaitre.

Pour le SPF, j'ai ajouté sur mon serveur
cpt.univ-mrs.fr IN TXT "v=spf1 ip4:IP4SERVEUR mx -all"
cpt.univ-mrs.fr IN SPF "v=spf1 ip4:IP4SERVEUR mx -all"
mail.cpt.univ-mrs.fr IN  TXT  "v=spf1 ip4:IP4SERVEUR a -all"
mail.cpt.univ-mrs.fr IN  SPF  "v=spf1 ip4:IP4SERVEUR a -all"

Je viens de voir que j'ai oublié les points à la fin de cpt.univ-mrs.fr. je ferai la modification lundi.
C'est ça qui ferai que ça ne fonctionne pas ?

Pour pflogsumm je l'ai mit dans le crontab ainsi qu'un compte des emails envoyé dans la journée smile

Pour mes serveur en relais c'est surtout les imprimante/scan, et notre nas qui envoi des rapports.

Merci de t’être penché sur mon problème

Dernière modification par merrow (Le 19/09/2015, à 19:57)

Hors ligne

#11 Le 20/09/2015, à 18:57

LeoMajor

Re : Resolu Serveur Posfix envoi des spam

mail.cpt.univ-mrs.fr IN  TXT  "v=spf1 ip4:IP4SERVEUR a -all"
mail.cpt.univ-mrs.fr IN  SPF  "v=spf1 ip4:IP4SERVEUR a -all"

à supprimer.

Cela dépend du résultat attendu; 
Si tu considères le récipient toto@domain.tld, domain.tld est le domaine de courrier. Les enregistrements dns de type mx, spf, spf-txt, dkim, adsp, ...., se font par rapport au domaine de courrier.
Dans cette optique, le spf de mail.cpt.univ-mrs.fr n'a pas de sens. Je ne sais pas si c'est très judicieux de mettre hardfail (-all), pour une première. Le hardfail est proche du discard (le message peut arriver dans la boîte spam, ou être supprimer) . Softfail (~all) ; le message est réceptionné normalement, mais placé en spam . (?all) ni oui, ni non, phase de test, position d'attente; tu donnes la consigne aux autres mta, de ne pas s'en préoccuper.

Cependant, un sous-domaine de courrier, peut exister, et aura ses propres dns;  cas typique de mailman, sympa, ...,  c.a.d, des listes de diffusion, de discussion, qui utilisent souvent des sous-domaines.

for dns in mx a txt spf; do for domain in debian.org lists.debian.org ubuntu-fr.org listes.ubuntu-fr.org; do host -t "$dns" "$domain"; done; done | sort

debian.org has address 128.31.0.62
debian.org has address 130.89.148.14
debian.org has address 140.211.15.34
debian.org has address 150.203.164.38
debian.org has address 200.17.202.197
debian.org has address 5.153.231.4
debian.org has no SPF record
debian.org has no TXT record
debian.org mail is handled by 0 mailly.debian.org.
debian.org mail is handled by 0 muffat.debian.org.
listes.ubuntu-fr.org descriptive text "v=spf1 mx -all"
listes.ubuntu-fr.org has address 80.67.174.38
listes.ubuntu-fr.org has no SPF record
listes.ubuntu-fr.org mail is handled by 10 lists.ubuntu-fr.org.
lists.debian.org descriptive text "google-site-verification=qmr9wDHZI7J8N5E44Ic9yahfsWEK3NLGFs91aXMcJNc"
lists.debian.org has address 82.195.75.100
lists.debian.org has no SPF record
lists.debian.org mail is handled by 0 bendel.debian.org.
ubuntu-fr.org descriptive text "v=spf1 mx ip4:5.135.153.25 ip4:192.95.25.146 ?all"
ubuntu-fr.org has address 193.55.221.76
ubuntu-fr.org has no SPF record
ubuntu-fr.org mail is handled by 10 peureuz.infra.ubuntu-fr.org.

pflogsumm
dans le cron daily, je mets /usr/sbin/pflogsumm -d yesterday --smtpd_stats -u 20 -e /var/log/mail.log

/etc/cron.daily/routines
...
# 4 statistiques smtp pflogsumm
if [ -x /usr/local/sbin/pflogsumm_cron.sh ]; then /usr/local/sbin/pflogsumm_cron.sh &>/dev/null; fi

/usr/local/sbin/pflogsumm_cron.sh
#!/bin/bash
# statistique smtp pflogsumm
TS="stat-smtp-"$(date +"%d-%m-%Y_%Hh%M")
SENDER=toto@domain.tld
/usr/sbin/pflogsumm -d yesterday --smtpd_stats -u 20 -e /var/log/mail.log  \
| mail -s ${TS} -a "From: $SENDER" toto@domain.tld

pour les restrictions, à plus ..., et le dkim, tu laisses tomber.

Hors ligne

#12 Le 21/09/2015, à 09:30

merrow

Re : Resolu Serveur Posfix envoi des spam

Je viens de modifier le fichier sur mon serveur dns. J'obtiens la réponse suivante 

host -t mx cpt.univ-mrs.fr; host -t txt cpt.univ-mrs.fr; host -t spf cpt.univ-mrs.fr

cpt.univ-mrs.fr mail is handled by 15 mail.cpt.univ-mrs.fr.
cpt.univ-mrs.fr descriptive text "v=spf1 ip4:ip_du_serveur mx ~all"
cpt.univ-mrs.fr has SPF record "v=spf1 ip4:ip_du_serveur mx ~all

Merci pour les infos.
J'ai aussi revu mon scripte de pflogsumm big_smile

Du coup je vais regarder de nouveau les restrictions et voir celle que je peux enlever.
Pour les restrictions en gros je peux laisser que celle dans
smtpd_recipient_restrictions

C'est ça ?

Dernière modification par merrow (Le 21/09/2015, à 13:25)

Hors ligne

#13 Le 22/09/2015, à 14:27

LeoMajor

Re : Resolu Serveur Posfix envoi des spam

tu regarderas chez mxtoolbox.com, mais tu es sur la liste noire  de LASHBACK.  Pas bon.
Fais-toi enlever de la rbl. (removal from lashback blacklist -> delist request )

Hors ligne

#14 Le 23/09/2015, à 13:18

merrow

Re : Resolu Serveur Posfix envoi des spam

J'avais vu mais il me demande 20$ pour me désinscrire. sad
Du coup j'attend big_smile

Hors ligne

Pages : 1