今天下午,因为一个用户滥用邮件,导致directadmin空间的IP被机房封掉了。为了避免此类教训,非常有必要禁用端口25和PHP Mail 。
防火墙禁用25端口
方法:
先用iptables屏蔽全部IP连接25端口: iptables -I FORWARD -p tcp --dport 25 -j DROP iptables -I INPUT -p tcp --dport 25 -j DROP iptables -I OUTPUT -p tcp --dport 25 -j DROP 只允许特定ip连接25端口: iptables -I FORWARD -s 108.171.12.51 -p tcp --dport 25 -j ACCEPT 重新禁止此ip连接25端口,删除上述许可记录就可以了: iptables -D FORWARD -s 108.171.218.51 -p tcp --dport 25 -j ACCEPT 如果默认已经允许了全部ip链接25端口(大部分机器默认就允许) 需要禁止特定ip连接25端口: iptables -I FORWARD -s 108.171.12.51 -p tcp --dport 25 -j DROP
防火墙的其它操作:
# 查看防火墙状态 service iptables status # 停止防火墙 service iptables stop # 启动防火墙 service iptables start # 重启防火墙 service iptables restart # 永久关闭防火墙 chkconfig iptables off # 永久关闭后重启 chkconfig iptables on
在 php.ini 中添加禁用函数:mail。
参考:https://help.directadmin.com/item.php?id=301。如下:
Usually your php.ini will be located at (XX - PHP version, for example 73): /usr/local/phpXX/lib/php.ini CustomBuild 2.0 installs will also uses the php.conf.d directory to load miscellaneous .ini files into php. The files that CustomBuild will create are: /usr/local/php74/lib/php.conf.d/10-directadmin.ini /usr/local/php74/lib/php.conf.d/50-webapps.ini You can add your own files there if you need to add settings or load modules into php, for example: /usr/local/php74/lib/php.conf.d/11-custom.ini
另外,比较彻底的方法还有:
1. close incoming connections to TCP: 25 110 143 465 587 993 995 with firewall both for ipv4 and ipv6
2. install the latest exim.pl/exim.conf and set global limit for sending emails to 1 (zero would mean no limit at all)
3. enable SMTP_LIMIT in CSF/LFD
4. disable PHP mail() globally.
Qi 已回答的问题 2020年3月19日
写下您的答案。