(放棄解決)REDHAT 9.0+sendmail8.12.8出現垃圾郵件的問題
最近伺服器可能是被攻擊了,現在同事每天都會收到很多垃圾郵件,大部分都是以公司郵箱後綴名發的,但是實際上這些郵箱的用戶名都是不存在的,伺服器操作系統用的是linux9.0,郵件系統是用sendmail8.12.8
登錄到伺服器上,用ps aux可以看到類似下面的很多進程
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 2285 0.0 0.3 4016 1984 ? S 12:36 0:00 sendmail: ./l9BJaRln030725 mail.gotogame.com.cn.: user open
kill掉后,又會自動生成很多類似的
請教高手一下是什麼原因,我該如何處理。
謝謝了!!!
感謝WongMokin 老大的提醒。因為這兩天事情多,沒有及時看到老大的回復,所以反饋的慢了。
因為我也是初學者,看書上是只能修改mc文件,所以我在後面回復中把mc文件的內容貼出來了,不知高手們可否根據這個mc的內容看出點問題來
回復一下7樓大哥:smtp認證沒有開啟,relay沒有取消,原因是開啟認證和取消relay后,會出現部分人員收不到郵件的故障,原因同樣不明,因為收不到是很隨機出現的,但是我用了dracd,要先收才能再發的,應該可以擋住部分垃圾郵件的
不過算了,我找了很久也沒找到辦法,還是抽時間重新裝一下系統吧,乾淨乾脆
偷懶了,讓高手們見笑了
[ 本帖最後由 abcd99 於 2007-10-25 11:14 編輯 ]
《解決方案》
:-(
難道沒人看到這個問題嗎?
《解決方案》
繼續等待中。。。。。
《解決方案》
你的 sendmail.cf 和 maillog 呢? :shock:
《解決方案》
這是我的sendmail.mc內容
# grep -v '^dnl' /etc/mail/sendmail.mc
divert(-1)dnl
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
VERSIONID(`setup for Red Hat Linux')dnl
OSTYPE(`linux')dnl
define(`confDEF_USER_ID',``8:12'')dnl
define(`confTRUSTED_USER', `smmsp')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LIST',true)dnl
define(`confDONT_PROBE_INTERFACES',true)dnl
define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl
define(`ALIAS_FILE', `/etc/aliases')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A')dnl
define(`confTO_IDENT', `0')dnl
FEATURE(`no_default_msa',`dnl')dnl
FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipients')dnl
EXPOSED_USER(`root')dnl
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
DAEMON_OPTIONS(`Port=smtp,Addr=192.168.0.1, Name=MTA')dnl
FEATURE(`accept_unresolvable_domains')dnl
LOCAL_DOMAIN(`localhost.localdomain')dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
《解決方案》
摘錄部分maillog內容
我看了一下,
Oct 19 16:12:20 host sendmail: l9J8AYoo018067: from=<jpsxh@sohu.com>, size=1079456, class=0, nrcpts=1, msgid=<001a01c81229$6ab2c900$91adfea9@pc003>, proto=SMTP, daemon=MTA, relay=ms003.new-core.com
Oct 19 16:12:21 host sendmail: l9J8AYoo018067: to=<jerry@host.com>, delay=00:01:46, xdelay=00:00:01, mailer=local, pri=1109656, dsn=2.0.0, stat=Sent
類似這兩條是正常的,其他的就搞不清楚了
下面是摘錄的部門日誌
Oct 19 16:11:25 host sendmail: l9J8BBR5018074: to=root , delay=00:00:08, xdelay=00:00:03, mailer=local, pri=34292, dsn=2.0.0, stat=Sent
Oct 19 16:11:49 host sendmail: l9J8Bkna018091: from=<crug@multexinvestornetwork.com>, size=1474, class=0, nrcpts=1, msgid=<000801c81229$015601f6$2707c191@seacmddg>, proto=ESMTP, daemon=MTA, relay=
Oct 19 16:11:49 host spamc: connect(AF_INET) to spamd at 127.0.0.1 failed, retrying (#1 of 3): Connection refused
Oct 19 16:11:50 host spamc: connect(AF_INET) to spamd at 127.0.0.1 failed, retrying (#2 of 3): Connection refused
Oct 19 16:11:51 host spamc: connect(AF_INET) to spamd at 127.0.0.1 failed, retrying (#3 of 3): Connection refused
Oct 19 16:11:52 host spamc: connection attempt to spamd aborted after 3 retries
Oct 19 16:11:52 host sendmail: l9J8Bkna018091: to=\\alex, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=61651, dsn=2.0.0, stat=Sent
Oct 19 16:11:52 host sendmail: l9J8Bkna018091: to=alex@126.com, delay=00:00:03, xdelay=00:00:00, mailer=esmtp, pri=61651, relay=mx.126.split.netease.com. , dsn=5.0.0, stat=Service unavailable
Oct 19 16:11:53 host sendmail: l9J8Bkna018091: l9J8Brna018094: DSN: Service unavailable
Oct 19 16:11:54 host sendmail: l9J8Brna018094: to=<crug@multexinvestornetwork.com>, delay=00:00:01, xdelay=00:00:01, mailer=esmtp, pri=32675, relay=minlist4.multexinvestornetwork.com. , dsn=4.0.0, stat=Deferred: Connection refused by minlist4.multexinvestornetwork.com.
Oct 19 16:12:20 host sendmail: l9J8AYoo018067: from=<jpsxh@sohu.com>, size=1079456, class=0, nrcpts=1, msgid=<001a01c81229$6ab2c900$91adfea9@pc003>, proto=SMTP, daemon=MTA, relay=ms003.new-core.com
Oct 19 16:12:21 host sendmail: l9J8AYoo018067: to=<jerry@host.com>, delay=00:01:46, xdelay=00:00:01, mailer=local, pri=1109656, dsn=2.0.0, stat=Sent
Oct 19 16:12:34 host sendmail: l9J8AYoq018068: from=<jpsxh@sohu.com>, size=1079456, class=0, nrcpts=1, msgid=<001a01c81229$6ab2c900$91adfea9@pc003>, proto=SMTP, daemon=MTA, relay=ms003.new-core.com
Oct 19 16:12:34 host sendmail: l9J8AYoq018068: to=wujw , delay=00:01:59, xdelay=00:00:00, mailer=local, pri=1109657, dsn=2.0.0, stat=Sent
Oct 19 16:12:43 host sendmail: l9J8AYYx018066: from=<jpsxh@sohu.com>, size=1079456, class=0, nrcpts=1, msgid=<001a01c81229$6ab2c900$91adfea9@pc003>, proto=SMTP, daemon=MTA, relay=ms003.new-core.com
Oct 19 16:12:43 host sendmail: l9J8AYYx018066: to=sam , delay=00:02:08, xdelay=00:00:00, mailer=local, pri=1109657, dsn=2.0.0, stat=Sent
Oct 19 16:14:45 host sendmail: l9J8EhHq018119: static-dsl-28.87-197-98.telecom.sk did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Oct 19 16:14:45 host sendmail: l9J8EhJL018120: static-dsl-28.87-197-98.telecom.sk did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Oct 19 16:14:50 host sendmail: l9J8EhZA018121: static-dsl-28.87-197-98.telecom.sk did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Oct 19 16:15:00 host sendmail: l9J8Eshj018123: from=<regina@telia.com>, size=1416, class=0, nrcpts=1, msgid=<000601c8122a$05db78b9$0acb3fa3@lqlxhai>, proto=ESMTP, daemon=MTA, relay=
Oct 19 16:15:00 host spamc: connect(AF_INET) to spamd at 127.0.0.1 failed, retrying (#1 of 3): Connection refused
Oct 19 16:15:01 host spamc: connect(AF_INET) to spamd at 127.0.0.1 failed, retrying (#2 of 3): Connection refused
Oct 19 16:15:02 host spamc: connect(AF_INET) to spamd at 127.0.0.1 failed, retrying (#3 of 3): Connection refused
Oct 19 16:15:03 host spamc: connection attempt to spamd aborted after 3 retries
Oct 19 16:15:03 host sendmail: l9J8Eshj018123: to=koudong , delay=00:00:04, xdelay=00:00:03, mailer=local, pri=31599, dsn=2.0.0, stat=Sent
《解決方案》
一周紀念日,發現新問題,請高手再看看
發現點新問題
用ps aux看了一下進程,除了以前看到了那些類似的進程
root 32506 0.0 0.3 3984 1624 ? S 16:31 0:00 sendmail: server cm
root 32522 0.1 0.3 3984 1624 ? S 16:31 0:00 sendmail: server cm
root 32523 0.0 0.3 3984 1624 ? S 16:31 0:00 sendmail: server cm
又發現一些新的異常進程
root 32595 0.0 0.3 5016 1572 ? S 16:31 0:00 sshd:
sshd 32596 0.0 0.3 5020 1600 ? S 16:31 0:00 sshd:
kill的話,永遠都說沒有哪個進程
# kill -9 32577
-bash: kill: (32595) - 沒有那個進程
# kill -9 32576
-bash: kill: (32596) - 沒有那個進程
但是再次 ps的話,類似進程還是會出現,就是進程號不同了
root 32617 20.0 0.3 5032 1596 ? S 16:32 0:00 sshd:
sshd 32618 5.0 0.3 5024 1648 ? S 16:32 0:00 sshd:
《解決方案》
開啟smtp認證了沒
去掉Relay功能了沒
