Fwd: [Postfix-es] Ataque? Correo inexistente.

[CEduardo®]

---------- Forwarded message ----------
From: Bruno Barrera C. <bruno en tpgcompany.com>
Date: 12-jun-2007 8:10
Subject: [Postfix-es] Ataque? Correo inexistente.
To: postfix-es en lists.wl0.org

Estimados,

        Estoy recibiendo de diversas direcciones peticiones de correo a una
direccion con dominio EXISTENTE (munizapallar.cl) en mi servidor pero
cuyo usuario no existe (figmunizapallarnur).

El problema es que cada una de estas peticiones vienen de diversos
servidores de correo por lo que no puedo aplicar un iptables para
bloquear las conexiones y diariamente incrementa mis logs
exponencialmente de correo haciendo esto todo muy molesto para posterior
analisis.

Que puedo hacer para solucionar esto? Alguna sugerencia?

Tengo Postifx (Version: 2.2.10) + MySQL (Virtual Domains) + Posgrey +
SpamAssassin + ClamAV.

Aca un log de ejemplo:

Jun 12 09:04:38 saga postfix/smtpd[16390]: <
mail.sinotrans-zjg.com[61.155.18.66]: MAIL FROM:<> SIZE=4188
Jun 12 09:04:38 saga postfix/smtpd[16390]: extract_addr: input: <>
Jun 12 09:04:38 saga postfix/smtpd[16390]: smtpd_check_addr: addr=
Jun 12 09:04:38 saga postfix/smtpd[16390]: extract_addr: result:
Jun 12 09:04:38 saga postfix/smtpd[16390]: fsspace: .: block size 4096,
blocks free 13063700
Jun 12 09:04:38 saga postfix/smtpd[16390]: smtpd_check_size: blocks 4096
avail 13063700 min_free 0 msg_size_limit 10240000
Jun 12 09:04:38 saga postfix/smtpd[16390]: >
mail.sinotrans-zjg.com[61.155.18.66]: 250 Ok
Jun 12 09:04:38 saga postfix/smtpd[16256]: > imcf.co.za[196.30.14.12]:
220 saga.tpgcompany.com ESMTP Postfix
Jun 12 09:04:38 saga postfix/smtpd[16251]: < unknown[62.96.65.110]: RCPT
TO:<figmunizapallarnur en munizapallar.cl>
Jun 12 09:04:38 saga postfix/smtpd[16251]: extract_addr: input:
<figmunizapallarnur en munizapallar.cl>
Jun 12 09:04:38 saga postfix/smtpd[16251]: smtpd_check_addr:
addr=figmunizapallarnur en munizapallar.cl
Jun 12 09:04:38 saga postfix/smtpd[16251]: ctable_locate: leave existing
entry key figmunizapallarnur en munizapallar.cl
Jun 12 09:04:38 saga postfix/smtpd[16251]: extract_addr: result:
figmunizapallarnur en munizapallar.cl
Jun 12 09:04:38 saga postfix/smtpd[16251]: >>> START Recipient address
RESTRICTIONS <<<
Jun 12 09:04:38 saga postfix/smtpd[16251]: generic_checks:
name=permit_sasl_authenticated
Jun 12 09:04:38 saga postfix/smtpd[16251]: generic_checks:
name=permit_sasl_authenticated status=0
Jun 12 09:04:38 saga postfix/smtpd[16251]: generic_checks:
name=permit_mynetworks
Jun 12 09:04:38 saga postfix/smtpd[16251]: permit_mynetworks: unknown
62.96.65.110
Jun 12 09:04:38 saga postfix/smtpd[16251]: match_hostname: unknown ~?
127.0.0.0/8
Jun 12 09:04:38 saga postfix/smtpd[16251]: match_hostaddr: 62.96.65.110
~? 127.0.0.0/8
Jun 12 09:04:38 saga postfix/smtpd[16251]: match_hostname: unknown ~?
saga.tpgcompany.com
Jun 12 09:04:38 saga postfix/smtpd[16251]: match_hostaddr: 62.96.65.110
~? saga.tpgcompany.com
Jun 12 09:04:38 saga postfix/smtpd[16251]: match_list_match: unknown: no
match
Jun 12 09:04:38 saga postfix/smtpd[16251]: match_list_match:
62.96.65.110: no match
Jun 12 09:04:38 saga postfix/smtpd[16251]: generic_checks:
name=permit_mynetworks status=0
Jun 12 09:04:38 saga postfix/smtpd[16251]: generic_checks:
name=reject_unauth_destination
Jun 12 09:04:38 saga postfix/smtpd[16251]: reject_unauth_destination:
figmunizapallarnur en munizapallar.cl
Jun 12 09:04:38 saga postfix/smtpd[16251]: permit_auth_destination:
figmunizapallarnur en munizapallar.cl
Jun 12 09:04:38 saga postfix/smtpd[16251]: ctable_locate: leave existing
entry key figmunizapallarnur en munizapallar.cl
Jun 12 09:04:38 saga postfix/smtpd[16251]: generic_checks:
name=reject_non_fqdn_hostname
Jun 12 09:04:38 saga postfix/smtpd[16251]: reject_non_fqdn_hostname:
mail.spice-service.de
Jun 12 09:04:38 saga postfix/smtpd[16251]: generic_checks:
name=reject_non_fqdn_hostname status=0
Jun 12 09:04:38 saga postfix/smtpd[16251]: generic_checks:
name=check_policy_service
Jun 12 09:04:38 saga postfix/smtpd[16251]: send attr request =
smtpd_access_policy
Jun 12 09:04:38 saga postfix/smtpd[16251]: send attr protocol_state = RCPT
Jun 12 09:04:38 saga postfix/smtpd[16251]: send attr protocol_name = ESMTP
Jun 12 09:04:38 saga postfix/smtpd[16251]: send attr client_address =
62.96.65.110
Jun 12 09:04:38 saga postfix/smtpd[16251]: send attr client_name = unknown
Jun 12 09:04:38 saga postfix/smtpd[16251]: send attr helo_name =
mail.spice-service.de
Jun 12 09:04:38 saga postfix/smtpd[16251]: send attr sender =
Jun 12 09:04:38 saga postfix/smtpd[16251]: send attr recipient =
figmunizapallarnur en munizapallar.cl
Jun 12 09:04:38 saga postfix/smtpd[16251]: send attr queue_id =
Jun 12 09:04:38 saga postfix/smtpd[16251]: send attr instance =
3f7b.466e99e6.0
Jun 12 09:04:38 saga postfix/smtpd[16251]: send attr size = 4823
Jun 12 09:04:38 saga postfix/smtpd[16251]: send attr sasl_method =
Jun 12 09:04:38 saga postfix/smtpd[16251]: send attr sasl_username =
Jun 12 09:04:38 saga postfix/smtpd[16251]: send attr sasl_sender =
Jun 12 09:04:38 saga postfix/smtpd[16251]: send attr ccert_subject =
Jun 12 09:04:38 saga postfix/smtpd[16251]: send attr ccert_issuer =
Jun 12 09:04:38 saga postfix/smtpd[16251]: send attr ccert_fingerprint =
Jun 12 09:04:38 saga postfix/smtpd[16251]: 127.0.0.1:60000: wanted
attribute: action
Jun 12 09:04:38 saga postfix/smtpd[16258]: < unknown[61.7.154.68]: QUIT
Jun 12 09:04:38 saga postfix/smtpd[16258]: > unknown[61.7.154.68]: 221 Bye
--
The Pegasus Group Company
i2 Official Representatives
2 Norte 1187 OF. 63, Viña del Mar
Phone 1: +56 (32) 297 81 55
Phone 2: +56 (32) 297 08 96
Mobile:  +56 (98) 289 27 05
http://www.tpgcompany.com
_______________________________________________
List de correo Postfix-es para tratar temas del MTA postfix en español
Postfix-es en lists.wl0.org
http://lists.wl0.org/mailman/listinfo/postfix-es


-- 
CEduardo(r)
Carlos Eduardo Virgen Londoño (c)1980-2007
Link: http://www.geocities.com/cevlco/
------------ próxima parte ------------
Se ha borrado un adjunto en formato HTML...
URL: http://lists.wl0.org/pipermail/postfix-es/attachments/20070612/6235c691/attachment.html