我有一台刚使用 4 个月的服务器,但已经有一个进程在运行,向人们发送“垃圾邮件”。这令人困惑,因为我有一个安全密码,从未告诉过任何人。我正在采取以下措施:
- 更改了 root 密码
- 当我在网上搜索 Exim 时,它似乎与 cPanel 紧密相关 - 我正在寻找如何删除它,而且无论如何,我真的不认为我需要它
- 现在我已经这样做了
yum remove exim,并且重新启动了。实际上并没有使用或收到那么多电子邮件。
下面是一些邮件日志的记录/var/log/exim_mainlog- 在我删除 exim 后日志记录已成功停止。
我现在的问题是,如何找到正在运行并发送这些电子邮件的进程?它是 CRON 进程吗?如果是,如何找到它(知道 cPanel 可能是配置 cron 的程序)?如果不是 cron 作业,那还会是什么?
这里再次列出一些日志:
2017-01-09 12:33:59 1cQZ98-0003I9-TB [211.29.133.14] SSL verify error: depth=0 error=unable to verify the first certificate cert=/C=AU/ST=New South Wales/L=Macquarie Park/O=Optus Administration Pty Ltd/OU=Internet Services Engineering/CN=*.optusnet.com.au
2017-01-09 12:33:59 1cP42S-0001RJ-5L SMTP error from remote mail server after MAIL FROM:<[email protected]> SIZE=1789: 421 4.7.0 [TSS04] Messages from 99.99.9.20 temporarily deferred due to user complaints - 4.16.55.1; see https://help.yahoo.com/kb/postmaster/SLN3434.html
2017-01-09 12:33:59 1cP42S-0001RJ-5L SMTP error from remote mail server after MAIL FROM:<[email protected]> SIZE=1789: 421 4.7.0 [TSS04] Messages from 99.99.9.20 temporarily deferred due to user complaints - 4.16.55.1; see https://help.yahoo.com/kb/postmaster/SLN3434.html
2017-01-09 12:34:00 1cP42S-0001RJ-5L SMTP error from remote mail server after MAIL FROM:<[email protected]> SIZE=1789: 421 4.7.0 [TSS04] Messages from 99.99.9.20 temporarily deferred due to user complaints - 4.16.55.1; see https://help.yahoo.com/kb/postmaster/SLN3434.html
2017-01-09 12:34:00 1cP42S-0001RJ-5L SMTP error from remote mail server after MAIL FROM:<[email protected]> SIZE=1789: 421 4.7.0 [TSS04] Messages from 99.99.9.20 temporarily deferred due to user complaints - 4.16.55.1; see https://help.yahoo.com/kb/postmaster/SLN3434.html
2017-01-09 12:34:00 1cP42S-0001RJ-5L SMTP error from remote mail server after MAIL FROM:<[email protected]> SIZE=1789: 421 4.7.0 [TSS04] Messages from 99.99.9.20 temporarily deferred due to user complaints - 4.16.55.1; see https://help.yahoo.com/kb/postmaster/SLN3434.html
2017-01-09 12:34:01 1cQZ98-0003I9-TB => [email protected] R=dkim_lookuphost T=dkim_remote_smtp H=extmail.optusnet.com.au [211.29.133.14] X=TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256 CV=no C="250 2.0.0 Ok: queued as 3ED27D4A54F"
2017-01-09 12:34:01 1cQZ98-0003I9-TB Completed
2017-01-09 12:34:01 SMTP connection from (mail.compasspointmedia.com) [120.194.186.99]:1841 closed by QUIT
2017-01-09 12:34:01 1cP42S-0001RJ-5L SMTP error from remote mail server after MAIL FROM:<[email protected]> SIZE=1789: 421 4.7.0 [TSS04] Messages from 99.99.9.20 temporarily deferred due to user complaints - 4.16.55.1; see https://help.yahoo.com/kb/postmaster/SLN3434.html
2017-01-09 12:34:01 1cP42S-0001RJ-5L SMTP error from remote mail server after MAIL FROM:<[email protected]> SIZE=1789: 421 4.7.0 [TSS04] Messages from 99.99.9.20 temporarily deferred due to user complaints - 4.16.55.1; see https://help.yahoo.com/kb/postmaster/SLN3434.html
2017-01-09 12:34:01 1cP42S-0001RJ-5L SMTP error from remote mail server after MAIL FROM:<[email protected]> SIZE=1789: 421 4.7.0 [TSS04] Messages from 99.99.9.20 temporarily deferred due to user complaints - 4.16.55.1; see https://help.yahoo.com/kb/postmaster/SLN3434.html
2017-01-09 12:34:02 1cP42S-0001RJ-5L SMTP error from remote mail server after MAIL FROM:<[email protected]> SIZE=1789: 421 4.7.0 [TSS04] Messages from 99.99.9.20 temporarily deferred due to user complaints - 4.16.55.1; see https://help.yahoo.com/kb/postmaster/SLN3434.html
2017-01-09 12:34:02 1cP42S-0001RJ-5L SMTP error from remote mail server after MAIL FROM:<[email protected]> SIZE=1789: 421 4.7.0 [TSS04] Messages from 99.99.9.20 temporarily deferred due to user complaints - 4.16.55.1; see https://help.yahoo.com/kb/postmaster/SLN3434.html
2017-01-09 12:34:02 1cP42S-0001RJ-5L == [email protected] R=dkim_lookuphost T=dkim_remote_smtp defer (-45) H=mta7.am0.yahoodns.net [66.196.118.34]: SMTP error from remote mail server after MAIL FROM:<[email protected]> SIZE=1789: 421 4.7.0 [TSS04] Messages from 99.99.9.20 temporarily deferred due to user complaints - 4.16.55.1; see https://help.yahoo.com/kb/postmaster/SLN3434.html
2017-01-09 12:34:02 1cP42S-0001RJ-5L ** [email protected]: retry timeout exceeded
2017-01-09 12:34:02 cwd=/var/spool/exim 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1cP42S-0001RJ-5L
2017-01-09 12:34:02 1cQZ9G-0003Lb-Pr <= <> R=1cP42S-0001RJ-5L U=mailnull P=local S=2639 T="Mail delivery failed: returning message to sender" for [email protected]
2017-01-09 12:34:02 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1cQZ9G-0003Lb-Pr
2017-01-09 12:34:02 1cP42S-0001RJ-5L Completed
2017-01-09 12:34:04 1cQZ9G-0003Lb-Pr => sfullman <[email protected]> R=virtual_user T=dovecot_virtual_delivery C="250 2.0.0 <[email protected]> sdFAMzqDc1hTMQAAvYvy0A Saved"
2017-01-09 12:34:04 1cQZ9G-0003Lb-Pr => |/usr/local/cpanel/bin/autorespond [email protected] /home/cpm006/.autorespond ([email protected]) <[email protected]> R=virtual_aliases_nostar T=jailed_virtual_address_pipe
2017-01-09 12:34:04 1cQZ9G-0003Lb-Pr Completed
2017-01-09 12:34:05 1cP34S-0006lf-BI SMTP error from remote mail server after MAIL FROM:<[email protected]> SIZE=1799: 421 4.7.0 [TSS04] Messages from 99.99.9.20 temporarily deferred due to user complaints - 4.16.55.1; see https://help.yahoo.com/kb/postmaster/SLN3434.html
2017-01-09 12:34:05 1cP34S-0006lf-BI SMTP error from remote mail server after MAIL FROM:<[email protected]> SIZE=1799: 421 4.7.0 [TSS04] Messages from 99.99.9.20 temporarily deferred due to user complaints - 4.16.55.1; see https://help.yahoo.com/kb/postmaster/SLN3434.html