We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
Do not send or receive emails from Exim4
Do not send or receive emails from Exim4
Debian 8.9 - VestaCP 0.9.8 (amd64)
Hello! Already 3 day I struggle to earn mail, help who than can.
There was a hacking on the server, after which the letters stopped sending and coming. On each of the domain directories, malicious scripts * .php have been introduced.
The method of random writing commands found that in Exim a queue of 300K letters (deleted). But the letters still do not go away and do not come.
Here are some logs from the server.
var/log/exim4/mainlog
var/log/exim4/rejectlog.1
netstat -ntlp | grep LISTEN
Заголовки одного из писем которые попадают в очередь exim
Thankyou.
Hello! Already 3 day I struggle to earn mail, help who than can.
There was a hacking on the server, after which the letters stopped sending and coming. On each of the domain directories, malicious scripts * .php have been introduced.
The method of random writing commands found that in Exim a queue of 300K letters (deleted). But the letters still do not go away and do not come.
Here are some logs from the server.
var/log/exim4/mainlog
Code: Select all
2017-11-29 09:18:09 1eJnt3-0000jl-PL alt4.gmail-smtp-in.l.google.com [2607:f8b0:400e:c04::1b] Network is unreachable
2017-11-29 09:18:09 1eJnt3-0000jl-PL == [email protected] R=dnslookup T=remote_smtp defer (101): Network is unreachable
2017-11-29 09:20:16 1eJnbw-0001gI-Pd mx13.i.ua [213.186.119.6] Connection timed out
2017-11-29 09:20:16 1eJnbw-0001gI-Pd == [email protected] R=dnslookup T=remote_smtp defer (110): Connection timed out
2017-11-29 09:20:16 1eJvCW-0007hz-4N == [email protected] R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host
2017-11-29 09:22:24 1eJnbd-0001cl-3Z gmail-smtp-in.l.google.com [64.233.166.27] Connection timed out
2017-11-29 09:24:31 1eJnbd-0001cl-3Z alt1.gmail-smtp-in.l.google.com [64.233.162.26] Connection timed out
2017-11-29 09:24:31 1eJnbd-0001cl-3Z == [email protected] R=dnslookup T=remote_smtp defer (110): Connection timed out
2017-11-29 09:24:31 1eJvSE-0007ra-6e == [email protected] R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host
2017-11-29 09:24:31 1eJnEm-0000xf-EH == [email protected] R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host
2017-11-29 09:24:31 1eJw8r-0008Nb-Ti == [email protected] R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host
2017-11-29 09:24:31 1eJnHz-0000y5-Vh gmail-smtp-in.l.google.com [2a00:1450:400c:c09::1a] Network is unreachable
2017-11-29 09:26:38 1eJnHz-0000y5-Vh gmail-smtp-in.l.google.com [64.233.166.26] Connection timed out
2017-11-29 09:26:38 1eJnHz-0000y5-Vh == [email protected] R=dnslookup T=remote_smtp defer (110): Connection timed out
2017-11-29 09:26:38 1eJuqs-0007N8-81 == [email protected] R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host
2017-11-29 09:26:38 1eJwPp-00005d-DY == [email protected] R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host
2017-11-29 09:26:38 End queue run: pid=3663
2017-11-29 09:36:47 1eJxrL-0001WS-Cl <= [email protected] U=Sisadin P=local S=2590 [email protected]
2017-11-29 09:36:47 1eJxrL-0001WS-Cl alt1.gmail-smtp-in.l.google.com [2a00:1450:4010:c05::1a] Network is unreachable
2017-11-29 09:36:47 1eJxrL-0001WS-Cl == [email protected] R=dnslookup T=remote_smtp defer (101): Network is unreachable
2017-11-29 09:41:47 Start queue run: pid=6280
2017-11-29 09:43:54 1eJnYv-0001am-Cg alt1.gmail-smtp-in.l.google.com [64.233.162.26] Connection timed out
2017-11-29 09:46:02 1eJnYv-0001am-Cg alt3.gmail-smtp-in.l.google.com [74.125.204.27] Connection timed out
2017-11-29 09:46:02 1eJnYv-0001am-Cg == [email protected] R=dnslookup T=remote_smtp defer (110): Connection timed out
2017-11-29 09:46:02 1eJuqs-0007N8-81 == [email protected] R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host
2017-11-29 09:46:02 1eJw8r-0008Nb-Ti == [email protected] R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host
2017-11-29 09:46:02 1eJvIT-0007lR-Ro == [email protected] R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host
2017-11-29 09:46:02 1eJnt3-0000jl-PL alt3.gmail-smtp-in.l.google.com [2404:6800:4008:c04::1a] Network is unreachable
2017-11-29 09:46:02 1eJnt3-0000jl-PL == [email protected] R=dnslookup T=remote_smtp defer (101): Network is unreachable
2017-11-29 09:46:02 1eJxrL-0001WS-Cl == [email protected] R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host
2017-11-29 09:46:02 1eJvCW-0007hz-4N == [email protected] R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host
2017-11-29 09:46:02 1eJnbd-0001cl-3Z == [email protected] R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host
2017-11-29 09:46:02 1eJvSE-0007ra-6e == [email protected] R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host
2017-11-29 09:46:02 1eJnbw-0001gI-Pd == [email protected] R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host
2017-11-29 09:46:02 1eJnEm-0000xf-EH == [email protected] R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host
2017-11-29 09:46:02 1eJnHz-0000y5-Vh == [email protected] R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host
2017-11-29 09:46:02 1eJwPp-00005d-DY == [email protected] R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host
2017-11-29 09:46:02 1eJplN-0002TO-F0 == [email protected] R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host
2017-11-29 09:46:02 End queue run: pid=6280
Code: Select all
2017-11-28 16:54:50 dovecot_login authenticator failed for (User) [91.200.12.140]: 535 Incorrect authentication data (set_id=arcserve)
2017-11-28 16:57:38 dovecot_login authenticator failed for (User) [91.200.12.140]: 535 Incorrect authentication data (set_id=micheal)
2017-11-28 17:00:28 dovecot_login authenticator failed for (User) [91.200.12.140]: 535 Incorrect authentication data (set_id=adam)
2017-11-28 17:03:19 dovecot_login authenticator failed for (User) [91.200.12.140]: 535 Incorrect authentication data (set_id=jorge)
2017-11-28 17:06:07 dovecot_login authenticator failed for (User) [91.200.12.140]: 535 Incorrect authentication data (set_id=camera)
2017-11-28 17:09:01 dovecot_login authenticator failed for (User) [91.200.12.140]: 535 Incorrect authentication data (set_id=green)
2017-11-28 17:11:58 dovecot_login authenticator failed for (User) [91.200.12.140]: 535 Incorrect authentication data (set_id=reeves)
2017-11-28 17:14:47 dovecot_login authenticator failed for (User) [91.200.12.140]: 535 Incorrect authentication data (set_id=workshop)
2017-11-28 17:17:37 dovecot_login authenticator failed for (User) [91.200.12.140]: 535 Incorrect authentication data (set_id=angel)
2017-11-28 17:20:26 dovecot_login authenticator failed for (User) [91.200.12.140]: 535 Incorrect authentication data (set_id=bkupexec)
2017-11-28 17:23:18 dovecot_login authenticator failed for (User) [91.200.12.140]: 535 Incorrect authentication data (set_id=pr)
2017-11-28 17:26:13 dovecot_login authenticator failed for (User) [91.200.12.140]: 535 Incorrect authentication data (set_id=antivirus)
2017-11-28 17:29:07 dovecot_login authenticator failed for (User) [91.200.12.140]: 535 Incorrect authentication data (set_id=reception)
2017-11-28 17:31:58 dovecot_login authenticator failed for (User) [91.200.12.140]: 535 Incorrect authentication data (set_id=smtp)
2017-11-28 17:34:52 dovecot_login authenticator failed for (User) [91.200.12.140]: 535 Incorrect authentication data (set_id=monica)
2017-11-28 17:37:39 dovecot_login authenticator failed for (User) [91.200.12.140]: 535 Incorrect authentication data (set_id=mailing)
2017-11-28 17:40:33 dovecot_login authenticator failed for (User) [91.200.12.140]: 535 Incorrect authentication data (set_id=jennifer)
2017-11-28 17:43:29 dovecot_login authenticator failed for (User) [91.200.12.140]: 535 Incorrect authentication data (set_id=scanuser)
2017-11-28 17:46:23 dovecot_login authenticator failed for (User) [91.200.12.140]: 535 Incorrect authentication data (set_id=abel)
2017-11-28 17:49:15 dovecot_login authenticator failed for (User) [91.200.12.140]: 535 Incorrect authentication data (set_id=nick)
2017-11-28 17:52:05 dovecot_login authenticator failed for (User) [91.200.12.140]: 535 Incorrect authentication data (set_id=administrator)
2017-11-28 17:54:57 dovecot_login authenticator failed for (User) [91.200.12.140]: 535 Incorrect authentication data (set_id=server)
2017-11-28 17:57:49 dovecot_login authenticator failed for (User) [91.200.12.140]: 535 Incorrect authentication data (set_id=informix)
2017-11-28 18:00:47 dovecot_login authenticator failed for (User) [91.200.12.140]: 535 Incorrect authentication data (set_id=recepcao)
2017-11-28 18:03:40 dovecot_login authenticator failed for (User) [91.200.12.140]: 535 Incorrect authentication data (set_id=promo)
2017-11-28 18:06:33 dovecot_login authenticator failed for (User) [91.200.12.140]: 535 Incorrect authentication data (set_id=yoursite)
2017-11-28 18:09:24 dovecot_login authenticator failed for (User) [91.200.12.140]: 535 Incorrect authentication data (set_id=registration)
2017-11-28 18:12:12 dovecot_login authenticator failed for (User) [91.200.12.140]: 535 Incorrect authentication data (set_id=test3)
2017-11-28 18:15:08 dovecot_login authenticator failed for (User) [91.200.12.140]: 535 Incorrect authentication data (set_id=james)
2017-11-28 18:18:02 dovecot_login authenticator failed for (User) [91.200.12.140]: 535 Incorrect authentication data (set_id=user1)
2017-11-28 18:20:59 dovecot_login authenticator failed for (User) [91.200.12.140]: 535 Incorrect authentication data (set_id=digital)
2017-11-28 18:23:50 dovecot_login authenticator failed for (User) [91.200.12.140]: 535 Incorrect authentication data (set_id=frank)
2017-11-28 18:26:44 dovecot_login authenticator failed for (User) [91.200.12.140]: 535 Incorrect authentication data (set_id=payroll)
2017-11-28 18:29:36 dovecot_login authenticator failed for (User) [91.200.12.140]: 535 Incorrect authentication data (set_id=simon)
2017-11-28 18:32:31 dovecot_login authenticator failed for (User) [91.200.12.140]: 535 Incorrect authentication data (set_id=peter)
2017-11-28 18:35:31 dovecot_login authenticator failed for (User) [91.200.12.140]: 535 Incorrect authentication data (set_id=document)
2017-11-28 18:38:27 dovecot_login authenticator failed for (User) [91.200.12.140]: 535 Incorrect authentication data (set_id=blog)
2017-11-28 18:41:17 dovecot_login authenticator failed for (User) [91.200.12.140]: 535 Incorrect authentication data (set_id=buchhaltung)
2017-11-28 18:42:11 H=localhost (www.camping-plein-soleil.be) [127.0.0.1] sender verify fail for <[email protected]>: Unrouteable address
2017-11-28 18:42:11 H=localhost (www.camping-plein-soleil.be) [127.0.0.1] F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2017-11-28 18:44:04 dovecot_login authenticator failed for (User) [91.200.12.140]: 535 Incorrect authentication data (set_id=archivo)
2017-11-28 18:46:54 dovecot_login authenticator failed for (User) [91.200.12.140]: 535 Incorrect authentication data (set_id=news)
2017-11-28 18:49:45 dovecot_login authenticator failed for (User) [91.200.12.140]: 535 Incorrect authentication data (set_id=lab)
2017-11-28 18:50:18 dovecot_login authenticator failed for dfmain.diasoft-platform.ru (ADMIN) [93.91.8.32]: 535 Incorrect authentication data ([email protected])
2017-11-28 18:52:44 dovecot_login authenticator failed for (User) [91.200.12.140]: 535 Incorrect authentication data (set_id=accounting)
2017-11-28 18:55:42 dovecot_login authenticator failed for (User) [91.200.12.140]: 535 Incorrect authentication data (set_id=impresora)
2017-11-28 18:58:31 dovecot_login authenticator failed for (User) [91.200.12.140]: 535 Incorrect authentication data (set_id=veritas)
2017-11-28 19:01:24 dovecot_login authenticator failed for (User) [91.200.12.140]: 535 Incorrect authentication data (set_id=dispatch)
2017-11-28 18:58:31 dovecot_login authenticator failed for (User) [91.200.12.140]: 535 Incorrect authentication data (set_id=veritas)
2017-11-28 19:01:24 dovecot_login authenticator failed for (User) [91.200.12.140]: 535 Incorrect authentication data (set_id=dispatch)
2017-11-28 19:04:20 dovecot_login authenticator failed for (User) [91.200.12.140]: 535 Incorrect authentication data (set_id=install)
2017-11-28 19:07:17 dovecot_login authenticator failed for (User) [91.200.12.140]: 535 Incorrect authentication data (set_id=canon)
2017-11-28 19:10:14 dovecot_login authenticator failed for (User) [91.200.12.140]: 535 Incorrect authentication data (set_id=ventas)
2017-11-28 19:56:20 dovecot_login authenticator failed for (User) [91.200.12.140]: 535 Incorrect authentication data (set_id=stores)
2017-11-28 19:59:09 dovecot_login authenticator failed for (User) [91.200.12.140]: 535 Incorrect authentication data (set_id=scott)
2017-11-28 23:45:05 SMTP call from localhost [127.0.0.1] dropped: too many unrecognized commands (last was "ssd")
2017-11-28 23:48:31 SMTP call from localhost [127.0.0.1] dropped: too many unrecognized commands (last was "")
Code: Select all
tcp 0 0 127.0.0.1:8081 0.0.0.0:* LISTEN 345/apache2
tcp 0 0 0.0.0.0:8083 0.0.0.0:* LISTEN 428/vesta-nginx
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 394/vsftpd
tcp 0 0 51.254.136.201:53 0.0.0.0:* LISTEN 376/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 376/named
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 375/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1311/exim4
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 376/named
tcp 0 0 51.254.136.201:443 0.0.0.0:* LISTEN 345/apache2
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 1/init
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 392/dovecot
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 858/mysqld
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 392/dovecot
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 1/init
tcp 0 0 51.254.136.201:80 0.0.0.0:* LISTEN 345/apache2
tcp6 0 0 :::22 :::* LISTEN 375/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1311/exim4
tcp6 0 0 ::1:953 :::* LISTEN 376/named
tcp6 0 0 :::993 :::* LISTEN 1/init
tcp6 0 0 :::995 :::* LISTEN 392/dovecot
tcp6 0 0 :::110 :::* LISTEN 392/dovecot
tcp6 0 0 :::143 :::* LISTEN 1/init
Code: Select all
1eJnYv-0001am-Cg-H
Sisadin 1002 1002
<[email protected]>
1511905025 0
-ident Sisadin
-received_protocol local
-body_linecount 2
-max_received_linelength 74
-auth_id Sisadin
-auth_sender [email protected]
-allow_unqualified_recipient
-allow_unqualified_sender
-local
XX
1
[email protected]
194P Received: from Sisadin by vps220312.ovh.net with local (Exim 4.84_2)
(envelope-from <[email protected]>)
id 1eJnYv-0001am-Cg
for [email protected]; Tue, 28 Nov 2017 22:37:05 +0100
025T To: [email protected]
057 Subject: WP Mail SMTP: Test mail to [email protected]
051 X-PHP-Originating-Script: 1002:class-phpmailer.php
038 Date: Tue, 28 Nov 2017 21:37:05 +0000
052F From: WordPress <[email protected]>
075I Message-ID: <[email protected]>
068 X-Mailer: PHPMailer 5.2.22 (https://github.com/PHPMailer/PHPMailer)
018 MIME-Version: 1.0
040 Content-Type: text/plain; charset=UTF-8
Re: Do not send or receive emails from Exim4
Пожалуйста не дублируйте темы в следующий раз.