NeilWang's questions

首先，我的服务器上没有使用 IPv6，并且 IPv6 已被禁用。

但是，如果我运行firewall-cmd --list-all-policies，我可以看到有一个名为的默认策略allow-host-ipv6。

它到底起什么作用？我也不知道这个策略是怎么来的。我确定这个/etc/firewalld/policies/目录是空的。我该怎么把它删掉？

# firewall-cmd --list-all-policies
allow-host-ipv6 (active)
  priority: -15000
  target: CONTINUE
  ingress-zones: ANY
  egress-zones: HOST
  services: 
  ports: 
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 
        rule family="ipv6" icmp-type name="neighbour-advertisement" accept
        rule family="ipv6" icmp-type name="neighbour-solicitation" accept
        rule family="ipv6" icmp-type name="router-advertisement" accept
        rule family="ipv6" icmp-type name="redirect" accept

我正在协助客户升级他们现有的旧版 Exchange 2010 服务器。但是，我发现从 Exchange 命令行管理程序获得的版本号与 Exchange 管理控制台不同。

该服务目前正在运行，并且电子邮件正在运行。

可以忽略它吗？安装的是哪个真实版本？

我有一个作为 Exchange smarthost 运行的 Postfix 邮件中继服务器，并在本地托管另一封邮件。

上周我观察到对这台服务器的攻击，有人正在使用它向不同的目的地发送大量电子邮件。

我不知道它是从哪里连接的，并且“发件人”地址也被屏蔽了。

以下是邮件日志：

Apr 16 06:29:10 mail.xxx.com postfix/qmgr[25497]: EC5A91D727: from=<>, size=3096, nrcpt=1 (queue active)
Apr 16 06:29:10 mail.xxx.com postfix/bounce[12183]: B37D31D6FA: sender non-delivery notification: EC5A91D727
Apr 16 06:29:10 mail.xxx.com postfix/qmgr[25497]: B37D31D6FA: removed
Apr 16 06:29:11 mail.xxx.com postfix/smtp[12164]: 1A9B71D801: to=<xxx@inver**.com>, relay=inver**.com[164.138.x.x]:25, delay=50, delays=39/0/6.7/5, dsn=2.0.0, status=sent (250 OK id=1lX6jh-000875-TC)
Apr 16 06:29:11 mail.xxx.com postfix/qmgr[25497]: 1A9B71D801: removed
Apr 16 06:29:11 mail.xxx.com postfix/smtp[11990]: 3BEAB1D9C3: to=<xxx@tms**.pl>, relay=tms**.pl[194.181.x.x]:25, delay=49, delays=37/0/6.7/5.4, dsn=2.0.0, status=sent (250 OK id=1lX6ji-000469-QT)
Apr 16 06:29:11 mail.xxx.com postfix/qmgr[25497]: 3BEAB1D9C3: removed
Apr 16 06:29:12 mail.xxx.com postfix/smtp[12954]: 418621D80D: to=<xxx@medi**.com.cn>, relay=mxw**.com[198.x.x.x]:25, delay=51, delays=38/0/8.5/4.5, dsn=5.0.0, status=bounced (host mxw.mxhichina.com[198.11.189.243] said: 551 virus infected mail rejected (in reply to end of DATA command))
Apr 16 06:29:12 mail.xxx.com postfix/cleanup[7936]: 6711A1D7B7: message-id=<[email protected]>
Apr 16 06:29:12 mail.xxx.com postfix/bounce[12184]: 418621D80D: sender non-delivery notification: 6711A1D7B7
Apr 16 06:29:12 mail.xxx.com postfix/qmgr[25497]: 418621D80D: removed
Apr 16 06:29:12 mail.xxx.com postfix/qmgr[25497]: 6711A1D7B7: from=<>, size=2554, nrcpt=1 (queue active)
Apr 16 06:29:12 mail.xxx.com postfix/smtp[11499]: 65E4C1D95F: to=<xxx@an**.com>, relay=aspmx.l.google.com[172.217.x.x]:25, delay=51, delays=38/0/6.3/6.7, dsn=5.7.0, status=bounced (host aspmx.l.google.com[172.217.194.27] said: 552-5.7.0 This message was blocked because its content presents a potential 552-5.7.0 security issue. Please visit 552-5.7.0  https://support.google.com/mail/?p=BlockedMessage to review our 552 5.7.0 message content and attachment content guidelines. z63si3810735ybh.300 - gsmtp (in reply to end of DATA command))
Apr 16 06:29:12 mail.xxx.com postfix/cleanup[10468]: 705F91D801: message-id=<[email protected]>
Apr 16 06:29:12 mail.xxx.com postfix/smtp[11996]: F05911DBCA: to=<xxx@maq**.ae>, relay=maq**.protection.outlook.com[104.47.x.x]:25, delay=36, delays=27/0/3.1/6, dsn=2.6.0, status=sent (250 2.6.0 <[email protected]> [InternalId=93338229282509, Hostname=DB8PR10MB2745.EURPRD10.PROD.OUTLOOK.COM] 933811 bytes in 3.322, 274.451 KB/sec Queued mail for delivery)
Apr 16 06:29:12 mail.xxx.com postfix/qmgr[25497]: F05911DBCA: removed
Apr 16 06:29:12 mail.xxx.com postfix/bounce[12183]: 65E4C1D95F: sender non-delivery notification: 705F91D801
Apr 16 06:29:12 mail.xxx.com postfix/qmgr[25497]: 65E4C1D95F: removed

如何查看攻击源在哪里？有没有办法只限制可用于邮件中继的特定域范围？

我不是 Postfix 专业人士，所以任何建议/建议将不胜感激。

我在我的测试域中重命名了我唯一的 DC 的计算机名称。但是，似乎数据库没有完全更新。第一次重启后我遇到了0xc00002e2蓝屏。然后我尝试通过使用 ntdsutil -> Compact to 命令来修复它以重建 ntds.dit 文件。

服务器终于可以正常启动了。但是，我现在不能使用任何广告服务。这是 dcdiag 所说的：

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = dc1
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: SEA\SDC
      Starting test: Connectivity
         ......................... SDC passed test Connectivity

Doing primary tests

   Testing server: SEA\SDC
      Starting test: Advertising
         Fatal Error:DsGetDcName (SDC) call failed, error 1717
         The Locator could not find the server.
         ......................... SDC failed test Advertising
      Starting test: FrsEvent
         ......................... SDC passed test FrsEvent
      Starting test: DFSREvent
         The event log DFS Replication on server sdc.sea.nr could not be queried, error 0x6ba
         "The RPC server is unavailable."
         ......................... SDC failed test DFSREvent
      Starting test: SysVolCheck
         ......................... SDC passed test SysVolCheck
      Starting test: KccEvent
         The event log Directory Service on server sdc.sea.nr could not be queried, error 0x6ba
         "The RPC server is unavailable."
         ......................... SDC failed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... SDC passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... SDC passed test MachineAccount
      Starting test: NCSecDesc
         ......................... SDC passed test NCSecDesc
      Starting test: NetLogons
         Unable to connect to the NETLOGON share! (\\SDC\netlogon)
         [SDC] An net use or LsaPolicy operation failed with error 67, The network name cannot be found..
         ......................... SDC failed test NetLogons
      Starting test: ObjectsReplicated
         ......................... SDC passed test ObjectsReplicated
      Starting test: Replications
         ......................... SDC passed test Replications
      Starting test: RidManager
         ......................... SDC passed test RidManager
      Starting test: Services
         Could not open Remote ipc to [sdc.sea.nr]: error 0x43 "The network name cannot be found."
         ......................... SDC failed test Services
      Starting test: SystemLog
         The event log System on server sdc.sea.nr could not be queried, error 0x6ba "The RPC server is unavailabl
         ......................... SDC failed test SystemLog
      Starting test: VerifyReferences
         ......................... SDC passed test VerifyReferences


   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : sea
      Starting test: CheckSDRefDom
         ......................... sea passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... sea passed test CrossRefValidation

   Running enterprise tests on : sea.nr
      Starting test: LocatorCheck
         Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1717
         A Global Catalog Server could not be located - All GC's are down.
         Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1717
         A Primary Domain Controller could not be located.
         The server holding the PDC role is down.
         Warning: DcGetDcName(TIME_SERVER) call failed, error 1717
         A Time Server could not be located.
         The server holding the PDC role is down.
         Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 1717
         A Good Time Server could not be located.
         Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1717
         A KDC could not be located - All the KDCs are down.
         ......................... sea.nr failed test LocatorCheck
      Starting test: Intersite
         ......................... sea.nr passed test Intersite

似乎服务器正在尝试连接到 sdc.sea.nr，这是我打算重命名的名称。但目前计算机名称仍显示旧名称，我无法在本地 DNS 服务器中添加 A 记录。我应该如何解决这个问题？