我发现我的服务器正在发送垃圾邮件。垃圾邮件由后缀服务器发送。它有大量的电子邮件队列,将在没有我帮助的情况下发送。我无法理解将这些电子邮件添加到postfix队列的脚本。
现在我有这些问题:
来自/var/mail/user123的报告:
From MAILER-DAEMON Tue Nov 11 04:01:47 2014
Return-Path: <>
X-Original-To: user123@ubuntu
Delivered-To: user123@ubuntu
Received: by ubuntu (Postfix)
id 8F0D227364; Mon, 10 Nov 2014 15:15:52 -0500 (EST)
Date: Mon, 10 Nov 2014 15:15:52 -0500 (EST)
From: MAILER-DAEMON@ubuntu (Mail Delivery System)
Subject: Undelivered Mail Returned to Sender
To: user123@ubuntu
Auto-Submitted: auto-replied
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="C0BE92ECAB.1415650552/ubuntu"
Message-Id: <20141110201552.8F0D227364@ubuntu>
This is a MIME-encapsulated message.
--C0BE92ECAB.1415650552/ubuntu
Content-Description: Notification
Content-Type: text/plain; charset=us-ascii
This is the mail system at host ubuntu.
I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The mail system
<quirin.cyrille@orange.fr>: delivery temporarily suspended: host
smtp-in.orange.fr[80.12.242.9] refused to talk to me: 550 mwinf5c20 ME
Adresse IP source bloquee pour incident de spam. Client host blocked for
spamming issues. OFR006_102 Ref
http://csi.cloudmark.com/reset-request/?ip=74.218.214.24 [102]
--C0BE92ECAB.1415650552/ubuntu
Content-Description: Delivery report
Content-Type: message/delivery-status
Reporting-MTA: dns; ubuntu
X-Postfix-Queue-ID: C0BE92ECAB
X-Postfix-Sender: rfc822; user123@ubuntu
Arrival-Date: Wed, 5 Nov 2014 13:50:50 -0500 (EST)
Final-Recipient: rfc822; quirin.cyrille@orange.fr
Action: failed
Status: 4.0.0
Diagnostic-Code: X-Postfix; delivery temporarily suspended: host
smtp-in.orange.fr[80.12.242.9] refused to talk to me: 550 mwinf5c20 ME
Adresse IP source bloquee pour incident de spam. Client host blocked for
spamming issues. OFR006_102 Ref
http://csi.cloudmark.com/reset-request/?ip=74.218.214.24 [102]
--C0BE92ECAB.1415650552/ubuntu
Content-Description: Undelivered Message Headers
Content-Type: text/rfc822-headers
Return-Path: <user123@ubuntu>
Received: by ubuntu (Postfix, from userid 1006)
id C0BE92ECAB; Wed, 5 Nov 2014 13:50:50 -0500 (EST)
From: =?UTF-8?B?T25seSBDYXNpbm8=?= <only_casino@bingo-chips.us>
To: "MOIDU88480" <quirin.cyrille@orange.fr>
Subject: =?UTF-8?B?Qm9uam91ciBNT0lEVTg4NDgwLiBWZWdhcyBEYXlzIENhc2lubyAtIExhcyBWZWdhcyBzJ2ludml0ZSBjaGV6IHZvdXMgc3VyIFZlZ2FzIERheSBDYXNpbm8h?=
Content-Type: multipart/mixed; boundary="PHP-mixed-3b3472b0874837cf2218d941eec5b6d8"
Message-Id: <20141105185050.C0BE92ECAB@ubuntu>
Date: Wed, 5 Nov 2014 13:50:50 -0500 (EST)
--C0BE92ECAB.1415650552/ubuntu--
谷歌搜索没有结果。 我的谷歌搜索查询可能有误,但我真的需要解决这个问题 所以任何帮助都表示赞赏 如果我能提供更多有用的信息,请在评论中提出。
P.S。服务器托管magento和wordpress网站。 P.S.S. 74.218.214.24 - 是我的专用服务器的IP,而不是原始服务器。由于安全原因,这篇文章发生了变化。
更新 来自/var/log/mail.log的一些行:
Nov 9 06:40:05 u17135818 postfix/smtp[10428]: 65EDE3C718: to=<mywookie@ymail.com>, relay=mta6.am0.yahoodns.net[98.136.216.25]:25, delay=7.7, delays=7.4/0/0.19/0.06, dsn=5.7.1, status=bounced (host mta6.am0.yahoodns.net[98.136.216.25] said: 553 5.7.1 [BL21] Connections will not be accepted from 74.218.214.24, because the ip is in Spamhaus's list; see http://postmaster.yahoo.com/550-bl23.html (in reply to MAIL FROM command))
Nov 9 06:40:05 u17135818 postfix/smtp[10428]: 65EDE3C718: lost connection with mta6.am0.yahoodns.net[98.136.216.25] while sending RCPT TO
Nov 9 06:40:05 u17135818 postfix/pickup[10080]: 1338B3ED4A: uid=1006 from=<user123>
Nov 9 06:40:05 u17135818 postfix/cleanup[12998]: 1338B3ED4A: message-id=<20141109114005.1338B3ED4A@ubuntu>
Nov 9 06:40:05 u17135818 postfix/cleanup[13261]: 133D53ED54: message-id=<20141109114005.133D53ED54@ubuntu>
Nov 9 06:40:05 u17135818 postfix/smtp[10424]: DECBB27368: to=<toshiki_6@hotmail.com>, relay=mx2.hotmail.com[207.46.8.199]:25, delay=9.6, delays=9.3/0.02/0.19/0.06, dsn=5.0.0, status=bounced (host mx2.hotmail.com[207.46.8.199] said: 550 OU-002 (BAY004-MC6F11) Unfortunately, messages from 74.218.214.24 weren't sent. Please contact your Internet service provider since part of their network is on our block list. You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors. (in reply to MAIL FROM command))
Nov 9 06:40:05 u17135818 postfix/smtp[12030]: EFA783D645: to=<festefaen@gmail.com>, relay=gmail-smtp-in.l.google.com[2607:f8b0:4001:c08::1b]:25, delay=7.3, delays=6.6/0/0.09/0.64, dsn=5.7.1, status=bounced (host gmail-smtp-in.l.google.com[2607:f8b0:4001:c08::1b] said: 550-5.7.1 [2607:f1c0:841:fe00::66:d8fd 12] Our system has detected that 550-5.7.1 this message is likely unsolicited mail. To reduce the amount of spam 550-5.7.1 sent to Gmail, this message has been blocked. Please visit 550-5.7.1 http://support.google.com/mail/bin/answer.py?hl=en&answer=188131 for 550 5.7.1 more information. sd5si10854734igb.33 - gsmtp (in reply to end of DATA command))
...
Nov 11 04:01:54 u17135818 postfix/smtp[17765]: E01792762C: host mx1.free.fr[212.27.48.6] said: 451 too many errors detected from your IP (74.218.214.24), please visit http://postmaster.free.fr/ (in reply to DATA command)
Nov 11 04:01:54 u17135818 postfix/smtp[17797]: 953592B312: host cluster1.eu.messagelabs.com[85.158.143.99] refused to talk to me: 450 Requested action aborted [7.2] 21614, please visit www.messagelabs.com/support for more details about this error message.
Nov 11 04:01:54 u17135818 postfix/qmgr[17712]: C7D883257C: from=<user123@ubuntu>, status=expired, returned to sender
Nov 11 04:01:54 u17135818 postfix/qmgr[17712]: 0799A259AD: removed
Nov 11 04:01:54 u17135818 postfix/qmgr[17712]: 90F4332280: removed
Nov 11 04:01:54 u17135818 postfix/qmgr[17712]: 67B8B2E7C7: from=<user123@ubuntu>, status=expired, returned to sender
Nov 11 04:01:54 u17135818 postfix/qmgr[17712]: 9063532F5D: removed
Nov 11 04:01:54 u17135818 postfix/qmgr[17712]: EE4222A874: removed
Nov 11 04:01:54 u17135818 postfix/smtp[17724]: 61C22360A0: to=<lgennuso@princetonhcs.org>, relay=smtp4.princetonhcs.org[209.123.81.114]:25, delay=381492, delays=381485/5.6/0.59/0, dsn=4.5.0, status=deferred (host smtp4.princetonhcs.org[209.123.81.114] refused to talk to me: 550 5.5.0 74.218.214.24 is blacklisted by FortiGuard. This email from IP has been rejected. The email message was detected as spam.)
Nov 11 04:01:54 u17135818 postfix/smtp[17800]: 61B3A3AD2C: to=<bigboy@starbucks.org>, relay=none, delay=259892, delays=259884/2.2/5.5/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=starbucks.org type=MX: Host not found, try again)
Nov 11 04:01:54 u17135818 postfix/smtp[17787]: CD3312175D: host mx1.free.fr[212.27.48.7] said: 451 too many errors detected from your IP (74.218.214.24), please visit http://postmaster.free.fr/ (in reply to DATA command)
Nov 11 04:01:54 u17135818 postfix/smtp[17819]: 780C624266: to=<max.charlene@aliceadsl.fr>, relay=mx1.free.fr[212.27.48.7]:25, conn_use=5, delay=227385, delays=227377/6.5/0.66/0.34, dsn=4.0.0, status=deferred (host mx1.free.fr[212.27.48.7] said: 451 too many errors detected from your IP (74.218.214.24), please visit http://postmaster.free.fr/ (in reply to DATA command))
Nov 11 04:01:54 u17135818 postfix/smtp[17778]: CE12E26756: to=<rcataldo@laposte.net>, relay=smtpz4.laposte.net[194.117.213.1]:25, delay=133031, delays=133023/6.5/0.79/0.27, dsn=5.0.1, status=bounced (host smtpz4.laposte.net[194.117.213.1] said: 501 5.0.1 Emetteur invalide. Invalid Sender. LPN007_405 (in reply to MAIL FROM command))
答案 0 :(得分:0)
它看起来像一个服务或软件触发此邮件。您可以使用外部域的邮件中继选项阻止来自postfix的所有外发邮件,如果您不想从您的计算机发送任何邮件,则可以这样做。
您可以检查/ var / log中的maillog文件 - 这将提供更多详细信息,同时检查命令mailq以查看有多少邮件待处理。
更新: -
您是否允许网络中的任何其他人通过您的计算机发送邮件?然后您可以怀疑此案例。我从日志中注意到的几件事情是 -
接收方拒绝邮件说你的公共IP是洪水邮件。
如果这些邮件是定期发送的,而不是来自网络中的任何其他计算机,那么您必须找出执行此操作的进程或应用程序。为此,您必须使用tcpdump并监视TCP数据包。从中可以看出,邮件客户端首先将邮件推送到本地后缀服务器,然后将其转发到目标邮件服务器。
这是我可以看到哪种应用程序从您的计算机发送邮件的方式。
希望这能帮助你找出罪魁祸首。