Debian-facile

Bienvenue sur Debian-Facile, site d'aide pour les nouveaux utilisateurs de Debian.

Vous n'êtes pas identifié(e).

#1 19-02-2019 08:17:09

parazitenew
Membre
Inscription : 19-02-2019

Messagerie, mailer-daemon, return-path, spam, virus?

Bonjour;

J'ai préféré utiliser des mots clés dans le titre, pour cerner le problème.

On m'a signalé aujourd'hui que la boite contact@ndd.sd de notre entreprise, a reçu en 3 heures plus de 12000 e-mail de MAILER-DAEMON@ndd.sd.
Dans la source du mail, j'ai lu return-path: contact@ndd.sd

C'est la première fois que ça arrive, je ne sais pas si des bots spammeur utilisent notre adresse comme return-path seulement, ce qui je pense n'est pas si grave (enfin peut être), ou il y a réellement un process sur le serveur (virus, malware) qui envoie du courrier depuis notre serveur, et ça risque de nous blacklister aux yeux de la planète.

Un scan avec clamAV n'a rien donné.

Avec journalctl -f, c'est calme un moment, puis d'un coup:


févr. 18 19:52:38 exchange postfix/qmgr[17596]: F050C510F: from=<contact@domaine.sd>, size=2057, nrcpt=1 (queue active)
févr. 18 19:52:38 exchange postfix/qmgr[17596]: 17DDC511B: from=<contact@domaine.sd>, size=1981, nrcpt=2 (queue active)
févr. 18 19:52:38 exchange postfix/qmgr[17596]: 1F70550E2: from=<contact@domaine.sd>, size=1927, nrcpt=1 (queue active)
févr. 18 19:52:38 exchange postfix/qmgr[17596]: 11B5850A8: from=<contact@domaine.sd>, size=1931, nrcpt=2 (queue active)
févr. 18 19:52:38 exchange postfix/qmgr[17596]: 18D854F5C: from=<contact@domaine.sd>, size=2083, nrcpt=1 (queue active)
févr. 18 19:52:38 exchange postfix/qmgr[17596]: 127A4525A: from=<contact@domaine.sd>, size=1786, nrcpt=1 (queue active)
févr. 18 19:52:38 exchange postfix/qmgr[17596]: 1CE4A5276: from=<contact@domaine.sd>, size=1942, nrcpt=1 (queue active)
févr. 18 19:52:38 exchange postfix/qmgr[17596]: 1E7BC50E1: from=<contact@domaine.sd>, size=1987, nrcpt=2 (queue active)
févr. 18 19:52:38 exchange postfix/qmgr[17596]: 189AD50A1: from=<contact@domaine.sd>, size=1857, nrcpt=1 (queue active)
févr. 18 19:52:38 exchange postfix/qmgr[17596]: 143DD5112: from=<contact@domaine.sd>, size=1796, nrcpt=1 (queue active)
févr. 18 19:52:38 exchange postfix/qmgr[17596]: 12B555130: from=<contact@domaine.sd>, size=1985, nrcpt=1 (queue active)
févr. 18 19:52:38 exchange postfix/qmgr[17596]: 1C8BF50F5: from=<contact@domaine.sd>, size=2093, nrcpt=1 (queue active)
févr. 18 19:52:38 exchange postfix/qmgr[17596]: 1A92E51C6: from=<contact@domaine.sd>, size=1740, nrcpt=1 (queue active)
févr. 18 19:52:38 exchange postfix/qmgr[17596]: 1D03B514D: from=<contact@domaine.sd>, size=1733, nrcpt=1 (queue active)
févr. 18 19:52:38 exchange postfix/qmgr[17596]: 12BC450CD: from=<contact@domaine.sd>, size=1764, nrcpt=1 (queue active)
févr. 18 19:52:38 exchange postfix/qmgr[17596]: 18718523C: from=<contact@domaine.sd>, size=2025, nrcpt=1 (queue active)
févr. 18 19:52:38 exchange postfix/qmgr[17596]: 1977551B3: from=<contact@domaine.sd>, size=1672, nrcpt=1 (queue active)
févr. 18 19:52:38 exchange postfix/qmgr[17596]: 174646F9B: from=<contact@domaine.sd>, size=1828, nrcpt=1 (queue active)
févr. 18 19:52:38 exchange postfix/qmgr[17596]: 197E4526D: from=<contact@domaine.sd>, size=2047, nrcpt=1 (queue active)
févr. 18 19:52:38 exchange postfix/qmgr[17596]: 188F851AA: from=<contact@domaine.sd>, size=1772, nrcpt=1 (queue active)
févr. 18 19:52:38 exchange postfix/qmgr[17596]: 1B7365065: from=<contact@domaine.sd>, size=1888, nrcpt=1 (queue active)
févr. 18 19:52:38 exchange postfix/qmgr[17596]: 13BB35156: from=<contact@domaine.sd>, size=1762, nrcpt=1 (queue active)
févr. 18 19:52:38 exchange postfix/qmgr[17596]: 1A7D05199: from=<contact@domaine.sd>, size=1965, nrcpt=1 (queue active)
févr. 18 19:52:38 exchange postfix/qmgr[17596]: 1496C51AF: from=<contact@domaine.sd>, size=2110, nrcpt=1 (queue active)
févr. 18 19:52:38 exchange postfix/qmgr[17596]: 1C2DF5217: from=<contact@domaine.sd>, size=1781, nrcpt=1 (queue active)
févr. 18 19:52:38 exchange postfix/qmgr[17596]: 1D68C5259: from=<contact@domaine.sd>, size=1786, nrcpt=1 (queue active)
févr. 18 19:52:38 exchange postfix/qmgr[17596]: 11C865158: from=<contact@domaine.sd>, size=1849, nrcpt=2 (queue active)
févr. 18 19:52:38 exchange postfix/qmgr[17596]: AE2704879: from=<contact@domaine.sd>, size=1842, nrcpt=1 (queue active)
févr. 18 19:52:38 exchange postfix/qmgr[17596]: A342A5234: from=<contact@domaine.sd>, size=2178, nrcpt=3 (queue active)
févr. 18 19:52:38 exchange postfix/qmgr[17596]: A81E050FE: from=<contact@domaine.sd>, size=1814, nrcpt=2 (queue active)
févr. 18 19:52:38 exchange postfix/qmgr[17596]: A7FF25048: from=<contact@domaine.sd>, size=1757, nrcpt=1 (queue active)
févr. 18 19:52:38 exchange postfix/qmgr[17596]: A2459500D: from=<contact@domaine.sd>, size=1710, nrcpt=1 (queue active)
févr. 18 19:52:38 exchange postfix/qmgr[17596]: A33BE521E: from=<contact@domaine.sd>, size=1857, nrcpt=2 (queue active)
févr. 18 19:52:38 exchange postfix/qmgr[17596]: ABCDE5054: from=<contact@domaine.sd>, size=1805, nrcpt=1 (queue active)
févr. 18 19:52:38 exchange postfix/qmgr[17596]: ADFBA5131: from=<contact@domaine.sd>, size=1996, nrcpt=1 (queue active)
févr. 18 19:52:38 exchange postfix/qmgr[17596]: A06245057: from=<contact@domaine.sd>, size=1854, nrcpt=2 (queue active)
févr. 18 19:52:38 exchange postfix/qmgr[17596]: A34125114: from=<contact@domaine.sd>, size=1889, nrcpt=1 (queue active)



y en beaucoup plus, je n'ai copié qu'une partie, puis on a ceci:

févr. 18 19:52:38 exchange postfix/smtp[27860]: DBD3151A3: to=<poop@oool.com>, relay=oool.com[35.186.238.101]:25, delay=33992, delays=33991/0.18/0.34/0, dsn=4.4.2, status=deferred (lost connection with oool.com[35.186.238.101] while receiving the initial server greeting)
févr. 18 19:52:38 exchange postfix/smtp[27864]: 5CF5F5246: host imail3.nationalfibre.net[216.105.95.39] refused to talk to me: 554-imail3.nationalfibre.net 554 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means.
févr. 18 19:52:38 exchange postfix/smtp[27880]: connect to wellhelloactivation.com[209.200.154.51]:25: Connection refused
févr. 18 19:52:38 exchange postfix/smtp[27880]: C85B15107: to=<sl7qujhkvktlb1548074887741@wellhelloactivation.com>, relay=none, delay=34037, delays=34037/0.29/0.36/0, dsn=4.4.1, status=deferred (connect to wellhelloactivation.com[209.200.154.51]:25: Connection refused)
févr. 18 19:52:38 exchange postfix/smtp[27884]: 487B65225: host imail1.nationalfibre.net[216.105.95.34] refused to talk to me: 554-imail1.nationalfibre.net 554 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means.
févr. 18 19:52:39 exchange postfix/smtp[27864]: 5CF5F5246: to=<rg-jlu-ss18oct23001@nationalfibre.net>, relay=imail1.nationalfibre.net[216.105.95.34]:25, delay=33909, delays=33908/0.2/0.64/0, dsn=4.0.0, status=deferred (host imail1.nationalfibre.net[216.105.95.34] refused to talk to me: 554-imail1.nationalfibre.net 554 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means.)
févr. 18 19:52:39 exchange postfix/smtp[27887]: 957E75177: to=<chanti10312018@theinfinitynetwork.com>, relay=imail1.nationalfibre.net[216.105.95.34]:25, delay=33972, delays=33971/0.32/0.56/0, dsn=4.0.0, status=deferred (host imail1.nationalfibre.net[216.105.95.34] refused to talk to me: 554-imail1.nationalfibre.net 554 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means.)
févr. 18 19:52:39 exchange postfix/smtp[27869]: 32EBC50FC: host mx-eu.mail.am0.yahoodns.net[212.82.101.46] said: 421 4.7.0 [TSS04] Messages from 213.179.181.19 temporarily deferred due to user complaints - 4.16.55.1; see https://help.yahoo.com/kb/postmaster/SLN3434.html (in reply to MAIL FROM command)
févr. 18 19:52:39 exchange postfix/smtp[27869]: 32EBC50FC: lost connection with mx-eu.mail.am0.yahoodns.net[212.82.101.46] while sending RCPT TO
févr. 18 19:52:39 exchange postfix/smtp[27857]: D853F5251: host mx-eu.mail.am0.yahoodns.net[188.125.73.87] said: 421 4.7.0 [TSS04] Messages from 213.179.181.19 temporarily deferred due to user complaints - 4.16.55.1; see https://help.yahoo.com/kb/postmaster/SLN3434.html (in reply to MAIL FROM command)
févr. 18 19:52:39 exchange postfix/smtp[27857]: D853F5251: lost connection with mx-eu.mail.am0.yahoodns.net[188.125.73.87] while sending RCPT TO
févr. 18 19:52:39 exchange postfix/smtp[27847]: 70B155041: host gmail-smtp-in.l.google.com[64.233.166.26] said: 452-4.2.2 The email account that you tried to reach is over quota. Please direct 452-4.2.2 the recipient to 452 4.2.2  https://support.google.com/mail/?p=OverQuotaTemp b3si11726673wrm.378 - gsmtp (in reply to RCPT TO command)
févr. 18 19:52:39 exchange postfix/smtp[27884]: 487B65225: to=<kim-t1280918@nationalfibre.net>, relay=imail3.nationalfibre.net[216.105.95.39]:25, delay=33928, delays=33927/0.31/0.69/0, dsn=4.0.0, status=deferred (host imail3.nationalfibre.net[216.105.95.39] refused to talk to me: 554-imail3.nationalfibre.net 554 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means.)
févr. 18 19:52:39 exchange postfix/smtp[27879]: C477A50EF: host mx-eu.mail.am0.yahoodns.net[212.82.101.46] said: 421 4.7.0 [TSS04] Messages from 213.179.181.19 temporarily deferred due to user complaints - 4.16.55.1; see https://help.yahoo.com/kb/postmaster/SLN3434.html (in reply to MAIL FROM command)
févr. 18 19:52:39 exchange postfix/smtp[27879]: C477A50EF: lost connection with mx-eu.mail.am0.yahoodns.net[212.82.101.46] while sending RCPT TO
févr. 18 19:52:39 exchange postfix/smtp[27889]: 63D955248: host mx-eu.mail.am0.yahoodns.net[188.125.73.87] said: 421 4.7.0 [TSS04] Messages from 213.179.181.19 temporarily deferred due to user complaints - 4.16.55.1; see https://help.yahoo.com/kb/postmaster/SLN3434.html (in reply to MAIL FROM command)
févr. 18 19:52:39 exchange postfix/smtp[27889]: 63D955248: lost connection with mx-eu.mail.am0.yahoodns.net[188.125.73.87] while sending RCPT TO
févr. 18 19:52:39 exchange postfix/smtp[27881]: 477AD5093: to=<ohnny42@cogeco.ca>, relay=MX.cogeco.ca[216.221.81.26]:25, delay=34105, delays=34104/0.29/0.82/0, dsn=4.4.2, status=deferred (lost connection with MX.cogeco.ca[216.221.81.26] while receiving the initial server greeting)
févr. 18 19:52:39 exchange postfix/smtp[27832]: F15C0523F: host mx-aol.mail.gm0.yahoodns.net[74.6.141.40] said: 421 4.7.0 [TSS04] Messages from 213.179.181.19 temporarily deferred due to user complaints - 4.16.55.1; see https://help.yahoo.com/kb/postmaster/SLN3434.html (in reply to MAIL FROM command)
févr. 18 19:52:39 exchange postfix/smtp[27832]: F15C0523F: lost connection with mx-aol.mail.gm0.yahoodns.net[74.6.141.40] while sending RCPT TO
févr. 18 19:52:39 exchange postfix/smtp[27851]: 2A46251BD: host mx-eu.mail.am0.yahoodns.net[188.125.73.87] said: 421 4.7.0 [TSS04] Messages from 213.179.181.19 temporarily deferred due to user complaints - 4.16.55.1; see https://help.yahoo.com/kb/postmaster/SLN3434.html (in reply to MAIL FROM command)
févr. 18 19:52:39 exchange postfix/smtp[27851]: 2A46251BD: lost connection with mx-eu.mail.am0.yahoodns.net[188.125.73.87] while sending RCPT TO
févr. 18 19:52:39 exchange postfix/smtp[27831]: F154951AB: host mta5.am0.yahoodns.net[66.218.85.52] said: 421 4.7.0 [TSS04] Messages from 213.179.181.19 temporarily deferred due to user complaints - 4.16.55.1; see https://help.yahoo.com/kb/postmaster/SLN3434.html (in reply to MAIL FROM command)
févr. 18 19:52:39 exchange postfix/smtp[27831]: F154951AB: lost connection with mta5.am0.yahoodns.net[66.218.85.52] while sending RCPT TO
févr. 18 19:52:39 exchange postfix/smtp[27837]: F17B95067: host mta5.am0.yahoodns.net[74.6.137.64] said: 421 4.7.0 [TSS04] Messages from 213.179.181.19 temporarily deferred due to user complaints - 4.16.55.1; see https://help.yahoo.com/kb/postmaster/SLN3434.html (in reply to MAIL FROM command)
févr. 18 19:52:39 exchange postfix/smtp[27837]: F17B95067: lost connection with mta5.am0.yahoodns.net[74.6.137.64] while sending RCPT TO
févr. 18 19:52:39 exchange postfix/smtp[27841]: 1A92E51C6: host mx-aol.mail.gm0.yahoodns.net[66.218.85.151] said: 421 4.7.0 [TSS04] Messages from 213.179.181.19 temporarily deferred due to user complaints - 4.16.55.1; see https://help.yahoo.com/kb/postmaster/SLN3434.html (in reply to MAIL FROM command)
févr. 18 19:52:39 exchange postfix/smtp[27841]: 1A92E51C6: lost connection with mx-aol.mail.gm0.yahoodns.net[66.218.85.151] while sending RCPT TO
févr. 18 19:52:39 exchange postfix/smtp[27853]: B4D98509C: host mta5.am0.yahoodns.net[74.6.137.64] said: 421 4.7.0 [TSS04] Messages from 213.179.181.19 temporarily deferred due to user complaints - 4.16.55.1; see https://help.yahoo.com/kb/postmaster/SLN3434.html (in reply to MAIL FROM command)
févr. 18 19:52:39 exchange postfix/smtp[27853]: B4D98509C: lost connection with mta5.am0.yahoodns.net[74.6.137.64] while sending RCPT TO
févr. 18 19:52:39 exchange postfix/smtp[27849]: 7926950EC: host mta5.am0.yahoodns.net[66.218.85.52] said: 421 4.7.0 [TSS04] Messages from 213.179.181.19 temporarily deferred due to user complaints - 4.16.55.1; see https://help.yahoo.com/kb/postmaster/SLN3434.html (in reply to MAIL FROM command)
févr. 18 19:52:39 exchange postfix/smtp[27849]: 7926950EC: lost connection with mta5.am0.yahoodns.net[66.218.85.52] while sending RCPT TO
févr. 18 19:52:39 exchange postfix/smtp[27846]: 7E70C507B: host mta7.am0.yahoodns.net[98.137.159.26] said: 421 4.7.0 [TSS04] Messages from 213.179.181.19 temporarily deferred due to user complaints - 4.16.55.1; see https://help.yahoo.com/kb/postmaster/SLN3434.html (in reply to MAIL FROM command)
févr. 18 19:52:39 exchange postfix/smtp[27846]: 7E70C507B: lost connection with mta7.am0.yahoodns.net[98.137.159.26] while sending RCPT TO
févr. 18 19:52:39 exchange postfix/smtp[27835]: F353F5214: host mta6.am0.yahoodns.net[98.137.159.27] said: 421 4.7.0 [TSS04] Messages from 213.179.181.19 temporarily deferred due to user complaints - 4.16.55.1; see https://help.yahoo.com/kb/postmaster/SLN3434.html (in reply to MAIL FROM command)
févr. 18 19:52:39 exchange postfix/smtp[27835]: F353F5214: lost connection with mta6.am0.yahoodns.net[98.137.159.27] while sending RCPT TO
févr. 18 19:52:39 exchange postfix/smtp[27836]: F3593522B: host mta6.am0.yahoodns.net[74.6.137.63] said: 421 4.7.0 [TSS04] Messages from 213.179.181.19 temporarily deferred due to user complaints - 4.16.55.1; see https://help.yahoo.com/kb/postmaster/SLN3434.html (in reply to MAIL FROM command)
févr. 18 19:52:39 exchange postfix/smtp[27836]: F3593522B: lost connection with mta6.am0.yahoodns.net[74.6.137.63] while sending RCPT TO
févr. 18 19:52:39 exchange postfix/smtp[27856]: 8CCD55243: host mta5.am0.yahoodns.net[66.218.85.52] said: 421 4.7.0 [TSS04] Messages from 213.179.181.19 temporarily deferred due to user complaints - 4.16.55.1; see https://help.yahoo.com/kb/postmaster/SLN3434.html (in reply to MAIL FROM command)
févr. 18 19:52:39 exchange postfix/smtp[27856]: 8CCD55243: lost connection with mta5.am0.yahoodns.net[66.218.85.52] while sending RCPT TO
févr. 18 19:52:39 exchange postfix/smtp[27839]: 127A4525A: host mx-aol.mail.gm0.yahoodns.net[98.136.96.73] said: 421 4.7.0 [TSS04] Messages from 213.179.181.19 temporarily deferred due to user complaints - 4.16.55.1; see https://help.yahoo.com/kb/postmaster/SLN3434.html (in reply to MAIL FROM command)



Debian 8, serveur dédié, postfix/dovecot et Rainloop.

J'ai arrêté le service postfix cette nuit, il n'y a rien eu jusqu'à ce que je le relance ce matin.

Une idée? Merci.

Dernière modification par parazitenew (19-02-2019 08:17:28)

Hors ligne

Pied de page des forums