서버에서 스팸이 발송됩니다.
작성자 정보
- 전민수 작성
- 작성일
컨텐츠 정보
- 3,282 조회
- 0 추천
- 목록
본문
서버에서 스팸이 계속적으로 발송되고 있습니다.
우선 급한대로 /etc/mail/access에서 relay 제한을 했지만, 근본 원인을 알고 싶습니다.
제 짧은 소견으로는 웹을 통한 스팸 메일 발송 같은데...어떤 사용자의 웹인지 알수가 없네요..
우선 메일 로그입니다.
May 17 17:12:22 idea88 sendmail[7994]: k4H8CIIr007994: ruleset=check_rcpt, arg1=<mary_xie@public1.pxptt.jx.cn>, relay=[218.234.166.70], reject
=550 5.7.1 <mary_xie@public1.pxptt.jx.cn>... Relaying denied. IP name lookup failed [218.234.166.70]
May 17 17:12:23 idea88 sendmail[7994]: k4H8CIIr007994: ruleset=check_rcpt, arg1=<rjok@yb.jl.cn>, relay=[218.234.166.70], reject=550 5.7.1 <rjo
k@yb.jl.cn>... Relaying denied. IP name lookup failed [218.234.166.70]
May 17 17:12:23 idea88 sendmail[7995]: k4H8CKIr007995: from=<fnfbgm@ms12.hinet.net>, size=2696, class=0, nrcpts=8, msgid=<5lr$s$187292-yyl$0@h
n77.z6i>, bodytype=8BITMIME, proto=SMTP, daemon=MTA, relay=219-80-29-219.static.tfn.net.tw [219.80.29.219]
May 17 17:12:23 idea88 sendmail[7994]: k4H8CIIr007994: ruleset=check_rcpt, arg1=<money@rr.com>, relay=[218.234.166.70], reject=550 5.7.1 <mone
y@rr.com>... Relaying denied. IP name lookup failed [218.234.166.70]
May 17 17:12:23 idea88 sendmail[7994]: k4H8CIIr007994: ruleset=check_rcpt, arg1=<vjju@yb.jl.cn>, relay=[218.234.166.70], reject=550 5.7.1 <vjj
u@yb.jl.cn>... Relaying denied. IP name lookup failed [218.234.166.70]
May 17 17:12:23 idea88 sendmail[7994]: k4H8CIIr007994: lost input channel from [218.234.166.70] to MTA after rcpt
May 17 17:12:23 idea88 sendmail[7994]: k4H8CIIr007994: from=<at000rhgov@i-cable.com>, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA, relay
=[218.234.166.70]
May 17 17:12:24 idea88 sendmail[7998]: k4H8CKIr007995: to=<jjmt1@ms11.hinet.net>, delay=00:00:04, xdelay=00:00:01, mailer=esmtp, pri=240515, r
elay=ms11a.hinet.net. [168.95.5.11], dsn=2.0.0, stat=Sent (QAA09346 Message accepted for delivery)
May 17 17:12:24 idea88 sendmail[7978]: k4H8BBIr007975: to=<th322890@ms10.hinet.net>, delay=00:01:12, xdelay=00:01:00, mailer=esmtp, pri=600535
, relay=ms10a.hinet.net. [168.95.5.10], dsn=4.0.0, stat=Deferred: Connection timed out with ms10a.hinet.net.
May 17 17:12:25 idea88 sendmail[7999]: ruleset=check_relay, arg1=NK219-91-92-25.adsl.dynamic.apol.com.tw, arg2=219.91.92.25, relay=NK219-91-92
-25.adsl.dynamic.apol.com.tw [219.91.92.25], reject=553 5.3.0 DENY
May 17 17:12:25 idea88 sendmail[8000]: ruleset=check_relay, arg1=NK219-91-94-196.adsl.dynamic.apol.com.tw, arg2=219.91.94.196, relay=NK219-91-
다음으로 lsof 명령어를 사용했는뎅...아래와 같은 특이 사항이 있습니다.
sendmail 6101 root 1u IPv4 279900 TCP 220.85.46.82:smtp->61-64-80-231-adsl-tpe.dynamic.so-net.net.tw:2635 (ESTABLISHED)
sendmail 6101 root 2w CHR 1,3 33756 /dev/null
sendmail 6101 root 3u unix 0xc8a1e080 64262 socket
sendmail 6101 root 4u IPv4 279900 TCP 220.85.46.82:smtp->61-64-80-231-adsl-tpe.dynamic.so-net.net.tw:2635 (ESTABLISHED)
sendmail 6101 root 5u IPv4 279900 TCP 220.85.46.82:smtp->61-64-80-231-adsl-tpe.dynamic.so-net.net.tw:2635 (ESTABLISHED)
sendmail 시작과 동시에 sendmail 프로세스가 엄청 생겨 납니다.
많은 도움 부탁드립니다.
관련자료
-
이전
-
다음