SMTP - Evitar que spammers me usem

[leonardoss]

Como faço para evitar que spammers se conectem via telnet no meu servidor??
Já uso smtp autenticado mais ainda ele continuam usando meu smtp, tem alguma coisa com um tal "helo"?

No agurado de uma reposta,

Leonardo

[WhiteTiger]

Telnet? Desabilita essa tranquera. Barra no firewall. Isso é muito ultrapassado jah.

[ruyneto]

White o que ele quer dizer é como faz pra barra um spammer que conecta pro telnet na porta SMTP e começa a mandar e-mails.
Nesse caso com smtp autenticado e relay fechado o cara não devia conseguir, vc tem certeza que ta funcionando tudo direitinho no seu smtp??

[WhiteTiger]

Verifique o seguinte:

1-Vc usa SMTP autenticado?
2-Verifique que conta que está sendo usada pelo spamer.
2.1-é real? Contacte o usuário e mude a senha dele.
2.2-não é real? Simplesmente remova.
3-Verifique de qual ip está vindo a solicitação.
4-Verifique qual a localidade dos seus clientes.
4.1- Se for só brasil barra smtp para redes fora do range de 200.xxx.xxx.xxx até 205.xxx.xxx.xxx (normalmente epamer usam ip fora desse range)
4.2-Se for fora também verifique esses ips e barre apenas estes.
5-Barre de vez o servidor tenet.
6-Se possível usar uma criptografia seria legal pra autenticar o SMTP. Tipo TSL ou SSL.
7-Seus usuários autenticam com algum cliente de e-mail tipo outlook ou Thunderbird de fora da sua rede?
7.1-Se não, barre o SMTP para rede externa e use apenas um webmail.

[leonardoss]

Eu uso smtp autenticado e esta funcionando , mas não sei fechar o relay ou verificar isso, tem vindo muitos spam com meu dominio, seguinte como faço para conferir se o dominio é valido?



Pessoal aqui segue minha conf do postfix:

2bounce_notice_recipient = postmaster
access_map_reject_code = 554
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
allow_mail_to_commands = alias,forward
allow_mail_to_files = alias,forward
allow_min_user = no
allow_percent_hack = yes
allow_untrusted_routing = no
alternate_config_directories =
always_bcc =
append_at_myorigin = yes
append_dot_mydomain = yes
authorized_verp_clients = $mynetworks
berkeley_db_create_buffer_size = 16777216
berkeley_db_read_buffer_size = 131072
best_mx_transport =
biff = yes
body_checks =
body_checks_size_limit = 51200
bounce_notice_recipient = postmaster
bounce_service_name = bounce
bounce_size_limit = 50000
broken_sasl_auth_clients = yes
canonical_maps = hash:/etc/postfix/canonical
cleanup_service_name = cleanup
command_directory = /usr/sbin
command_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
command_time_limit = 1000s
config_directory = /etc/postfix
content_filter =
daemon_directory = /usr/lib/postfix
daemon_timeout = 18000s
debug_peer_level = 2
debug_peer_list =
default_database_type = hash
default_delivery_slot_cost = 5
default_delivery_slot_discount = 50
default_delivery_slot_loan = 3
default_destination_concurrency_limit = 20
default_destination_recipient_limit = 50
default_extra_recipient_limit = 1000
default_minimum_delivery_slots = 3
default_privs = nobody
default_process_limit = 100
default_rbl_reply = $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using $rbl_domain${rbl_reason?; $rbl_reason}
default_recipient_limit = 10000
default_transport = smtp
default_verp_delimiters = +=
defer_code = 450
defer_service_name = defer
defer_transports =
delay_notice_recipient = postmaster
delay_warning_time = 0h
deliver_lock_attempts = 20
deliver_lock_delay = 1s
disable_dns_lookups = no
disable_mime_input_processing = no
disable_mime_output_conversion = no
disable_verp_bounces = no
disable_vrfy_command = no
dont_remove = 0
double_bounce_sender = double-bounce
duplicate_filter_limit = 1000
empty_address_recipient = MAILER-DAEMON
error_notice_recipient = postmaster
error_service_name = error
expand_owner_alias = no
export_environment = TZ MAIL_CONFIG
extract_recipient_limit = 10240
fallback_relay =
fallback_transport =
fast_flush_domains = $relay_domains
fast_flush_purge_time = 7d
fast_flush_refresh_time = 12h
fault_injection_code = 0
flush_service_name = flush
fork_attempts = 5
fork_delay = 1s
forward_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
forward_path = $home/.forward${recipient_delimiter}${extension},$home/.forward
hash_queue_depth = 1
hash_queue_names = incoming,active,deferred,bounce,defer,flush,hold
header_address_token_limit = 10240
header_checks =
header_size_limit = 102400
helpful_warnings = yes
home_mailbox =
hopcount_limit = 50
ignore_mx_lookup_error = no
import_environment = MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ XAUTHORITY DISPLAY
in_flow_delay = 1s
inet_interfaces = all
initial_destination_concurrency = 5
invalid_hostname_reject_code = 501
ipc_idle = 100s
ipc_timeout = 3600s
line_length_limit = 2048
lmtp_cache_connection = yes
lmtp_connect_timeout = 0s
lmtp_data_done_timeout = 600s
lmtp_data_init_timeout = 120s
lmtp_data_xfer_timeout = 180s
lmtp_lhlo_timeout = 300s
lmtp_mail_timeout = 300s
lmtp_quit_timeout = 300s
lmtp_rcpt_timeout = 300s
lmtp_rset_timeout = 300s
lmtp_sasl_auth_enable = no
lmtp_sasl_password_maps =
lmtp_sasl_security_options = noplaintext, noanonymous
lmtp_skip_quit_response = no
lmtp_tcp_port = 24
local_command_shell =
local_destination_concurrency_limit = 2
local_destination_recipient_limit = 1
local_recipient_maps = proxy:unixasswd.byname $alias_maps
local_transport = local:$myhostname
luser_relay =
mail_name = Postfix
mail_owner = postfix
mail_release_date = 20030812
mail_spool_directory = /var/mail
mail_version = 2.0.14
mailbox_command =
mailbox_command_maps =
mailbox_delivery_lock = fcntl, dotlock
mailbox_size_limit = 0
mailbox_transport = cyrus
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
maps_rbl_domains =
maps_rbl_reject_code = 554
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_domains =
masquerade_exceptions = root
max_idle = 100s
max_use = 100
maximal_backoff_time = 4000s
maximal_queue_lifetime = 5d
message_size_limit = 10240000
mime_boundary_length_limit = 2048
mime_header_checks = $header_checks
mime_nesting_limit = 100
minimal_backoff_time = 1000s
mydestination = $mydomain
mydomain = "meu dominio"
myhostname = Meu host e meu dominio"
mynetworks = "Minha rede interna", 127.0.0.0/8, "Minha rede Externa"
mynetworks_style = subnet
myorigin = $mydomain
nested_header_checks = $header_checks
newaliases_path = /usr/bin/newaliases
non_fqdn_reject_code = 504
notify_classes = resource,software
owner_request_special = yes
parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_maps
permit_mx_backup_networks =
pickup_service_name = pickup
prepend_delivered_header = command, file, forward
process_id_directory = pid
program_directory = /usr/lib/postfix
propagate_unmatched_extensions = canonical, virtual
proxy_interfaces =
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks
qmgr_clog_warn_time = 300s
qmgr_fudge_factor = 100
qmgr_message_active_limit = 20000
qmgr_message_recipient_limit = 20000
qmgr_message_recipient_minimum = 10
qmqpd_authorized_clients =
qmqpd_error_delay = 1s
qmqpd_timeout = 300s
queue_directory = /var/spool/postfix
queue_file_attribute_count_limit = 100
queue_minfree = 0
queue_run_delay = 1000s
queue_service_name = qmgr
rbl_reply_maps =
readme_directory = /usr/share/doc/packages/postfix/README_FILES
recipient_canonical_maps =
recipient_delimiter =
reject_code = 554
relay_clientcerts =
relay_domains = $mydestination
relay_domains_reject_code = 554
relay_recipient_maps =
relay_transport = relay
relayhost =
relocated_maps = hash:/etc/postfix/relocated
require_home_directory = no
resolve_dequoted_address = yes
rewrite_service_name = rewrite
sample_directory = /usr/share/doc/packages/postfix/samples
sender_canonical_maps = hash:/etc/postfix/sender_canonical
sendmail_path = /usr/sbin/sendmail
service_throttle_time = 60s
setgid_group = maildrop
show_user_unknown_table_name = yes
showq_service_name = showq
smtp_always_send_ehlo = yes
smtp_bind_address =
smtp_connect_timeout = 30s
smtp_data_done_timeout = 600s
smtp_data_init_timeout = 120s
smtp_data_xfer_timeout = 180s
smtp_destination_concurrency_limit = $default_destination_concurrency_limit
smtp_destination_recipient_limit = $default_destination_recipient_limit
smtp_enforce_tls = no
smtp_helo_name = $myhostname
smtp_helo_timeout = 300s
smtp_line_length_limit = 990
smtp_mail_timeout = 300s
smtp_never_send_ehlo = no
smtp_pix_workaround_delay_time = 10s
smtp_pix_workaround_threshold_time = 500s
smtp_quit_timeout = 300s
smtp_randomize_addresses = yes
smtp_rcpt_timeout = 300s
smtp_sasl_auth_enable = no
smtp_sasl_password_maps =
smtp_sasl_security_options = noplaintext, noanonymous
smtp_sasl_tls_security_options = $var_smtp_sasl_opts
smtp_sasl_tls_verified_security_options = $var_smtp_sasl_tls_opts
smtp_skip_4xx_greeting = yes
smtp_skip_5xx_greeting = yes
smtp_skip_quit_response = yes
smtp_starttls_timeout = 300s
smtp_tls_CAfile =
smtp_tls_CApath =
smtp_tls_cert_file =
smtp_tls_cipherlist =
smtp_tls_dcert_file =
smtp_tls_dkey_file = $smtp_tls_dcert_file
smtp_tls_enforce_peername = yes
smtp_tls_key_file = $smtp_tls_cert_file
smtp_tls_loglevel = 0
smtp_tls_note_starttls_offer = no
smtp_tls_per_site =
smtp_tls_scert_verifydepth = 5
smtp_tls_session_cache_database =
smtp_tls_session_cache_timeout = 3600s
smtp_use_tls = no
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_restrictions =
smtpd_data_restrictions =
smtpd_delay_reject = yes
smtpd_enforce_tls = no
smtpd_error_sleep_time = 1s
smtpd_etrn_restrictions =
smtpd_expansion_filter = \t\40!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~
smtpd_hard_error_limit = 20
smtpd_helo_required = yes
smtpd_helo_restrictions =
smtpd_history_flush_threshold = 100
smtpd_junk_command_limit = 100
smtpd_noop_commands =
smtpd_null_access_lookup_key = <>
smtpd_recipient_limit = 1000
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated
smtpd_restriction_classes =
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_sender_login_maps =
smtpd_sender_restrictions = hash:/etc/postfix/access
smtpd_soft_error_limit = 10
smtpd_starttls_timeout = 300s
smtpd_timeout = 300s
smtpd_tls_CAfile =
smtpd_tls_CApath =
smtpd_tls_ask_ccert = no
smtpd_tls_auth_only = no
smtpd_tls_ccert_verifydepth = 5
smtpd_tls_cert_file =
smtpd_tls_cipherlist =
smtpd_tls_dcert_file =
smtpd_tls_dh1024_param_file =
smtpd_tls_dh512_param_file =
smtpd_tls_dkey_file = $smtpd_tls_dcert_file
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_loglevel = 0
smtpd_tls_received_header = no
smtpd_tls_req_ccert = no
smtpd_tls_session_cache_database =
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_wrappermode = no
smtpd_use_tls = no
soft_bounce = no
stale_lock_time = 500s
strict_7bit_headers = no
strict_8bitmime = no
strict_8bitmime_body = no
strict_mime_encoding_domain = no
strict_rfc821_envelopes = no
sun_mailtool_compatibility = no
swap_bangpath = no
syslog_facility = mail
syslog_name = postfix
tls_daemon_random_bytes = 32
tls_daemon_random_source =
tls_random_bytes = 32
tls_random_exchange_name = ${config_directory}/prng_exch
tls_random_prng_update_period = 60s
tls_random_reseed_period = 3600s
tls_random_source =
transport_maps = hash:/etc/postfix/transport
transport_retry_time = 60s
trigger_timeout = 10s
undisclosed_recipients_header = To: undisclosed-recipients:;
unknown_address_reject_code = 450
unknown_client_reject_code = 450
unknown_hostname_reject_code = 450
unknown_local_recipient_reject_code = 450
unknown_relay_recipient_reject_code = 550
unknown_virtual_alias_reject_code = 550
unknown_virtual_mailbox_reject_code = 550
verp_delimiter_filter = -=+
virtual_alias_domains = $virtual_alias_maps
virtual_alias_maps = $virtual_maps
virtual_gid_maps =
virtual_mailbox_base =
virtual_mailbox_domains = $virtual_mailbox_maps
virtual_mailbox_limit = 51200000
virtual_mailbox_lock = fcntl
virtual_mailbox_maps =
virtual_minimum_uid = 100
virtual_transport = virtual
virtual_uid_maps =

[gmfurlan]

Caramba, estou com o mesmo problema! A autenticação com SASL esta funcionando.. mas se vc tenta enviar emails sem usar a autenticação também funciona... comigo também está acontecendo outro errinho.. se for possivel, dá uma olhada nesse link onde especifiquei o mesmo:

http://forum.under-linux.org/index.p...c,43942.0.html

por favor, preciso de ajuda.. se tiver ja a solução poste aqui.. ou no link acima..

[spyderlinux]

Eu também estou com o problema mas no QMAIL.
Não estou conseguindo fechar o relay.
Vamos ver quem finaliza isso

[mrsoliveira]

Eu uso smtp autenticado e esta funcionando , mas não sei fechar o relay ou verificar isso, tem vindo muitos spam com meu dominio, seguinte como faço para conferir se o dominio é valido?

Pessoal aqui segue minha conf do postfix:

Cara to precisando fazer um postfix autenticado também, mas tah dificil.
Como você tah usando ai dei uma olhada na tua conf para ver onde que vai o usuario e senha do meu provedor mais nao encontrei!

Tu poderia me da um help??

Valeu,
MArcelo Oliveira
[email protected]