Postfix服务器从本地发送垃圾邮件,难道是被入侵了?
前几日在Linode的VPS(Ubuntu 12.04TLS)上尝试着搭建了Postfix服务器(特别注意了不是open relay的)。
昨天被Linode通知我的vps发送垃圾邮件,
postqueue -p
发现postqueue中有多封莫名其妙的邮件,日志如下:
13:36 SJB postfix/smtpd[10218]: connect from localhost[127.0.0.1]
Jan 22 05:13:48 SJB postfix/smtpd[10218]: CA2ED550F6: client=localhost[127.0.0.1]
Jan 22 05:14:03 SJB postfix/anvil[7395]: statistics: max connection rate 1/60s for (smtp:222.205.15.65) at Jan 22 05:08:18
Jan 22 05:14:03 SJB postfix/anvil[7395]: statistics: max connection count 1 for (smtp:222.205.15.65) at Jan 22 05:08:18
Jan 22 05:14:03 SJB postfix/anvil[7395]: statistics: max cache size 1 at Jan 22 05:08:18
Jan 22 05:14:06 SJB postfix/cleanup[10318]: CA2ED550F6: message-id=<S[20
Jan 22 05:14:07 SJB postfix/qmgr[1414]: CA2ED550F6: from=<[email protected]>, size=330, nrcpt=3 (queue active)
Jan 22 05:14:07 SJB postfix/smtp[10413]: warning: numeric domain name in resource data of MX record for ilynxcontent.com: 127.0
.0.1
Jan 22 05:14:07 SJB postfix/smtp[10413]: CA2ED550F6: to=<[email protected]>, relay=none, delay=23, delays=22/0.01/0.5
9/0, dsn=5.4.6, status=bounced (mail for ilynxcontent.com loops back to myself)
Jan 22 05:14:07 SJB postfix/smtp[10413]: CA2ED550F6: to=<[email protected]>, relay=none, delay=23, delays=22/0.01/0.59
/0, dsn=5.4.6, status=bounced (mail for ilynxcontent.com loops back to myself)
Jan 22 05:14:07 SJB postfix/smtp[10413]: CA2ED550F6: to=<[email protected]>, relay=none, delay=23, delays=22/0.01/0
.59/0, dsn=5.4.6, status=bounced (mail for ilynxcontent.com loops back to myself)
Jan 22 05:14:07 SJB postfix/cleanup[10318]: C259055102: message-id=<[email protected]>
Jan 22 05:14:07 SJB postfix/bounce[10414]: CA2ED550F6: sender non-delivery notification: C259055102
Jan 22 05:14:07 SJB postfix/qmgr[1414]: C259055102: from=<>, size=2789, nrcpt=1 (queue active)
Jan 22 05:14:07 SJB postfix/qmgr[1414]: CA2ED550F6: removed
通过
last
查看登陆日志,除了自己没有其他人登陆过。登陆IP都是自己的常用IP。
但是,这些垃圾邮件及感染是从localhost上发送的,而我自己确保没有做过类似的操作。
这个状况,是不是意味着我的VPS被入侵了呢?该怎么检测和解决呢?现在已经无法发出邮件了,被许多检查垃圾邮件的组织封锁IP了><...。
自己对于运维没有经验,现在不知道下一步怎么办了,请各位指点。多谢了!
Joumey
10 years ago
