过去几天,我一直在关注邮件日志中的多行内容
Feb 26 06:00:17 d3355 sm-mta[2682]: x1L5tNWu013205: to=<[email protected]>, delay=4+21:04:54, xdelay=00:00:00, mailer=esmtp, pri=21630740, relay=example.com., dsn=4.0.0
Feb 26 06:00:17 d3355 sm-mta[2682]: x1L5mAV2013049: to=<[email protected]>, delay=4+21:12:07, xdelay=00:00:00, mailer=esmtp, pri=21630752, relay=example.com., dsn=4.0.0
Feb 26 06:00:17 d3355 sm-mta[2682]: x1L5OBhg012679: to=<[email protected]>, delay=4+21:36:06, xdelay=00:00:00, mailer=esmtp, pri=21720764, relay=example.com., dsn=4.0.0
Feb 26 06:00:17 d3355 sm-mta[2682]: x1L3Y1dP011346: to=<[email protected]>, delay=4+23:26:16, xdelay=00:00:00, mailer=esmtp, pri=21990723, relay=example.com., dsn=4.0.0
结果我的邮箱里有大量“退回邮件”的反馈。我不知道是什么进程在做这件事。我该如何检测并阻止它?我有 FreeBSD + sendmail + dovecot
答案1
- 检查
mailqsendmail(传出)队列中有关消息的报告命令 - 检查与特定队列 ID 相关的所有日志条目,例如,
x1L5tNWu013205
如果x1L5tNWu013205初始日志条目应为 4 天 21 小时前的
sm-mta日志条目,则可能导致 msa 日志条目(sendmail 进程将用户邮件发送到主 sendmail 守护程序)