谁或什么是从我的服务器（CentOS / Apache / suPHP）发送垃圾邮件

我的服务器正在发送大量的垃圾邮件，现在我search了几个小时的问题。 谷歌search后，我find了一个论坛，他们谈论这个，并提到深入到日志，所以我做了，发现电子邮件发送：[用户名] @ vps1。[主机名]。[tld]。 在论坛上他们说这些电子邮件可能是从我的服务器发送的，因为这不是一个使用的电子邮件地址。 他们还提到挖掘到PHP日志。

我试过这个，但找不到任何东西，所以通过电子邮件标题，我现在试图检测发送所有这些电子邮件的脚本。 我现在被卡住了

我已经通过添加以下规则更改了php.ini：

mail.add_x_header = On mail.log = /var/log/phpmail.log 

另外我通过添加这行添加了exim.conf ：

• 多个虚拟主机不在Apache工作
• mod_pagespeed拥有js和css渲染阻塞
• 了解Apache服务器状态页面
• Apache FastCGI服务器连接失败
• 在脚本中检测apache2根目录是/ var / www还是/ var / www / html

 +arguments \ 

重新启动exim和apache，但是在exim日志中没有看到任何X-PHP-Script头文件，并且php邮件日志没有被创build。

只有我看到的是在exim日志中的X标题：

 X=TLSv1:RC4-SHA:128 

任何人都可以告诉我下一步该做什么？

编辑

以下是来自exim日志的一些行：

 bash-3.2# cat /var/log/exim/mainlog | grep 1W9FsC-0003qq-S2 2014-01-31 16:19:16 1W9FsC-0003qq-S2 <= [email protected] U=instijl P=local S=816 T="Re: It's good to see you," from <[email protected]> for [email protected] 2014-01-31 16:19:16 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1W9FsC-0003qq-S2 2014-01-31 16:19:17 1W9FsC-0003qq-S2 ** [email protected] F=<[email protected]> R=lookuphost T=remote_smtp: SMTP error from remote mail server after initial connection: host extmail.bigpond.com [61.9.168.122]: 554 nskntcmgw02p BigPond Inbound IB103. Connection refused. 141.138.199.65 has a poor reputation on the Cloudmark Sender Intelligence (CSI) list. Please visit http://csi.cloudmark.com/reset-request/?ip=141.138.199.65 to request a delisting. 2014-01-31 16:19:17 cwd=/var/spool/exim 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1W9FsC-0003qq-S2 2014-01-31 16:19:17 1W9FsD-0003r9-H9 <= <> R=1W9FsC-0003qq-S2 U=mail P=local S=2006 T="Mail delivery failed: returning message to sender" from <> for [email protected] 2014-01-31 16:19:17 1W9FsC-0003qq-S2 Completed bash-3.2# cat /var/log/exim/mainlog | grep 1W9FsC-0003qc-M7 2014-01-31 16:19:16 1W9FsC-0003qc-M7 <= [email protected] U=instijl P=local S=822 T="Re: It's good to see you," from <[email protected]> for [email protected] 2014-01-31 16:19:16 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1W9FsC-0003qc-M7 2014-01-31 16:19:17 1W9FsC-0003qc-M7 ** [email protected] F=<[email protected]> R=lookuphost T=remote_smtp: SMTP error from remote mail server after end of data: host gmail-smtp-in.l.google.com [173.194.65.26]: 550-5.7.1 [141.138.199.65 12] Our system has detected that this message is\n550-5.7.1 likely unsolicited mail. To reduce the amount of spam sent to Gmail,\n550-5.7.1 this message has been blocked. Please visit\n550-5.7.1 http://support.google.com/mail/bin/answer.py?hl=en&answer=188131 for\n550 5.7.1 more information. y48si18631040eew.58 - gsmtp 2014-01-31 16:19:17 cwd=/var/spool/exim 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1W9FsC-0003qc-M7 2014-01-31 16:19:17 1W9FsD-0003r1-BS <= <> R=1W9FsC-0003qc-M7 U=mail P=local S=2146 T="Mail delivery failed: returning message to sender" from <> for [email protected] 2014-01-31 16:19:17 1W9FsC-0003qc-M7 Completed bash-3.2# cat /var/log/exim/mainlog | grep 1W9Frw-0003oS-Gd 2014-01-31 16:19:00 1W9Frw-0003oS-Gd <= [email protected] U=instijl P=local S=823 T="FW: Yo" from <[email protected]> for [email protected] 2014-01-31 16:19:00 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1W9Frw-0003oS-Gd 2014-01-31 16:19:02 1W9Frw-0003oS-Gd SMTP error from remote mail server after MAIL FROM:<[email protected]> SIZE=1866: host mta6.am0.yahoodns.net [98.136.217.203]: 421 4.7.1 [TS03] All messages from 141.138.199.65 will be permanently deferred; Retrying will NOT succeed. See http://postmaster.yahoo.com/421-ts03.html 2014-01-31 16:19:03 1W9Frw-0003oS-Gd SMTP error from remote mail server after MAIL FROM:<[email protected]> SIZE=1866: host mta6.am0.yahoodns.net [98.136.216.26]: 421 4.7.1 [TS03] All messages from 141.138.199.65 will be permanently deferred; Retrying will NOT succeed. See http://postmaster.yahoo.com/421-ts03.html 2014-01-31 16:19:04 1W9Frw-0003oS-Gd SMTP error from remote mail server after MAIL FROM:<[email protected]> SIZE=1866: host mta6.am0.yahoodns.net [66.196.118.36]: 421 4.7.1 [TS03] All messages from 141.138.199.65 will be permanently deferred; Retrying will NOT succeed. See http://postmaster.yahoo.com/421-ts03.html 2014-01-31 16:19:06 1W9Frw-0003oS-Gd SMTP error from remote mail server after MAIL FROM:<[email protected]> SIZE=1866: host mta6.am0.yahoodns.net [98.138.112.33]: 421 4.7.1 [TS03] All messages from 141.138.199.65 will be permanently deferred; Retrying will NOT succeed. See http://postmaster.yahoo.com/421-ts03.html 2014-01-31 16:19:07 1W9Frw-0003oS-Gd SMTP error from remote mail server after MAIL FROM:<[email protected]> SIZE=1866: host mta6.am0.yahoodns.net [66.196.118.35]: 421 4.7.1 [TS03] All messages from 141.138.199.65 will be permanently deferred; Retrying will NOT succeed. See http://postmaster.yahoo.com/421-ts03.html 2014-01-31 16:19:07 1W9Frw-0003oS-Gd == [email protected] R=lookuphost T=remote_smtp defer (-45): SMTP error from remote mail server after MAIL FROM:<[email protected]> SIZE=1866: host mta6.am0.yahoodns.net [66.196.118.35]: 421 4.7.1 [TS03] All messages from 141.138.199.65 will be permanently deferred; Retrying will NOT succeed. See http://postmaster.yahoo.com/421-ts03.html bash-3.2# cat /var/log/exim/mainlog | grep 1W9Frg-0003mP-S6 2014-01-31 16:18:44 1W9Frg-0003mP-S6 <= [email protected] U=instijl P=local S=814 T="call me" from <[email protected]> for [email protected] 2014-01-31 16:18:44 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1W9Frg-0003mP-S6 2014-01-31 16:18:45 1W9Frg-0003mP-S6 => [email protected] F=<[email protected]> R=lookuphost T=remote_smtp S=837 H=mx-ha03.web.de [213.165.67.104] X=TLSv1:AES256-SHA:256 C="250 Requested mail action okay, completed: id=0Le6s0-1VUM4v1jno-00pvEX" 2014-01-31 16:18:45 1W9Frg-0003mP-S6 Completed