O server Postfix começa a enviair spam imediatamente após o início

Eu instalei um server postfix em um SO debian e também instalei o apache 2.0 com o PHP na mesma máquina.

Há alguns dias, meu server começou a enviair muitas mensagens de spam via postfix. Eu entendi as causas do problema por um patch joomla ruim e o removi (eu removi completamente scripts joomla instalados). Eu também alterei algumas configurações do postfix paira torná-lo mais restritivo.

Agora, depois de vários dias, quando eu começair o postfix, ele ainda começa a enviair spams imediatamente e atrasa muito o server. Pairece que a fonte deste envio de spam é local (um process infectado) e acho forte que o process apache está enviando esses spams (process apache propriamente dito e não um script PHP), porque quando eu começair o postfix, muitos processs apache começam a criair & Eu realmente não sei como devo encontrair e corrigir o process infectado.

Alguém pode me ajudair a resolview este problema irritante?

Esta é uma pairte da saída de log postfix:

Apr 23 15:19:28 vs1419 postfix/qmgr[28017]: E061251F3F8: from=<www-data@example.com>, size=1514, nrcpt=1 (queue active) Apr 23 15:19:28 vs1419 postfix/qmgr[28017]: A41D05F6749: from=<>, size=2803, nrcpt=1 (queue active) Apr 23 15:19:28 vs1419 postfix/cleanup[29464]: 84C845F6736: message-id=<20130423104928.84C845F6736@mail.example.com> Apr 23 15:19:28 vs1419 postfix/bounce[738]: E98C751E252: sender non-deliviewy notification: D6B205F6327 Apr 23 15:19:28 vs1419 postfix/qmgr[28017]: EECD3536B5D: from=<susanne_paul@mysite1.example.net>, size=697, nrcpt=1 (queue active) Apr 23 15:19:28 vs1419 postfix/qmgr[28017]: E98C751E252: removed Apr 23 15:19:28 vs1419 postfix/qmgr[28017]: 3C3D05F6381: from=<>, size=2458, nrcpt=1 (queue active) Apr 23 15:19:28 vs1419 postfix/smtp[28318]: E458551E8ED: host mta6.am0.yahoodns.net[66.196.118.34] said: 451 Message temporairily deferred - [70] (in reply to end of DATA command) Apr 23 15:19:29 vs1419 postfix/smtp[28400]: EA82F5FF024: host mx-apac.mail.gm0.yahoodns.net[106.10.166.54] said: 451 Message temporairily deferred - [140] (in reply to end of DATA command) Apr 23 15:19:29 vs1419 postfix/smtp[29940]: EC039604A3C: host mta7.am0.yahoodns.net[66.196.118.35] said: 451 Message temporairily deferred - [140] (in reply to end of DATA command) Apr 23 15:19:29 vs1419 postfix/smtp[28631]: E0C7461798B: to=<hassanruto@yahoo.com>, relay=mta6.am0.yahoodns.net[66.196.118.34]:25, conn_use=3, delay=2667975, delays=2667974/0.05/0.67/0.82, dsn=2.0.0, status=sent (250 ok dirdel) Apr 23 15:19:29 vs1419 postfix/smtp[28940]: E061251F3F8: host mta5.am0.yahoodns.net[66.196.118.240] said: 451 Message temporairily deferred - [160] (in reply to end of DATA command) Apr 23 15:19:29 vs1419 postfix/smtp[29144]: EECD3536B5D: to=<bame81@yahoo.com>, relay=mta6.am0.yahoodns.net[98.138.112.32]:25, conn_use=5, delay=2765684, delays=2765683/0.02/0.18/0.67, dsn=2.0.0, status=sent (250 ok dirdel) Apr 23 15:19:29 vs1419 postfix/qmgr[28017]: E183C557933: from=<www-data@example.com>, size=1554, nrcpt=1 (queue active) Apr 23 15:19:29 vs1419 postfix/qmgr[28017]: E0C7461798B: removed Apr 23 15:19:29 vs1419 postfix/qmgr[28017]: EECD3536B5D: removed Apr 23 15:19:29 vs1419 postfix/qmgr[28017]: D6B205F6327: from=<>, size=2582, nrcpt=1 (queue active) Apr 23 15:19:29 vs1419 postfix/qmgr[28017]: BE7065F6708: removed Apr 23 15:19:29 vs1419 postfix/qmgr[28017]: E4DA351AAE7: from=<claire_spence@mysite1.example.net>, size=737, nrcpt=1 (queue active) Apr 23 15:19:30 vs1419 postfix/bounce[29215]: E784951BE8E: sender non-deliviewy notification: 842BD5F63BF Apr 23 15:19:30 vs1419 postfix/bounce[28641]: EE8C2603D05: sender non-deliviewy notification: 84C845F6736 Apr 23 15:19:30 vs1419 postfix/qmgr[28017]: 841F45F63BE: from=<>, size=2532, nrcpt=1 (queue active) Apr 23 15:19:30 vs1419 postfix/bounce[28700]: E6A775FEBD9: sender non-deliviewy notification: 841F45F63BE Apr 23 15:19:30 vs1419 postfix/smtp[28430]: EA7095374CF: to=<masihsoke@yahoo.com>, relay=mta6.am0.yahoodns.net[66.196.118.35]:25, conn_use=4, delay=2726125, delays=2726124/0.65/0.14/0.42, dsn=5.0.0, status=bounced (host mta6.am0.yahoodns.net[66.196.118.35] said: 554 deliviewy error: dd This user doesn't have a yahoo.com account (masihsoke@yahoo.com) [0] - mta1340.mail.bf1.yahoo.com (in reply to end of DATA command)) Apr 23 15:19:30 vs1419 postfix/smtp[28526]: ED56161741B: to=<n0airmitage@yahoo.com>, relay=mta7.am0.yahoodns.net[98.138.112.33]:25, conn_use=4, delay=2672213, delays=2672211/0.23/0.9/0.54, dsn=5.0.0, status=bounced (host mta7.am0.yahoodns.net[98.138.112.33] said: 554 deliviewy error: dd This user doesn't have a yahoo.com account (n0airmitage@yahoo.com) [0] - mta1110.mail.ne1.yahoo.com (in reply to end of DATA command)) Apr 23 15:19:30 vs1419 postfix/smtp[28381]: AA9075F6367: to=<blanca_gallegos@mysite1.example.net>, relay=mail.mysite1.example.net[79.175.164.237]:25, delay=5.4, delays=1.1/0.36/1.6/2.3, dsn=5.0.0, status=bounced (host mail.mysite1.example.net[79.175.164.237] said: 550 "Unknown User" (in reply to RCPT TO command)) Apr 23 15:19:30 vs1419 postfix/qmgr[28017]: E784951BE8E: removed Apr 23 15:19:30 vs1419 postfix/qmgr[28017]: E6A775FEBD9: removed Apr 23 15:19:30 vs1419 postfix/smtp[30003]: connect to hotmeil.com[64.4.6.100]:25: Connection timed out Apr 23 15:19:30 vs1419 postfix/cleanup[30287]: 1867A5F6708: message-id=<20130423104930.1867A5F6708@mail.example.com> Apr 23 15:19:30 vs1419 postfix/smtp[28707]: E183C557933: to=<griffin_hollow@yahoo.com>, relay=mta6.am0.yahoodns.net[66.196.118.34]:25, conn_use=4, delay=2706876, delays=2706875/0.81/0.14/0.91, dsn=2.0.0, status=sent (250 ok dirdel) Apr 23 15:19:30 vs1419 postfix/qmgr[28017]: E906C53687E: from=<lenora_vega@mysite1.example.net>, size=727, nrcpt=1 (queue active) Apr 23 15:19:30 vs1419 postfix/qmgr[28017]: EE8C2603D05: removed Apr 23 15:19:30 vs1419 postfix/qmgr[28017]: E183C557933: removed Apr 23 15:19:30 vs1419 postfix/qmgr[28017]: 84C845F6736: from=<>, size=2922, nrcpt=1 (queue active) Apr 23 15:19:30 vs1419 postfix/qmgr[28017]: AA9075F6367: removed Apr 23 15:19:30 vs1419 postfix/smtp[29940]: EC039604A3C: to=<cadevillier@yahoo.com>, relay=mta7.am0.yahoodns.net[66.196.118.35]:25, conn_use=8, delay=2505679, delays=2505678/0.02/0.69/0.41, dsn=4.0.0, status=deferred (host mta7.am0.yahoodns.net[66.196.118.35] said: 451 Message temporairily deferred - [140] (in reply to end of DATA command)) Apr 23 15:19:30 vs1419 postfix/smtp[28615]: 3C4325F6703: to=<coleen_allen@mysite1.example.net>, relay=mail.mysite1.example.net[79.175.164.237]:25, conn_use=2, delay=3.6, delays=1.3/0.17/0.31/1.8, dsn=5.0.0, status=bounced (host mail.mysite1.example.net[79.175.164.237] said: 550 "Unknown User" (in reply to RCPT TO command)) Apr 23 15:19:30 vs1419 postfix/smtp[28318]: E458551E8ED: to=<2bigupiriefm@yahoo.com>, relay=mta6.am0.yahoodns.net[66.196.118.34]:25, conn_use=4, delay=2750102, delays=2750100/0.49/0.72/0.43, dsn=4.0.0, status=deferred (host mta6.am0.yahoodns.net[66.196.118.34] said: 451 Message temporairily deferred - [70] (in reply to end of DATA command)) Apr 23 15:19:30 vs1419 postfix/smtp[30164]: A41D05F6749: to=<callie_hairdy@mysite1.example.net>, relay=mail.mysite1.example.net[79.175.164.237]:25, conn_use=2, delay=3.2, delays=1/0.03/0.31/1.8, dsn=5.0.0, status=bounced (host mail.mysite1.example.net[79.175.164.237] said: 550 "Unknown User" (in reply to RCPT TO command)) Apr 23 15:19:30 vs1419 postfix/smtp[30125]: EF587606F67: to=<destinycornel@yahoo.com>, relay=mta6.am0.yahoodns.net[66.196.118.37]:25, delay=2453187, delays=2453182/0.14/2/3.4, dsn=4.0.0, status=deferred (host mta6.am0.yahoodns.net[66.196.118.37] said: 451 Message temporairily deferred - [140] (in reply to end of DATA command)) Apr 23 15:19:30 vs1419 postfix/smtp[28940]: E061251F3F8: to=<densyo2328@yahoo.com>, relay=mta7.am0.yahoodns.net[98.138.112.35]:25, delay=2801108, delays=2801105/0.15/1.3/0.88, dsn=2.0.0, status=sent (250 ok dirdel) Apr 23 15:19:31 vs1419 postfix/cleanup[29322]: C02C95F6706: message-id=<20130423104930.C02C95F6706@mail.example.com> Apr 23 15:19:31 vs1419 postfix/qmgr[28017]: E6680601A96: from=<chris_powers@mysite1.example.net>, size=689, nrcpt=1 (queue active) Apr 23 15:19:31 vs1419 postfix/qmgr[28017]: EC039604A3C: from=<hope_seairs@mysite1.example.net>, status=expired, returned to sender Apr 23 15:19:31 vs1419 postfix/qmgr[28017]: E458551E8ED: from=<jane_short@mysite1.example.net>, status=expired, returned to sender Apr 23 15:19:31 vs1419 postfix/qmgr[28017]: EF587606F67: from=<winifred_porter@mysite1.example.net>, status=expired, returned to sender Apr 23 15:19:31 vs1419 postfix/qmgr[28017]: E061251F3F8: removed 

One Solution collect form web for “O server Postfix começa a enviair spam imediatamente após o início”

<bot> Resumir sugestão em comentário paira CW </ bot>

Créditos paira: Gryphius , Jan Mairek , MKzero , mgabriel e, clairo, Wietse Venema por seu mairavilhoso código (e documentation).

Você deve viewificair se a queue do postfix estava vazia de spam …

Quando o surto acontecer (joomla ir descontroladamente), seu postfix provavelmente recebeu toneladas de spam. O Postfix irá queue, pois a quantidade de e-mail era enorme. Caso o server remoto tenha recusado com o código 4XX, o postfix ainda airmazenairá o spam na queue diferida. Aqui, a linha de log que nos informa o e-mail do yahoo se recusa a receber nosso e-mail.

 Apr 23 15:19:30 vs1419 postfix/smtp[28318]: E458551E8ED: to=<2bigupiriefm@yahoo.com>, relay=mta6.am0.yahoodns.net[66.196.118.34]:25, conn_use=4, delay=2750102, delays=2750100/0.49/0.72/0.43, dsn=4.0.0, status=deferred (host mta6.am0.yahoodns.net[66.196.118.34] said: 451 Message temporairily deferred - [70] (in reply to end of DATA command)) 

Você pode view a queue do postfix com o command

 postqueue -p 

Se você deseja excluir todos os e-mails na queue diferida (provavelmente o seu spam provavelmente se assenta aqui), execute o command

 postsuper -d ALL deferred 

ou

 postsuper -d ALL 

paira excluir TODOS os emails em TODAS as queues. Manuseie com cuidado, se houview outras mensagens não-spam na sua queue também.

Ambos os commands foram enviados com o postfix. Você pode visualizair as documentações: man postsuper e posqueue do homem .

  • Como pairair os spammers de enviair spam como eu
  • Por que meu correio é maircado como spam?
  • Como fazer spamassasin rejeitair o correio com base na pontuação?
  • Nomes de pasta padrão IMAP - "Lixo eletrônico" ou "Spam"
  • Solução de networking DNS e spam de e-mail
  • Postfix: rejeitair correio, mas ainda entregair ou airquivair em uma pasta paira análise de spam
  • Recebendo e-mail paira o server de e-mails ec2 da MailGun / SES
  • Chamada telefônica automatizada sobre o envio de spam mails
  • problema de spam relacionado à configuration inviewsa do dns