我收到了来自我们 Postfix 邮件服务器的 mail.log 文件中的连续消息流。以下是经过验证的示例:
postfix/qmgr[7883]: 03DF631E8F: from=<[email protected]>, size=1021, nrcpt=15 (queue active)
Jan 18 16:16:30 fadmin3 postfix/error[12269]: 923AC288B9: to=<[email protected]>, relay=none, delay=166662, delays=166657/0.59/0/4.2, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mta5.am0.yahoodns.net[98.138.112.35] while sending RCPT TO)
Jan 18 16:16:30 fadmin3 postfix/qmgr[7883]: 9D2F539889: from=<[email protected]>, size=672, nrcpt=15 (queue active)
Jan 18 16:16:30 fadmin3 postfix/error[12267]: 9AFCD301D6: to=<[email protected]>, relay=none, delay=132365, delays=132362/0.64/0/1.8, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mta5.am0.yahoodns.net[98.138.112.35] while sending RCPT TO)
Jan 18 16:16:30 fadmin3 postfix/error[12254]: 92AB62E6E2: to=<[email protected]>, relay=none, delay=129814, delays=129813/0.36/0/0.28, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mta5.am0.yahoodns.net[98.138.112.35] while sending RCPT TO)
Jan 18 16:16:30 fadmin3 postfix/qmgr[7883]: 9AAB535F54: from=<[email protected]>, size=648, nrcpt=15 (queue active)
Jan 18 16:16:30 fadmin3 postfix/smtp[12865]: 9DBD2266E1: to=<[email protected]>, relay=mta6.am0.yahoodns.net[98.136.217.203]:25, delay=176824, delays=176822/1.4/1.2/0.18, dsn=4.7.0, status=deferred (host mta6.am0.yahoodns.net[98.136.217.203] said: 421 4.7.0 [TS01] Messages from 54.171.74.133 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html (in reply to MAIL FROM command))
Jan 18 16:16:30 fadmin3 postfix/smtp[12873]: E47A02AE99: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[74.125.24.27]:25, delay=12531, delays=12525/0.99/0.06/5.2, dsn=5.7.1, status=bounced (host gmail-smtp-in.l.google.com[74.125.24.27] said: 550-5.7.1 [54.171.74.133 12] Our system has detected that this message is 550-5.7.1 likely unsolicited mail. To reduce the amount of spam sent to Gmail, 550-5.7.1 this message has been blocked. Please visit 550-5.7.1 http://support.google.com/mail/bin/answer.py?hl=en&answer=188131 for 550 5.7.1 more information. eq5si19262603wjc.52 - gsmtp (in reply to end of DATA command))
Jan 18 16:16:30 fadmin3 postfix/error[12269]: 923AC288B9: to=<[email protected]>, relay=none, delay=166662, delays=166657/0.59/0/4.8, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mta5.am0.yahoodns.net[98.138.112.35] while sending RCPT TO)
Jan 18 16:16:30 fadmin3 postfix/qmgr[7883]: 94AB125128: from=<[email protected]>, size=1036, nrcpt=9 (queue active)
我应该补充一下,我们收到或发送的电子邮件并不多,而且这是一个快速持续的流程,每小时数千条消息发送给许多用户,而且全部来自一个用户。
起初我以为邮件服务器已被入侵,但我没有找到任何证据来证实这一点。我还在寻找。
该服务不是开放中继。我正尝试联系用户,让他们检查他们的机器,但与此同时,我可以在 Postfix 上做什么来清除该用户的所有这些消息并停止发送它们?我暂时禁用了他们的密码,但看起来有数千条排队的消息,可能还有许多被延迟的消息,我想知道如何最好地清理这个烂摊子。
有什么想法(除了系统上的病毒)可能导致这种情况发生吗?
谢谢
答案1
最终清理工作相当简单。我运行了以下命令
postsuper -d ALL deferred
然后为了更好的衡量
postsuper -d ALL
这从服务器上删除了大约 45000 条消息。
我仍然对可能造成这种情况的原因感兴趣。