Qmail 邮件日志中单个地址的消息似乎无穷无尽。有人能解释一下为什么会这样吗?这是否是个问题?在我看来,这要么是垃圾邮件,要么是某种未处理的问题。'from=' 字段为空,这让我觉得很不寻常。这是在使用 Plesk 的 VPS 上,以防万一这很重要。
Jun 30 15:10:17 vps-1001108-595 qmail-remote-handlers[23593]: [email protected]
Jun 30 15:10:17 vps-1001108-595 qmail-remote-handlers[23586]: from=
Jun 30 15:10:17 vps-1001108-595 qmail-remote-handlers[23586]: [email protected]
Jun 30 15:10:17 vps-1001108-595 qmail-remote-handlers[23585]: from=
Jun 30 15:10:17 vps-1001108-595 qmail-remote-handlers[23585]: [email protected]
Jun 30 15:10:17 vps-1001108-595 qmail-remote-handlers[23584]: from=
Jun 30 15:10:17 vps-1001108-595 qmail-remote-handlers[23584]: [email protected]
Jun 30 15:10:17 vps-1001108-595 qmail-remote-handlers[23583]: from=
Jun 30 15:10:17 vps-1001108-595 qmail-remote-handlers[23583]: [email protected]
Jun 30 15:10:17 vps-1001108-595 qmail-remote-handlers[23600]: from=
Jun 30 15:10:17 vps-1001108-595 qmail-remote-handlers[23600]: [email protected]
Jun 30 15:10:17 vps-1001108-595 qmail-remote-handlers[23599]: from=
Jun 30 15:10:17 vps-1001108-595 qmail-remote-handlers[23599]: [email protected]
编辑 以下是其中一封电子邮件的示例:
Received: (qmail 5603 invoked for bounce); 29 Jun 2011 07:46:31 +0100
Date: 29 Jun 2011 07:46:31 +0100
From: [email protected]
To: [email protected]
Subject: failure notice
Hi. This is the qmail-send program at vps-1001108-595.cp.something.com.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.
<[email protected]>:
200.147.36.13 does not like recipient.
Remote host said: 450 4.7.1 Client host rejected: cannot find your hostname, [XX.XXX.XXX.XXX]
Giving up on 200.147.36.13.
I'm not going to try again; this message has been in the queue too long.
--- Below this line is a copy of the message.
Return-Path: <[email protected]>
Received: (qmail 15585 invoked by uid 48); 22 Jun 2011 07:38:26 +0100
Date: 22 Jun 2011 07:38:26 +0100
Message-ID: <[email protected]>
To: [email protected]
Subject: Cadastre-se e Concorra ? um Carro!
MIME-Version: 1.0
Content-type: text/html; charset=iso-8859-1
From: Cielo Fidelidade <[email protected]>
<!DOCTYPE HTML>
<html>
... <body text removed>
<html>
如果我理解正确的话,这意味着我的服务器发送了一封电子邮件,地址是[电子邮件保护],无法交付。然而,[电子邮件保护]不是我服务器上的有效电子邮件地址,那么如何从我服务器上的这个地址发送电子邮件?我已经测试过我的服务器是否充当开放中继,但事实并非如此。那么这还可能发生吗?我每天都会收到数千封这样的邮件。我该怎么做才能防止这种情况发生?
答案1
除了 Flimzy 已经指出的可能的 NDR 之外,这种情况可能预示着正在发生背向散射攻击/爆发。
答案2
在我们的专用服务器(Plesk)上的 mail.info 日志中,我们有许多这样的消息。
就在这之前,SMTP 中继被攻破,并被用来发送一些垃圾邮件。在更改用户密码并在 plesk 中启用 RBL 后,这些类型的消息仍会继续显示在日志中。
我们刚刚清除了 qmails 队列:似乎已经停止了消息。