服务器 Gind.cn
  1. 服务器 Gind.cn
  3. Postfix服务器在开始后立即开始发送垃圾邮件
Intereting Posts
HP DL180 G6:温度传感器#21 我如何configuration在GoDaddy上注册的域来使用Slicehost的域名服务器? networking交叉授粉 我如何将EBS卷多个连接到多个EC2实例? 在RAID-0升级到三星三星SSD EVO – 寻找什么types的RAID控制器? 批文件如果%时间%不工作 其他上行链路的Stackwise和RSTP状态 遇到星号SIP电话上的单向adio问题 鱿鱼reply_header_accessconfiguration? 我可以连接到没有SSL证书的活动目录端口636吗? 我如何检查VMware工具是否在我的客户端Ubuntu服务器上运行? 如果您有Redhat许可证(RHEL 5),RedHat目录服务器是否可用? 任何人都可以使用SuperMicro Layer 3开关(特别是SSE-G48-TG4) Apache FastCGI服务器连接失败 使用Powershell设置GPO计算机configuration

Postfix服务器在开始后立即开始发送垃圾邮件

我在debian操作系统上安装了一个postfix服务器,并且我在同一台机器上安装了PHP 2.0的apache 2.0。

几天前我的服务器开始通过postfix发送大量的垃圾邮件。 我明白了一个不好的joomla补丁的问题原因,并删除它(我完全删除安装的joomla脚本)。 我也改变了一些后缀的configuration,使其更具限制性。

现在,几天后,当我启动postfix时,它仍然开始立即发送垃圾邮件,并且非常糟糕地降低了服务器速度。 似乎这个垃圾邮件发送源是本地(受感染的进程),我强烈推测Apache进程发送这些垃圾邮件(Apache进程本身而不是PHP脚本),因为当我启动后缀,许多Apache进程开始创build&我真的不知道如何find并修复被感染的程序。

任何人都可以帮我解决这个烦人的问题吗?

这是后缀日志输出的一部分: 

Apr 23 15:19:28 vs1419 postfix/qmgr[28017]: E061251F3F8: from=<[email protected]>, size=1514, nrcpt=1 (queue active) Apr 23 15:19:28 vs1419 postfix/qmgr[28017]: A41D05F6749: from=<>, size=2803, nrcpt=1 (queue active) Apr 23 15:19:28 vs1419 postfix/cleanup[29464]: 84C845F6736: message-id=<[email protected]> Apr 23 15:19:28 vs1419 postfix/bounce[738]: E98C751E252: sender non-delivery notification: D6B205F6327 Apr 23 15:19:28 vs1419 postfix/qmgr[28017]: EECD3536B5D: from=<[email protected]>, size=697, nrcpt=1 (queue active) Apr 23 15:19:28 vs1419 postfix/qmgr[28017]: E98C751E252: removed Apr 23 15:19:28 vs1419 postfix/qmgr[28017]: 3C3D05F6381: from=<>, size=2458, nrcpt=1 (queue active) Apr 23 15:19:28 vs1419 postfix/smtp[28318]: E458551E8ED: host mta6.am0.yahoodns.net[66.196.118.34] said: 451 Message temporarily deferred - [70] (in reply to end of DATA command) Apr 23 15:19:29 vs1419 postfix/smtp[28400]: EA82F5FF024: host mx-apac.mail.gm0.yahoodns.net[106.10.166.54] said: 451 Message temporarily deferred - [140] (in reply to end of DATA command) Apr 23 15:19:29 vs1419 postfix/smtp[29940]: EC039604A3C: host mta7.am0.yahoodns.net[66.196.118.35] said: 451 Message temporarily deferred - [140] (in reply to end of DATA command) Apr 23 15:19:29 vs1419 postfix/smtp[28631]: E0C7461798B: to=<[email protected]>, relay=mta6.am0.yahoodns.net[66.196.118.34]:25, conn_use=3, delay=2667975, delays=2667974/0.05/0.67/0.82, dsn=2.0.0, status=sent (250 ok dirdel) Apr 23 15:19:29 vs1419 postfix/smtp[28940]: E061251F3F8: host mta5.am0.yahoodns.net[66.196.118.240] said: 451 Message temporarily deferred - [160] (in reply to end of DATA command) Apr 23 15:19:29 vs1419 postfix/smtp[29144]: EECD3536B5D: to=<[email protected]>, relay=mta6.am0.yahoodns.net[98.138.112.32]:25, conn_use=5, delay=2765684, delays=2765683/0.02/0.18/0.67, dsn=2.0.0, status=sent (250 ok dirdel) Apr 23 15:19:29 vs1419 postfix/qmgr[28017]: E183C557933: from=<[email protected]>, size=1554, nrcpt=1 (queue active) Apr 23 15:19:29 vs1419 postfix/qmgr[28017]: E0C7461798B: removed Apr 23 15:19:29 vs1419 postfix/qmgr[28017]: EECD3536B5D: removed Apr 23 15:19:29 vs1419 postfix/qmgr[28017]: D6B205F6327: from=<>, size=2582, nrcpt=1 (queue active) Apr 23 15:19:29 vs1419 postfix/qmgr[28017]: BE7065F6708: removed Apr 23 15:19:29 vs1419 postfix/qmgr[28017]: E4DA351AAE7: from=<[email protected]>, size=737, nrcpt=1 (queue active) Apr 23 15:19:30 vs1419 postfix/bounce[29215]: E784951BE8E: sender non-delivery notification: 842BD5F63BF Apr 23 15:19:30 vs1419 postfix/bounce[28641]: EE8C2603D05: sender non-delivery notification: 84C845F6736 Apr 23 15:19:30 vs1419 postfix/qmgr[28017]: 841F45F63BE: from=<>, size=2532, nrcpt=1 (queue active) Apr 23 15:19:30 vs1419 postfix/bounce[28700]: E6A775FEBD9: sender non-delivery notification: 841F45F63BE Apr 23 15:19:30 vs1419 postfix/smtp[28430]: EA7095374CF: to=<[email protected]>, relay=mta6.am0.yahoodns.net[66.196.118.35]:25, conn_use=4, delay=2726125, delays=2726124/0.65/0.14/0.42, dsn=5.0.0, status=bounced (host mta6.am0.yahoodns.net[66.196.118.35] said: 554 delivery error: dd This user doesn't have a yahoo.com account ([email protected]) [0] - mta1340.mail.bf1.yahoo.com (in reply to end of DATA command)) Apr 23 15:19:30 vs1419 postfix/smtp[28526]: ED56161741B: to=<[email protected]>, relay=mta7.am0.yahoodns.net[98.138.112.33]:25, conn_use=4, delay=2672213, delays=2672211/0.23/0.9/0.54, dsn=5.0.0, status=bounced (host mta7.am0.yahoodns.net[98.138.112.33] said: 554 delivery error: dd This user doesn't have a yahoo.com account ([email protected]) [0] - mta1110.mail.ne1.yahoo.com (in reply to end of DATA command)) Apr 23 15:19:30 vs1419 postfix/smtp[28381]: AA9075F6367: to=<[email protected]>, relay=mail.mysite1.example.net[79.175.164.237]:25, delay=5.4, delays=1.1/0.36/1.6/2.3, dsn=5.0.0, status=bounced (host mail.mysite1.example.net[79.175.164.237] said: 550 "Unknown User" (in reply to RCPT TO command)) Apr 23 15:19:30 vs1419 postfix/qmgr[28017]: E784951BE8E: removed Apr 23 15:19:30 vs1419 postfix/qmgr[28017]: E6A775FEBD9: removed Apr 23 15:19:30 vs1419 postfix/smtp[30003]: connect to hotmeil.com[64.4.6.100]:25: Connection timed out Apr 23 15:19:30 vs1419 postfix/cleanup[30287]: 1867A5F6708: message-id=<[email protected]> Apr 23 15:19:30 vs1419 postfix/smtp[28707]: E183C557933: to=<[email protected]>, relay=mta6.am0.yahoodns.net[66.196.118.34]:25, conn_use=4, delay=2706876, delays=2706875/0.81/0.14/0.91, dsn=2.0.0, status=sent (250 ok dirdel) Apr 23 15:19:30 vs1419 postfix/qmgr[28017]: E906C53687E: from=<[email protected]>, size=727, nrcpt=1 (queue active) Apr 23 15:19:30 vs1419 postfix/qmgr[28017]: EE8C2603D05: removed Apr 23 15:19:30 vs1419 postfix/qmgr[28017]: E183C557933: removed Apr 23 15:19:30 vs1419 postfix/qmgr[28017]: 84C845F6736: from=<>, size=2922, nrcpt=1 (queue active) Apr 23 15:19:30 vs1419 postfix/qmgr[28017]: AA9075F6367: removed Apr 23 15:19:30 vs1419 postfix/smtp[29940]: EC039604A3C: to=<[email protected]>, relay=mta7.am0.yahoodns.net[66.196.118.35]:25, conn_use=8, delay=2505679, delays=2505678/0.02/0.69/0.41, dsn=4.0.0, status=deferred (host mta7.am0.yahoodns.net[66.196.118.35] said: 451 Message temporarily deferred - [140] (in reply to end of DATA command)) Apr 23 15:19:30 vs1419 postfix/smtp[28615]: 3C4325F6703: to=<[email protected]>, relay=mail.mysite1.example.net[79.175.164.237]:25, conn_use=2, delay=3.6, delays=1.3/0.17/0.31/1.8, dsn=5.0.0, status=bounced (host mail.mysite1.example.net[79.175.164.237] said: 550 "Unknown User" (in reply to RCPT TO command)) Apr 23 15:19:30 vs1419 postfix/smtp[28318]: E458551E8ED: to=<[email protected]>, relay=mta6.am0.yahoodns.net[66.196.118.34]:25, conn_use=4, delay=2750102, delays=2750100/0.49/0.72/0.43, dsn=4.0.0, status=deferred (host mta6.am0.yahoodns.net[66.196.118.34] said: 451 Message temporarily deferred - [70] (in reply to end of DATA command)) Apr 23 15:19:30 vs1419 postfix/smtp[30164]: A41D05F6749: to=<[email protected]>, relay=mail.mysite1.example.net[79.175.164.237]:25, conn_use=2, delay=3.2, delays=1/0.03/0.31/1.8, dsn=5.0.0, status=bounced (host mail.mysite1.example.net[79.175.164.237] said: 550 "Unknown User" (in reply to RCPT TO command)) Apr 23 15:19:30 vs1419 postfix/smtp[30125]: EF587606F67: to=<[email protected]>, relay=mta6.am0.yahoodns.net[66.196.118.37]:25, delay=2453187, delays=2453182/0.14/2/3.4, dsn=4.0.0, status=deferred (host mta6.am0.yahoodns.net[66.196.118.37] said: 451 Message temporarily deferred - [140] (in reply to end of DATA command)) Apr 23 15:19:30 vs1419 postfix/smtp[28940]: E061251F3F8: to=<[email protected]>, relay=mta7.am0.yahoodns.net[98.138.112.35]:25, delay=2801108, delays=2801105/0.15/1.3/0.88, dsn=2.0.0, status=sent (250 ok dirdel) Apr 23 15:19:31 vs1419 postfix/cleanup[29322]: C02C95F6706: message-id=<[email protected]> Apr 23 15:19:31 vs1419 postfix/qmgr[28017]: E6680601A96: from=<[email protected]>, size=689, nrcpt=1 (queue active) Apr 23 15:19:31 vs1419 postfix/qmgr[28017]: EC039604A3C: from=<[email protected]>, status=expired, returned to sender Apr 23 15:19:31 vs1419 postfix/qmgr[28017]: E458551E8ED: from=<[email protected]>, status=expired, returned to sender Apr 23 15:19:31 vs1419 postfix/qmgr[28017]: EF587606F67: from=<[email protected]>, status=expired, returned to sender Apr 23 15:19:31 vs1419 postfix/qmgr[28017]: E061251F3F8: removed

总结build议在CW </ bot>发表意见

感谢: Gryphius , Jan Marek , MKzero , mgabriel ,当然还有Wietse Venema的代码(和文档)。

你应该检查后缀队列从垃圾邮件是空的…

当爆发发生时(joomla疯狂地),你的后缀可能已经收到了大量的垃圾邮件。 Postfix会因为邮件数量巨大而排队。 如果远程服务器拒绝代码4XX,postfix仍然会将垃圾邮件存储在延期队列中。 这里告诉我们雅虎电子邮件拒绝接收我们的电子邮件的日志行。 

 Apr 23 15:19:30 vs1419 postfix/smtp[28318]: E458551E8ED: to=<[email protected]>, relay=mta6.am0.yahoodns.net[66.196.118.34]:25, conn_use=4, delay=2750102, delays=2750100/0.49/0.72/0.43, dsn=4.0.0, status=deferred (host mta6.am0.yahoodns.net[66.196.118.34] said: 451 Message temporarily deferred - [70] (in reply to end of DATA command))

你可以用命令查看postfix队列 

 postqueue -p

如果你想删除所有延期队列中的电子邮件(你的垃圾邮件可能在这里),执行命令 

 postsuper -d ALL deferred

要么 

 postsuper -d ALL

删除所有队列中的所有电子邮件。 小心处理,如果在我的队列中还有其他非垃圾邮件的消息。

这两个命令都附带了postfix。 您可以查看文档: man postsuper和man postqueue 。