免费注册 查看新帖 |

Chinaunix

  平台 论坛 博客 文库
论坛 IT运维 服务器应用 mail server被利用转发垃圾邮件!
最近访问板块 发新帖
查看: 4239 | 回复: 8
打印 上一主题 下一主题

[Mail] mail server被利用转发垃圾邮件! [复制链接]

usedboy

论坛徽章:
0
跳转到指定楼层
1 [收藏(0)] [报告]
发表于 2007-02-12 15:54 |只看该作者 |倒序浏览
我的邮件服务器每次重装都能正常运行一段时间,但是过一段时间后就会发现服务器运行速度变慢,队列里面很多无主邮件,导致死机,周而复始,最初配置是按照网上的-Redhat 9.0下sendmail+openwebmail+smtp认证+spamassassin+clamv安装笔记 进行的安装配置
其中也有禁止relay的设置,而且sendmail版本是8.12.8,虽说不是最新的14,但是也应该可以的吧?
希望遇到过类似问题的同道中人指点、交流!
abel

论坛徽章:
1
荣誉会员 日期:2011-11-23 16:44:17
2 [报告]
发表于 2007-02-13 17:09 |只看该作者
你必需拿出 maillog 來看才知道
实战分享:从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线! | 新一代分布式关系型数据库RadonDB知多少?
usedboy

论坛徽章:
0
3 [报告]
发表于 2007-02-13 23:00 |只看该作者
感谢关注 我会尽快贴出maillog
这是我以前保存的一段 var log messages :
1960 Nov  2 18:15:54 localhost sshd(pam_unix)[6639]: authentication failure;
      logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=dedicated.evnsong.com  u
      ser=root
1961 Nov  3 00:01:46 localhost kernel: (scsi1:A:0:0): Locking max tag count a
      t 128
1962 Nov  3 03:46:32 localhost sshd(pam_unix)[10040]: authentication failure;
       logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=211.144.110.142  user=r
      oot
1963 Nov  3 04:02:27 localhost kernel: Out of Memory: Killed process 2289 (ht
      tpd).
1964 Nov  3 04:03:27 localhost kernel: Out of Memory: Killed process 2290 (ht
      tpd).
1965 Nov  3 04:05:28 localhost kernel: Out of Memory: Killed process 2286 (ht
      tpd).
1966 Nov  3 04:10:08 localhost kernel: Out of Memory: Killed process 2287 (ht
      tpd).
1967 Nov  3 04:12:04 localhost kernel: Out of Memory: Killed process 2288 (ht
      tpd).
1968 Nov  3 04:12:30 localhost kernel: Out of Memory: Killed process 2291 (ht
      tpd).
1969 Nov  3 04:12:57 localhost kernel: Out of Memory: Killed process 10171 (h
      ttpd).
1970 Nov  3 04:13:06 localhost kernel: Out of Memory: Killed process 2292 (ht
      tpd).
实战分享:从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线! | 新一代分布式关系型数据库RadonDB知多少?
usedboy

论坛徽章:
0
4 [报告]
发表于 2007-02-13 23:21 |只看该作者
这一段maillog我一直贴到出现load average too high:
1 Feb  4 15:54:12 localhost MailScanner[2319]: SpamAssassin timed out and was killed, failure 1 of 20
      2 Feb  4 15:54:13 localhost MailScanner[2319]: Virus and Content Scanning: Starting
      3 Feb  4 15:54:20 localhost MailScanner[2319]: Uninfected: Delivered 1 messages
      4 Feb  4 15:54:20 localhost sendmail[2859]: l147rIwk002692: to=<[email]root@localhost.loca[/email]ldomain>, ctladdr=<roo        [email]t@localhost.loca[/email]ldomain> (0/0), delay=00:01:02, xdelay=00:00:00, mailer=local, pri=120358, dsn=2.0.0, s        tat=Sent
      5 Feb  4 15:58:43 localhost sendmail[3018]: l147whNP003018: from=root, size=547, class=0, nrcpts=1, msgid        =<[email]200702040758.l147whNP003018@localhost.loca[/email]ldomain>, relay=root@localhost
      6 Feb  4 15:58:43 localhost sendmail[3073]: l147whwk003073: from=<[email]root@localhost.loca[/email]ldomain>, size=833,
         class=0, nrcpts=1, msgid=<[email]200702040758.l147whNP003018@localhost.loca[/email]ldomain>, proto=ESMTP, daemon=MTA,         relay=localhost.localdomain [127.0.0.1]
      7 Feb  4 15:58:44 localhost sendmail[3018]: l147whNP003018: to=root, ctladdr=root (0/0), delay=00:00:01,         xdelay=00:00:01, mailer=relay, pri=30065, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (l147whwk        003073 Message accepted for delivery)
      8 Feb  4 15:58:45 localhost MailScanner[2319]: New Batch: Scanning 1 messages, 1347 bytes
      9 Feb  4 15:59:36 localhost MailScanner[2319]: SpamAssassin timed out and was killed, failure 2 of 20
     10 Feb  4 15:59:38 localhost MailScanner[2319]: Virus and Content Scanning: Starting
     11 Feb  4 15:59:44 localhost MailScanner[2319]: Uninfected: Delivered 1 messages
     12 Feb  4 15:59:44 localhost sendmail[7071]: l147whwk003073: to=<[email]root@localhost.loca[/email]ldomain>, ctladdr=<roo        [email]t@localhost.loca[/email]ldomain> (0/0), delay=00:01:01, xdelay=00:00:00, mailer=local, pri=120351, dsn=2.0.0, s        tat=Sent
     13 Feb  4 16:01:02 localhost MailScanner[17333]: MailScanner E-Mail Virus Scanner version 4.34.8 starting.        ..
     14 Feb  4 16:01:03 localhost update.virus.scanners: Delaying cron job up to 600 seconds
     15 Feb  4 16:01:03 localhost MailScanner[17333]: Enabling SpamAssassin auto-whitelist functionality...
     16 Feb  4 16:01:05 localhost MailScanner[17333]: Using locktype = flock
     17 Feb  4 16:01:12 localhost MailScanner[17354]: MailScanner E-Mail Virus Scanner version 4.34.8 starting.
    18 Feb  4 16:01:13 localhost MailScanner[17354]: Enabling SpamAssassin auto-whitelist functionality...
     19 Feb  4 16:01:15 localhost MailScanner[17354]: Using locktype = flock
     20 Feb  4 16:01:22 localhost MailScanner[17355]: MailScanner E-Mail Virus Scanner version 4.34.8 starting.        ..
     21 Feb  4 16:01:23 localhost MailScanner[17355]: Enabling SpamAssassin auto-whitelist functionality...
     22 Feb  4 16:01:25 localhost MailScanner[17355]: Using locktype = flock
     23 Feb  4 16:01:32 localhost MailScanner[17356]: MailScanner E-Mail Virus Scanner version 4.34.8 starting.        ..
     24 Feb  4 16:01:33 localhost MailScanner[17356]: Enabling SpamAssassin auto-whitelist functionality...
     25 Feb  4 16:01:35 localhost MailScanner[17356]: Using locktype = flock
     26 Feb  4 16:01:42 localhost MailScanner[17357]: MailScanner E-Mail Virus Scanner version 4.34.8 starting.        ..
     27 Feb  4 16:01:43 localhost MailScanner[17357]: Enabling SpamAssassin auto-whitelist functionality...
     28 Feb  4 16:01:45 localhost MailScanner[17357]: Using locktype = flock
     29 Feb  4 16:07:40 localhost update.virus.scanners: Found clamav installed
     30 Feb  4 16:07:40 localhost update.virus.scanners: Running autoupdate for clamav
     31 Feb  4 16:07:50 localhost ClamAV-autoupdate[17393]: ClamAV did not need updating
     32 Feb  4 16:07:51 localhost update.virus.scanners: Found generic installed
     33 Feb  4 16:07:51 localhost update.virus.scanners: Running autoupdate for generic
     34 Feb  4 16:07:51 localhost Generic-autoupdate[17425]: Generic scanner successfully updated
     35 Feb  4 16:07:51 localhost sendmail[17335]: l148123a017335: from=root, size=307, class=0, nrcpts=1, msgi        d=<[email]200702040801.l148123a017335@localhost.loca[/email]ldomain>, relay=root@localhost
     36 Feb  4 16:07:51 localhost sendmail[17493]: l1487pwk017493: from=<[email]root@localhost.loca[/email]ldomain>, size=593,         class=0, nrcpts=1, msgid=<[email]200702040801.l148123a017335@localhost.loca[/email]ldomain>, proto=ESMTP, daemon=MTA,         relay=localhost.localdomain [127.0.0.1]
     37 Feb  4 16:07:51 localhost sendmail[17335]: l148123a017335: to=root, ctladdr=root (0/0), delay=00:06:49,         xdelay=00:00:00, mailer=relay, pri=30246, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (l1487pw        k017493 Message accepted for delivery)
     38 Feb  4 16:07:54 localhost MailScanner[2289]: New Batch: Scanning 1 messages, 1122 bytes
     39 Feb  4 16:08:45 localhost MailScanner[2289]: SpamAssassin timed out and was killed, failure 3 of 20
     40 Feb  4 16:08:47 localhost MailScanner[2289]: Virus and Content Scanning: Starting
     41 Feb  4 16:08:52 localhost MailScanner[2289]: Uninfected: Delivered 1 messages
     42 Feb  4 16:08:52 localhost sendmail[17508]: l1487pwk017493: to=<[email]root@localhost.loca[/email]ldomain>, ctladdr=<ro        [email]ot@localhost.loca[/email]ldomain> (0/0), delay=00:01:01, xdelay=00:00:00, mailer=local, pri=120532, dsn=2.0.0,         stat=Sent
     43 Feb  4 16:23:42 localhost sendmail[17539]: l148Nfwk017539: securityspace.com [66.132.132.63] (may be fo        rged) did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
     44 Feb  4 16:42:38 localhost sendmail[17575]: l148gMwk017575: from=<[email]uftoc@blumenthalcady.com[/email]>, size=2148,         class=0, nrcpts=1, msgid=<01c74db9$40bcc4f0$6c822ecf@uftoc>, proto=ESMTP, daemon=MTA, relay=ppp-58.9.15        6.128.revip2.asianet.co.th [58.9.156.128]
     45 Feb  4 16:42:40 localhost MailScanner[2319]: New Batch: Scanning 1 messages, 2672 bytes
     46 Feb  4 16:43:31 localhost MailScanner[2319]: SpamAssassin timed out and was killed, failure 3 of 20
     47 Feb  4 16:43:32 localhost MailScanner[2319]: Virus and Content Scanning: Starting
     48 Feb  4 16:43:38 localhost MailScanner[2319]: Uninfected: Delivered 1 messages
     49 Feb  4 16:43:54 localhost sendmail[17590]: l148gMwk017575: to=<[email]gjb@tsc.edu.cn[/email]>, delay=00:01:16, xdelay=        00:00:01, mailer=local, pri=120857, dsn=2.0.0, stat=Sent
     50 Feb  4 17:01:03 localhost MailScanner[17649]: MailScanner E-Mail Virus Scanner version 4.34.8 starting.        ..
     51 Feb  4 17:01:03 localhost update.virus.scanners: Delaying cron job up to 600 seconds
    348 Feb  4 22:55:45 localhost sendmail[19647]: l14Ervwk019612: to=<[email]tsxyzjwy@tsc.edu.cn[/email]>, delay=00:01:14, xd        elay=00:00:00, mailer=local, pri=120474, dsn=2.0.0, stat=Sent
    349 Feb  4 23:01:03 localhost MailScanner[19683]: MailScanner E-Mail Virus Scanner version 4.34.8 starting.        ..
    350 Feb  4 23:01:03 localhost MailScanner[19683]: Enabling SpamAssassin auto-whitelist functionality...
    351 Feb  4 23:01:04 localhost update.virus.scanners: Delaying cron job up to 600 seconds
    352 Feb  4 23:01:05 localhost MailScanner[19683]: Using locktype = flock
    353 Feb  4 23:01:13 localhost MailScanner[19704]: MailScanner E-Mail Virus Scanner version 4.34.8 starting.        ..
    354 Feb  4 23:01:13 localhost MailScanner[19704]: Enabling SpamAssassin auto-whitelist functionality...
    355 Feb  4 23:01:15 localhost MailScanner[19704]: Using locktype = flock
    356 Feb  4 23:01:23 localhost MailScanner[19705]: MailScanner E-Mail Virus Scanner version 4.34.8 starting.        ..
    357 Feb  4 23:01:24 localhost MailScanner[19705]: Enabling SpamAssassin auto-whitelist functionality...
    358 Feb  4 23:01:25 localhost MailScanner[19705]: Using locktype = flock
    359 Feb  4 23:01:33 localhost MailScanner[19706]: MailScanner E-Mail Virus Scanner version 4.34.8 starting.        ..
    360 Feb  4 23:01:34 localhost MailScanner[19706]: Enabling SpamAssassin auto-whitelist functionality...
    361 Feb  4 23:01:35 localhost MailScanner[19706]: Using locktype = flock
    362 Feb  4 23:01:43 localhost MailScanner[19707]: MailScanner E-Mail Virus Scanner version 4.34.8 starting.        ..
    363 Feb  4 23:01:43 localhost MailScanner[19707]: Enabling SpamAssassin auto-whitelist functionality...
    364 Feb  4 23:01:46 localhost MailScanner[19707]: Using locktype = flock
    365 Feb  4 23:04:04 localhost update.virus.scanners: Found clamav installed
    366 Feb  4 23:04:04 localhost update.virus.scanners: Running autoupdate for clamav
    367 Feb  4 23:04:15 localhost ClamAV-autoupdate[19738]: ClamAV did not need updating


        mtp-in.l.google.com. [64.233.167.114], dsn=2.0.0, stat=Sent (OK 1170615116 w29si6530747pyg)
    558 Feb  5 03:11:25 localhost sendmail[1757]: rejecting connections on daemon MTA: load average: 12
    559 Feb  5 03:12:10 localhost last message repeated 3 times
    560 Feb  5 03:13:25 localhost last message repeated 5 times
    561 Feb  5 03:14:40 localhost last message repeated 5 times
    562 Feb  5 03:15:40 localhost last message repeated 4 times
    563 Feb  5 03:15:55 localhost sendmail[1757]: rejecting connections on daemon MTA: load average: 13
    564 Feb  5 03:16:40 localhost last message repeated 3 times
    565 Feb  5 03:17:55 localhost last message repeated 5 times
    566 Feb  5 03:19:10 localhost last message repeated 5 times
    567 Feb  5 03:20:10 localhost last message repeated 4 times
    568 Feb  5 03:20:25 localhost sendmail[1757]: rejecting connections on daemon MTA: load average: 14
    569 Feb  5 03:21:10 localhost last message repeated 3 times
    570 Feb  5 03:21:25 localhost sendmail[1757]: rejecting connections on daemon MTA: load average: 15
    571 Feb  5 03:22:10 localhost last message repeated 3 times
    572 Feb  5 03:23:25 localhost last message repeated 5 times
    573 Feb  5 03:24:40 localhost last message repeated 5 times
    574 Feb  5 03:25:40 localhost last message repeated 4 times
    575 Feb  5 03:25:55 localhost sendmail[1757]: rejecting connections on daemon MTA: load average: 16
    576 Feb  5 03:26:40 localhost last message repeated 3 times
    577 Feb  5 03:27:55 localhost last message repeated 5 times
    578 Feb  5 03:29:10 localhost last message repeated 5 times
    579 Feb  5 03:30:10 localhost last message repeated 4 times
    580 Feb  5 03:30:25 localhost sendmail[1757]: rejecting connections on daemon MTA: load average: 17
    581 Feb  5 03:31:10 localhost last message repeated 3 times
    582 Feb  5 03:31:25 localhost sendmail[1757]: rejecting connections on daemon MTA: load average: 18
    583 Feb  5 03:32:10 localhost last message repeated 3 times
    584 Feb  5 03:33:25 localhost last message repeated 5 times
    585 Feb  5 03:34:40 localhost last message repeated 5 times
    586 Feb  5 03:35:40 localhost last message repeated 4 times
    587 Feb  5 03:35:55 localhost sendmail[1757]: rejecting connections on daemon MTA: load average: 19
    588 Feb  5 03:36:40 localhost last message repeated 3 times
    589 Feb  5 03:37:55 localhost last message repeated 5 times
    590 Feb  5 03:39:10 localhost last message repeated 5 times
    591 Feb  5 03:40:10 localhost last message repeated 4 times
    592 Feb  5 03:40:25 localhost sendmail[1757]: rejecting connections on daemon MTA: load average: 20
    593 Feb  5 03:41:10 localhost last message repeated 3 times
    594 Feb  5 03:41:25 localhost sendmail[1757]: rejecting connections on daemon MTA: load average: 21
    595 Feb  5 03:42:10 localhost last message repeated 3 times
    596 Feb  5 03:43:25 localhost last message repeated 5 times
    597 Feb  5 03:44:40 localhost last message repeated 5 times
    598 Feb  5 03:45:10 localhost last message repeated 2 times
    599 Feb  5 04:02:57 localhost sendmail[1768]: runqueue: Skipping queue run -- load average too high
    600 Feb  5 04:02:57 localhost sm-msp-queue[1762]: runqueue: Skipping queue run -- load average too high
    601 Feb  5 04:17:57 localhost sendmail[1768]: runqueue: Skipping queue run -- load average too high
    602 Feb  5 04:17:57 localhost sm-msp-queue[1762]: runqueue: Skipping queue run -- load average too high
    603 Feb  5 04:32:57 localhost sendmail[1768]: runqueue: Skipping queue run -- load average too high
    604 Feb  5 04:32:57 localhost sm-msp-queue[1762]: runqueue: Skipping queue run -- load average too high
实战分享:从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线! | 新一代分布式关系型数据库RadonDB知多少?
思一克

论坛徽章:
0
5 [报告]
发表于 2007-02-14 09:57 |只看该作者
sendmail我不懂。

但看你的系统是有什么鬼进程将内存耗费没有了造成的。
实战分享:从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线! | 新一代分布式关系型数据库RadonDB知多少?
abel

论坛徽章:
1
荣誉会员 日期:2011-11-23 16:44:17
6 [报告]
发表于 2007-02-14 11:07 |只看该作者
這些訊息和你的問題有什麼關係 ?
实战分享:从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线! | 新一代分布式关系型数据库RadonDB知多少?
usedboy

论坛徽章:
0
7 [报告]
发表于 2007-02-14 15:26 |只看该作者
这段讯息是正常的么?
实战分享:从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线! | 新一代分布式关系型数据库RadonDB知多少?
abel

论坛徽章:
1
荣誉会员 日期:2011-11-23 16:44:17
8 [报告]
发表于 2007-02-14 15:52 |只看该作者
原帖由 usedboy 于 2007-2-14 15:26 发表
这段讯息是正常的么?

當然不正常,你要去查什麼你的 loading 會這麼高

給你一個見諒,看不懂的字就查字典,
全句合起來看不懂就再查 google
实战分享:从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线! | 新一代分布式关系型数据库RadonDB知多少?
usedboy

论坛徽章:
0
9 [报告]
发表于 2007-02-14 20:17 |只看该作者
谢谢 呵呵 主要的问题是 每次load average too high的时候都是在深夜 不仅如此就是算是白天出现这种情况 我想去查但是也已经死机了啊??!!我要不是自己已经想了很多办法也不会直接把问题放在这里,日志内容也能读懂-但是水平有限,明明知道得了感冒但是不知道吃什么药,我想-肯定有很多高手,至少可以指条明路,解决过这种问题的可能很会容易一语中的,在没有得到答案之前我也会继续努力寻找的,先谢谢诸位了
实战分享:从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线! | 新一代分布式关系型数据库RadonDB知多少?
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 注册

本版积分规则 发表回复

  

北京盛拓优讯信息技术有限公司. 版权所有 京ICP备16024965号-6 北京市公安局海淀分局网监中心备案编号:11010802020122 niuxiaotong@pcpop.com 17352615567
未成年举报专区
中国互联网协会会员  联系我们:huangweiwei@itpub.net
感谢所有关心和支持过ChinaUnix的朋友们 转载本站内容请注明原作者名及出处

清除 Cookies - ChinaUnix - Archiver - WAP - TOP