Dovecot SASL / LDAP SPAMANGRIFF
Günther J. Niederwimmer
gjn at gjn.priv.at
Do Dez 8 16:20:54 CET 2016
Hallo,
Ich habe die Frage könnte es sein das dovecot bei der Authentifizierung
Probleme hat ?
Ich kämpfe im Moment mit einem SPAM Angriff und schön langsam gehen mir die
Ideen aus, was ich noch machen könnte.
Was am meisten auffällt ist ich bekomme die meisten Spams über
admin at example.com herein obwohl es in der Datenbank (LDAP) keinen User Admin
gibt ??
Der User Office at example.com bekommt mail und schickt das Zeug gleich wieder Raus
als Spam ?
Etwas Ratlos :-((.
# 2.2.25 (7be1766): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.14 (099a97c)
# OS: Linux 3.10.0-327.36.3.el7.x86_64 x86_64 CentOS Linux release 7.2.1511
(Core)
doveadm_password = # hidden, use -P to show it
doveadm_port = 10993
mail_location = maildir:~/Maildir
mail_plugins = zlib acl fts fts_lucene notify replication
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date index ihave duplicate
mime foreverypart extracttext
mbox_write_locks = fcntl
namespace {
ignore_on_failure = no
list = children
location = maildir:%%h/Maildir:INDEX=%h/shared/%%u:CONTROL=%h/shared/%
%u:INDEXPVT=%h/shared/%%u
prefix = shared/%%u/
separator = /
subscriptions = yes
type = shared
}
namespace inbox {
hidden = no
ignore_on_failure = no
inbox = yes
list = yes
location =
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Junk {
auto = subscribe
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix = INBOX/
separator = /
subscriptions = yes
type = private
}
passdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
plugin {
acl = vfile
acl_shared_dict = file:/var/lib/dovecot/db/shared-mailboxes.db
mail_replica = tcp:mx03.esslmaier.at
sieve = file:~/sieve;active=~/.dovecot.sieve
}
protocols = imap lmtp sieve
service aggregator {
fifo_listener replication-notify-fifo {
user = vmail
}
unix_listener replication-notify {
user = vmail
}
}
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0666
}
}
service doveadm {
inet_listener {
port = 10993
}
}
service lmtp {
inet_listener lmtp {
address = 127.0.0.1
port = 24
}
}
service replicator {
process_min_avail = 1
unix_listener replicator-doveadm {
group = vmail
mode = 0660
user = vmail
}
}
ssl = required
ssl_ca = </etc/ipa/ca.crt
ssl_cert = </etc/pki/tls/dovecot/certs/dove_cert.pem
ssl_cipher_list = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA
+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:
+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!
ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
ssl_client_ca_file = /etc/pki/tls/cert.pem
ssl_dh_parameters_length = 2048
ssl_key = </etc/pki/tls/dovecot/private/dove_key.pem
ssl_protocols = !SSLv2 !SSLv3
userdb {
args = /etc/dovecot/dovecot-ldap-userdb.conf.ext
driver = ldap
}
protocol imap {
mail_max_userip_connections = 25
mail_plugins = zlib acl fts fts_lucene notify replication acl imap_acl
imap_zlib
}
--
mit freundlichen Grüßen / best regards,
Günther J. Niederwimmer
Mehr Informationen über die Mailingliste Dovecot