리눅스

센드메일 스팸

이영식 작성
작성일 2003.01.18 12:34

2,175 조회
0 추천
목록

저희 서버가 센드메일 8.11.3 입니다.
현재 우리서버가 스펨메일 서버로 사용되고 잇는듯 합니다..
센드메일이 쉴세없이 가동되고 메모리도 많이 차지하고..
메일계정을 사용중이라 정지시키지두 못하고..
스펨 메일러는...
hinet.net.tw 라는 곳의 도메인 이름으로 계속 접속되서 보내지는 듯합니다.
제가 서버운영은 처음이라 머가먼진 잘 모름니다.
메일이 루트(root).로 자꾸 쌓여서.. 하루만 지나면 10000통정도 (용량은 약 300~400메가)
로고도 엄청나게 쌓이죠..많이 보내지니까..
한동안은 괜찮았는데 이번주부터 다시 시작됐습니다..
작년 8월경에는 서버가 다운이 몇차례있었구요..

내용좀 보구 좀 분석 좀 해주시면 감사.. ---;;;

쓰기보다 내용을 보여드리는가 좋을거 같아 ..첨부
==============================================================
다음은 루트로 오는 메일의 제목
==============================================================
[root@????? /root]# mail
Mail version 8.1 6/6/93. Type ? for help.
"/var/spool/mail/root": 55 messages 55 new
>N 1 MAILER-DAEMON@localh Sat Jan 18 11:40 139/5901 "Postmaster notify: se"
N 2 MAILER-DAEMON@localh Sat Jan 18 11:41 137/6139 "Postmaster notify: se"
N 3 MAILER-DAEMON@localh Sat Jan 18 11:41 137/5903 "Postmaster notify: se"
N 4 MAILER-DAEMON@localh Sat Jan 18 11:41 67/2483 "Postmaster notify: se"
N 5 MAILER-DAEMON@localh Sat Jan 18 11:41 137/6156 "Postmaster notify: se"
N 6 MAILER-DAEMON@localh Sat Jan 18 11:41 137/5923 "Postmaster notify: se"
N 7 MAILER-DAEMON@localh Sat Jan 18 11:41 139/5729 "Postmaster notify: se"
N 8 MAILER-DAEMON@localh Sat Jan 18 11:41 137/6065 "Postmaster notify: se"
==============================================================
다음은 메세지 확인 내용
==============================================================
Message 1:
From MAILER-DAEMON@localhost.localdomain Sat Jan 18 11:36:14 2003
Date: Sat, 18 Jan 2003 11:36:14 +0900
From: Mail Delivery Subsystem <MAILER-DAEMON@localhost.localdomain>
To: postmaster@localhost.localdomain
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="h0I2aCN21894.1042857374/localhost.localdomain"
Subject: Postmaster notify: see transcript for details
Auto-Submitted: auto-generated (postmaster-notification)

This is a MIME-encapsulated message

--h0I2aCN21894.1042857374/localhost.localdomain

The original message was received at Sat, 18 Jan 2003 11:36:12 +0900
from localhost
with id h0I2aCM21894

----- The following addresses had permanent fatal errors -----
<tqxor.dzn0v@yahoo.com>
(reason: 554 delivery error: dd This user doesn't have a yahoo.com account (
tqxor.dzn0v@yahoo.com) [0] - mta161.mail.scd.yahoo.com)

----- Transcript of session follows -----
... while talking to mx2.mail.yahoo.com.:
>>> DATA
<<< 554 delivery error: dd This user doesn't have a yahoo.com account (tqxor.dzn
0v@yahoo.com) [0] - mta161.mail.scd.yahoo.com
554 5.0.0 <tqxor.dzn0v@yahoo.com>... Service unavailable

--h0I2aCN21894.1042857374/localhost.localdomain
Content-Type: message/delivery-status

Reporting-MTA: dns; localhost.localdomain
Received-From-MTA: DNS; swtp74-64-18.adsl.seed.net.tw
Arrival-Date: Sat, 18 Jan 2003 11:36:12 +0900

Final-Recipient: RFC822; tqxor.dzn0v@yahoo.com
Action: failed
Status: 5.0.0
Remote-MTA: DNS; mx2.mail.yahoo.com
Diagnostic-Code: SMTP; 554 delivery error: dd This user doesn't have a yahoo.com
account (tqxor.dzn0v@yahoo.com) [0] - mta161.mail.scd.yahoo.com
Last-Attempt-Date: Sat, 18 Jan 2003 11:36:14 +0900

--h0I2aCN21894.1042857374/localhost.localdomain
Content-Type: message/rfc822

Return-Path: <MAILER-DAEMON>
Received: from localhost (localhost)
        by localhost.localdomain (8.11.3/8.11.3) id h0I2aCM21894;
        Sat, 18 Jan 2003 11:36:12 +0900
Date: Sat, 18 Jan 2003 11:36:12 +0900
From: Mail Delivery Subsystem <MAILER-DAEMON>
Message-Id: <200301180236.h0I2aCM21894@localhost.localdomain>
To: <tqxor.dzn0v@yahoo.com>
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
        boundary="h0I2aCM21894.1042857372/localhost.localdomain"
Content-Transfer-Encoding: 8bit
Subject: Returned mail: see transcript for details
Auto-Submitted: auto-generated (failure)

This is a MIME-encapsulated message

--h0I2aCM21894.1042857372/localhost.localdomain

The original message was received at Sat, 18 Jan 2003 11:36:07 +0900
from swtp74-64-18.adsl.seed.net.tw [211.74.64.18]

----- The following addresses had permanent fatal errors -----
<9220333a@yahoo.com.tw>
(reason: 554 delivery error: dd This user doesn't have a yahoo.com.tw accoun
t (9220333a@yahoo.com.tw) [0] - mta109.mail.tpe.yahoo.com)

----- Transcript of session follows -----
... while talking to mta.mail.tpe.yahoo.com.:
>>> DATA
<<< 554 delivery error: dd This user doesn't have a yahoo.com.tw account (922033
3a@yahoo.com.tw) [0] - mta109.mail.tpe.yahoo.com
554 5.0.0 <9220333a@yahoo.com.tw>... Service unavailable

--h0I2aCM21894.1042857372/localhost.localdomain
Content-Type: message/delivery-status

Reporting-MTA: dns; localhost.localdomain
Received-From-MTA: DNS; swtp74-64-18.adsl.seed.net.tw
Arrival-Date: Sat, 18 Jan 2003 11:36:07 +0900

Final-Recipient: RFC822; 9220333a@yahoo.com.tw
Action: failed
Status: 5.0.0
Remote-MTA: DNS; mta.mail.tpe.yahoo.com
Diagnostic-Code: SMTP; 554 delivery error: dd This user doesn't have a yahoo.com
.tw account (9220333a@yahoo.com.tw) [0] - mta109.mail.tpe.yahoo.com
Last-Attempt-Date: Sat, 18 Jan 2003 11:36:12 +0900

--h0I2aCM21894.1042857372/localhost.localdomain
Content-Type: message/rfc822
Content-Transfer-Encoding: 8bit

Return-Path: <tqxor.dzn0v@yahoo.com>
Received: from 154.40.98.254 (swtp74-64-18.adsl.seed.net.tw [211.74.64.18])
        by localhost.localdomain (8.11.3/8.11.3) with ESMTP id h0I2a5M21886
        for <9220333a@yahoo.com.tw>; Sat, 18 Jan 2003 11:36:07 +0900
Message-Id: <200301180236.h0I2a5M21886@localhost.localdomain>
From: =?Big5?B?sN2o96SkpN8=?= <tqxor.dzn0v@yahoo.com>
Subject: =?Big5?B?tvGt07jqrsanWbBluXGwyqT6qOo=?=
                                                 01/18
To: =?Big5?B?sKqu+LZPsdq4cw==?= <9220333a@yahoo.com.tw>
Content-Type: text/html;
        charset="CHINESEBIG5"
Sender: "격⅓ㄴㅯ" <tqxor.dzn0v@yahoo.com>
Reply-To: tqxor.dzn0v@yahoo.com
Date: Sat, 18 Jan 2003 11:03:58 +0800
X-Priority: 3
X-Library: Indy 9.00.10
X-Mailer: Microsoft Outlook Express 5.00.2919.6700
X-MimeOLE: Produced By Mircosoft MimeOLE V6.00.2600.0000

<HTML>

<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=big5">
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<META http-equiv=Content-Type content="text/html; charset=big5">
<META content="Microsoft FrontPage 5.0" name=GENERATOR></HEAD>
<BODY><IFRAME name=ticker align=center marginWidth=0 marginHeight
=0
src="http://%64%34%6E%30%31%30%50%72%39%72%4B%38%49%37%39%56%4D%43%55%70%62%6A%5
6%48%69%58%6B%31%50%63%4B%63%6E%49%73%48%4A%72%47%71%4F%58%48%79%66%51%33%5A%43%
6C%78%55%75%70%4E%4B%79%6B%39%75%31%6D%37%53%4A%75%79%4C%5A%49%77%6D%46%56%78%62
%4B%38%44%65%75%35%52%72%46%42%32%68%4D%34%71%67%36%57%71%4D%49%63%56%69%43%31%4
E%68%63%6C%79%49%35%57%53%35%37%53%78%54%35%53%72%4A%37%66%33%48%35%54%70%66%52%
55%4A%77%4A%77%6F%36%6B%38%73%66%37%47%6E%68%6D%73%42%63%44%73%37%49%61%31%6C@%7
7%77%77%2E%68%79%77%61%79%2E%74%77%6D%61%69%6C%2E%6F%72%67/%62%72%75%73%68/%69%6
E%64%65%78%2E%68%74%6D%6C" frameBorder=0 width="100%" scrolling=no height="3550"
></IFRAME></BODY></HTML>

--h0I2aCM21894.1042857372/localhost.localdomain--

======================================
netstat로 확인하면 다음과 같이
======================================
[root@????? /root]# netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 211.229.???.???:http    218.53.147.148:3706     SYN_RECV
tcp        0      0 211.229.???.???:47182   ms22a.hinet.net:smtp    TIME_WAIT
tcp        0      0 211.229.???.???:47123   203.236.43.149:smtp     ESTABLISHED
tcp        0      0 211.229.???.???:47197   NK210-201-71-3.fx.:smtp TIME_WAIT
tcp        0      0 211.229.???.???:http    211.192.34.150:65061    TIME_WAIT
tcp        0      0 211.229.???.???:http    211.192.34.150:65410    TIME_WAIT
tcp        0      0 211.229.???.???:47192   mx.seed.net.tw:smtp     TIME_WAIT
tcp        0      0 211.229.???.???:47175   mx.seed.net.tw:smtp     ESTABLISHED
tcp        0      0 211.229.???.???:http    218.53.147.148:3685     TIME_WAIT
tcp        0      1 211.229.???.???:46948   mc2.law16.hotmail.:smtp FIN_WAIT1
tcp        0      1 211.229.???.???:46948   mc2.law16.hotmail.:smtp FIN_WAIT1
tcp        0      0 211.229.???.???:http    211.192.34.150:64494    TIME_WAIT
tcp        0      0 211.229.???.???:http    218.53.147.148:3688     TIME_WAIT
tcp        0      0 211.229.???.???:http    218.53.147.148:3689     TIME_WAIT
tcp        0      0 211.229.???.???:http    218.53.147.148:3659     TIME_WAIT
tcp        0      0 211.229.???.???:47177   mc4.law16.hotmail.:smtp TIME_WAIT
tcp        0      0 211.229.???.???:http    211.192.34.150:65067    TIME_WAIT
tcp        0      0 211.229.???.???:47183   mx.pchome.com.tw:smtp   ESTABLISHED
tcp        0      0 211.229.???.???:47100   203.236.43.149:smtp     TIME_WAIT
tcp        0      0 211.229.???.???:http    211.192.34.150:64521    TIME_WAIT
tcp        0      0 211.229.???.???:47186   ms7a.hinet.net:smtp     TIME_WAIT
tcp        0      0 211.229.???.???:http    211.192.34.150:64919    TIME_WAIT
tcp        0     54 211.229.???.???:smtp    c91.h061013178.is.:1531 ESTABLISHED
tcp        0      0 211.229.???.???:http    218.53.147.148:3698     FIN_WAIT2
tcp        0      0 211.229.???.???:47201   ms69a.hinet.net:smtp    ESTABLISHED
tcp        0     54 211.229.???.???:smtp    swtp74-54-182.adsl:3790 ESTABLISHED
tcp        0      1 211.229.???.???:46990   mc3.law16.hotmail.:smtp FIN_WAIT1
tcp        0      1 211.229.???.???:47187   myetwebs.com:smtp       SYN_SENT
tcp       30      0 211.229.???.???:47124   smtp.sayclub.com:smtp   CLOSE_WAIT
tcp        0      0 211.229.???.???:http    211.192.34.150:65340    TIME_WAIT
tcp        0    656 211.229.???.???:telnet 211.110.133.10:42162    ESTABLISHED
tcp        0      1 211.229.???.???:47178   mc8.law1.hotmail.c:smtp SYN_SENT
tcp        0      1 211.229.???.???:47191   mc8.law1.hotmail.c:smtp SYN_SENT
tcp        0      1 211.229.???.???:47184   as1po35.tt.ficnet.:smtp SYN_SENT
tcp        0      0 211.229.???.???:http    211.192.34.150:64984    TIME_WAIT
tcp        0   1559 211.229.???.???:http    218.53.147.148:3711     FIN_WAIT1
tcp        0      0 211.229.???.???:http    211.192.34.150:65241    TIME_WAIT
tcp        0      0 211.229.???.???:http    211.192.34.150:65241    TIME_WAIT

====================================================================
예전에 스펨릴레이른 제한하려고 ..
access 파일에 아이피데를 외국 국의 모두 써두었었는데 --;; 그래두 오더라구요..

정신없슴..

====================================================================
다음은 메일 로그 ..
====================================================================
[root@????? log]# cat maillog
Jan 18 12:01:45 ????? sendmail[27400]: h0I31dM27400: from=<10xjq.hvz1n@hotmail
.com>, size=1754, class=0, nrcpts=1, msgid=<200301180301.h0I31dM27400@localhost.
localdomain>, proto=ESMTP, daemon=MTA, relay=swtp74-64-46.adsl.seed.net.tw [211.
74.64.46]
Jan 18 12:01:45 ????? sendmail[27408]: h0I31dM27400: SMTP outgoing connect on
[211.229.???.???]
Jan 18 12:01:45 ????? sendmail[27406]: h0I31eM27402: to=<freeshadow@so-net.net
.tw>, delay=00:00:04, xdelay=00:00:01, mailer=esmtp, pri=157272, relay=mail.so-n
et.net.tw. [61.64.127.16], dsn=2.0.0, stat=Sent (Message accepted for delivery)
Jan 18 12:01:46 ????? sendmail[27406]: h0I31eM27402: SMTP outgoing connect on
[211.229.???.???]
Jan 18 12:01:47 ????? sendmail[27408]: h0I31dM27400: to=<zido@hotmail.com>, de
lay=00:00:07, xdelay=00:00:02, mailer=esmtp, pri=31754, relay=mx1.hotmail.com. [
65.54.252.99], dsn=2.0.0, stat=Sent ( <200301180301.h0I31dM27400@localhost.local
domain> Queued mail for delivery)
Jan 18 12:01:47 ????? sendmail[27408]: h0I31dM27400: done; delay=00:00:07, ntr
ies=1
Jan 18 12:01:47 ????? sendmail[27393]: h0I31PM27387: SMTP outgoing connect on
[211.229.???.???]
Jan 18 12:01:47 ????? sendmail[27406]: h0I31eM27402: to=<freesia_hsieh@hotmail
.com>, delay=00:00:06, xdelay=00:00:02, mailer=esmtp, pri=157272, relay=mx2.hotm
ail.com. [65.54.166.230], dsn=2.0.0, stat=Sent ( <200301180301.h0I31eM27402@loca
lhost.localdomain> Queued mail for delivery)
Jan 18 12:01:47 ????? sendmail[27406]: h0I31eM27402: SMTP outgoing connect on
[211.229.???.???]
Jan 18 12:01:48 ????? sendmail[27406]: h0I31eM27402: to=<freesky0@yahoo.com.tw
>, delay=00:00:07, xdelay=00:00:01, mailer=esmtp, pri=157272, relay=mta.mail.tpe
.yahoo.com. [202.1.238.78], dsn=5.0.0, stat=Service unavailable
Jan 18 12:01:48 ????? sendmail[27406]: h0I31eM27402: SMTP outgoing connect on
[211.229.???.???]
Jan 18 12:01:48 ????? sendmail[24610]: h0I2pMR24610: SMTP outgoing connect on
[211.229.???.???]
Jan 18 12:01:49 ????? sendmail[24610]: h0I2pMR24610: to=<mcvvk.49sb5@yahoo.com
>, delay=00:00:06, xdelay=00:00:06, mailer=esmtp, pri=31260, relay=mx1.mail.yaho
o.com. [64.157.4.83], dsn=5.0.0, stat=Service unavailable
Jan 18 12:01:49 ????? sendmail[24610]: h0I2pMR24610: alias MAILER-DAEMON => po
stmaster
Jan 18 12:01:49 ????? sendmail[24610]: h0I2pMR24610: alias postmaster => root
Jan 18 12:01:49 ????? sendmail[24610]: h0I2pMR24610: alias postmaster => root
Jan 18 12:01:49 ????? sendmail[24610]: h0I2pMR24610: h0I2pMS24610: return to s
ender: Service unavailable
Jan 18 12:01:49 ????? sendmail[24610]: h0I2pMS24610: to=root, delay=00:00:00,
xdelay=00:00:00, mailer=local, pri=31360, dsn=2.0.0, stat=Sent
Jan 18 12:01:49 ????? sendmail[24610]: h0I2pMS24610: done; delay=00:00:00, ntr
ies=1
Jan 18 12:01:49 ????? sendmail[24610]: h0I2pMR24610: done; delay=00:00:06, ntr
ies=1
Jan 18 12:01:49 ????? sendmail[24610]: h0HMYEW21071: to=<wu888999@ucs.com.tw>,
delay=04:27:33, xdelay=00:00:00, mailer=esmtp, pri=481719, relay=smtp.ucs.com.t
w., dsn=4.0.0, stat=Deferred: Connection refused by smtp.ucs.com.tw.
Jan 18 12:01:49 ????? sendmail[24610]: h0HMYEW21071: h0I2pMT24610: sender noti
fy: Warning: could not send message for past 4 hours
Jan 18 12:01:50 ????? sendmail[27409]: h0I31jM27409: from=<168freeze-mountain@
ms15.hinet.net>, size=7296, class=0, nrcpts=3, msgid=<200301180301.h0I31jM27409@
localhost.localdomain>, proto=ESMTP, daemon=MTA, relay=c91.h061013178.is.net.tw
[61.13.178.91]
Jan 18 12:01:50 ????? sendmail[27421]: h0I31jM27409: SMTP outgoing connect on
[211.229.???.???]
Jan 18 12:01:50 ????? sendmail[27421]: h0I31jM27409: to=<freeze-mountain@pchom
e.com.tw>, delay=00:00:03, xdelay=00:00:00, mailer=esmtp, pri=97296, relay=mx.pc
home.com.tw. [211.20.188.150], dsn=4.0.0, stat=Deferred: 451 qq write error or d
isk full (#4.3.0)
Jan 18 12:01:50 ????? sendmail[27421]: h0I31jM27409: SMTP outgoing connect on
[211.229.???.???]
Jan 18 12:01:51 ????? sendmail[24610]: h0I2pMT24610: to=<9dcqv.6j7j3@yahoo.com
>, delay=00:00:02, xdelay=00:00:01, mailer=esmtp, pri=31260, relay=mx1.mail.yaho
o.com. [64.157.4.83], dsn=5.0.0, stat=Service unavailable
Jan 18 12:01:51 ????? sendmail[24610]: h0I2pMT24610: alias MAILER-DAEMON => po
stmaster
Jan 18 12:01:51 ????? sendmail[24610]: h0I2pMT24610: alias postmaster => root
Jan 18 12:01:51 ????? sendmail[24610]: h0I2pMT24610: alias postmaster => root
Jan 18 12:01:51 ????? sendmail[24610]: h0I2pMT24610: h0I2pMU24610: return to s
ender: Service unavailable
Jan 18 12:01:51 ????? sendmail[24610]: h0I2pMU24610: to=root, delay=00:00:00,
xdelay=00:00:00, mailer=local, pri=31360, dsn=2.0.0, stat=Sent
Jan 18 12:01:51 ????? sendmail[24610]: h0I2pMU24610: done; delay=00:00:00, ntr
ies=1
Jan 18 12:01:51 ????? sendmail[24610]: h0I2pMT24610: done; delay=00:00:02, ntr
ies=1
Jan 18 12:01:51 ????? sendmail[24610]: h0HM4XW18813: to=<6968282@ucs.com.tw>,
delay=04:57:17, xdelay=00:00:00, mailer=esmtp, pri=481719, relay=smtp.ucs.com.tw
., dsn=4.0.0, stat=Deferred: Connection refused by smtp.ucs.com.tw.
Jan 18 12:01:51 ????? sendmail[24610]: h0HM4XW18813: h0I2pMV24610: sender noti
fy: Warning: could not send message for past 4 hours

===============================================================
위에 로고는 새로 지우고 만든검다... 다우됫을당시에는 무려 2기가에 가까운 로고가 잇엇슴.. 위에는 hinet.net 이 없는데 제 일 많은 곳이 hinet.net 입니다.

================================================================

이거의 내용을 좀... 분석좀 해주시면 감사하겠습니다..

저두 무지하게 답답해서 이렇게 메일을.. --;;;;

우리서버가 스펨메일서버(전송서버)로 이용되는건지?
아니면 단순히 스펨메일을 받는것인지..

한심한 --;;;...

이전

[질문] 메일이 리턴되어 옵니다.

작성일 2003.01.18 15:22
다음

센드메일 스팸

작성일 2004.06.02 18:47

등록된 댓글이 없습니다.

로그인한 회원만 댓글 등록이 가능합니다.

메뉴
검색
클라우드포털

센드메일 스팸

공지사항

뉴스광장

작성자 정보

컨텐츠 정보

본문

관련자료

공지사항

뉴스광장