我已经在 Debian 操作系统上安装了 Postfix 服务器,并且还在同一台机器上安装了带有 PHP 的 apache 2.0。
几天前,我的服务器开始通过 postfix 发送大量垃圾邮件。我了解到问题是由一个糟糕的 joomla 补丁引起的,并删除了它(我完全删除了已安装的 joomla 脚本)。我还更改了 postfix 的一些配置,使其更具限制性。
现在,几天后,当我启动 postfix 时,它仍然会立即开始发送垃圾邮件,并严重减慢服务器速度。似乎垃圾邮件发送的来源是本地(受感染的进程),我强烈猜测是 apache 进程在发送这些垃圾邮件(apache 进程本身,而不是 PHP 脚本),因为当我启动 postfix 时,许多 apache 进程开始创建,我真的不知道如何查找和修复受感染的进程。
有人能帮我解决这个恼人的问题吗?
这是 Postfix 日志输出的一部分:
Apr 23 15:19:28 vs1419 postfix/qmgr[28017]: E061251F3F8: from=<[email protected]>, size=1514, nrcpt=1 (queue active)
Apr 23 15:19:28 vs1419 postfix/qmgr[28017]: A41D05F6749: from=<>, size=2803, nrcpt=1 (queue active)
Apr 23 15:19:28 vs1419 postfix/cleanup[29464]: 84C845F6736: message-id=<[email protected]>
Apr 23 15:19:28 vs1419 postfix/bounce[738]: E98C751E252: sender non-delivery notification: D6B205F6327
Apr 23 15:19:28 vs1419 postfix/qmgr[28017]: EECD3536B5D: from=<[email protected]>, size=697, nrcpt=1 (queue active)
Apr 23 15:19:28 vs1419 postfix/qmgr[28017]: E98C751E252: removed
Apr 23 15:19:28 vs1419 postfix/qmgr[28017]: 3C3D05F6381: from=<>, size=2458, nrcpt=1 (queue active)
Apr 23 15:19:28 vs1419 postfix/smtp[28318]: E458551E8ED: host mta6.am0.yahoodns.net[66.196.118.34] said: 451 Message temporarily deferred - [70] (in reply to end of DATA command)
Apr 23 15:19:29 vs1419 postfix/smtp[28400]: EA82F5FF024: host mx-apac.mail.gm0.yahoodns.net[106.10.166.54] said: 451 Message temporarily deferred - [140] (in reply to end of DATA command)
Apr 23 15:19:29 vs1419 postfix/smtp[29940]: EC039604A3C: host mta7.am0.yahoodns.net[66.196.118.35] said: 451 Message temporarily deferred - [140] (in reply to end of DATA command)
Apr 23 15:19:29 vs1419 postfix/smtp[28631]: E0C7461798B: to=<[email protected]>, relay=mta6.am0.yahoodns.net[66.196.118.34]:25, conn_use=3, delay=2667975, delays=2667974/0.05/0.67/0.82, dsn=2.0.0, status=sent (250 ok dirdel)
Apr 23 15:19:29 vs1419 postfix/smtp[28940]: E061251F3F8: host mta5.am0.yahoodns.net[66.196.118.240] said: 451 Message temporarily deferred - [160] (in reply to end of DATA command)
Apr 23 15:19:29 vs1419 postfix/smtp[29144]: EECD3536B5D: to=<[email protected]>, relay=mta6.am0.yahoodns.net[98.138.112.32]:25, conn_use=5, delay=2765684, delays=2765683/0.02/0.18/0.67, dsn=2.0.0, status=sent (250 ok dirdel)
Apr 23 15:19:29 vs1419 postfix/qmgr[28017]: E183C557933: from=<[email protected]>, size=1554, nrcpt=1 (queue active)
Apr 23 15:19:29 vs1419 postfix/qmgr[28017]: E0C7461798B: removed
Apr 23 15:19:29 vs1419 postfix/qmgr[28017]: EECD3536B5D: removed
Apr 23 15:19:29 vs1419 postfix/qmgr[28017]: D6B205F6327: from=<>, size=2582, nrcpt=1 (queue active)
Apr 23 15:19:29 vs1419 postfix/qmgr[28017]: BE7065F6708: removed
Apr 23 15:19:29 vs1419 postfix/qmgr[28017]: E4DA351AAE7: from=<[email protected]>, size=737, nrcpt=1 (queue active)
Apr 23 15:19:30 vs1419 postfix/bounce[29215]: E784951BE8E: sender non-delivery notification: 842BD5F63BF
Apr 23 15:19:30 vs1419 postfix/bounce[28641]: EE8C2603D05: sender non-delivery notification: 84C845F6736
Apr 23 15:19:30 vs1419 postfix/qmgr[28017]: 841F45F63BE: from=<>, size=2532, nrcpt=1 (queue active)
Apr 23 15:19:30 vs1419 postfix/bounce[28700]: E6A775FEBD9: sender non-delivery notification: 841F45F63BE
Apr 23 15:19:30 vs1419 postfix/smtp[28430]: EA7095374CF: to=<[email protected]>, relay=mta6.am0.yahoodns.net[66.196.118.35]:25, conn_use=4, delay=2726125, delays=2726124/0.65/0.14/0.42, dsn=5.0.0, status=bounced (host mta6.am0.yahoodns.net[66.196.118.35] said: 554 delivery error: dd This user doesn't have a yahoo.com account ([email protected]) [0] - mta1340.mail.bf1.yahoo.com (in reply to end of DATA command))
Apr 23 15:19:30 vs1419 postfix/smtp[28526]: ED56161741B: to=<[email protected]>, relay=mta7.am0.yahoodns.net[98.138.112.33]:25, conn_use=4, delay=2672213, delays=2672211/0.23/0.9/0.54, dsn=5.0.0, status=bounced (host mta7.am0.yahoodns.net[98.138.112.33] said: 554 delivery error: dd This user doesn't have a yahoo.com account ([email protected]) [0] - mta1110.mail.ne1.yahoo.com (in reply to end of DATA command))
Apr 23 15:19:30 vs1419 postfix/smtp[28381]: AA9075F6367: to=<[email protected]>, relay=mail.mysite1.example.net[79.175.164.237]:25, delay=5.4, delays=1.1/0.36/1.6/2.3, dsn=5.0.0, status=bounced (host mail.mysite1.example.net[79.175.164.237] said: 550 "Unknown User" (in reply to RCPT TO command))
Apr 23 15:19:30 vs1419 postfix/qmgr[28017]: E784951BE8E: removed
Apr 23 15:19:30 vs1419 postfix/qmgr[28017]: E6A775FEBD9: removed
Apr 23 15:19:30 vs1419 postfix/smtp[30003]: connect to hotmeil.com[64.4.6.100]:25: Connection timed out
Apr 23 15:19:30 vs1419 postfix/cleanup[30287]: 1867A5F6708: message-id=<[email protected]>
Apr 23 15:19:30 vs1419 postfix/smtp[28707]: E183C557933: to=<[email protected]>, relay=mta6.am0.yahoodns.net[66.196.118.34]:25, conn_use=4, delay=2706876, delays=2706875/0.81/0.14/0.91, dsn=2.0.0, status=sent (250 ok dirdel)
Apr 23 15:19:30 vs1419 postfix/qmgr[28017]: E906C53687E: from=<[email protected]>, size=727, nrcpt=1 (queue active)
Apr 23 15:19:30 vs1419 postfix/qmgr[28017]: EE8C2603D05: removed
Apr 23 15:19:30 vs1419 postfix/qmgr[28017]: E183C557933: removed
Apr 23 15:19:30 vs1419 postfix/qmgr[28017]: 84C845F6736: from=<>, size=2922, nrcpt=1 (queue active)
Apr 23 15:19:30 vs1419 postfix/qmgr[28017]: AA9075F6367: removed
Apr 23 15:19:30 vs1419 postfix/smtp[29940]: EC039604A3C: to=<[email protected]>, relay=mta7.am0.yahoodns.net[66.196.118.35]:25, conn_use=8, delay=2505679, delays=2505678/0.02/0.69/0.41, dsn=4.0.0, status=deferred (host mta7.am0.yahoodns.net[66.196.118.35] said: 451 Message temporarily deferred - [140] (in reply to end of DATA command))
Apr 23 15:19:30 vs1419 postfix/smtp[28615]: 3C4325F6703: to=<[email protected]>, relay=mail.mysite1.example.net[79.175.164.237]:25, conn_use=2, delay=3.6, delays=1.3/0.17/0.31/1.8, dsn=5.0.0, status=bounced (host mail.mysite1.example.net[79.175.164.237] said: 550 "Unknown User" (in reply to RCPT TO command))
Apr 23 15:19:30 vs1419 postfix/smtp[28318]: E458551E8ED: to=<[email protected]>, relay=mta6.am0.yahoodns.net[66.196.118.34]:25, conn_use=4, delay=2750102, delays=2750100/0.49/0.72/0.43, dsn=4.0.0, status=deferred (host mta6.am0.yahoodns.net[66.196.118.34] said: 451 Message temporarily deferred - [70] (in reply to end of DATA command))
Apr 23 15:19:30 vs1419 postfix/smtp[30164]: A41D05F6749: to=<[email protected]>, relay=mail.mysite1.example.net[79.175.164.237]:25, conn_use=2, delay=3.2, delays=1/0.03/0.31/1.8, dsn=5.0.0, status=bounced (host mail.mysite1.example.net[79.175.164.237] said: 550 "Unknown User" (in reply to RCPT TO command))
Apr 23 15:19:30 vs1419 postfix/smtp[30125]: EF587606F67: to=<[email protected]>, relay=mta6.am0.yahoodns.net[66.196.118.37]:25, delay=2453187, delays=2453182/0.14/2/3.4, dsn=4.0.0, status=deferred (host mta6.am0.yahoodns.net[66.196.118.37] said: 451 Message temporarily deferred - [140] (in reply to end of DATA command))
Apr 23 15:19:30 vs1419 postfix/smtp[28940]: E061251F3F8: to=<[email protected]>, relay=mta7.am0.yahoodns.net[98.138.112.35]:25, delay=2801108, delays=2801105/0.15/1.3/0.88, dsn=2.0.0, status=sent (250 ok dirdel)
Apr 23 15:19:31 vs1419 postfix/cleanup[29322]: C02C95F6706: message-id=<[email protected]>
Apr 23 15:19:31 vs1419 postfix/qmgr[28017]: E6680601A96: from=<[email protected]>, size=689, nrcpt=1 (queue active)
Apr 23 15:19:31 vs1419 postfix/qmgr[28017]: EC039604A3C: from=<[email protected]>, status=expired, returned to sender
Apr 23 15:19:31 vs1419 postfix/qmgr[28017]: E458551E8ED: from=<[email protected]>, status=expired, returned to sender
Apr 23 15:19:31 vs1419 postfix/qmgr[28017]: EF587606F67: from=<[email protected]>, status=expired, returned to sender
Apr 23 15:19:31 vs1419 postfix/qmgr[28017]: E061251F3F8: removed
答案1
< bot > 在评论中总结对 CW 的建议 </bot >
致谢:格里菲乌斯,简·马雷克, MK零,姆加布里埃尔当然还要感谢 Wietse Venema,因为他编写了一段精彩的代码(和文档)。
您应该检查 postfix 队列是否因垃圾邮件而为空......
当爆发发生时(joomla 疯狂运行),您的 postfix 可能已经收到大量垃圾邮件。由于电子邮件数量巨大,Postfix 会将其排队。如果远程服务器拒绝接收代码 4XX,postfix 仍会将垃圾邮件存储在延迟队列中。以下日志行告诉我们 yahoo 电子邮件拒绝接收我们的电子邮件。
Apr 23 15:19:30 vs1419 postfix/smtp[28318]: E458551E8ED: to=<[email protected]>, relay=mta6.am0.yahoodns.net[66.196.118.34]:25, conn_use=4, delay=2750102, delays=2750100/0.49/0.72/0.43, dsn=4.0.0, status=deferred (host mta6.am0.yahoodns.net[66.196.118.34] said: 451 Message temporarily deferred - [70] (in reply to end of DATA command))
您可以使用命令查看postfix队列
postqueue -p
如果你想删除延迟队列中的所有电子邮件(你的垃圾邮件可能在这里),请执行以下命令
postsuper -d ALL deferred
或者
postsuper -d ALL
删除所有队列中的所有电子邮件。如果您的队列中可能还有其他非垃圾邮件,请小心处理。