每当我转到 ISPConfig 监视部分中的邮件队列日志时,我都会看到大约 300 个如下请求:
482BDFEC0187 712 Thu Oct 9 09:39:01 [email protected]
(connect to 127.0.0.1[127.0.0.1]:10024: Connection refused)
[email protected]
他们为什么在这里?要么是 要么是root用户smmsp。这是否意味着我的服务器正在受到垃圾邮件发送者的攻击?
编辑:我一天前已经清空了邮件队列。
编辑2:以下是邮件日志的摘录:
Oct 9 16:29:33 402283 postfix/error[4513]: 1EC3B6EC0105: to=<[email protected]/0, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to 127.0.0.1[127.0.0.1]:10024: Connection refused)
Oct 9 16:29:33 402283 postfix/error[4512]: 7A9166EC0135: to=<[email protected]>, orig_to=<root>, relay=none, delay=118172, delays=118172/0.05/0/0, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to 127.0.0.1[127.0.0.1]:10024: Connection refused)
Oct 9 16:29:33 402283 postfix/error[4513]: 707A26EC00D7: to=<[email protected]>, orig_to=<root>, relay=none, delay=151772, delays=151772/0.05/0/0, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to 127.0.0.1[127.0.0.1]:10024: Connection refused)
Oct 9 16:29:33 402283 postfix/error[4512]: 75D966EC009D: to=<[email protected]>, orig_to=<root>, relay=none, delay=168572, delays=168572/0.05/0/0, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to 127.0.0.1[127.0.0.1]:10024: Connection refused)
Oct 9 16:30:01 402283 dovecot: imap-login: Disconnected (disconnected before greeting, waited 0 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1, secured, session=<Nz72bf0EyAB/AAAB>
Oct 9 16:30:01 402283 postfix/smtpd[4559]: connect from localhost.localdomain[127.0.0.1]
邮件队列中的一个电子邮件标题的摘录:
named_attribute: rewrite_context=local
sender_fullname: CronDaemon
sender: [email protected]
original_recipient: root
recipient: [email protected]
答案1
大多数系统都配置为向自身发送系统事件邮件,例如 Cron 任务的输出或失败的 sudo 尝试。这些邮件主要发送给 root 用户。如果您对这些邮件感兴趣,您应该为这些邮件设置一个接收所有邮件的地址。