seit einem Tag wird mein Server zum Versenden von Spam verwendet. Ich verwende die Amazon Linux-Distribution (basierend auf RedHat). Sie hat Sendmail 8.14.4. Sie ist so eingerichtet, dass Authentifizierung, SSL usw. erforderlich sind. Nachfolgend finden Sie einige Auszüge aus dem Protokoll und der Warteschlange. Wie kann ich herausfinden, was los ist, und es beheben?
Sep 10 21:57:03 ps-aws-p1 sendmail[11662]: r8AJtH4r011662: from=<[email protected]>, size=464, class=0, nrcpts=10, msgid=<[email protected]>, proto=ESMTP, daemon=TLSMTA, relay=dsl-189-187-243-152-dyn.prod-infinitum.com.mx [189.187.243.152] (may be forged)
Sep 10 21:57:12 ps-aws-p1 sendmail[11781]: r8AJtH4r011662: to=<[email protected]>, delay=00:00:18, xdelay=00:00:09, mailer=esmtp, pri=390464, relay=mailin-01.mx.aol.com. [205.188.159.42], dsn=5.1.1, stat=User unknown
Sep 10 21:57:19 ps-aws-p1 sendmail[11781]: r8AJtH4r011662: to=<[email protected]>, delay=00:00:25, xdelay=00:00:03, mailer=esmtp, pri=390464, relay=mx1.earthlink.net. [209.86.93.226], dsn=2.0.0, stat=Sent (1vju3P5qX3Nl34d0 Message accepted for delivery)
Sep 10 21:57:20 ps-aws-p1 sendmail[11781]: r8AJtH4r011662: to=<[email protected]>, delay=00:00:26, xdelay=00:00:01, mailer=esmtp, pri=390464, relay=gmail-smtp-in.l.google.com. [74.125.136.27], dsn=2.0.0, stat=Sent (OK 1378843040 x42si1080567eel.116 - gsmtp)
Sep 10 21:57:21 ps-aws-p1 sendmail[11781]: r8AJtH4r011662: to=<[email protected]>, delay=00:00:27, xdelay=00:00:01, mailer=esmtp, pri=390464, relay=mx2.hotmail.com. [65.55.37.88], dsn=5.1.1, stat=User unknown
Sep 10 21:57:22 ps-aws-p1 sendmail[11781]: r8AJtH4r011662: to=<[email protected]>,<[email protected]>, delay=00:00:28, xdelay=00:00:02, mailer=esmtp, pri=390464, relay=mx2.hotmail.com. [65.55.37.88], dsn=2.0.0, stat=Sent ( <[email protected]> Queued mail for delivery)
Sep 10 21:57:24 ps-aws-p1 sendmail[11781]: r8AJtH4r011662: to=<[email protected]>, delay=00:00:30, xdelay=00:00:02, mailer=esmtp, pri=390464, relay=zeno.mx25.net. [207.210.234.36], dsn=2.0.0, stat=Sent (893 bytes received in 00:00:00; Message id 201309101457230095 accepted for delivery)
Sep 10 21:57:25 ps-aws-p1 sendmail[11781]: r8AJtH4r011662: to=<[email protected]>, delay=00:00:31, xdelay=00:00:01, mailer=esmtp, pri=390464, relay=mx1.seznam.cz. [77.75.76.42], dsn=4.3.5, stat=Deferred: 451 4.3.5 Temporarily unavailable, try again later.
Sep 10 21:57:26 ps-aws-p1 sendmail[11781]: r8AJtH4r011662: to=<[email protected]>, delay=00:00:32, xdelay=00:00:02, mailer=esmtp, pri=390464, relay=mx2.seznam.cz. [77.75.76.32], dsn=4.3.5, stat=Deferred: 451 4.3.5 Temporarily unavailable, try again later.
Sep 10 21:57:28 ps-aws-p1 sendmail[11781]: r8AJtH4r011662: to=<[email protected]>,<[email protected]>, delay=00:00:34, xdelay=00:00:02, mailer=esmtp, pri=390464, relay=mta5.am0.yahoodns.net. [98.138.112.34], dsn=2.0.0, stat=Sent (ok dirdel 1/1)
Sep 10 21:57:28 ps-aws-p1 sendmail[11781]: r8AJtH4r011662: r8AJvS4i011781: DSN: User unknown
> V8 T1378843014 K0 N0 P300464 Fbs
> $_dsl-189-187-243-152-dyn.prod-infinitum.com.mx [189.187.243.152] (may
> be forged) $rESMTP $saambanyoqp ${daemon_flags}s a
> ${if_addr}10.246.123.145 S<[email protected]> rRFC822;
> [email protected] RPFD:<[email protected]> rRFC822;
> [email protected] RPFD:<[email protected]> rRFC822;
> [email protected] RPFD:<[email protected]> rRFC822;
> [email protected] RPFD:<[email protected]> rRFC822;
> [email protected] RPFD:<[email protected]>
> rRFC822; [email protected]
> RPFD:<[email protected]> rRFC822; [email protected]
> RPFD:<[email protected]> rRFC822; [email protected] RPFD:<[email protected]>
> rRFC822; [email protected] RPFD:<[email protected]> rRFC822;
> [email protected] RPFD:<[email protected]> H?P?Return-Path:
> <<81>g> H??Received: from aambanyoqp
> (dsl-189-187-243-152-dyn.prod-infinitum.com.mx [189.187.243.152] (may
> be forged))
> (authenticated bits=0)
> by ps-aws-p1.project-syndicate.org (8.14.4/8.14.4) with ESMTP id r8AJtH4r011662
> (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO);
> Tue, 10 Sep 2013 21:56:54 +0200 H?M?Message-Id: <[email protected]>
> H??Subject: H??From: "Wri Jm" <[email protected]> H??To:
> <[email protected]>, <[email protected]>,
> <[email protected]>, <[email protected]>,
> <[email protected]>, <[email protected]>, <[email protected]>,
> <[email protected]>, <[email protected]>,
> <[email protected]> H??Date: Tue, 10 Sep 2013 20:47:12 -0700 H??Mime-Version: 1.0 H??Content-Type: text/plain; charset="utf-7"
Antwort1
Sehr wahrscheinlich wurden SMTP-Passwörter kompromittiert.
Sorgen Sie dafür, dass Ihr Sendmail die verwendeten SMTP-AUTH-Anmeldeinformationen protokolliert - erhöhen Sie den LogLevel auf 10. Die erforderliche sendmail.mc-Zeile:
define(`confLOG_LEVEL', `10')dnl
sendmail.mc muss in sendmail.cf neu kompiliert werden. Der Sendmail-Daemon musste neu gestartet werden (oder es musste ein HUP-Signal gesendet werden), um die neue Version von sendmail.cf „zusehen“.