检测恶意脚本或创建大量 smtp 连接的原因

我的 VPS 因每小时有大量 SMTP 连接（超过 2000 个）而被暂停。但我很确定我的脚本都没有发送邮件。我使用 Google 应用和 Live 服务来收发邮件。我已使用 Fuser 阻止了端口 25，如 SF 线程以及 iptable 中所述。我添加了一个 php 包装器来检测发送邮件的 php 脚本。但直到现在我都无法检测到任何脚本。

日志条目如下所示：

Sep 10 19:24:52 myservername postfix/error[31297]: 698105A75F9F: to=<[email protected]>, relay=none, delay=71958, delays=71958/0.01/0/0, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with cfxxx603c2d730000000fb12eaf.pamx1.hotmail.com[65.54.188.78] while sending RCPT TO)

请注意，我没有任何名为 georgina_taylor 的用户，并且有很多类似的条目，不同的收件人都有@oneofmydomain.com。

与 69810575F9F 相关的所有日志条目如下：

Sep  9 23:25:34 myservername postfix/cleanup[29650]: 698105A75F9F: message-id=<20130909192534.698105A75F9F@myserverhostname>
Sep  9 23:25:34 myservername postfix/bounce[31209]: 0D1495A74808: sender non-delivery notification: 698105A75F9F
Sep  9 23:25:34 myservername postfix/error[31205]: 698105A75F9F: to=<[email protected]>, relay=none, delay=0.1, delays=0.06/0.04/0/0.01, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with cf5ff603c2d73d459329de7fb12eaf.pamx1.hotmail.com[65.54.188.109] while sending RCPT TO)
Sep  9 23:34:51 myservername postfix/error[32597]: 698105A75F9F: to=<[email protected]>, relay=none, delay=557, delays=557/0/0/0, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with cf5ff603c2d73d459329de7fb12eaf.pamx1.hotmail.com[65.54.188.78] while sending RCPT TO)
Sep  9 23:44:48 myservername postfix/qmgr[1179]: 698105A75F9F: from=<>, size=3681, nrcpt=1 (queue active)
Sep  9 23:44:48 myservername postfix/smtp[2008]: 698105A75F9F: host cf5ff603c2d73d459329de7fb12eaf.pamx1.hotmail.com[65.54.188.78] said: 421 RP-001 (BAY0-PAMC1-F7) Unfortunately, some messages from myip weren't sent. Please try again. We have limits for how many messages can be sent per hour and per day. You can also refer to http://mail.live.com/mail/troubleshooting.aspx#errors. (in reply to MAIL FROM command)
Sep  9 23:44:48 myservername postfix/smtp[2008]: 698105A75F9F: lost connection with cf5ff603c2d73d459329de7fb12eaf.pamx1.hotmail.com[65.54.188.78] while sending RCPT TO
Sep  9 23:44:48 myservername postfix/smtp[2008]: 698105A75F9F: to=<[email protected]>, relay=cf5ff603c2d73d459329de7fb12eaf.pamx1.hotmail.com[65.54.188.109]:25, delay=1154, delays=1154/0.02/0.15/0.01, dsn=4.0.0, status=deferred (host cf5ff603c2d73d459329de7fb12eaf.pamx1.hotmail.com[65.54.188.109] said: 421 RP-001 (BAY0-PAMC2-F8) Unfortunately, some messages from my ip weren't sent. Please try again. We have limits for how many messages can be sent per hour and per day. You can also refer to http://mail.live.com/mail/troubleshooting.aspx#errors. (in reply to MAIL FROM command))
Sep 10 00:04:55 myservername postfix/qmgr[1179]: 698105A75F9F: from=<>, size=3681, nrcpt=1 (queue active)
Sep 10 00:04:55 myservername postfix/error[2961]: 698105A75F9F: to=<[email protected]>, relay=none, delay=2361, delays=2361/0/0/0, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with cf5ff603c2d73d459329de7fb12eaf.pamx1.hotmail.com[65.54.188.109] while sending RCPT TO)

与 0D1495A74808 相关的所有日志条目

Sep  8 01:13:36 myserver postfix/qmgr[1177]: 0D1495A74808: from=<georgina_taylor@oneofmydomain>, size=1640, nrcpt=1 (queue active)
Sep  8 01:16:07 myserver postfix/smtp[20152]: 0D1495A74808: to=<[email protected]>, relay=none, delay=266989, delays=266839/0.12/150/0, dsn=4.4.1, status=deferred (connect to gateway.net[64.12.89.186]:25: Connection timed out)
Sep  8 02:23:58 myserver postfix/qmgr[1177]: 0D1495A74808: from=<georgina_taylor@oneofmydomain>, size=1640, nrcpt=1 (queue active)
Sep  8 02:24:56 myserver postfix/error[1322]: 0D1495A74808: to=<[email protected]>, relay=none, delay=271119, delays=271061/58/0/0, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to gateway.net[64.12.79.57]:25: Connection timed out)
Sep  8 03:32:32 myserver postfix/qmgr[1177]: 0D1495A74808: from=<georgina_taylor@oneofmydomain>, size=1640, nrcpt=1 (queue active)
Sep  8 03:34:33 myserver postfix/error[14116]: 0D1495A74808: to=<[email protected]>, relay=none, delay=275295, delays=275174/121/0/0, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to gateway.net[205.188.101.58]:25: Connection timed out)
Sep  8 04:44:13 myserver postfix/smtp[18671]: 0D1495A74808: to=<[email protected]>, relay=none, delay=279476, delays=279326/0.02/150/0, dsn=4.4.1, status=deferred (connect to gateway.net[205.188.101.58]:25: Connection timed out)
Sep  8 05:52:11 myserver postfix/qmgr[1177]: 0D1495A74808: from=<georgina_taylor@oneofmydomain>, size=1640, nrcpt=1 (queue active)
Sep  8 05:54:41 myserver postfix/smtp[25035]: 0D1495A74808: to=<[email protected]>, relay=none, delay=283704, delays=283554/0.02/150/0, dsn=4.4.1, status=deferred (connect to gateway.net[64.12.79.57]:25: Connection timed out)
Sep  8 07:03:55 myserver postfix/smtp[31497]: 0D1495A74808: to=<[email protected]>, relay=none, delay=287857, delays=287707/0.03/150/0, dsn=4.4.1, status=deferred (connect to gateway.net[64.12.89.186]:25: Connection timed out)