私のPostfixサーバーは常にこの電子メールログを受け取ります。
Jan 22 16:04:30 mydomain postfix/smtpd[2282]: connect from unknown[46.38.144.79]
Jan 22 16:04:30 mydomain postfix/smtpd[1844]: warning: unknown[46.38.144.124]: SASL LOGIN authentication failed: authentication failure
Jan 22 16:04:31 mydomain postfix/smtpd[1844]: disconnect from unknown[46.38.144.124] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Jan 22 16:04:35 mydomain postfix/smtpd[1839]: warning: unknown[46.38.144.231]: SASL LOGIN authentication failed: authentication failure
Jan 22 16:04:35 mydomain postfix/smtpd[1839]: disconnect from unknown[46.38.144.231] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Jan 22 16:04:37 mydomain postfix/smtpd[2282]: warning: unknown[46.38.144.79]: SASL LOGIN authentication failed: authentication failure
Jan 22 16:04:38 mydomain postfix/smtpd[2282]: disconnect from unknown[46.38.144.79] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Jan 22 16:04:41 mydomain postfix/smtpd[1404]: connect from unknown[46.38.144.64]
Jan 22 16:04:44 mydomain postfix/smtpd[1844]: connect from unknown[46.38.144.124]
Jan 22 16:04:46 mydomain postfix/smtpd[1404]: warning: unknown[46.38.144.64]: SASL LOGIN authentication failed: authentication failure
Jan 22 16:04:46 mydomain postfix/smtpd[1404]: disconnect from unknown[46.38.144.64] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Jan 22 16:04:50 mydomain postfix/smtpd[1844]: warning: unknown[46.38.144.124]: SASL LOGIN authentication failed: authentication failure
Jan 22 16:04:50 mydomain postfix/smtpd[2282]: connect from unknown[46.38.144.231]
Jan 22 16:04:50 mydomain postfix/smtpd[1839]: connect from unknown[46.38.144.79]
Jan 22 16:04:51 mydomain postfix/smtpd[1844]: disconnect from unknown[46.38.144.124] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Jan 22 16:04:57 mydomain postfix/smtpd[2282]: warning: unknown[46.38.144.231]: SASL LOGIN authentication failed: authentication failure
Jan 22 16:04:57 mydomain postfix/smtpd[1839]: warning: unknown[46.38.144.79]: SASL LOGIN authentication failed: authentication failure
Jan 22 16:04:58 mydomain postfix/smtpd[2282]: disconnect from unknown[46.38.144.231] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Jan 22 16:04:58 mydomain postfix/smtpd[1839]: disconnect from unknown[46.38.144.79] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Jan 22 16:05:01 mydomain postfix/smtpd[1404]: connect from unknown[46.38.144.64]
外部からの攻撃ですか?どうすればこれを防ぐことができますか?
これは私のmain.cfファイルです。
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = mydomain.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, mydomain.com, localhost.com, , localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
virtual_alias_maps = hash:/etc/postfix/virtual
sender_bcc_maps = hash:/etc/postfix/bcc
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
home_mailbox = Maildir/
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination
smtp_tls_security_level = dane
allow_percent_hack = no
smtpd_tls_CAfile = /etc/postfix/postfix.ca.pem
smtpd_tls_security_level = may
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
# enable SASL authentication
smtp_sasl_auth_enable = yes
# disallow methods that allow anonymous authentication.
smtp_sasl_security_options = noanonymous
# where to find sasl_passwd
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
# Enable STARTTLS encryption
smtp_use_tls = yes
# where to find CA certificates
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtpd_client_restrictions =
permit_mynetworks,
reject_unauth_pipelining,
reject_unknown_client_hostname,
permit
smtpd_restriction_classes = mua_sender_restrictions, mua_client_restrictions, mua_helo_restrictions
mua_client_restrictions = permit_sasl_authenticated, reject
mua_sender_restrictions = permit_sasl_authenticated, reject
mua_helo_restrictions = permit_mynetworks, reject_non_fqdn_hostname, reject_invalid_hostname, permit
disable_vrfy_command = yes
smtpd_helo_required = yes
答え1
はい。これは攻撃です。これを使用して、fail2ban
そのIPアドレスをブロックできます。