Vesta Control Panel - Forum

Community Forum
https://forum.vestacp.com/

Сервер рассылает спам

https://forum.vestacp.com/viewtopic.php?f=31&t=7204

Page 2 of 3

Re: Сервер рассылает спам

Posted: Fri Nov 25, 2016 6:31 pm
by gurvinek
так я вроде сделал:
gurvinek wrote:mail.add_x_header = On, но лог не наполняется
отключил свои скрипты, которые отправляли почту, лог не наполняется, спам так же идет ((
права на файл лога 777
или это другое?

в заголовке отправляемого письма вот это:

Code: Select all

exim -Mvh 1cAEl8-0000F6-Jz
Result
1cAEl8-0000F6-Jz-H
Debian-exim 101 103

1480073618 0
-helo_name bakr-textil.ru
-host_address 127.0.0.1.57379
-host_name localhost.localdomain
-interface_address 127.0.0.1.25
-received_protocol esmtp
-body_linecount 25
-max_received_linelength 76
-deliver_firsttime
-frozen 1480073622
XX
1
[email protected]

232P Received: from localhost.localdomain ([127.0.0.1] helo=bakr-textil.ru)
	by hd37.ru with esmtp (Exim 4.80)
	(envelope-from )
	id 1cAEl8-0000F6-Jz
	for [email protected]; Fri, 25 Nov 2016 14:33:38 +0300
044  Date: Fri, 25 Nov 2016 11:33:38 +0000 (UTC)
026F From: [email protected]
032T To: [email protected]
061I Message-ID: <[email protected]>
013  Subject: Hi.
018  MIME-Version: 1.0
093  Content-Type: multipart/alternative; 
	boundary="----=_Part_4812678_439610887.1480073618349"

Re: Сервер рассылает спам

Posted: Fri Nov 25, 2016 9:53 pm
by xlandhost
добавтесь в скайп xlandteam
гляну откуда у вас спам идет

Re: Сервер рассылает спам

Posted: Mon Nov 28, 2016 6:02 pm
by gurvinek
Почти вычислил я спамера. Спам идет от имени одного из пользователей.
Включил логирование исходящего трафика на 25,587,465 порты

Code: Select all

iptables -I OUTPUT -p tcp --dport 25 -j LOG --log-prefix "mail-out-25:" --log-uid
iptables -I OUTPUT -p tcp --dport 587 -j LOG --log-prefix "mail-out-587:" --log-uid
iptables -I OUTPUT -p tcp --dport 465 -j LOG --log-prefix "mail-out-465:" --log-uid
в syslog теперь будет видно, от какого пользователя рассылается спам.
у меня в конце каждой строки - UID=1004 GID=1004
1004 - ID пользователя и группы
теперь дело за малым - найти зловреда в этой учетке.

Может кому это пригодиться, я несколько дней голову ломал. Даже уважаемый xlandhost помогал через teamviewer.

Re: Сервер рассылает спам

Posted: Sun Jan 01, 2017 7:06 pm
by mrsd
Подобная проблема. Создан единственный ящик для периодических массовых рассылок (около 500 писем раз в две недели) - [email protected]. С начала декабря стали приходить Mail delivery failed: returning message to sender с левых адресов.
Позавчера настроил exim на отправку копии всех входящих и исходящих писем на отдельный ящик [email protected] и с тех пор набежало 700 писем.
Сейчас заблокировал в VESTA этот единственный ящик, а письма продолжают поступать. В списке очереди ничего нет. Сделал ящик [email protected] пока через него ничего не идет. На сервере еще есть несколько сайтов на wordpress - mysite.com и другойсайт.рф (разные) - на mysite.com снизил права (440), могут ли через них как-то рассылать?
main.logShow
2017-01-01 03:48:06 no IP address found for host isb-cc.com (during SMTP connection from [201.161.16.51])
2017-01-01 03:48:11 dovecot_login authenticator failed for (192.168.0.31) [201.161.16.51]: 535 Incorrect authentication data (set_id=steven)
2017-01-01 03:49:10 H=localhost (mysite.com) [127.0.0.1] sender verify fail for <[email protected]>: Unrouteable address
2017-01-01 03:49:10 H=localhost (mysite.com) [127.0.0.1] X=TLSv1:DHE-RSA-AES256-SHA:256 F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2017-01-01 03:49:10 unexpected disconnection while reading SMTP command from localhost (mysite.com) [127.0.0.1] (error: Connection reset by peer)
2017-01-01 03:49:10 H=localhost (mysite.com) [127.0.0.1] sender verify fail for <[email protected]>: Unrouteable address
2017-01-01 03:49:10 H=localhost (mysite.com) [127.0.0.1] X=TLSv1:DHE-RSA-AES256-SHA:256 F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2017-01-01 03:49:10 unexpected disconnection while reading SMTP command from localhost (mysite.com) [127.0.0.1] (error: Connection reset by peer)
2017-01-01 03:49:42 no IP address found for host isb-cc.com (during SMTP connection from [201.161.16.51])
2017-01-01 03:49:47 dovecot_login authenticator failed for (192.168.0.10) [201.161.16.51]: 535 Incorrect authentication data (set_id=temp)
2017-01-01 03:50:02 WARNING: purging the environment.
Suggested action: use keep_environment and add_environment.

2017-01-01 03:52:05 H=localhost (mysite.com) [127.0.0.1] sender verify fail for <[email protected]>: Unrouteable address
2017-01-01 03:52:05 H=localhost (mysite.com) [127.0.0.1] X=TLSv1:DHE-RSA-AES256-SHA:256 F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2017-01-01 03:52:05 unexpected disconnection while reading SMTP command from localhost (mysite.com) [127.0.0.1] (error: Connection reset by peer)
2017-01-01 03:52:05 H=localhost (mysite.com) [127.0.0.1] sender verify fail for <[email protected]>: Unrouteable address
2017-01-01 03:52:05 H=localhost (mysite.com) [127.0.0.1] X=TLSv1:DHE-RSA-AES256-SHA:256 F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2017-01-01 03:52:05 unexpected disconnection while reading SMTP command from localhost (mysite.com) [127.0.0.1] (error: Connection reset by peer)
2017-01-01 03:52:06 H=localhost (mysite.com) [127.0.0.1] sender verify fail for <[email protected]>: Unrouteable address
2017-01-01 03:52:06 H=localhost (mysite.com) [127.0.0.1] X=TLSv1:DHE-RSA-AES256-SHA:256 F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2017-01-01 03:52:06 unexpected disconnection while reading SMTP command from localhost (mysite.com) [127.0.0.1] (error: Connection reset by peer)
2017-01-01 03:52:06 H=localhost (mysite.com) [127.0.0.1] sender verify fail for <[email protected]>: Unrouteable address
2017-01-01 03:52:06 H=localhost (mysite.com) [127.0.0.1] X=TLSv1:DHE-RSA-AES256-SHA:256 F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2017-01-01 03:52:06 unexpected disconnection while reading SMTP command from localhost (mysite.com) [127.0.0.1] (error: Connection reset by peer)
2017-01-01 03:53:09 no IP address found for host isb-cc.com (during SMTP connection from [201.161.16.51])
2017-01-01 03:53:14 dovecot_login authenticator failed for (192.168.0.135) [201.161.16.51]: 535 Incorrect authentication data (set_id=test)
2017-01-01 03:53:53 no host name found for IP address 121.78.122.172
2017-01-01 03:53:54 no IP address found for host isb-cc.com (during SMTP connection from [201.161.16.51])
2017-01-01 03:53:58 dovecot_login authenticator failed for (192.168.0.50) [121.78.122.172]: 535 Incorrect authentication data (set_id=testing)
2017-01-01 03:53:59 dovecot_login authenticator failed for (192.168.0.142) [201.161.16.51]: 535 Incorrect authentication data (set_id=admin)
2017-01-01 03:54:09 no host name found for IP address 121.78.122.172
2017-01-01 03:54:15 dovecot_login authenticator failed for (192.168.0.141) [121.78.122.172]: 535 Incorrect authentication data (set_id=backup)
2017-01-01 03:54:36 no host name found for IP address 121.78.122.172
2017-01-01 03:54:41 dovecot_login authenticator failed for (192.168.0.247) [121.78.122.172]: 535 Incorrect authentication data (set_id=mail)
2017-01-01 03:54:52 no host name found for IP address 121.78.122.172
2017-01-01 03:55:01 dovecot_login authenticator failed for (192.168.0.76) [121.78.122.172]: 535 Incorrect authentication data (set_id=admin)
2017-01-01 03:55:02 WARNING: purging the environment.
Suggested action: use keep_environment and add_environment.

2017-01-01 03:55:02 no host name found for IP address 121.78.122.172
2017-01-01 03:55:14 dovecot_login authenticator failed for (192.168.0.210) [121.78.122.172]: 535 Incorrect authentication data
2017-01-01 03:55:59 H=localhost (mysite.com) [127.0.0.1] sender verify fail for <[email protected]>: Unrouteable address
2017-01-01 03:55:59 H=localhost (mysite.com) [127.0.0.1] X=TLSv1:DHE-RSA-AES256-SHA:256 F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2017-01-01 03:55:59 unexpected disconnection while reading SMTP command from localhost (mysite.com) [127.0.0.1] (error: Connection reset by peer)
2017-01-01 03:55:59 H=localhost (mysite.com) [127.0.0.1] sender verify fail for <[email protected]>: Unrouteable address
2017-01-01 03:55:59 H=localhost (mysite.com) [127.0.0.1] X=TLSv1:DHE-RSA-AES256-SHA:256 F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2017-01-01 03:55:59 unexpected disconnection while reading SMTP command from localhost (mysite.com) [127.0.0.1] (error: Connection reset by peer)
2017-01-01 03:59:34 H=localhost (mysite.com) [127.0.0.1] sender verify fail for <[email protected]>: Unrouteable address
2017-01-01 03:59:34 H=localhost (mysite.com) [127.0.0.1] X=TLSv1:DHE-RSA-AES256-SHA:256 F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2017-01-01 03:59:34 unexpected disconnection while reading SMTP command from localhost (mysite.com) [127.0.0.1] (error: Connection reset by peer)
2017-01-01 03:59:34 H=localhost (mysite.com) [127.0.0.1] sender verify fail for <[email protected]>: Unrouteable address
2017-01-01 03:59:34 H=localhost (mysite.com) [127.0.0.1] X=TLSv1:DHE-RSA-AES256-SHA:256 F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2017-01-01 03:59:34 unexpected disconnection while reading SMTP command from localhost (mysite.com) [127.0.0.1] (error: Connection reset by peer)
2017-01-01 03:59:38 H=localhost (mysite.com) [127.0.0.1] sender verify fail for <[email protected]>: Unrouteable address
2017-01-01 03:59:38 H=localhost (mysite.com) [127.0.0.1] X=TLSv1:DHE-RSA-AES256-SHA:256 F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2017-01-01 03:59:38 unexpected disconnection while reading SMTP command from localhost (mysite.com) [127.0.0.1] (error: Connection reset by peer)
2017-01-01 03:59:38 H=localhost (mysite.com) [127.0.0.1] sender verify fail for <[email protected]>: Unrouteable address
2017-01-01 03:59:38 H=localhost (mysite.com) [127.0.0.1] X=TLSv1:DHE-RSA-AES256-SHA:256 F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2017-01-01 03:59:38 unexpected disconnection while reading SMTP command from localhost (mysite.com) [127.0.0.1] (error: Connection reset by peer)
2017-01-01 04:00:02 WARNING: purging the environment.
Suggested action: use keep_environment and add_environment.

2017-01-01 04:02:54 H=localhost (mysite.com) [127.0.0.1] sender verify fail for <[email protected]>: Unrouteable address
2017-01-01 04:02:54 H=localhost (mysite.com) [127.0.0.1] X=TLSv1:DHE-RSA-AES256-SHA:256 F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2017-01-01 04:02:54 unexpected disconnection while reading SMTP command from localhost (mysite.com) [127.0.0.1] (error: Connection reset by peer)
2017-01-01 04:02:54 H=localhost (mysite.com) [127.0.0.1] sender verify fail for <[email protected]>: Unrouteable address
2017-01-01 04:02:54 H=localhost (mysite.com) [127.0.0.1] X=TLSv1:DHE-RSA-AES256-SHA:256 F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2017-01-01 04:02:54 unexpected disconnection while reading SMTP command from localhost (mysite.com) [127.0.0.1] (error: Connection reset by peer)
2017-01-01 04:04:33 no IP address found for host isb-cc.com (during SMTP connection from [201.161.16.51])
2017-01-01 04:04:38 dovecot_login authenticator failed for (192.168.0.130) [201.161.16.51]: 535 Incorrect authentication data (set_id=service)
2017-01-01 04:05:02 WARNING: purging the environment.
Suggested action: use keep_environment and add_environment.

2017-01-01 04:06:11 WARNING: purging the environment.
Suggested action: use keep_environment and add_environment.

2017-01-01 04:06:11 Start queue run: pid=14380
2017-01-01 04:06:11 1cNSxJ-0002Rr-V8 == [email protected] routing defer (-51): retry time not reached
2017-01-01 04:06:11 1cNR42-0000Ft-IK == [email protected] routing defer (-51): retry time not reached
2017-01-01 04:06:11 End queue run: pid=14380
2017-01-01 04:07:08 H=localhost (mysite.com) [127.0.0.1] sender verify fail for <[email protected]>: Unrouteable address
2017-01-01 04:07:08 SSL_write: (from localhost (mysite.com) [127.0.0.1]) syscall: Connection reset by peer
2017-01-01 04:07:08 SSL_write error 5
2017-01-01 04:07:08 H=localhost (mysite.com) [127.0.0.1] X=TLSv1:DHE-RSA-AES256-SHA:256 F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2017-01-01 04:07:08 unexpected disconnection while reading SMTP command from localhost (mysite.com) [127.0.0.1]
2017-01-01 04:07:09 1cNc6e-0003k1-H7 <= [email protected] H=localhost (mysite.com) [127.0.0.1] P=esmtps X=TLSv1:DHE-RSA-AES256-SHA:256 S=1315 id=[email protected]
2017-01-01 04:07:09 WARNING: purging the environment.
Suggested action: use keep_environment and add_environment.

2017-01-01 04:07:10 H=localhost (mysite.com) [127.0.0.1] sender verify fail for <[email protected]>: Unrouteable address
2017-01-01 04:07:10 H=localhost (mysite.com) [127.0.0.1] X=TLSv1:DHE-RSA-AES256-SHA:256 F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2017-01-01 04:07:10 unexpected disconnection while reading SMTP command from localhost (mysite.com) [127.0.0.1] (error: Connection reset by peer)
2017-01-01 04:07:10 H=localhost (mysite.com) [127.0.0.1] sender verify fail for <[email protected]>: Unrouteable address
2017-01-01 04:07:10 H=localhost (mysite.com) [127.0.0.1] X=TLSv1:DHE-RSA-AES256-SHA:256 F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2017-01-01 04:07:10 unexpected disconnection while reading SMTP command from localhost (mysite.com) [127.0.0.1] (error: Connection reset by peer)
2017-01-01 04:07:10 1cNc6f-0003k3-7C <= [email protected] H=localhost (mysite.com) [127.0.0.1] P=esmtps X=TLSv1:DHE-RSA-AES256-SHA:256 S=1305 id=[email protected]
2017-01-01 04:07:10 WARNING: purging the environment.
Suggested action: use keep_environment and add_environment.

2017-01-01 04:07:10 1cNc6e-0003k1-H7 => [email protected] <[email protected]> R=dnslookup T=remote_smtp H=mxs.mail.ru [217.69.139.150] X=TLSv1.2:AES256-GCM-SHA384:256 C="250 OK id=1cNc6f-00055Y-I3"
2017-01-01 04:07:10 H=localhost (mysite.com) [127.0.0.1] sender verify fail for <[email protected]>: Unrouteable address
2017-01-01 04:07:10 H=localhost (mysite.com) [127.0.0.1] X=TLSv1:DHE-RSA-AES256-SHA:256 F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2017-01-01 04:07:10 unexpected disconnection while reading SMTP command from localhost (mysite.com) [127.0.0.1] (error: Connection reset by peer)
2017-01-01 04:07:11 1cNc6f-0003k3-7C => [email protected] R=dnslookup T=remote_smtp H=gmail-smtp-in.l.google.com [64.233.164.26] X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 C="250 2.0.0 OK 1483261631 p192si21143111lfe.195 - gsmtp"
2017-01-01 04:07:11 1cNc6e-0003k1-H7 ** [email protected] R=dnslookup T=remote_smtp X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128: SMTP error from remote mail server after end of data: host mta6.am0.yahoodns.net [66.196.118.240]: 554 delivery error: dd This user doesn't have a yahoo.com account ([email protected]) [0] - mta1585.mail.bf1.yahoo.com
2017-01-01 04:07:11 WARNING: purging the environment.
Suggested action: use keep_environment and add_environment.

2017-01-01 04:07:12 1cNc6h-0003kE-FN <= <> R=1cNc6e-0003k1-H7 U=exim P=local S=2318
2017-01-01 04:07:12 WARNING: purging the environment.
Suggested action: use keep_environment and add_environment.

2017-01-01 04:07:12 1cNc6e-0003k1-H7 Completed
2017-01-01 04:07:13 1cNc6h-0003kE-FN => info <[email protected]> R=localuser T=local_delivery
2017-01-01 04:07:14 1cNc6f-0003k3-7C => [email protected] <[email protected]> R=dnslookup T=remote_smtp H=mxs.mail.ru [217.69.139.150] X=TLSv1.2:AES256-GCM-SHA384:256 C="250 OK id=1cNc6i-00085N-9q"
2017-01-01 04:07:14 1cNc6f-0003k3-7C Completed
2017-01-01 04:07:14 1cNc6h-0003kE-FN => [email protected] <[email protected]> R=dnslookup T=remote_smtp H=mxs.mail.ru [94.100.180.150] X=TLSv1.2:AES256-GCM-SHA384:256 C="250 OK id=1cNc6j-0002K6-Fz"
2017-01-01 04:07:14 1cNc6h-0003kE-FN Completed
2017-01-01 04:09:42 H=localhost (mysite.com) [127.0.0.1] sender verify fail for <[email protected]>: Unrouteable address
2017-01-01 04:09:42 H=localhost (mysite.com) [127.0.0.1] X=TLSv1:DHE-RSA-AES256-SHA:256 F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2017-01-01 04:09:42 unexpected disconnection while reading SMTP command from localhost (mysite.com) [127.0.0.1] (error: Connection reset by peer)
2017-01-01 04:09:42 1cNc98-0003kU-36 <= [email protected] H=localhost (mysite.com) [127.0.0.1] P=esmtps X=TLSv1:DHE-RSA-AES256-SHA:256 S=1301 id=[email protected]
2017-01-01 04:09:42 WARNING: purging the environment.
Suggested action: use keep_environment and add_environment.

2017-01-01 04:09:42 1cNc98-0003kW-6N <= [email protected] H=localhost (mysite.com) [127.0.0.1] P=esmtps X=TLSv1:DHE-RSA-AES256-SHA:256 S=1299 id=[email protected]
2017-01-01 04:09:42 WARNING: purging the environment.
Suggested action: use keep_environment and add_environment.

2017-01-01 04:09:42 1cNc98-0003kb-9r <= [email protected] H=localhost (mysite.com) [127.0.0.1] P=esmtps X=TLSv1:DHE-RSA-AES256-SHA:256 S=1299 id=[email protected]
2017-01-01 04:09:42 WARNING: purging the environment.
Suggested action: use keep_environment and add_environment.

2017-01-01 04:09:42 H=localhost (mysite.com) [127.0.0.1] sender verify fail for <[email protected]>: Unrouteable address
2017-01-01 04:09:42 H=localhost (mysite.com) [127.0.0.1] X=TLSv1:DHE-RSA-AES256-SHA:256 F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2017-01-01 04:09:42 unexpected disconnection while reading SMTP command from localhost (mysite.com) [127.0.0.1] (error: Connection reset by peer)
2017-01-01 04:09:42 1cNc98-0003kU-36 => [email protected] <[email protected]> R=dnslookup T=remote_smtp H=mxs.mail.ru [94.100.180.150] X=TLSv1.2:AES256-GCM-SHA384:256 C="250 OK id=1cNc98-0003WV-7y"
2017-01-01 04:09:42 1cNc98-0003kW-6N => [email protected] <[email protected]> R=dnslookup T=remote_smtp H=mxs.mail.ru [94.100.180.150] X=TLSv1.2:AES256-GCM-SHA384:256 C="250 OK id=1cNc98-00063S-B7"
2017-01-01 04:09:43 1cNc98-0003kb-9r => [email protected] <[email protected]> R=dnslookup T=remote_smtp H=mxs.mail.ru [217.69.139.150] X=TLSv1.2:AES256-GCM-SHA384:256 C="250 OK id=1cNc98-0003f4-Sl"
2017-01-01 04:09:44 1cNc98-0003kb-9r => [email protected] R=dnslookup T=remote_smtp H=mx4.hotmail.com [65.55.37.72] X=TLSv1.2:ECDHE-RSA-AES256-SHA384:256 C="250 <[email protected]> Queued mail for delivery"
2017-01-01 04:09:44 1cNc98-0003kb-9r Completed
2017-01-01 04:09:45 1cNc98-0003kU-36 => [email protected] R=dnslookup T=remote_smtp H=mta5.am0.yahoodns.net [98.136.217.203] X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 C="250 ok dirdel"
2017-01-01 04:09:45 1cNc98-0003kU-36 Completed
2017-01-01 04:10:02 WARNING: purging the environment.
Suggested action: use keep_environment and add_environment.

2017-01-01 04:10:45 1cNc98-0003kW-6N gmail-smtp-in.l.google.com [2a00:1450:4010:c02::1a] Connection timed out
2017-01-01 04:10:45 1cNc98-0003kW-6N => [email protected] R=dnslookup T=remote_smtp H=gmail-smtp-in.l.google.com [74.125.205.27] X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 C="250 2.0.0 OK 1483261845 u194si36431466lja.93 - gsmtp"
2017-01-01 04:10:45 1cNc98-0003kW-6N Completed
2017-01-01 04:11:51 no IP address found for host isb-cc.com (during SMTP connection from [201.161.16.51])
2017-01-01 04:11:56 dovecot_login authenticator failed for (192.168.0.176) [201.161.16.51]: 535 Incorrect authentication data (set_id=tester)
2017-01-01 04:13:27 no IP address found for host isb-cc.com (during SMTP connection from [201.161.16.51])
2017-01-01 04:13:32 dovecot_login authenticator failed for (192.168.0.7) [201.161.16.51]: 535 Incorrect authentication data (set_id=tomcat)
2017-01-01 04:14:36 H=localhost (mysite.com) [127.0.0.1] sender verify fail for <[email protected]>: Unrouteable address
2017-01-01 04:14:36 H=localhost (mysite.com) [127.0.0.1] X=TLSv1:DHE-RSA-AES256-SHA:256 F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2017-01-01 04:14:36 unexpected disconnection while reading SMTP command from localhost (mysite.com) [127.0.0.1] (error: Connection reset by peer)
2017-01-01 04:14:36 1cNcDs-0003pd-6u <= [email protected] H=localhost (mysite.com) [127.0.0.1] P=esmtps X=TLSv1:DHE-RSA-AES256-SHA:256 S=1275 id=[email protected]
2017-01-01 04:14:36 WARNING: purging the environment.
Suggested action: use keep_environment and add_environment.

2017-01-01 04:14:36 H=localhost (mysite.com) [127.0.0.1] sender verify fail for <[email protected]>: Unrouteable address
2017-01-01 04:14:36 H=localhost (mysite.com) [127.0.0.1] X=TLSv1:DHE-RSA-AES256-SHA:256 F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2017-01-01 04:14:36 unexpected disconnection while reading SMTP command from localhost (mysite.com) [127.0.0.1] (error: Connection reset by peer)
2017-01-01 04:14:37 1cNcDs-0003pd-6u => [email protected] <[email protected]> R=dnslookup T=remote_smtp H=mxs.mail.ru [217.69.139.150] X=TLSv1.2:AES256-GCM-SHA384:256 C="250 OK id=1cNcDs-0001Lo-Ca"
2017-01-01 04:14:39 H=localhost (mysite.com) [127.0.0.1] sender verify fail for <[email protected]>: Unrouteable address
2017-01-01 04:14:39 H=localhost (mysite.com) [127.0.0.1] X=TLSv1:DHE-RSA-AES256-SHA:256 F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2017-01-01 04:14:39 unexpected disconnection while reading SMTP command from localhost (mysite.com) [127.0.0.1] (error: Connection reset by peer)
2017-01-01 04:14:39 H=localhost (mysite.com) [127.0.0.1] sender verify fail for <[email protected]>: Unrouteable address
2017-01-01 04:14:39 H=localhost (mysite.com) [127.0.0.1] X=TLSv1:DHE-RSA-AES256-SHA:256 F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2017-01-01 04:14:39 unexpected disconnection while reading SMTP command from localhost (mysite.com) [127.0.0.1] (error: Connection reset by peer)
2017-01-01 04:15:02 WARNING: purging the environment.
Suggested action: use keep_environment and add_environment.

2017-01-01 04:15:39 1cNcDs-0003pd-6u gmail-smtp-in.l.google.com [2a00:1450:4010:c08::1a] Connection timed out
2017-01-01 04:15:39 1cNcDs-0003pd-6u => [email protected] R=dnslookup T=remote_smtp H=gmail-smtp-in.l.google.com [108.177.14.27] X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 C="250 2.0.0 OK 1483262139 s135si36433207lfe.303 - gsmtp"
2017-01-01 04:15:39 1cNcDs-0003pd-6u Completed
2017-01-01 04:16:34 H=localhost (mysite.com) [127.0.0.1] sender verify fail for <[email protected]>: Unrouteable address
2017-01-01 04:16:34 H=localhost (mysite.com) [127.0.0.1] X=TLSv1:DHE-RSA-AES256-SHA:256 F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2017-01-01 04:16:34 unexpected disconnection while reading SMTP command from localhost (mysite.com) [127.0.0.1] (error: Connection reset by peer)
2017-01-01 04:16:34 H=localhost (mysite.com) [127.0.0.1] sender verify fail for <[email protected]>: Unrouteable address
2017-01-01 04:16:34 H=localhost (mysite.com) [127.0.0.1] X=TLSv1:DHE-RSA-AES256-SHA:256 F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2017-01-01 04:16:34 unexpected disconnection while reading SMTP command from localhost (mysite.com) [127.0.0.1] (error: Connection reset by peer)
2017-01-01 04:18:24 no IP address found for host isb-cc.com (during SMTP connection from [201.161.16.51])
2017-01-01 04:18:29 dovecot_login authenticator failed for (192.168.0.13) [201.161.16.51]: 535 Incorrect authentication data (set_id=mail)
2017-01-01 04:18:50 no IP address found for host isb-cc.com (during SMTP connection from [201.161.16.51])
2017-01-01 04:18:55 dovecot_login authenticator failed for (192.168.0.160) [201.161.16.51]: 535 Incorrect authentication data (set_id=info)
2017-01-01 04:20:02 WARNING: purging the environment.
Suggested action: use keep_environment and add_environment.

2017-01-01 04:20:36 no IP address found for host isb-cc.com (during SMTP connection from [201.161.16.51])
2017-01-01 04:20:41 dovecot_login authenticator failed for (192.168.0.73) [201.161.16.51]: 535 Incorrect authentication data (set_id=service)
2017-01-01 04:21:01 no IP address found for host isb-cc.com (during SMTP connection from [201.161.16.51])
2017-01-01 04:21:06 dovecot_login authenticator failed for (192.168.0.175) [201.161.16.51]: 535 Incorrect authentication data (set_id=backup)
2017-01-01 04:22:07 H=localhost (mysite.com) [127.0.0.1] sender verify fail for <[email protected]>: Unrouteable address
2017-01-01 04:22:07 H=localhost (mysite.com) [127.0.0.1] X=TLSv1:DHE-RSA-AES256-SHA:256 F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2017-01-01 04:22:07 unexpected disconnection while reading SMTP command from localhost (mysite.com) [127.0.0.1] (error: Connection reset by peer)
2017-01-01 04:22:07 H=localhost (mysite.com) [127.0.0.1] sender verify fail for <[email protected]>: Unrouteable address
2017-01-01 04:22:07 H=localhost (mysite.com) [127.0.0.1] X=TLSv1:DHE-RSA-AES256-SHA:256 F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2017-01-01 04:22:07 unexpected disconnection while reading SMTP command from localhost (mysite.com) [127.0.0.1] (error: Connection reset by peer)
2017-01-01 04:22:08 H=localhost (mysite.com) [127.0.0.1] sender verify fail for <[email protected]>: Unrouteable address
2017-01-01 04:22:08 SSL_write: (from localhost (mysite.com) [127.0.0.1]) syscall: Connection reset by peer
2017-01-01 04:22:08 SSL_write error 5
2017-01-01 04:22:08 H=localhost (mysite.com) [127.0.0.1] X=TLSv1:DHE-RSA-AES256-SHA:256 F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2017-01-01 04:22:08 unexpected disconnection while reading SMTP command from localhost (mysite.com) [127.0.0.1]
2017-01-01 04:22:09 H=localhost (mysite.com) [127.0.0.1] sender verify fail for <[email protected]>: Unrouteable address
2017-01-01 04:22:09 H=localhost (mysite.com) [127.0.0.1] X=TLSv1:DHE-RSA-AES256-SHA:256 F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2017-01-01 04:22:09 unexpected disconnection while reading SMTP command from localhost (mysite.com) [127.0.0.1] (error: Connection reset by peer)
2017-01-01 04:23:20 H=localhost (mysite.com) [127.0.0.1] sender verify fail for <[email protected]>: Unrouteable address
2017-01-01 04:23:20 H=localhost (mysite.com) [127.0.0.1] X=TLSv1:DHE-RSA-AES256-SHA:256 F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2017-01-01 04:23:20 unexpected disconnection while reading SMTP command from localhost (mysite.com) [127.0.0.1] (error: Connection reset by peer)
2017-01-01 04:23:20 H=localhost (mysite.com) [127.0.0.1] sender verify fail for <[email protected]>: Unrouteable address
2017-01-01 04:23:20 H=localhost (mysite.com) [127.0.0.1] X=TLSv1:DHE-RSA-AES256-SHA:256 F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2017-01-01 04:23:20 unexpected disconnection while reading SMTP command from localhost (mysite.com) [127.0.0.1] (error: Connection reset by peer)
2017-01-01 04:25:02 WARNING: purging the environment.
Suggested action: use keep_environment and add_environment.

2017-01-01 04:26:18 no IP address found for host isb-cc.com (during SMTP connection from [201.161.16.51])
2017-01-01 04:26:23 dovecot_login authenticator failed for (192.168.0.159) [201.161.16.51]: 535 Incorrect authentication data (set_id=mail)
2017-01-01 04:29:37 H=localhost (mysite.com) [127.0.0.1] sender verify fail for <[email protected]>: Unrouteable address
2017-01-01 04:29:37 H=localhost (mysite.com) [127.0.0.1] X=TLSv1:DHE-RSA-AES256-SHA:256 F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2017-01-01 04:29:37 unexpected disconnection while reading SMTP command from localhost (mysite.com) [127.0.0.1] (error: Connection reset by peer)
2017-01-01 04:29:37 H=localhost (mysite.com) [127.0.0.1] sender verify fail for <[email protected]>: Unrouteable address
2017-01-01 04:29:37 H=localhost (mysite.com) [127.0.0.1] X=TLSv1:DHE-RSA-AES256-SHA:256 F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2017-01-01 04:29:37 unexpected disconnection while reading SMTP command from localhost (mysite.com) [127.0.0.1] (error: Connection reset by peer)
2017-01-01 04:29:41 H=localhost (mysite.com) [127.0.0.1] sender verify fail for <[email protected]>: Unrouteable address
2017-01-01 04:29:41 H=localhost (mysite.com) [127.0.0.1] X=TLSv1:DHE-RSA-AES256-SHA:256 F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2017-01-01 04:29:41 unexpected disconnection while reading SMTP command from localhost (mysite.com) [127.0.0.1] (error: Connection reset by peer)
2017-01-01 04:29:41 H=localhost (mysite.com) [127.0.0.1] sender verify fail for <[email protected]>: Unrouteable address
2017-01-01 04:29:41 H=localhost (mysite.com) [127.0.0.1] X=TLSv1:DHE-RSA-AES256-SHA:256 F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2017-01-01 04:29:41 unexpected disconnection while reading SMTP command from localhost (mysite.com) [127.0.0.1] (error: Connection reset by peer)
2017-01-01 04:30:02 WARNING: purging the environment.
Suggested action: use keep_environment and add_environment.

2017-01-01 04:30:09 H=localhost (mysite.com) [127.0.0.1] sender verify fail for <[email protected]>: Unrouteable address
2017-01-01 04:30:09 H=localhost (mysite.com) [127.0.0.1] X=TLSv1:DHE-RSA-AES256-SHA:256 F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2017-01-01 04:30:09 unexpected disconnection while reading SMTP command from localhost (mysite.com) [127.0.0.1] (error: Connection reset by peer)
2017-01-01 04:30:09 H=localhost (mysite.com) [127.0.0.1] sender verify fail for <[email protected]>: Unrouteable address
2017-01-01 04:30:09 H=localhost (mysite.com) [127.0.0.1] X=TLSv1:DHE-RSA-AES256-SHA:256 F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2017-01-01 04:30:09 unexpected disconnection while reading SMTP command from localhost (mysite.com) [127.0.0.1] (error: Connection reset by peer)
2017-01-01 04:35:02 WARNING: purging the environment.
Suggested action: use keep_environment and add_environment.

2017-01-01 04:36:57 H=localhost (mysite.com) [127.0.0.1] sender verify fail for <[email protected]>: Unrouteable address
2017-01-01 04:36:57 H=localhost (mysite.com) [127.0.0.1] X=TLSv1:DHE-RSA-AES256-SHA:256 F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2017-01-01 04:36:57 unexpected disconnection while reading SMTP command from localhost (mysite.com) [127.0.0.1] (error: Connection reset by peer)
2017-01-01 04:36:57 1cNcZV-0004Ee-UA <= [email protected] H=localhost (mysite.com) [127.0.0.1] P=esmtps X=TLSv1:DHE-RSA-AES256-SHA:256 S=1298 id=[email protected]
2017-01-01 04:36:57 WARNING: purging the environment.
Suggested action: use keep_environment and add_environment.

2017-01-01 04:36:58 1cNcZW-0004Eg-0u <= [email protected] H=localhost (mysite.com) [127.0.0.1] P=esmtps X=TLSv1:DHE-RSA-AES256-SHA:256 S=1292 id=[email protected]
2017-01-01 04:36:58 WARNING: purging the environment.
Suggested action: use keep_environment and add_environment.

2017-01-01 04:36:58 H=localhost (mysite.com) [127.0.0.1] sender verify fail for <[email protected]>: Unrouteable address
2017-01-01 04:36:58 H=localhost (mysite.com) [127.0.0.1] X=TLSv1:DHE-RSA-AES256-SHA:256 F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2017-01-01 04:36:58 unexpected disconnection while reading SMTP command from localhost (mysite.com) [127.0.0.1] (error: Connection reset by peer)
2017-01-01 04:36:58 1cNcZW-0004Eg-0u => [email protected] <[email protected]> R=dnslookup T=remote_smtp H=mxs.mail.ru [94.100.180.150] X=TLSv1.2:AES256-GCM-SHA384:256 C="250 OK id=1cNcZW-0003ha-5l"
2017-01-01 04:36:58 1cNcZV-0004Ee-UA => [email protected] <[email protected]> R=dnslookup T=remote_smtp H=mxs.mail.ru [217.69.139.150] X=TLSv1.2:AES256-GCM-SHA384:256 C="250 OK id=1cNcZW-0003tg-2K"
2017-01-01 04:36:58 1cNcZW-0004Eg-0u => [email protected] R=dnslookup T=remote_smtp H=gmail-smtp-in.l.google.com [74.125.205.26] X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 C="250 2.0.0 OK 1483263418 a3si18233277lfd.275 - gsmtp"
2017-01-01 04:36:58 1cNcZW-0004Eg-0u Completed
2017-01-01 04:37:00 1cNcZV-0004Ee-UA => [email protected] R=dnslookup T=remote_smtp H=dnvrco-pub-iedge-vip.email.rr.com [107.14.73.70] X=TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256 C="250 2.0.0 OK 14/86-09794-CBDC8685"
2017-01-01 04:37:00 1cNcZV-0004Ee-UA Completed
2017-01-01 04:37:11 H=localhost (mysite.com) [127.0.0.1] sender verify fail for <[email protected]>: Unrouteable address
2017-01-01 04:37:11 H=localhost (mysite.com) [127.0.0.1] X=TLSv1:DHE-RSA-AES256-SHA:256 F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2017-01-01 04:37:11 unexpected disconnection while reading SMTP command from localhost (mysite.com) [127.0.0.1] (error: Connection reset by peer)
2017-01-01 04:37:11 H=localhost (mysite.com) [127.0.0.1] sender verify fail for <[email protected]>: Unrouteable address
2017-01-01 04:37:11 H=localhost (mysite.com) [127.0.0.1] X=TLSv1:DHE-RSA-AES256-SHA:256 F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2017-01-01 04:37:11 unexpected disconnection while reading SMTP command from localhost (mysite.com) [127.0.0.1] (error: Connection reset by peer)
2017-01-01 04:37:12 H=localhost (mysite.com) [127.0.0.1] sender verify fail for <[email protected]>: Unrouteable address
2017-01-01 04:37:12 H=localhost (mysite.com) [127.0.0.1] X=TLSv1:DHE-RSA-AES256-SHA:256 F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2017-01-01 04:37:12 unexpected disconnection while reading SMTP command from localhost (mysite.com) [127.0.0.1] (error: Connection reset by peer)
2017-01-01 04:37:13 1cNcZk-0004Et-Uc <= [email protected] H=localhost (mysite.com) [127.0.0.1] P=esmtps X=TLSv1:DHE-RSA-AES256-SHA:256 S=1423 id=[email protected]
2017-01-01 04:37:13 WARNING: purging the environment.
Suggested action: use keep_environment and add_environment.

Re: Сервер рассылает спам

Posted: Fri Jan 13, 2017 4:40 am
by evildrum
Небольшой оффтоп:
тоже проблемы со спамом, также поставил логирование исходящих портов, чтоб вычислить откуда все это добро идет.
вопрос вот в чем-имеем 300+ сообщений, которые засоряют очередь.
sudo exipick -zi | xargs exim -Mrm
sudo exipick -i | xargs exim -Mrm
выдает что нет прав (PErmission denied)
rm -rf /var/spool/exim4/input/*
как самый крайний вариант, но он тоже не работает (ничего не изменилось)
вопрос знатокам, где копать права чтоб подчистить очередь? учетка одна

Re: Сервер рассылает спам

Posted: Thu Jan 19, 2017 8:56 am
by evildrum
Разобрался. У кого нибудь есть образец конфига php.ini?
Раскоментил строку, прописал путь до /var/log/smam.txt, дал права 777 но чет ничего не пишется. Может в php не туда всунул, проверю.
/etc/php5/apache2/php.ini

p.s. выше были примеры на спам с их удаленных адресов. а если от меня рассылаются письма не с моего домена? (info@левый_домен.com) и X-PHP-Originating-Script в теле письма нет, логи smtp портов показывают только id сервера, обычный скан на вирусы ничего не дает. где еще копать чтоб найти следы?
syslog Jan 16 06:40:35 mail kernel: [6164522.077718] mail-out-25:IN= OUT=eth0 [наш ip] DST=203.189.105.138 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=14364 DF PROTO=TCP SPT=37558 DPT=25 WINDOW=29200 RES=0x00 SYN URGP=0 UID=114 GID=121
тут от нас идет письмо на японский ip. значит спам рассылкается с чьего то компа или напрямую с нашего сервера?

Re: Сервер рассылает спам

Posted: Thu Jan 19, 2017 6:48 pm
by Mr.Erbutw
evildrum wrote:Разобрался. У кого нибудь есть образец конфига php.ini?
Вот http://rgho.st/6SZhG7hH7

Re: Сервер рассылает спам

Posted: Sat Jan 21, 2017 5:26 am
by evildrum
в общем вся проблема с дырами в портах. если спам отправляется с вашего сервера но с чужого домена-перекрываем порты и проблема исчезает

Re: Сервер рассылает спам

Posted: Tue Jan 31, 2017 3:46 pm
by one
evildrum wrote:в общем вся проблема с дырами в портах. если спам отправляется с вашего сервера но с чужого домена-перекрываем порты и проблема исчезает
Не, не правильно. Садитесь, два! Релей надо настраивать. Идем сюда mxtoolbox.com и проверяем свой сервер.

Ну а еще может сайт ломанули и с него рассылают.

Re: Сервер рассылает спам

Posted: Wed Oct 24, 2018 5:50 am
by Kumigy
Вернулся к вопросу почты.
Покопался немного, понял, что это не спам, а система пытается предупреждения выслать.
Но шлёт на адрес root@hosting, вопрос небольшой. Где эти конфиги можно поменять?
Тут я смотрел /etc/exim/exim.conf
All times are UTC
Page 2 of 3
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/