LINUX.ORG.RU
решено ФорумAdmin

Проблема с exim


0

1

Доброй ночи! Сегодня ночью посмотрел очередь ексима, и был очень удивлен, около 120 тысяч в ожидании. Конечно же выключил сразу exim, и рост пакетов прекратился. В логах:

mail.log

Jul 28 00:39:36 vds spamd[20320]: spamd: connection from localhost [127.0.0.1] at port 48321
Jul 28 00:39:36 vds spamd[20320]: spamd: handle_user unable to find user: 'spamd'
Jul 28 00:39:36 vds spamd[20320]: spamd: still running as root: user not specified with -u, not found, or set to root, falling back to nobody
Jul 28 00:39:36 vds spamd[20320]: spamd: checking message <CHILKAT-MID-ca60b793-3c68-a7e2-1e5f-773af86f4b28@servidor> for spamd:65534
Jul 28 00:39:36 vds spamd[20320]: spamd: clean message (-99.7/5.0) for spamd:65534 in 0.4 seconds, 5572 bytes.
Jul 28 00:39:36 vds spamd[20320]: spamd: result: . -99 - PLING_QUERY,URIBL_BLOCKED,USER_IN_ALL_SPAM_TO scantime=0.4,size=5572,user=spamd,uid=65534,requ$
Jul 28 00:39:36 vds spamd[1563]: prefork: child states: II
Jul 28 00:39:36 vds spamd[20320]: spamd: connection from localhost [127.0.0.1] at port 48333
Jul 28 00:39:36 vds spamd[20320]: spamd: handle_user unable to find user: 'spamd'
Jul 28 00:39:36 vds spamd[20320]: spamd: still running as root: user not specified with -u, not found, or set to root, falling back to nobody
Jul 28 00:39:36 vds spamd[20320]: spamd: checking message <CHILKAT-MID-00000024-0054-0045-0041-004d00002400@servidor> for spamd:65534
Jul 28 00:39:37 vds spamd[20320]: spamd: clean message (-96.5/5.0) for spamd:65534 in 0.5 seconds, 4798 bytes.
Jul 28 00:39:37 vds spamd[20320]: spamd: result: . -96 - TO_NO_BRKTS_MSFT,USER_IN_ALL_SPAM_TO scantime=0.5,size=4798,user=spamd,uid=65534,required_scor$
Jul 28 00:39:37 vds spamd[1563]: prefork: child states: II
Jul 28 00:39:37 vds spamd[20320]: spamd: connection from localhost [127.0.0.1] at port 48342
Jul 28 00:39:37 vds spamd[20320]: spamd: handle_user unable to find user: 'spamd'
Jul 28 00:39:37 vds spamd[20320]: spamd: still running as root: user not specified with -u, not found, or set to root, falling back to nobody
Jul 28 00:39:37 vds spamd[20320]: spamd: checking message <CHILKAT-MID-6708486c-7125-3174-bbfa-feb37d3c1892@rm10> for spamd:65534
Jul 28 00:39:38 vds spamd[20320]: spamd: clean message (-95.4/5.0) for spamd:65534 in 0.6 seconds, 4243 bytes.
Jul 28 00:39:38 vds spamd[20320]: spamd: result: . -95 - DATE_IN_PAST_03_06,LOTS_OF_MONEY,TO_NO_BRKTS_MSFT,URIBL_BLOCKED,USER_IN_ALL_SPAM_TO scantime=0$
Jul 28 00:39:38 vds spamd[1563]: prefork: child states: II

В mainlog:

2013-07-28 00:41:54 1V3C5d-0003yv-2a == info@DOMAIN.RU routing defer (-51): retry time not reached
2013-07-28 00:41:57 1V3CFR-0008RF-7v DKIM: d=comcast.net s=q20121106 c=relaxed/relaxed a=rsa-sha256 t=1374956907 [verification failed - signature did not ve$
2013-07-28 00:41:58 1V3CFR-0008RF-7v From tandem3@comcast.net to info@DOMAIN.RU X-Spam_score: -996.
2013-07-28 00:41:58 1V3CFR-0008RF-7v <= tandem3@comcast.net H=qmta13.westchester.pa.mail.comcast.net [76.96.59.243] P=esmtp S=7994 id=CHILKAT-MID-00000024-0$
2013-07-28 00:41:59 1V3CFR-0008RF-7v SMTP error from remote mail server after RCPT TO:<info@DOMAIN.RU>: host aspmx.l.google.com [2a00:1450:4001:c02::1a]: 4$
2013-07-28 00:42:00 1V3CFR-0008RF-7v ** info@DOMAIN.RU R=dnslookup T=remote_smtp: SMTP error from remote mail server after RCPT TO:<info@DOMAIN.RU>: host $
2013-07-28 00:42:00 1V3CFU-0000Tx-5D <= <> R=1V3CFR-0008RF-7v U=Debian-exim P=local S=9167 from <> for tandem3@comcast.net
2013-07-28 00:42:00 1V3CFR-0008RF-7v Completed
2013-07-28 00:42:00 1V3CFU-000428-4y From richardneal@richardnealproperties.com to info@DOMAIN.RU X-Spam_score: -964.
2013-07-28 00:42:00 1V3CFU-000428-4y <= richardneal@richardnealproperties.com H=omta02.westchester.pa.hmc1.comcast.net [76.96.53.7] P=esmtp S=6441 id=CHILKA$
2013-07-28 00:42:00 1V3CFU-000428-4y no immediate delivery: more than 10 messages received in one connection
2013-07-28 00:42:01 1V3CFU-0000Tx-5D ** tandem3@comcast.net R=dnslookup T=remote_smtp: SMTP error from remote mail server after initial connection: host mx2$
2013-07-28 00:42:01 1V3CFU-0000Tx-5D Frozen (delivery error message)
2013-07-28 00:42:01 1V3CFV-0008Th-Bw DKIM: d=comcast.net s=q20121106 c=relaxed/relaxed a=rsa-sha256 t=1374958440 [verification failed - signature did not ve$
2013-07-28 00:42:02 1V3CFV-0008Th-Bw From wrightlorend@comcast.net to info@DOMAIN.RU X-Spam_score: -971.
2013-07-28 00:42:02 1V3CFV-0008Th-Bw <= wrightlorend@comcast.net H=qmta11.emeryville.ca.mail.comcast.net [76.96.27.211] P=esmtp S=7913 id=CHILKAT-MID-000000$
2013-07-28 00:42:03 1V3CFV-0008Th-Bw ** info@DOMAIN.RU R=dnslookup T=remote_smtp: SMTP error from remote mail server after RCPT TO:<info@DOMAIN.RU>: host $
2013-07-28 00:42:03 1V3CFX-0000Un-LJ <= <> R=1V3CFV-0008Th-Bw U=Debian-exim P=local S=9115 from <> for wrightlorend@comcast.net
2013-07-28 00:42:03 1V3CFV-0008Th-Bw Completed
2013-07-28 00:42:04 1V3CFX-0000Un-LJ ** wrightlorend@comcast.net R=dnslookup T=remote_smtp: SMTP error from remote mail server after initial connection: hos$
2013-07-28 00:42:04 1V3CFX-0000Un-LJ Frozen (delivery error message)
2013-07-28 00:42:06 1V3CFa-000428-57 From mmarsh@mayerandmarshlaw.com to info@DOMAIN.RU X-Spam_score: -953.
2013-07-28 00:42:06 1V3CFa-000428-57 <= mmarsh@mayerandmarshlaw.com H=omta02.westchester.pa.hmc1.comcast.net [76.96.53.7] P=esmtp S=7203 id=CHILKAT-MID-758f$
2013-07-28 00:42:06 1V3CFa-000428-57 no immediate delivery: more than 10 messages received in one connection

В exim4.conf.template:

hostlist relay_from_hosts = 127.0.0.1 

exim4 -bV

Exim version 4.72

Еще в логе:

2013-07-28 06:06:07 1V3HJ4-0004kJ-3Z SMTP error from remote mail server after RCPT TO:<info@DOMAIN.RU>: host alt1.aspmx.l.google.com [173.194.71.26]: 450-4.2.1 The user you are trying to contact is receiving mail at a rate that\n450-4.2.1 prevents additional messages from being delivered. Please resend your\n450-4.2.1 message at a later time. If the user is able to receive mail at that\n450-4.2.1 time, your message will be delivered. For more information, please\n450 4.2.1 visit http://support.google.com/mail/bin/answer.py?answer=6592 qh9si1028474lbb.157 - gsmtp
2013-07-28 06:06:07 1V3HJ4-0004kJ-3Z == info@DOMAIN.RU R=dnslookup T=remote_smtp defer (-44): SMTP error from remote mail server after RCPT TO:<info@DOMAIN.RU>: host alt1.aspmx.l.google.com [173.194.71.26]: 450-4.2.1 The user you are trying to contact is receiving mail at a rate that\n450-4.2.1 prevents additional messages from being delivered. Please resend your\n450-4.2.1 message at a later time. If the user is able to receive mail at that\n450-4.2.1 time, your message will be delivered. For more information, please\n450 4.2.1 visit http://support.google.com/mail/bin/answer.py?answer=6592 qh9si1028474lbb.157 - gsmtp
2013-07-28 06:06:07 1V3HJ4-0004le-EO SMTP error from remote mail server after RCPT TO:<info@DOMAIN.RU>: host alt2.aspmx.l.google.com [2607:f8b0:400e:c03::1a]: 450-4.2.1 The user you are trying to contact is receiving mail at a rate that\n450-4.2.1 prevents additional messages from being delivered. Please resend your\n450-4.2.1 message at a later time. If the user is able to receive mail at that\n450-4.2.1 time, your message will be delivered. For more information, please\n450 4.2.1 visit http://support.google.com/mail/bin/answer.py?answer=6592 hs9si10931935pbc.244 - gsmtp
2013-07-28 06:06:07 1V3HJ7-0004j5-Uz From mgstern@wseitchik.com to info@DOMAIN.RU X-Spam_score: 35.
2013-07-28 06:06:07 1V3HJ6-0004ou-NX SMTP error from remote mail server after RCPT TO:<info@DOMAIN.RU>: host alt1.aspmx.l.google.com [2a00:1450:4010:c04::1b]: 450-4.2.1 The user you are trying to contact is receiving mail at a rate that\n450-4.2.1 prevents additional messages from being delivered. Please resend your\n450-4.2.1 message at a later time. If the user is able to receive mail at that\n450-4.2.1 time, your message will be delivered. For more information, please\n450 4.2.1 visit http://support.google.com/mail/bin/answer.py?answer=6592 mp7si4111112lbb.57 - gsmtp
2013-07-28 06:06:07 1V3HJ3-0004nn-IB SMTP error from remote mail server after RCPT TO:<info@DOMAIN.RU>: host alt1.aspmx.l.google.com [173.194.71.26]: 450-4.2.1 The user you are trying to contact is receiving mail at a rate that\n450-4.2.1 prevents additional messages from being delivered. Please resend your\n450-4.2.1 message at a later time. If the user is able to receive mail at that\n450-4.2.1 time, your message will be delivered. For more information, please\n450 4.2.1 visit http://support.google.com/mail/bin/answer.py?answer=6592 sj5si4109585lbb.70 - gsmtp
2013-07-28 06:06:07 1V3HJ3-0004nn-IB == info@DOMAIN.RU R=dnslookup T=remote_smtp defer (-44): SMTP error from remote mail server after RCPT TO:<info@DOMAIN.RU>: host alt1.aspmx.l.google.com [173.194.71.26]: 450-4.2.1 The user you are trying to contact is receiving mail at a rate that\n450-4.2.1 prevents additional messages from being delivered. Please resend your\n450-4.2.1 message at a later time. If the user is able to receive mail at that\n450-4.2.1 time, your message will be delivered. For more information, please\n450 4.2.1 visit http://support.google.com/mail/bin/answer.py?answer=6592 sj5si4109585lbb.70 - gsmtp
2013-07-28 06:06:07 1V3HJ4-0004o0-Gd SMTP error from remote mail server after RCPT TO:<info@DOMAIN.RU>: host alt1.aspmx.l.google.com [173.194.71.26]: 450-4.2.1 The user you are trying to contact is receiving mail at a rate that\n450-4.2.1 prevents additional messages from being delivered. Please resend your\n450-4.2.1 message at a later time. If the user is able to receive mail at that\n450-4.2.1 time, your message will be delivered. For more information, please\n450 4.2.1 visit http://support.google.com/mail/bin/answer.py?answer=6592 sj5si4102287lbb.115 - gsmtp
2013-07-28 06:06:07 1V3HJ4-0004o0-Gd == info@DOMAIN.RU R=dnslookup T=remote_smtp defer (-44): SMTP error from remote mail server after RCPT TO:<info@DOMAIN.RU>: host alt1.aspmx.l.google.com [173.194.71.26]: 450-4.2.1 The user you are trying to contact is receiving mail at a rate that\n450-4.2.1 prevents additional messages from being delivered. Please resend your\n450-4.2.1 message at a later time. If the user is able to receive mail at that\n450-4.2.1 time, your message will be delivered. For more information, please\n450 4.2.1 visit http://support.google.com/mail/bin/answer.py?answer=6592 sj5si4102287lbb.115 - gsmtp
2013-07-28 06:06:07 1V3HJ7-0004j5-Uz <= mgstern@wseitchik.com H=omta03.westchester.pa.hmc1.comcast.net [76.96.53.19] P=esmtp S=9846 id=CHILKAT-MID-a56d391d-81d5-1451-f1b0-7e33553317a4@servidor.COMAIRS from <mgstern@wseitchik.com> for info@DOMAIN.RU

И спам валит, аж край шумит.

LinuxUs ()

Ну так спам и проблема. Ясно же написано: Гугль не принимает. Ищи источник спама. Либо из Exim получился open relay, либо кто-то из тех, кому можно отправлять, трояна подхватил и через него шлют.

AS ★★★★★ ()
Ответ на: комментарий от LinuxUs

Русские форумы - бессмысленные и беспощадные. Ну а написать в чем была проблема для тех, кто с такой же траблой столкнется, религия не позволяет? Хотя бы в паре предложений?

MindLess ()
Ответ на: комментарий от MindLess

Да нет, почему же, пользователь подключался по логину и паролю, пришлось удалить его аккаунт, чтобы он больше не подключался, и спам прекратился.

LinuxUs ()
Вы не можете добавлять комментарии в эту тему. Тема перемещена в архив.