sendmail – 服务器发送垃圾邮件?

Linux 2020-06-27
我们有一些服务器为客户端托管网站和电子邮件帐户.

今天我们发现我们的一台服务器负载非常繁重,通过查看maillog,它发送了大量的服务器到奇怪的电子邮件地址.它看起来像是从我们的服务器发送垃圾邮件.但是,我找不到发送帐户是谁.

如何查找发件人,以便我可以关闭该帐户?

以下是队列中其中一个出站电子邮件的示例:

[root@server11 mqueue]# cat qfp96I9K1r020960
V8
T1317924562
K1318068176
N27
P3934747
I9/3/119387
MDeferred
Fws
$_localhost [127.0.0.1]
$rSMTP
$sUser
${daemon_flags}
${if_addr}127.0.0.1
S
rRFC822; jenners0223@aol.com
RPFD:
rRFC822; jennecho@aol.com
RPFD:
rRFC822; jennebarre@aol.com
RPFD:
rRFC822; jenndum@aol.com
RPFD:
rRFC822; jenncsh@aol.com
RPFD:
MDeferred
rRFC822; jennclemons@cs.com
RPFD:
rRFC822; jennesef@yahoo.com
RPFD:
rRFC822; jennerped@yahoo.com
RPFD:
rRFC822; jenneroutszong@yahoo.com
RPFD:
rRFC822; jennermills@yahoo.com
RPFD:
rRFC822; jennerbeez@yahoo.com
RPFD:
rRFC822; jennerate@yahoo.com
RPFD:
rRFC822; jenner_parker@yahoo.com
RPFD:
rRFC822; jennellsmilie@yahoo.com
RPFD:
rRFC822; jennellehuff@yahoo.com
RPFD:
rRFC822; jennel4eva@yahoo.com
RPFD:
rRFC822; jenneka.gaines@yahoo.com
RPFD:
rRFC822; jennejenkins@yahoo.com
RPFD:
rRFC822; jenneintenn@yahoo.com
RPFD:
rRFC822; jenneekay@yahoo.com
RPFD:
rRFC822; jennean.dickens@yahoo.com
RPFD:
rRFC822; jennduckworth@yahoo.com
RPFD:
rRFC822; jenndooley03@yahoo.com
RPFD:
rRFC822; jenndobscha@yahoo.com
RPFD:
rRFC822; jenndeemartin@yahoo.com
RPFD:
rRFC822; jenndannwill@yahoo.com
RPFD:
rRFC822; jennd926@yahoo.com
RPFD:
rRFC822; jenncummisky@yahoo.com
RPFD:
rRFC822; jenncradduck@yahoo.com
RPFD:
rRFC822; jenncoffin@yahoo.com
RPFD:
rRFC822; jennchrischristopher@yahoo.com
RPFD:
MDeferred
rRFC822; jenncepero@yahoo.com
RPFD:
H?P?Return-Path: 
H??Received: from User (localhost [127.0.0.1])
    by [server name] (8.13.1/8.13.1) with SMTP id p96I9K1r020960;
    Fri,7 Oct 2011 05:09:22 +1100
H?M?Message-Id: 
H??From: "Match.com"
H??Subject: Your Match Account Has Been Hold - Re-Connect Now
H??Date: Thu,6 Oct 2011 11:12:59 -0700
H??MIME-Version: 1.0
H??Content-Type: text/html;
    charset="Windows-1251"
H??Content-transfer-encoding: 7bit
H??X-Priority: 3
H??X-MSMail-Priority: normal
H??X-Mailer: Microsoft Outlook Express 6.00.2600.0000
H??X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000

更新1:

一旦我清理了/ var / spool / mqueue文件夹,它就会很快填满新的垃圾邮件.
一旦我重新启动了sendmail服务,它就会停止填写垃圾邮件,但它会在几个小时后再回来.这表明了什么?谢谢.

解决方法

根据应用程序的设置方式,您可以通过检查服务器上的所有正在运行的进程来查看有问题的用户帐户,并查看哪些用户帐户占用了cpu.像这样的东西:

ps -eo pcpu,pid,user,args | sort -k 1 -r |头-10

希望它像一个滥用已知权限的用户空间进程一样简单,而不像需要被删除和重建的有根框的那样.准备好火焰喷射器.

相关文章

基于LAMP搭建WordPress博客
1、安装Apache。 1)执行如下命令,安装Apache服务及其扩展包...
ansible批量采集、批量互信、批量复制、分发文件
一、先说一下用ansible批量采集机器信息的实现办法: 1、先把...
vsftpd配置FTP服务器(Centos7.x安装)
安装配置 1. 安装vsftpd 检查是否安装了vsftpd # rpm -qa | ...
抑制stable_secret读取关键信息
如何抑制stable_secret读取关键的“net.ipv6.conf.all.stabl...
Linux值得收藏的40个命令总结,常用的正则表达式
1 删除0字节文件 find -type f -size 0 -exec rm -rf {} ...
在Centos7上安装PXE装机环境来批量安装操作系统
## 步骤 1:安装必要的软件包 首先,需要确保系统已安装 `dh...