嗨,我想知道如果有人可以帮助。 我从我的主机公司收到一封电子邮件,发现我的服务器有一些奇怪的stream量。 快速查看日志文件显示了下面的示例日志。 日志文件中有成千上万的电子邮件。
有人可以build议我如何阻止从我的Linux服务器发送的所有电子邮件。 如果有帮助,我在Ubuntu 12.03 LTS。
Jan 31 09:52:30 myserver postfix/smtp[55852]: 03EC14869A: to=<[email protected]>, relay=exch-spam02.ulaval.ca[132.203.244.24]:25, delay=229193, delays=229193/0.17/0.47/0, dsn=4.0.0, status=deferred (host exch-spam02.ulaval.ca[132.203.244.24] refused to talk to me: 554-exch-spam02.ulaval.ca 554 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means.) Jan 31 09:52:30 myserver postfix/smtp[55870]: connect to cluster8.us.messagelabs.com[216.82.241.132]:25: Connection refused Jan 31 09:52:30 myserver postfix/smtp[55849]: 5049348710: to=<[email protected]>, relay=mail3.uqam.ca[132.208.246.162]:25, delay=229188, delays=229187/0.15/0.52/0, dsn=4.0.0, status=deferred (host mail3.uqam.ca[132.208.246.162] refused to talk to me: 554-data.crochet.telecom.uqam.ca 554 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means.) Jan 31 09:52:30 myserver postfix/smtp[55870]: connect to cluster8a.us.messagelabs.com[85.158.139.103]:25: Connection refused Jan 31 09:52:30 myserver postfix/smtp[55861]: 3437C4876E: to=<[email protected]>, relay=mail3.uqam.ca[132.208.246.162]:25, delay=229181, delays=229180/0.2/0.45/0, dsn=4.0.0, status=deferred (host mail3.uqam.ca[132.208.246.162] refused to talk to me: 554-data.crochet.telecom.uqam.ca 554 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means.) Jan 31 09:52:30 myserver postfix/smtp[55846]: 8503348BF7: to=<[email protected]>, relay=mail2.csc-scc.gc.ca[198.103.56.136]:25, delay=228588, delays=228587/0.12/0.68/0, dsn=4.0.0, status=deferred (host mail2.csc-scc.gc.ca[198.103.56.136] refused to talk to me: 554-mxlaval.csc-scc.gc.ca 554 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means.) Jan 31 09:52:30 myserver postfix/smtp[55870]: connect to cluster8a.us.messagelabs.com[216.82.251.230]:25: Connection refused Jan 31 09:52:30 myserver postfix/smtp[55865]: A5E364984A: to=<[email protected]>, relay=mail2.uqam.ca[132.208.246.165]:25, delay=228559, delays=228558/0.27/0.46/0, dsn=4.0.0, status=deferred (host mail2.uqam.ca[132.208.246.165] refused to talk to me: 554-data.hamecon.telecom.uqam.ca 554 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means.) Jan 31 09:52:30 myserver postfix/smtp[55870]: F0E6948932: to=<[email protected]>, relay=none, delay=229161, delays=229161/0.33/0.4/0, dsn=4.4.1, status=deferred (connect to cluster8a.us.messagelabs.com[216.82.251.230]:25: Connection refused) Jan 31 09:52:30 myserver postfix/smtp[55843]: A83CA486EF: to=<[email protected]>, relay=exch-spam02.ulaval.ca[132.203.244.24]:25, delay=229191, delays=229190/0.27/0.48/0, dsn=4.0.0, status=deferred (host exch-spam02.ulaval.ca[132.203.244.24] refused to talk to me: 554-exch-spam02.ulaval.ca 554 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means.) Jan 31 09:52:30 myserver postfix/smtp[55845]: 2E49B4866E: host mx11.exchange.telus.com[205.206.208.34] refused to talk to me: 554-mx21.exchange.telus.com 554 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means. Jan 31 09:52:30 myserver postfix/smtp[55856]: 12A4A4DF0A: to=<[email protected]>, relay=mxmta.bellnet.ca[67.69.240.61]:25, delay=231626, delays=231625/0.17/0.92/0, dsn=4.4.2, status=deferred (lost connection with mxmta.bellnet.ca[67.69.240.61] while receiving the initial server greeting) Jan 31 09:52:30 myserver postfix/smtp[55845]: 2E49B4866E: host mx12.exchange.telus.com[205.206.208.35] refused to talk to me: 554-mx22.exchange.telus.com 554 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means. Jan 31 09:52:30 myserver postfix/smtp[55850]: 53A1948A8C: to=<[email protected]>, relay=presmtp.ex1.secureserver.net[72.167.238.201]:25, delay=228581, delays=228579/0.15/1.2/0, dsn=4.0.0, status=deferred (host presmtp.ex1.secureserver.net[72.167.238.201] refused to talk to me: 554-p3pismtp01-057.prod.phx3.secureserver.net 554 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means.) Jan 31 09:52:31 myserver postfix/smtp[55844]: 955704945F: to=<[email protected]>, relay=MX.cogeco.ca[216.221.81.26]:25, delay=228598, delays=228596/0.1/1.4/0, dsn=4.4.2, status=deferred (lost connection with MX.cogeco.ca[216.221.81.26] while receiving the initial server greeting) Jan 31 09:52:31 myserver postfix/smtp[55845]: 2E49B4866E: host mx13.exchange.telus.com[209.171.64.82] refused to talk to me: 554-mx24.exchange.telus.com 554 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means. Jan 31 09:52:31 myserver postfix/smtp[55845]: 2E49B4866E: to=<[email protected]>, relay=mx14.exchange.telus.com[209.171.64.83]:25, delay=229196, delays=229194/0.1/1.6/0, dsn=4.0.0, status=deferred (host mx14.exchange.telus.com[209.171.64.83] refused to talk to me: 554-mx25.exchange.telus.com 554 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means.) Jan 31 09:52:31 myserver postfix/smtp[55862]: 343EB486F0: to=<[email protected]>, relay=none, delay=229190, delays=229188/0.21/1.5/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=inrs-ete.uquebec.ca type=MX: Host not found, try again) Jan 31 09:52:33 myserver postfix/smtp[55847]: 611C348731: to=<[email protected]>, relay=none, delay=229189, delays=229185/0.13/3.3/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=coastalwinds.com type=MX: Host not found, try again) Jan 31 09:52:33 myserver postfix/smtp[55848]: 6146948685: to=<[email protected]>, relay=mail3.uqam.ca[132.208.246.162]:25, delay=229195, delays=229191/0.14/3.5/0, dsn=4.0.0, status=deferred (host mail3.uqam.ca[132.208.246.162] refused to talk to me: 554-data.crochet.telecom.uqam.ca 554 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means.) Jan 31 09:52:59 myserver postfix/smtp[55854]: connect to gmail.co[173.194.34.182]:25: Connection timed out Jan 31 09:52:59 myserver postfix/smtp[55860]: connect to hortmail.com[65.55.39.10]:25: Connection timed out Jan 31 09:52:59 myserver postfix/smtp[55855]: connect to saskpower.ca[65.39.140.84]:25: Connection timed out Jan 31 09:52:59 myserver postfix/smtp[55855]: 022C148CCF: to=<[email protected]>, relay=none, delay=229153, delays=229123/0.15/30/0, dsn=4.4.1, status=deferred (connect to saskpower.ca[65.39.140.84]:25: Connection timed out) Jan 31 09:53:00 myserver postfix/smtp[55866]: connect to remax-lethbridge.com[208.91.196.163]:25: Connection timed out Jan 31 09:53:00 myserver postfix/smtp[55866]: B370A48B44: to=<[email protected]>, relay=none, delay=229168, delays=229137/0.28/30/0, dsn=4.4.1, status=deferred (connect to remax-lethbridge.com[208.91.196.163]:25: Connection timed out) Jan 31 09:53:29 myserver postfix/smtp[55854]: connect to gmail.co[173.194.34.181]:25: Connection timed out Jan 31 09:53:29 myserver postfix/smtp[55854]: 056994B723: to=<[email protected]>, relay=none, delay=228541, delays=228481/0.19/60/0, dsn=4.4.1, status=deferred (connect to gmail.co[173.194.34.181]:25: Connection timed out) Jan 31 09:53:29 myserver postfix/smtp[55860]: connect to hortmail.com[64.4.6.100]:25: Connection timed out Jan 31 09:53:29 myserver postfix/smtp[55860]: 3F3DE48F58: to=<[email protected]>, relay=none, delay=229137, delays=229076/0.19/60/0, dsn=4.4.1, status=deferred (connect to hortmail.com[64.4.6.100]:25: Connection timed out) postsuper -h ALL将停止从您的服务器传出的邮件。 去做。 马上。 是的,它会影响实际的真实邮件。 但是你的服务器已经被列入黑名单,所以你的真正的邮件将不会被传送。
查看其中一封垃圾邮件的标题。 这就是你如何找出他们来自哪里。 没有看到这些标题,我不能给你更多的信息。
清除队列中的垃圾邮件。 如果您不关心仍在队列中的任何“真实”邮件,删除整个队列将是最快最容易的。 这是用postqueue -d ALL 。 如果您不想删除整个队列,请使用postqueue -p输出队列内容。 然后,对于您实际上希望发送的每封邮件,请查看该邮件的队列ID,并使用postsuper -H queue_ID将其从保留中删除。 一旦你完成了(并已复制一些垃圾邮件的内容进行进一步分析),您可以通过运行postsuper -d ALL hold保留队列中剩余的垃圾邮件。
如果有的话,你需要closurespostfix。 马上。 直到你找出垃圾邮件来自哪里,并确定你已经停止垃圾邮件,才能重新启动垃圾邮件。 在后缀文档中有关于如何保护后缀服务器的信息 。 如果你已经这样做了,但垃圾邮件仍然通过,可能是通过一些networking服务或其他恶意软件。 搞清楚这个问题已经超出了这个问题的范围。
你的邮件服务器被列入黑名单。 您需要通过例如ISP服务器设置邮件中继,或者您需要从黑名单中取消。 有关于http://www.spamhaus.org/的信息。
你提供的日志片段不足以给你答复。 此日志片段仅显示对未响应的服务器的传递尝试。 他们似乎也是拼写错误的地址(gmail.co,hortmail.com,…)
我可以有几个原因。
您的服务器是否接受端口25上的传入连接? 如果是这样,是否需要? 它可能是一个开放的代理,让任何人使用你的SMTP服务器分发电子邮件。
如果是networking服务器,可能会通过论坛软件或WordPress安装恶意软件(对于后者,您可以使用自动扫描软件,如http://wordpress.org/plugins/gotmls/ )。
这将有助于找出电子邮件的发送地点。
您添加的新日志显示,其他邮件服务器拒绝来自服务器的电子邮件,因为它位于黑名单中,很可能是因为垃圾邮件已发送(或已发送)。 这可能是您的主机提供商正在讨论的奇怪的stream量。
这个日志显示,是的,你的服务器正在发送垃圾邮件,现在列在反垃圾邮件黑名单中,但这还不足以find原因。
我build议检查你的系统的rootkit /后门。 这个工具可能有帮助: