如何检查我的服务器是否变成了垃圾邮件发送机?

tag-icon tag-icon ubuntu spam
如何检查我的服务器是否变成了垃圾邮件发送机?

我怀疑有什么东西在我不知情的情况下从我的服务器发送了大量邮件。我想检查我的机器是否变成了垃圾邮件服务器。最简单的方法是什么?

与此相关,我还想检查从我的服务器发送的电子邮件的内容。有这样的日志吗?我可以打开它吗?/var/log/mail.log 不返回电子邮件的内容,它看起来像这样:

Oct 23 21:03:26 Ubuntu-1204-precise-64-minimal sendmail[29973]: s9NJ31pS029973: to=root, delay=00:00:19, xdelay=00:00:07, mailer=relay, pri=31367, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (s9NJ37kn029974 Message accepted for delivery)
Oct 23 21:03:38 Ubuntu-1204-precise-64-minimal sm-mta[29977]: s9NJ37kn029974: to=<root@Ubuntu-1204-precise-64-minimal>, delay=00:00:19, xdelay=00:00:07, mailer=local, pri=32861, dsn=2.0.0, stat=Sent
Oct 23 21:06:03 Ubuntu-1204-precise-64-minimal sendmail[30011]: s9NJ61xZ030011: from=root, size=343, class=0, nrcpts=1, msgid=<201410231906.s9NJ61xZ030011@Ubuntu-1204-precise-64-minimal>, relay=root@localhost
Oct 23 21:06:05 Ubuntu-1204-precise-64-minimal sm-mta[30014]: s9NJ65rW030014: ruleset=check_rcpt, arg1=<root@Ubuntu-1204-precise-64-minimal>, relay=localhost.localdomain [127.0.0.1], reject=553 5.1.8 <root@Ubuntu-1204-precise-64-minimal>... Domain of sender address root@Ubuntu-1204-precise-64-minimal does not exist
Oct 23 21:06:05 Ubuntu-1204-precise-64-minimal sendmail[30011]: s9NJ61xZ030011: to=root, ctladdr=root (0/0), delay=00:00:04, xdelay=00:00:00, mailer=relay, pri=30343, relay=[127.0.0.1] [127.0.0.1], dsn=5.1.8, stat=User unknown
Oct 23 21:06:05 Ubuntu-1204-precise-64-minimal sm-mta[30014]: s9NJ65rW030014: from=<root@Ubuntu-1204-precise-64-minimal>, size=343, class=0, nrcpts=0, proto=ESMTP, daemon=MTA-v4, relay=localhost.localdomain [127.0.0.1]
Oct 23 21:06:05 Ubuntu-1204-precise-64-minimal sendmail[30011]: s9NJ61xZ030011: s9NJ61xa030011: DSN: User unknown
Oct 23 21:06:12 Ubuntu-1204-precise-64-minimal sm-mta[30014]: s9NJ65rY030014: from=<>, size=2623, class=0, nrcpts=1, msgid=<201410231906.s9NJ61xa030011@Ubuntu-1204-precise-64-minimal>, proto=ESMTP, daemon=MTA-v4, relay=localhost.localdomain [127.0.0.1]
Oct 23 21:06:13 Ubuntu-1204-precise-64-minimal sendmail[30011]: s9NJ61xa030011: to=root, delay=00:00:08, xdelay=00:00:02, mailer=relay, pri=31367, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (s9NJ65rY030014 Message accepted for delivery)
Oct 23 21:06:17 Ubuntu-1204-precise-64-minimal sm-mta[30024]: s9NJ65rY030014: to=<root@Ubuntu-1204-precise-64-minimal>, delay=00:00:06, xdelay=00:00:01, mailer=local, pri=32861, dsn=2.0.0, stat=Sent
You have new mail in /var/mail/root

正如你所见,一些奇怪的消息时常出现。

编辑:我有 20 万封未读邮件。以下是我收到的最新邮件:

Return-Path: <MAILER-DAEMON>
Received: from Ubuntu-1204-precise-64-minimal (localhost.localdomain [127.0.0.1]
)
        by fares (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id s9NAp3iX021790
        for <root@Ubuntu-1204-precise-64-minimal>; Thu, 23 Oct 2014 12:51:03 +02
00
Received: from localhost (localhost)
        by Ubuntu-1204-precise-64-minimal (8.14.4/8.14.4/Submit) id s9NAp1Xu0217
89;
        Thu, 23 Oct 2014 12:51:03 +0200
Date: Thu, 23 Oct 2014 12:51:03 +0200
From: Mail Delivery Subsystem <MAILER-DAEMON@static.***.clients.***>
Message-Id: <201410231051.s9NAp1Xu021789@Ubuntu-1204-precise-64-minimal>
To: root@Ubuntu-1204-precise-64-minimal
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
        boundary="s9NAp1Xu021789.1414061463/Ubuntu-1204-precise-64-minimal"
Subject: Returned mail: see transcript for details
Auto-Submitted: auto-generated (failure)
Status: O
X-UID: 210004

This is a MIME-encapsulated message

--s9NAp1Xu021789.1414061463/Ubuntu-1204-precise-64-minimal

The original message was received at Thu, 23 Oct 2014 12:51:01 +0200
from root@localhost

   ----- The following addresses had permanent fatal errors -----
root
    (reason: 553 5.1.8 <root@Ubuntu-1204-precise-64-minimal>... Domain of sender
 address root@Ubuntu-1204-precise-64-minimal does not exist)
    (expanded from: root)

   ----- Transcript of session follows -----
... while talking to [127.0.0.1]:
>>> DATA
<<< 553 5.1.8 <root@Ubuntu-1204-precise-64-minimal>... Domain of sender address
root@Ubuntu-1204-precise-64-minimal does not exist
550 5.1.1 root... User unknown
<<< 503 5.0.0 Need RCPT (recipient)

--s9NAp1Xu021789.1414061463/Ubuntu-1204-precise-64-minimal
Content-Type: message/delivery-status

答案1

如果你想检查你的邮件服务器是否是开放中继,可以用来发送垃圾邮件,你可以使用这个

http://mxtoolbox.com/diagnostic.aspx

答案2

这只是本地邮件,可能来自您正在运行的服务或 cron 作业之一。它被发送给 root,但邮件服务器无法确定它是本地邮件,因为主机名Ubuntu-1204-precise-64-minimal无法解析为地址。

要修复此问题,请将主机重命名为可解析为服务器 IP 地址的主机名,或将 IP 地址和主机名添加到/etc/hosts

相关内容