我有一台 centOS 6 服务器,以 DirectAdmin 作为管理面板,以 Exim 作为邮件服务器。在使用目录文件 (/etc/virtual/usage/) 中,我可以看到一些电子邮件是从我的邮件用户中不存在的用户发送的。IP 地址 114.222.66.5 不属于该服务器。以下是关于发送电子邮件的文件内容:
716=type=email&[email protected]&method=outgoing&id=1jYFCt-0000sT-OQ&[email protected]&sender_host_address=114.222.66.5&log_time=1589229565&message_size=716&local_part=janis.shampay&domain=reed.edu&path=/
677=type=email&[email protected]&method=outgoing&id=1jYFCw-0000sT-EC&[email protected]&sender_host_address=114.222.66.5&log_time=1589229566&message_size=677&local_part=hal&domain=miamihal.com&path=/
693=type=email&[email protected]&method=outgoing&id=1jYFCx-0000sT-CX&[email protected]&sender_host_address=114.222.66.5&log_time=1589229567&message_size=693&local_part=lohriner&domain=gmail.com&path=/
728=type=email&[email protected]&method=outgoing&id=1jYFCy-0000sT-AD&[email protected]&sender_host_address=114.222.66.5&log_time=1589229569&message_size=728&local_part=donna.triboletti&domain=gmail.com&path=/
726=type=email&[email protected]&method=outgoing&id=1jYFCz-0000sT-LF&[email protected]&sender_host_address=114.222.66.5&log_time=1589229570&message_size=726&local_part=jlljdy&domain=comcast.net&path=/
706=type=email&[email protected]&method=outgoing&id=1jYFD0-0000sT-I0&[email protected]&sender_host_address=114.222.66.5&log_time=1589229571&message_size=706&local_part=vocals1&domain=live.com&path=/
12840=type=email&[email protected]&method=incoming&log_time=1589233327&id=1jYGBb-0002mm-Ai&path=/
15734=type=email&[email protected]&method=incoming&log_time=1589254173&id=1jYLbl-0003Ed-Jw&path=/
谁能告诉我发生了什么事以及如何防止这种情况发生?
答案1
似乎 的密码[email protected]被泄露了。有人只是登录了服务器,然后发送了一封电子邮件。电子邮件的标题是纯文本,因此该Sender列(我假设来自标题From:)是任意的,因此不可靠。该Authentication列包含经过身份验证的用户,因此这些用户需要更改其密码。