标题: mail server被利用转发垃圾邮件! [打印本页] 作者: usedboy 时间: 2007-02-12 15:54 标题: mail server被利用转发垃圾邮件! 我的邮件服务器每次重装都能正常运行一段时间,但是过一段时间后就会发现服务器运行速度变慢,队列里面很多无主邮件,导致死机,周而复始,最初配置是按照网上的-Redhat 9.0下sendmail+openwebmail+smtp认证+spamassassin+clamv安装笔记 进行的安装配置
其中也有禁止relay的设置,而且sendmail版本是8.12.8,虽说不是最新的14,但是也应该可以的吧?
希望遇到过类似问题的同道中人指点、交流!作者: abel 时间: 2007-02-13 17:09
你必需拿出 maillog 來看才知道作者: usedboy 时间: 2007-02-13 23:00
感谢关注 我会尽快贴出maillog
这是我以前保存的一段 var log messages :
1960 Nov 2 18:15:54 localhost sshd(pam_unix)[6639]: authentication failure;
logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=dedicated.evnsong.com u
ser=root
1961 Nov 3 00:01:46 localhost kernel: (scsi1:A:0:0): Locking max tag count a
t 128
1962 Nov 3 03:46:32 localhost sshd(pam_unix)[10040]: authentication failure;
logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=211.144.110.142 user=r
oot
1963 Nov 3 04:02:27 localhost kernel: Out of Memory: Killed process 2289 (ht
tpd).
1964 Nov 3 04:03:27 localhost kernel: Out of Memory: Killed process 2290 (ht
tpd).
1965 Nov 3 04:05:28 localhost kernel: Out of Memory: Killed process 2286 (ht
tpd).
1966 Nov 3 04:10:08 localhost kernel: Out of Memory: Killed process 2287 (ht
tpd).
1967 Nov 3 04:12:04 localhost kernel: Out of Memory: Killed process 2288 (ht
tpd).
1968 Nov 3 04:12:30 localhost kernel: Out of Memory: Killed process 2291 (ht
tpd).
1969 Nov 3 04:12:57 localhost kernel: Out of Memory: Killed process 10171 (h
ttpd).
1970 Nov 3 04:13:06 localhost kernel: Out of Memory: Killed process 2292 (ht
tpd).作者: usedboy 时间: 2007-02-13 23:21
这一段maillog我一直贴到出现load average too high:
1 Feb 4 15:54:12 localhost MailScanner[2319]: SpamAssassin timed out and was killed, failure 1 of 20
2 Feb 4 15:54:13 localhost MailScanner[2319]: Virus and Content Scanning: Starting
3 Feb 4 15:54:20 localhost MailScanner[2319]: Uninfected: Delivered 1 messages
4 Feb 4 15:54:20 localhost sendmail[2859]: l147rIwk002692: to=<[email]root@localhost.loca[/email]ldomain>, ctladdr=<roo [email]t@localhost.loca[/email]ldomain> (0/0), delay=00:01:02, xdelay=00:00:00, mailer=local, pri=120358, dsn=2.0.0, s tat=Sent
5 Feb 4 15:58:43 localhost sendmail[3018]: l147whNP003018: from=root, size=547, class=0, nrcpts=1, msgid =<[email]200702040758.l147whNP003018@localhost.loca[/email]ldomain>, relay=root@localhost
6 Feb 4 15:58:43 localhost sendmail[3073]: l147whwk003073: from=<[email]root@localhost.loca[/email]ldomain>, size=833,
class=0, nrcpts=1, msgid=<[email]200702040758.l147whNP003018@localhost.loca[/email]ldomain>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
7 Feb 4 15:58:44 localhost sendmail[3018]: l147whNP003018: to=root, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30065, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (l147whwk 003073 Message accepted for delivery)
8 Feb 4 15:58:45 localhost MailScanner[2319]: New Batch: Scanning 1 messages, 1347 bytes
9 Feb 4 15:59:36 localhost MailScanner[2319]: SpamAssassin timed out and was killed, failure 2 of 20
10 Feb 4 15:59:38 localhost MailScanner[2319]: Virus and Content Scanning: Starting
11 Feb 4 15:59:44 localhost MailScanner[2319]: Uninfected: Delivered 1 messages
12 Feb 4 15:59:44 localhost sendmail[7071]: l147whwk003073: to=<[email]root@localhost.loca[/email]ldomain>, ctladdr=<roo [email]t@localhost.loca[/email]ldomain> (0/0), delay=00:01:01, xdelay=00:00:00, mailer=local, pri=120351, dsn=2.0.0, s tat=Sent
13 Feb 4 16:01:02 localhost MailScanner[17333]: MailScanner E-Mail Virus Scanner version 4.34.8 starting. ..
14 Feb 4 16:01:03 localhost update.virus.scanners: Delaying cron job up to 600 seconds
15 Feb 4 16:01:03 localhost MailScanner[17333]: Enabling SpamAssassin auto-whitelist functionality...
16 Feb 4 16:01:05 localhost MailScanner[17333]: Using locktype = flock
17 Feb 4 16:01:12 localhost MailScanner[17354]: MailScanner E-Mail Virus Scanner version 4.34.8 starting.
18 Feb 4 16:01:13 localhost MailScanner[17354]: Enabling SpamAssassin auto-whitelist functionality...
19 Feb 4 16:01:15 localhost MailScanner[17354]: Using locktype = flock
20 Feb 4 16:01:22 localhost MailScanner[17355]: MailScanner E-Mail Virus Scanner version 4.34.8 starting. ..
21 Feb 4 16:01:23 localhost MailScanner[17355]: Enabling SpamAssassin auto-whitelist functionality...
22 Feb 4 16:01:25 localhost MailScanner[17355]: Using locktype = flock
23 Feb 4 16:01:32 localhost MailScanner[17356]: MailScanner E-Mail Virus Scanner version 4.34.8 starting. ..
24 Feb 4 16:01:33 localhost MailScanner[17356]: Enabling SpamAssassin auto-whitelist functionality...
25 Feb 4 16:01:35 localhost MailScanner[17356]: Using locktype = flock
26 Feb 4 16:01:42 localhost MailScanner[17357]: MailScanner E-Mail Virus Scanner version 4.34.8 starting. ..
27 Feb 4 16:01:43 localhost MailScanner[17357]: Enabling SpamAssassin auto-whitelist functionality...
28 Feb 4 16:01:45 localhost MailScanner[17357]: Using locktype = flock
29 Feb 4 16:07:40 localhost update.virus.scanners: Found clamav installed
30 Feb 4 16:07:40 localhost update.virus.scanners: Running autoupdate for clamav
31 Feb 4 16:07:50 localhost ClamAV-autoupdate[17393]: ClamAV did not need updating
32 Feb 4 16:07:51 localhost update.virus.scanners: Found generic installed
33 Feb 4 16:07:51 localhost update.virus.scanners: Running autoupdate for generic
34 Feb 4 16:07:51 localhost Generic-autoupdate[17425]: Generic scanner successfully updated
35 Feb 4 16:07:51 localhost sendmail[17335]: l148123a017335: from=root, size=307, class=0, nrcpts=1, msgi d=<[email]200702040801.l148123a017335@localhost.loca[/email]ldomain>, relay=root@localhost
36 Feb 4 16:07:51 localhost sendmail[17493]: l1487pwk017493: from=<[email]root@localhost.loca[/email]ldomain>, size=593, class=0, nrcpts=1, msgid=<[email]200702040801.l148123a017335@localhost.loca[/email]ldomain>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
37 Feb 4 16:07:51 localhost sendmail[17335]: l148123a017335: to=root, ctladdr=root (0/0), delay=00:06:49, xdelay=00:00:00, mailer=relay, pri=30246, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (l1487pw k017493 Message accepted for delivery)
38 Feb 4 16:07:54 localhost MailScanner[2289]: New Batch: Scanning 1 messages, 1122 bytes
39 Feb 4 16:08:45 localhost MailScanner[2289]: SpamAssassin timed out and was killed, failure 3 of 20
40 Feb 4 16:08:47 localhost MailScanner[2289]: Virus and Content Scanning: Starting
41 Feb 4 16:08:52 localhost MailScanner[2289]: Uninfected: Delivered 1 messages
42 Feb 4 16:08:52 localhost sendmail[17508]: l1487pwk017493: to=<[email]root@localhost.loca[/email]ldomain>, ctladdr=<ro [email]ot@localhost.loca[/email]ldomain> (0/0), delay=00:01:01, xdelay=00:00:00, mailer=local, pri=120532, dsn=2.0.0, stat=Sent
43 Feb 4 16:23:42 localhost sendmail[17539]: l148Nfwk017539: securityspace.com [66.132.132.63] (may be fo rged) did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
44 Feb 4 16:42:38 localhost sendmail[17575]: l148gMwk017575: from=<[email]uftoc@blumenthalcady.com[/email]>, size=2148, class=0, nrcpts=1, msgid=<01c74db9$40bcc4f0$6c822ecf@uftoc>, proto=ESMTP, daemon=MTA, relay=ppp-58.9.15 6.128.revip2.asianet.co.th [58.9.156.128]
45 Feb 4 16:42:40 localhost MailScanner[2319]: New Batch: Scanning 1 messages, 2672 bytes
46 Feb 4 16:43:31 localhost MailScanner[2319]: SpamAssassin timed out and was killed, failure 3 of 20
47 Feb 4 16:43:32 localhost MailScanner[2319]: Virus and Content Scanning: Starting
48 Feb 4 16:43:38 localhost MailScanner[2319]: Uninfected: Delivered 1 messages
49 Feb 4 16:43:54 localhost sendmail[17590]: l148gMwk017575: to=<[email]gjb@tsc.edu.cn[/email]>, delay=00:01:16, xdelay= 00:00:01, mailer=local, pri=120857, dsn=2.0.0, stat=Sent
50 Feb 4 17:01:03 localhost MailScanner[17649]: MailScanner E-Mail Virus Scanner version 4.34.8 starting. ..
51 Feb 4 17:01:03 localhost update.virus.scanners: Delaying cron job up to 600 seconds
348 Feb 4 22:55:45 localhost sendmail[19647]: l14Ervwk019612: to=<[email]tsxyzjwy@tsc.edu.cn[/email]>, delay=00:01:14, xd elay=00:00:00, mailer=local, pri=120474, dsn=2.0.0, stat=Sent
349 Feb 4 23:01:03 localhost MailScanner[19683]: MailScanner E-Mail Virus Scanner version 4.34.8 starting. ..
350 Feb 4 23:01:03 localhost MailScanner[19683]: Enabling SpamAssassin auto-whitelist functionality...
351 Feb 4 23:01:04 localhost update.virus.scanners: Delaying cron job up to 600 seconds
352 Feb 4 23:01:05 localhost MailScanner[19683]: Using locktype = flock
353 Feb 4 23:01:13 localhost MailScanner[19704]: MailScanner E-Mail Virus Scanner version 4.34.8 starting. ..
354 Feb 4 23:01:13 localhost MailScanner[19704]: Enabling SpamAssassin auto-whitelist functionality...
355 Feb 4 23:01:15 localhost MailScanner[19704]: Using locktype = flock
356 Feb 4 23:01:23 localhost MailScanner[19705]: MailScanner E-Mail Virus Scanner version 4.34.8 starting. ..
357 Feb 4 23:01:24 localhost MailScanner[19705]: Enabling SpamAssassin auto-whitelist functionality...
358 Feb 4 23:01:25 localhost MailScanner[19705]: Using locktype = flock
359 Feb 4 23:01:33 localhost MailScanner[19706]: MailScanner E-Mail Virus Scanner version 4.34.8 starting. ..
360 Feb 4 23:01:34 localhost MailScanner[19706]: Enabling SpamAssassin auto-whitelist functionality...
361 Feb 4 23:01:35 localhost MailScanner[19706]: Using locktype = flock
362 Feb 4 23:01:43 localhost MailScanner[19707]: MailScanner E-Mail Virus Scanner version 4.34.8 starting. ..
363 Feb 4 23:01:43 localhost MailScanner[19707]: Enabling SpamAssassin auto-whitelist functionality...
364 Feb 4 23:01:46 localhost MailScanner[19707]: Using locktype = flock
365 Feb 4 23:04:04 localhost update.virus.scanners: Found clamav installed
366 Feb 4 23:04:04 localhost update.virus.scanners: Running autoupdate for clamav
367 Feb 4 23:04:15 localhost ClamAV-autoupdate[19738]: ClamAV did not need updating
mtp-in.l.google.com. [64.233.167.114], dsn=2.0.0, stat=Sent (OK 1170615116 w29si6530747pyg)
558 Feb 5 03:11:25 localhost sendmail[1757]: rejecting connections on daemon MTA: load average: 12
559 Feb 5 03:12:10 localhost last message repeated 3 times
560 Feb 5 03:13:25 localhost last message repeated 5 times
561 Feb 5 03:14:40 localhost last message repeated 5 times
562 Feb 5 03:15:40 localhost last message repeated 4 times
563 Feb 5 03:15:55 localhost sendmail[1757]: rejecting connections on daemon MTA: load average: 13
564 Feb 5 03:16:40 localhost last message repeated 3 times
565 Feb 5 03:17:55 localhost last message repeated 5 times
566 Feb 5 03:19:10 localhost last message repeated 5 times
567 Feb 5 03:20:10 localhost last message repeated 4 times
568 Feb 5 03:20:25 localhost sendmail[1757]: rejecting connections on daemon MTA: load average: 14
569 Feb 5 03:21:10 localhost last message repeated 3 times
570 Feb 5 03:21:25 localhost sendmail[1757]: rejecting connections on daemon MTA: load average: 15
571 Feb 5 03:22:10 localhost last message repeated 3 times
572 Feb 5 03:23:25 localhost last message repeated 5 times
573 Feb 5 03:24:40 localhost last message repeated 5 times
574 Feb 5 03:25:40 localhost last message repeated 4 times
575 Feb 5 03:25:55 localhost sendmail[1757]: rejecting connections on daemon MTA: load average: 16
576 Feb 5 03:26:40 localhost last message repeated 3 times
577 Feb 5 03:27:55 localhost last message repeated 5 times
578 Feb 5 03:29:10 localhost last message repeated 5 times
579 Feb 5 03:30:10 localhost last message repeated 4 times
580 Feb 5 03:30:25 localhost sendmail[1757]: rejecting connections on daemon MTA: load average: 17
581 Feb 5 03:31:10 localhost last message repeated 3 times
582 Feb 5 03:31:25 localhost sendmail[1757]: rejecting connections on daemon MTA: load average: 18
583 Feb 5 03:32:10 localhost last message repeated 3 times
584 Feb 5 03:33:25 localhost last message repeated 5 times
585 Feb 5 03:34:40 localhost last message repeated 5 times
586 Feb 5 03:35:40 localhost last message repeated 4 times
587 Feb 5 03:35:55 localhost sendmail[1757]: rejecting connections on daemon MTA: load average: 19
588 Feb 5 03:36:40 localhost last message repeated 3 times
589 Feb 5 03:37:55 localhost last message repeated 5 times
590 Feb 5 03:39:10 localhost last message repeated 5 times
591 Feb 5 03:40:10 localhost last message repeated 4 times
592 Feb 5 03:40:25 localhost sendmail[1757]: rejecting connections on daemon MTA: load average: 20
593 Feb 5 03:41:10 localhost last message repeated 3 times
594 Feb 5 03:41:25 localhost sendmail[1757]: rejecting connections on daemon MTA: load average: 21
595 Feb 5 03:42:10 localhost last message repeated 3 times
596 Feb 5 03:43:25 localhost last message repeated 5 times
597 Feb 5 03:44:40 localhost last message repeated 5 times
598 Feb 5 03:45:10 localhost last message repeated 2 times
599 Feb 5 04:02:57 localhost sendmail[1768]: runqueue: Skipping queue run -- load average too high
600 Feb 5 04:02:57 localhost sm-msp-queue[1762]: runqueue: Skipping queue run -- load average too high
601 Feb 5 04:17:57 localhost sendmail[1768]: runqueue: Skipping queue run -- load average too high
602 Feb 5 04:17:57 localhost sm-msp-queue[1762]: runqueue: Skipping queue run -- load average too high
603 Feb 5 04:32:57 localhost sendmail[1768]: runqueue: Skipping queue run -- load average too high
604 Feb 5 04:32:57 localhost sm-msp-queue[1762]: runqueue: Skipping queue run -- load average too high作者: 思一克 时间: 2007-02-14 09:57
sendmail我不懂。
但看你的系统是有什么鬼进程将内存耗费没有了造成的。作者: abel 时间: 2007-02-14 11:07
這些訊息和你的問題有什麼關係 ?作者: usedboy 时间: 2007-02-14 15:26
这段讯息是正常的么?作者: abel 时间: 2007-02-14 15:52
原帖由 usedboy 于 2007-2-14 15:26 发表
这段讯息是正常的么?
當然不正常,你要去查什麼你的 loading 會這麼高
給你一個見諒,看不懂的字就查字典,
全句合起來看不懂就再查 google作者: usedboy 时间: 2007-02-14 20:17
谢谢 呵呵 主要的问题是 每次load average too high的时候都是在深夜 不仅如此就是算是白天出现这种情况 我想去查但是也已经死机了啊??!!我要不是自己已经想了很多办法也不会直接把问题放在这里,日志内容也能读懂-但是水平有限,明明知道得了感冒但是不知道吃什么药,我想-肯定有很多高手,至少可以指条明路,解决过这种问题的可能很会容易一语中的,在没有得到答案之前我也会继续努力寻找的,先谢谢诸位了