程序博客网 > ubuntu安装git失败

用Postfix + Dovecot 搭建的邮件服务器被垃圾邮件当中转服务器的处理

来源:互联网 发布:ubuntu安装git失败 编辑:程序博客网 时间:2024/05/16 11:05

今天发邮件, 发送失败,然后到服务器上看日志, 发现硬盘被垃圾邮件的缓存队列和日志塞满了,

tail    -f    /var/log/maillog   发现疯狂刷屏,部分日志如下 :

Aug 17 09:39:01 www postfix/error[1173]: 455F050663: to=<papa8833_1234@yahoo.com.tw>, relay=none, delay=28778, delays=28631/146/0/0.51, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mx-tw.mail.gm0.yahoodns.net[203.188.197.119] while sending RCPT TO)Aug 17 09:39:01 www postfix/error[1229]: 296AE2FDCD: to=<masakiaiba1224@yahoo.com.tw>, relay=none, delay=30507, delays=30360/147/0/0.21, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mx-tw.mail.gm0.yahoodns.net[203.188.197.119] while sending RCPT TO)Aug 17 09:39:01 www postfix/error[1138]: 1F9A853B47: to=<jessie-0918@yahoo.com.tw>, relay=none, delay=28244, delays=28097/146/0/0.6, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mx-tw.mail.gm0.yahoodns.net[203.188.197.119] while sending RCPT TO)Aug 17 09:39:01 www postfix/error[1104]: B16DB3AB0B: to=<dalin0602@yahoo.com.tw>, relay=none, delay=29431, delays=29284/146/0/0.83, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mx-tw.mail.gm0.yahoodns.net[203.188.197.119] while sending RCPT TO)Aug 17 09:39:01 www postfix/error[1205]: B7F65597AE: to=<alice19920502@yahoo.com.tw>, relay=none, delay=26365, delays=26218/146/0/0.41, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mx-tw.mail.gm0.yahoodns.net[203.188.197.119] while sending RCPT TO)Aug 17 09:39:01 www postfix/error[1166]: 308EE43BD2: to=<095275385@yahoo.com.tw>, relay=none, delay=30716, delays=30569/147/0/0.06, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mx-tw.mail.gm0.yahoodns.net[203.188.197.119] while sending RCPT TO)Aug 17 09:39:01 www postfix/error[1140]: 9654E2B6A6: to=<kzy@yahoo.com.tw>, relay=none, delay=35359, delays=35213/146/0/0.79, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mx-tw.mail.gm0.yahoodns.net[203.188.197.119] while sending RCPT TO)Aug 17 09:39:01 www postfix/error[1134]: C74DA58B4C: to=<a6043112@yahoo.com.tw>, relay=none, delay=26704, delays=26557/146/0/0.57, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mx-tw.mail.gm0.yahoodns.net[203.188.197.119] while sending RCPT TO)Aug 17 09:39:01 www postfix/error[1220]: 506172DC9A: to=<znzn720908@yahoo.com.tw>, relay=none, delay=34379, delays=34232/146/0/1.4, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mx-tw.mail.gm0.yahoodns.net[203.188.197.119] while sending RCPT TO)

在看一下系统进程和负载, 好晕, 负载都28了,服务器都快扛不动了。

[root@www /]# toptop - 09:42:06 up 2 days, 22:13,  1 user,  load average: 28.81, 20.57, 12.43Tasks: 238 total,   1 running, 237 sleeping,   0 stopped,   0 zombieCpu(s):  4.4%us,  8.0%sy,  0.0%ni,  4.2%id, 82.7%wa,  0.5%hi,  0.2%si,  0.0%stMem:   3921316k total,  2927360k used,   993956k free,   520508k buffersSwap:        0k total,        0k used,        0k free,   671096k cached  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND                                                                  319 root      20   0 80764 3568 2656 S  3.7  0.1   0:13.37 master                                                                   323 postfix   20   0 80944 3568 2596 S  2.0  0.1   0:09.92 trivial-rewrite                                                          322 postfix   20   0  103m  28m 2712 D  1.7  0.7   0:09.09 qmgr                                                                     862 root      20   0  249m 4784 1032 S  1.7  0.1  14:18.73 rsyslogd                                                                 448 postfix   20   0 80984 3592 2596 S  1.0  0.1   0:03.35 trivial-rewrite                                                          255 root      20   0     0    0    0 D  0.7  0.0   5:59.75 jbd2/xvda1-8                                                             400 postfix   20   0 94400 5164 3588 S  0.7  0.1   0:00.21 smtpd                                                                   1293 root      20   0  761m 8096 2072 S  0.7  0.2   4:48.66 aegis_cli                                                               1877 postfix   20   0 80856 3528 2632 S  0.7  0.1   0:00.08 error                                                                   2024 postfix   20   0 80856 3536 2632 S  0.7  0.1   0:00.04 error                                                                   2152 postfix   20   0 80880 3492 2608 S  0.7  0.1   0:00.02 bounce                                                                  2158 postfix   20   0 80880 3496 2608 D  0.7  0.1   0:00.02 bounce                                                                  2162 root      20   0 15160 1428 1000 R  0.7  0.0   0:00.02 top                                                                      446 postfix   20   0 94400 5172 3604 S  0.3  0.1   0:00.18 smtpd                                                                    455 postfix   20   0 80988 3640 2712 S  0.3  0.1   0:00.10 cleanup                                                                  463 postfix   20   0 94400 5144 3576 S  0.3  0.1   0:00.16 smtpd                                                                    465 postfix   20   0 80988 3636 2712 S  0.3  0.1   0:00.10 cleanup                                                                 1018 postfix   20   0 80988 3640 2712 S  0.3  0.1   0:00.07 cleanup                                                                 1035 postfix   20   0 94400 5120 3548 S  0.3  0.1   0:00.09 smtpd                                                                   1040 postfix   20   0 94400 5140 3568 S  0.3  0.1   0:00.14 smtpd                                                                   1469 postfix   20   0 80856 3532 2632 S  0.3  0.1   0:00.22 error                                                                   1836 postfix   20   0 80856 3528 2632 S  0.3  0.1   0:00.09 error                                                                   1900 postfix   20   0 80856 3536 2632 S  0.3  0.1   0:00.06 error                                                                   1903 postfix   20   0 80856 3528 2632 S  0.3  0.1   0:00.06 error                                                                   1924 postfix   20   0 80856 3528 2632 S  0.3  0.1   0:00.06 error                                                                   1939 postfix   20   0 80856 3532 2632 S  0.3  0.1   0:00.05 error                                                                   1960 postfix   20   0 80856 3528 2632 S  0.3  0.1   0:00.05 error                                                                   1967 postfix   20   0 80856 3532 2632 S  0.3  0.1   0:00.05 error                                                                   1973 postfix   20   0 80856 3528 2632 S  0.3  0.1   0:00.05 error                                                                   1977 postfix   20   0 80856 3532 2632 S  0.3  0.1   0:00.04 error                                                                   2090 postfix   20   0 80880 3500 2608 D  0.3  0.1   0:00.01 bounce                                                                  2153 postfix   20   0 80880 3500 2608 D  0.3  0.1   0:00.01 bounce                                                                  2161 postfix   20   0 80880 3492 2608 D  0.3  0.1   0:00.01 bounce                                                                  2163 postfix   20   0 80880 3492 2608 D  0.3  0.1   0:00.01 bounce                                                                  2164 postfix   20   0 80880 3492 2608 D  0.3  0.1   0:00.01 bounce                                                                  2165 postfix   20   0 80880 3492 2608 D  0.3  0.1   0:00.01 bounce                                                                  2169 postfix   20   0 80880 3496 2608 D  0.3  0.1   0:00.01 bounce                                                                  2170 postfix   20   0 80880 3496 2608 D  0.3  0.1   0:00.01 bounce                                                                  2176 postfix   20   0 80880 3492 2608 D  0.3  0.1   0:00.01 bounce                                                                     1 root      20   0 19232 1088  820 S  0.0  0.0   0:00.87 init                                                                       2 root      20   0     0    0    0 S  0.0  0.0   0:00.00 kthreadd

先停下  postfix 服务,  看看被转发的垃圾邮件的内容:

[root@www /]# postcat -q 847D9E8238*** ENVELOPE RECORDS deferred/8/847D9E8238 ***message_size:            6545            3068              26               0            6545message_arrival_time: Sun Aug 17 10:15:10 2014create_time: Sun Aug 17 10:15:10 2014named_attribute: rewrite_context=remotesender: tymgobzrck@yahoo.com.twnamed_attribute: log_client_name=36-224-134-61.dynamic-ip.hinet.netnamed_attribute: log_client_address=36.224.134.61named_attribute: log_client_port=2806named_attribute: log_message_origin=36-224-134-61.dynamic-ip.hinet.net[36.224.134.61]named_attribute: log_helo_name=115.28.81.191named_attribute: log_protocol_name=SMTPnamed_attribute: client_name=36-224-134-61.dynamic-ip.hinet.netnamed_attribute: reverse_client_name=36-224-134-61.dynamic-ip.hinet.netnamed_attribute: client_address=36.224.134.61named_attribute: client_port=2806named_attribute: helo_name=115.28.81.191named_attribute: protocol_name=SMTPnamed_attribute: client_address_type=2named_attribute: dsn_orig_rcpt=rfc822;joyce_107@yahoo.com.tworiginal_recipient: joyce_107@yahoo.com.twrecipient: joyce_107@yahoo.com.twnamed_attribute: dsn_orig_rcpt=rfc822;lucky-maggie@yahoo.com.tworiginal_recipient: lucky-maggie@yahoo.com.twrecipient: lucky-maggie@yahoo.com.twnamed_attribute: dsn_orig_rcpt=rfc822;joey31333@yahoo.com.tworiginal_recipient: joey31333@yahoo.com.twrecipient: joey31333@yahoo.com.twnamed_attribute: dsn_orig_rcpt=rfc822;mszzgundam@yahoo.com.tworiginal_recipient: mszzgundam@yahoo.com.twrecipient: mszzgundam@yahoo.com.twnamed_attribute: dsn_orig_rcpt=rfc822;ldmr@yahoo.com.tworiginal_recipient: ldmr@yahoo.com.twrecipient: ldmr@yahoo.com.twnamed_attribute: dsn_orig_rcpt=rfc822;ljhdavid@yahoo.com.tworiginal_recipient: ljhdavid@yahoo.com.twrecipient: ljhdavid@yahoo.com.twnamed_attribute: dsn_orig_rcpt=rfc822;jiangdixin@yahoo.com.tworiginal_recipient: jiangdixin@yahoo.com.twrecipient: jiangdixin@yahoo.com.twnamed_attribute: dsn_orig_rcpt=rfc822;leert1@yahoo.com.tworiginal_recipient: leert1@yahoo.com.twrecipient: leert1@yahoo.com.twnamed_attribute: dsn_orig_rcpt=rfc822;keychain882002@yahoo.com.tworiginal_recipient: keychain882002@yahoo.com.twrecipient: keychain882002@yahoo.com.twnamed_attribute: dsn_orig_rcpt=rfc822;pjyz@yahoo.com.tworiginal_recipient: pjyz@yahoo.com.twrecipient: pjyz@yahoo.com.twnamed_attribute: dsn_orig_rcpt=rfc822;lcru1214@yahoo.com.tworiginal_recipient: lcru1214@yahoo.com.twrecipient: lcru1214@yahoo.com.twnamed_attribute: dsn_orig_rcpt=rfc822;ice99954452002@yahoo.com.tworiginal_recipient: ice99954452002@yahoo.com.twrecipient: ice99954452002@yahoo.com.twnamed_attribute: dsn_orig_rcpt=rfc822;leslyn07@yahoo.com.tworiginal_recipient: leslyn07@yahoo.com.twrecipient: leslyn07@yahoo.com.twnamed_attribute: dsn_orig_rcpt=rfc822;markshow2004@yahoo.com.tworiginal_recipient: markshow2004@yahoo.com.twrecipient: markshow2004@yahoo.com.twnamed_attribute: dsn_orig_rcpt=rfc822;kk102055@yahoo.com.tworiginal_recipient: kk102055@yahoo.com.twrecipient: kk102055@yahoo.com.twnamed_attribute: dsn_orig_rcpt=rfc822;maggiewu321@yahoo.com.tworiginal_recipient: maggiewu321@yahoo.com.twrecipient: maggiewu321@yahoo.com.twnamed_attribute: dsn_orig_rcpt=rfc822;sentai@yahoo.com.tworiginal_recipient: sentai@yahoo.com.twrecipient: sentai@yahoo.com.twnamed_attribute: dsn_orig_rcpt=rfc822;pp7029@yahoo.com.tworiginal_recipient: pp7029@yahoo.com.twrecipient: pp7029@yahoo.com.twnamed_attribute: dsn_orig_rcpt=rfc822;jhleeahwon@yahoo.com.tworiginal_recipient: jhleeahwon@yahoo.com.twrecipient: jhleeahwon@yahoo.com.twnamed_attribute: dsn_orig_rcpt=rfc822;luominyou@yahoo.com.tworiginal_recipient: luominyou@yahoo.com.twrecipient: luominyou@yahoo.com.twnamed_attribute: dsn_orig_rcpt=rfc822;luckyherb0108@yahoo.com.tworiginal_recipient: luckyherb0108@yahoo.com.twrecipient: luckyherb0108@yahoo.com.twnamed_attribute: dsn_orig_rcpt=rfc822;linlin5155@yahoo.com.tworiginal_recipient: linlin5155@yahoo.com.twrecipient: linlin5155@yahoo.com.twnamed_attribute: dsn_orig_rcpt=rfc822;joey_lin2002@yahoo.com.tworiginal_recipient: joey_lin2002@yahoo.com.twrecipient: joey_lin2002@yahoo.com.twnamed_attribute: dsn_orig_rcpt=rfc822;fionhsu30@yahoo.com.tworiginal_recipient: fionhsu30@yahoo.com.twrecipient: fionhsu30@yahoo.com.twnamed_attribute: dsn_orig_rcpt=rfc822;redkid228@yahoo.com.tworiginal_recipient: redkid228@yahoo.com.twrecipient: redkid228@yahoo.com.twnamed_attribute: dsn_orig_rcpt=rfc822;l0925930862@yahoo.com.tworiginal_recipient: l0925930862@yahoo.com.twrecipient: l0925930862@yahoo.com.tw*** MESSAGE CONTENTS deferred/8/847D9E8238 ***Received: from 115.28.81.191 (36-224-134-61.dynamic-ip.hinet.net [36.224.134.61])        by mail.sintie.com (Postfix) with SMTP id 847D9E8238;        Sun, 17 Aug 2014 10:15:10 +0800 (CST)Received: from 65.64.252.253 by ; Sun, 17 Aug 2014 06:09:08 +0400

postfix 很强大, 重新把安全认证相关的东西设置,提高安全级别。
经过重新配置, 进行了认证之后 , 再看日志 :

Aug 17 10:52:49 www postfix/smtpd[5864]: NOQUEUE: reject: RCPT from 114-45-30-4.dynamic.hinet.net[114.45.30.4]: 504 5.5.2 <115.28.81.191>: Helo command rejected: need fully-qualified hostname; from=<yiysoemvhj@pchome.com.tw> to=<pk789561@yahoo.com.tw> proto=SMTP helo=<115.28.81.191>Aug 17 10:52:49 www postfix/smtpd[5863]: NOQUEUE: reject: RCPT from 118-161-251-198.dynamic.hinet.net[118.161.251.198]: 504 5.5.2 <115.28.81.191>: Helo command rejected: need fully-qualified hostname; from=<umnijixejf@yahoo.com.tw> to=<duckface@yahoo.com.tw> proto=SMTP helo=<115.28.81.191>Aug 17 10:52:50 www postfix/smtpd[5865]: connect from 118-161-241-28.dynamic.hinet.net[118.161.241.28]Aug 17 10:52:50 www postfix/smtpd[5863]: NOQUEUE: reject: RCPT from 118-161-251-198.dynamic.hinet.net[118.161.251.198]: 504 5.5.2 <115.28.81.191>: Helo command rejected: need fully-qualified hostname; from=<umnijixejf@yahoo.com.tw> to=<cnmed@yahoo.com.tw> proto=SMTP helo=<115.28.81.191>Aug 17 10:52:50 www postfix/smtpd[5864]: NOQUEUE: reject: RCPT from 114-45-30-4.dynamic.hinet.net[114.45.30.4]: 504 5.5.2 <115.28.81.191>: Helo command rejected: need fully-qualified hostname; from=<yiysoemvhj@pchome.com.tw> to=<rf54893@yahoo.com.tw> proto=SMTP helo=<115.28.81.191>Aug 17 10:52:50 www postfix/smtpd[5864]: NOQUEUE: reject: RCPT from 114-45-30-4.dynamic.hinet.net[114.45.30.4]: 504 5.5.2 <115.28.81.191>: Helo command rejected: need fully-qualified hostname; from=<yiysoemvhj@pchome.com.tw> to=<pneg_lung_family@yahoo.com.tw> proto=SMTP helo=<115.28.81.191>Aug 17 10:52:50 www postfix/smtpd[5865]: NOQUEUE: reject: RCPT from 118-161-241-28.dynamic.hinet.net[118.161.241.28]: 504 5.5.2 <115.28.81.191>: Helo command rejected: need fully-qualified hostname; from=<ifzivt@yahoo.com.tw> to=<petwear2002@yahoo.com.tw> proto=SMTP helo=<115.28.81.191>Aug 17 10:52:50 www postfix/smtpd[5865]: NOQUEUE: reject: RCPT from 118-161-241-28.dynamic.hinet.net[118.161.241.28]: 504 5.5.2 <115.28.81.191>: Helo command rejected: need fully-qualified hostname; from=<ifzivt@yahoo.com.tw> to=<pooh0208tw@yahoo.com.tw> proto=SMTP helo=<115.28.81.191>Aug 17 10:52:50 www postfix/smtpd[5865]: NOQUEUE: reject: RCPT from 118-161-241-28.dynamic.hinet.net[118.161.241.28]: 504 5.5.2 <115.28.81.191>: Helo command rejected: need fully-qualified hostname; from=<ifzivt@yahoo.com.tw> to=<shadowbear1@yahoo.com.tw> proto=SMTP helo=<115.28.81.191>Aug 17 10:52:51 www postfix/smtpd[5859]: NOQUEUE: reject: RCPT from 114-45-30-4.dynamic.hinet.net[114.45.30.4]: 504 5.5.2 <115.28.81.191>: Helo command rejected: need fully-qualified hostname; from=<fxhxukrxxfhv@pchome.com.tw> to=<robeak@yahoo.com.tw> proto=SMTP helo=<115.28.81.191>Aug 17 10:52:51 www postfix/smtpd[5865]: NOQUEUE: reject: RCPT from 118-161-241-28.dynamic.hinet.net[118.161.241.28]: 504 5.5.2 <115.28.81.191>: Helo command rejected: need fully-qualified hostname; from=<ifzivt@yahoo.com.tw> to=<u.rmp@yahoo.com.tw> proto=SMTP helo=<115.28.81.191>Aug 17 10:52:51 www postfix/smtpd[5863]: NOQUEUE: reject: RCPT from 118-161-251-198.dynamic.hinet.net[118.161.251.198]: 504 5.5.2 <115.28.81.191>: Helo command rejected: need fully-qualified hostname; from=<umnijixejf@yahoo.com.tw> to=<cpnel@yahoo.com.tw> proto=SMTP helo=<115.28.81.191>Aug 17 10:52:51 www postfix/smtpd[5865]: NOQUEUE: reject: RCPT from 118-161-241-28.dynamic.hinet.net[118.161.241.28]: 504 5.5.2 <115.28.81.191>: Helo command rejected: need fully-qualified hostname; from=<ifzivt@yahoo.com.tw> to=<saicvb@yahoo.com.tw> proto=SMTP helo=<115.28.81.191>Aug 17 10:52:51 www postfix/smtpd[5864]: NOQUEUE: reject: RCPT from 114-45-30-4.dynamic.hinet.net[114.45.30.4]: 504 5.5.2 <115.28.81.191>: Helo command rejected: need fully-qualified hostname; from=<yiysoemvhj@pchome.com.tw> to=<pellucid_space@yahoo.com.tw> proto=SMTP helo=<115.28.81.191>Aug 17 10:52:51 www postfix/smtpd[5865]: NOQUEUE: reject: RCPT from 118-161-241-28.dynamic.hinet.net[118.161.241.28]: 504 5.5.2 <115.28.81.191>: Helo command rejected: need fully-qualified hostname; from=<ifzivt@yahoo.com.tw> to=<sal-love@yahoo.com.tw> proto=SMTP helo=<115.28.81.191>

是被服务器拒绝了。

要是再能够动态分析这个日志 , 吧这个IP放入到防火墙里, 直接把它PASS掉就完美了。


下面把解决办法整理一下:

第一个是添加黑名单, 把  from 为   yahoo.com.tw  的 REJECT掉,     把 to 为  yahoo.com.tw  的 REJECT掉 。

第二个是启用防火墙, 把乱七八糟的台湾的IP地址直接用防火墙过滤掉。


黑名单的配置如下;

smtpd_sender_restrictions = reject_sender_login_mismatch, reject_non_fqdn_sender, reject_unknown_sender_domain, check_sender_access hash:/etc/postfix/sender_access, check_recipient_access hash:/etc/postfix/recver_access

sender_access和recver_access的内容如下:

[root@www postfix]# more sender_accessmail2000.com.tw         REJECTyahoo.com.tw    REJECTyahoo.com.jp    REJECTpchome.com.tw   REJECT[root@www postfix]# [root@www postfix]# [root@www postfix]# [root@www postfix]# [root@www postfix]# more recver_accessyahoo.com.tw    REJECT[root@www postfix]#

记得要用  postmap 生成 key-value形式的二进制文件。


防火墙通用脚本如下所示:

iptables -P INPUT DROPiptables -P OUTPUT ACCEPTiptables -P FORWARD DROPiptables -A OUTPUT -p tcp --sport 80 -j ACCEPTiptables -A INPUT -p tcp --dport 80 -j ACCEPTiptables -A OUTPUT -p tcp --sport 22 -j ACCEPTiptables -A INPUT -p tcp --dport 22 -j ACCEPTiptables -A OUTPUT -p tcp --sport 25 -j ACCEPTiptables -A INPUT -p tcp --dport 25 -j ACCEPTiptables -A OUTPUT -p tcp --sport 110 -j ACCEPTiptables -A INPUT -p tcp --dport 110 -j ACCEPTiptables -A OUTPUT -p tcp --sport 143 -j ACCEPTiptables -A INPUT -p tcp --dport 143 -j ACCEPTiptables -A OUTPUT -p tcp --sport 3306 -j ACCEPTiptables -A INPUT -p tcp --dport 3306 -j ACCEPTiptables -A OUTPUT -p tcp --sport 21 -j ACCEPTiptables -A INPUT -p tcp --dport 21 -j ACCEPTiptables -A OUTPUT -p tcp --sport 20 -j ACCEPTiptables -A INPUT -p tcp --dport 20 -j ACCEPTiptables -A OUTPUT -p tcp --sport 993 -j ACCEPTiptables -A INPUT -p tcp --dport 993 -j ACCEPTiptables -A OUTPUT -p tcp --sport 995 -j ACCEPTiptables -A INPUT -p tcp --dport 995 -j ACCEPTiptables -A INPUT -p udp --sport 53 -j ACCEPTiptables -A OUTPUT -p udp --dport 53 -j ACCEPTiptables -A INPUT -p udp --dport 53 -j ACCEPTiptables -A OUTPUT -p udp --sport 53 -j ACCEPTiptables -A OUTPUT -p icmp -j ACCEPTiptables -A INPUT -p icmp -j ACCEPTiptables -A INPUT -i lo -p all -j ACCEPTiptables -A OUTPUT -o lo -p all -j ACCEPTiptables -A INPUT -p tcp --sport 31337 -j DROPiptables -A OUTPUT -p tcp --dport 31337 -j DROPiptables -A INPUT -p tcp --sport 137 -j DROPiptables -A OUTPUT -p tcp --dport 137 -j DROPiptables -A INPUT -p tcp --sport 138 -j DROPiptables -A OUTPUT -p tcp --dport 138 -j DROPiptables -A INPUT -p tcp --sport 139 -j DROPiptables -A OUTPUT -p tcp --dport 139 -j DROPiptables -A INPUT -p tcp --sport 2049 -j DROPiptables -A OUTPUT -p tcp --dport 2049 -j DROPiptables -A FORWARD -f -m limit --limit 100/s --limit-burst 100 -j ACCEPTiptables -A FORWARD -p icmp -m limit --limit 1/s --limit-burst 10 -j ACCEPTiptables -I INPUT -s 36.224.139.122 -j DROPiptables -I INPUT -s 36.224.138.68 -j DROPiptables -I INPUT -s 114.45.27.171 -j DROPiptables -I INPUT -s 36.224.130.95 -j DROPiptables -I INPUT -s 114.45.30.249 -j DROP要禁止的IP就继续在这里添加

配置好了后, 重启 postfix, 基本就没有啥大问题了。


0 0
ubuntu安装git失败 ubuntu安装git失败
原创粉丝点击
热门IT博客
淘宝10月份应季产品淘宝10月份应季产品
linux设置ftp用户linux设置ftp用户
重生之娱乐网络帝国txt
薛之谦女装淘宝店网址
千牛店铺数据模块
java soap发送报文
xlsx密码破解软件
丑男逆袭变帅哥知乎
java中的length方法
模特杨柳的淘宝店
hbuilder移动app源码
html宣传源码
看电影便宜的软件
python 获取函数输出
linux ftp断点续传
js删除数组中指定下标
淘宝虚拟物品怎么卖
外国人发现淘宝
漫步者ma3网络重置
淘宝试用
热门问题 老师的惩罚 人脸识别 我在镇武司摸鱼那些年 重生之率土为王 我在大康的咸鱼生活 盘龙之生命进化 天生仙种 凡人之先天五行 春回大明朝 姑娘不必设防,我是瞎子 别再逼我娶亲了 开局获得龙象般若功 重生之香江大亨时代 我伪装成了美少女的第二人格 人道大圣 我前妻是大明星 医学模拟器 我装载了神明模块 华娱科幻之王 学霸的人生模拟器 重生东京泡沫时代 东京房东 重生过去从四合院开始 巨星从初代偶像开始 我世袭狱卒,开局镇压长公主 大虞执刑官,开局拷问妖女未婚妻 全场自由人 满级悟性:思过崖面壁八十年 圣女请安分 投影升级之旅 反派大师兄,师妹们全是病娇 盗墓之观山太保 非正常三国 影视世界从药神开始 朕就是亡国之君 摊牌了,我就是一位至高神 江户旅人 诡秘:从阅读者开始 左道长生,我的法术无限升级 第一百次相亲当天,逮捕相亲对象 大英公务员 侵入人间 联盟:求求你们别C了! 我的洪荒太过艰难 女徒弟们个个都想杀我 从农家子开始的古代生活 聊斋:从继承道观开始 开局被妹妹介绍去当经纪人 黑暗塔防游戏 修仙:我有一个梦境空间 从百户官开始

程序博客网,程序员的互联网技术博客家园。csdn论坛精品 msdn技术资料都在这里