LINUX.ORG.RU
ФорумAdmin

Подсобите в борьбе со спамом EXIM4

 , ,


0

1

Доброго дня!

Ранее не админили smtp сервера, ныне столкнулся по необходимости. Интересно разобрать и решить проблему. Столкнулся с рядом проблем связанным с попытками рассылки спама. Многие проблемы уже порешал при помощи конфигурации exim4 и fail2ban.

Осталась одна, для меня пока не понятная. Уходят письма от системного пользователя.

Сервер еще является и веб-сервером с сайтами.

1abOac-0006gW-Dm-H Debian-exim 110 116 <> 1456993590 0 -ident Debian-exim -received_protocol local -body_linecount 240 -max_received_linelength 104 -allow_unqualified_recipient -allow_unqualified_sender -frozen 1456993592 -localerror XX 1 spanked577@bk.ru

148P Received: from Debian-exim by azgard.bitcom32.ru with local (Exim 4.82) id 1abOac-0006gW-Dm for spanked577@bk.ru; Thu, 03 Mar 2016 11:26:30 +0300 039 X-Failed-Recipients: daniil@anphoto.ru 029 Auto-Submitted: auto-replied 062F From: Mail Delivery System <Mailer-Daemon@azgard.bitcom32.ru> 021T To: spanked577@bk.ru 059 Subject: Mail delivery failed: returning message to sender 051I Message-Id: <E1abOac-0006gW-Dm@azgard.bitcom32.ru> 038 Date: Thu, 03 Mar 2016 11:26:30 +0300

1abOac-0006gW-Dm-D This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:

daniil@anphoto.ru SMTP error from remote mail server after RCPT TO:<daniil@anphoto.ru>: host mx.yandex.ru [77.88.21.89]: 550 5.7.1 No such user!

------ This is a copy of the message, including all the headers. ------

Return-path: <spanked577@bk.ru> Received: from [92.45.25.194] (helo=host-92-45-25-194.reverse.superonline.net) by azgard.bitcom32.ru with esmtp (Exim 4.82) (envelope-from <spanked577@bk.ru>) id 1abOab-0006gQ-1T for daniil@anphoto.ru; Thu, 03 Mar 2016 11:26:29 +0300 To: daniil <daniil@anphoto.ru> Subject: =?koi8-r?B?UkU6UkU67sHU1dLBzNjO2cUgw9fF1Nkg1yDT1MXLzMUhIPPUz9HUIA==?= =?koi8-r?B?xM8gOCDMxdQh?= From: =?koi8-r?B?7MXbwSDn0s/Nz9c=?= <hosannab89@mail.ru> Date: Thu, 3 Mar 2016 10:21:07 +0200 Message-Id: <45833152.20160303102107@bk.ru> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=«065sx623nw7y» X-Priority: 3 (Normal) X-Mailer: ryMail

--065sx623nw7y Content-Type: text/plain; charset=«koi8-r» Content-Transfer-Encoding: quoted-printable

=ED=D9 =D3=CF=C8=D2=C1=CE=D1=C5=CD =D4=CF, =DE=D4=CF =D3=CF=DA=C4= =C1=CC=C1 =D0=D2=C9=D2=CF=C4=C1! =E9 =C4=C5=CC=C1=C5=CD =DC=D4=CF =CB=D2= =C1=D3=C9=D7=CF! =F7=CF=D3=C8=C9=D4=C9=D4=C5=CC=D8=CE=D9= =C5 =CB=CF=CD=D0=CF=DA=C9=C3=C9=C9 =C9=DA =CE=C1=D4=D5=D2=C1=CC=D8=CE= =D9=C8 =C3=D7=C5=D4=CF=D7 =D7 =D3=D4=C5=CB=CC=C5 - =DC=D4=CF =D0=CF=C4=C1= =D2=CF=CB, =C2=D5=CB=C5=D4 =C9 =D7=C1=DB=C5 =C9=D3=CB=CC=C0=DE=C9=D4=C5= =CC=D8=CE=CF=C5 =CF=D4=CE=CF=DB=C5=CE=C9=C5 =CB =C1=C4=D2=C5=D3=C1=D4=D5 = =D7 =CF=C4=CE=CF=CD =D3=CF=D3=D5=C4=C5! =EE=C1=D4=D5=D2=C1=CC= =D8=CE=D9=C5 =C3=D7=C5=D4=D9 =D7 =D3=D4=C5=CB=CC=C5 =CF=D4 Natural Flower= Products Co., Ltd. (=F4=C1=C9=CC=C1=CE=C4) =C9=CD=C5=C0=D4 =D2=D1=C4 =CF= =DE=C5=D7=C9=C4=CE=D9=C8 =D0=D2=C5=C9=CD=D5=DD=C5=D3=D4=D7: =D3= =CF=C8=D2=C1=CE=D1=C0=D4 =D0=C5=D2=D7=CF=DA=C4=C1=CE=CE=D9=CA =D7=C9=C4 = =CE=C5 =CD=C5=CE=C5=C5 8-=C9 =CC=C5=D4; =CE=C5 =D7=D9=DA=D9=D7=C1=C0= =D4 =C1=CC=CC=C5=D2=C7=C9=C9; =CE=C5 =D4=D2=C5=C2=D5=C0=D4 =D5=C8=CF= =C4=C1; =D3=CF=DE=C5=D4=C1=C0=D4 =D7 =D3=C5=C2=C5 =D7=D9=D3=CF=CB=CF= =C5 =CB=C1=DE=C5=D3=D4=D7=CF =C9 =D7=CF=D3=C8=C9=D4=C9=D4=C5=CC=D8=CE=D9= =C5 =D7=CE=C5=DB=CE=C9=C5 =C8=C1=D2=C1=CB=D4=C5=D2=C9=D3=D4=C9=CB=C9; = =CD=D9 =C9=D3=D0=CF=CC=D8=DA=D5=C5=CD =D5=CE=C9=CB=C1=CC=D8=CE=D9=CA = =D7 =D3=D7=CF=C5=CD =D2=CF=C4=C5 =CD=C5=D4=CF=C4 =CF=C2=C5=DA=D7=CF=D6=C9= =D7=C1=CE=C9=D1 =C2=C5=DA =C8=C9=CD=C9=C9 =C9 =D2=C5=C1=CB=D4=C9=D7=CF=D7= ; =D7=D9 =D0=D2=C9=CF=C2=D2=C5=D4=C1=C5=D4=C5 =C3=D7=C5=D4=D9 =D7 = =D3=D4=C5=CB=CC=C5 =CE=C5=D0=CF=D3=D2=C5=C4=D3=D4=D7=C5=CE=CE=CF =CF=D4 = =D0=D2=CF=C9=DA=D7=CF=C4=C9=D4=C5=CC=D1; =CD=D9 =D0=D2=C5=C4=CC=C1= =C7=C1=C5=CD =D7=C1=DB=C5=CD=D5 =D7=CE=C9=CD=C1=CE=C9=C0 =C6=CC=CF=D2=C9= =D3=D4=C9=DE=C5=D3=CB=C9=C5 =CB=CF=CD=D0=CF=DA=C9=C3=C9=C9 =D5=CE=C9=CB= =C1=CC=D8=CE=CF=C7=CF =C4=C9=DA=C1=CA=CE=C1 =CE=C1 =CC=C0=C2=CF=CA =D7=CB= =D5=D3. =EE=C1=D4=D5=D2=C1=CC=D8=CE=D9=C5 =C3=D7=C5=D4= =D9 =D7 =D3=D4=C5=CB=CC=C5 =CF=D4 Natural Flower Products Co., Ltd. (=F4= =C1=C9=CC=C1=CE=C4) - =D0=D2=C9=D2=CF=C4=C1 =CB=D2=C1=D3=CF=D4=D9! = =E3=D7=C5=D4=D9 =D7 =D3=D4=C5=CB=CC=C5 «=F7 =CC=C0=C2=D7= =C9» =E4=CC=D1 =D2=CF=CD=C1=CE=D4=C9=DE=CE=D9=C8 =CD=CF=CD= =C5=CE=D4=CF=D7! =E3=D7=C5=D4=D9 =D7 =D3=D4=C5= =CB=CC=C5 «=F4=C1=CE=C5=C3 =C3=D7=C5=D4=CF=D7» =F5=D7=CC=C5=CB=C1= =D4=C5=CC=D8=CE=C1=D1 =C9=C7=D2=C1 =C3=D7=C5=D4=C1 =C9 =C3=D7=C5=D4=CF=D7= ! =E3=D7=C5=D4=D9 =D7 =D3=D4=C5=CB= =CC=C5 «=E3=C9=D4=D2=C9=CE» =F7=C5=DE=CE=CF=C5 =CC=C5=D4=CF =D7 = =D4=D7=CF=C5=CD =C9=CE=D4=C5=D2=D8=C5=D2=C5! = =E3=D7=C5=D4=D9 =D7 =D3=D4=C5=CB=CC=C5 «=EB=D2=C1=D3=CE=C1= =D1 =D3=D4=D2=C1=D3=D4=D8» =E4=CC=D1 =D0=D2=C9=D1=D4=CE=D9=C8 =D0= =D2=CF=C2=D5=D6=C4=C5=CE=C9=CA =C9 =D4=CF=CD=CE=D9=C8 =D7=C5=DE=C5=D2=CF= =D7! =E3=D7=C5=D4=D9= =D7 =D3=D4=C5=CB=CC=C5 «=E4=C9=CB=C1=D1 =CF=D2=C8=C9=C4=C5=D1» = =FC=CB=DA=CF=D4=C9=DE=C5=D3=CB=C9=CA =CF=C1=DA=C9=D3 =D5 =D4=C5=C2=D1 =C4= =CF=CD=C1! =E3=D7=C5=D4=D9 = =D7 =D3=D4=C5=CB=CC=C5 «=E6=CC=C9=D2=D4» =ED=D5=DA=C1 =D4=D7=CF=C9= =C8 =DE=D5=D7=D3=D4=D7! = =E3=D7=C5=D4=D9 =D7 =D3=D4=C5=CB=CC=C5 «=F3=CF=CC= =CE=C5=DE=CE=D9=C5 =C4=CE=C9» =F4=C5=D4-=C1-=D4=C5=D4 =D3 =CB=D2= =C1=D3=CF=D4=CF=CA! >=EE=E1=FB =F3=E1=EA=F4<

--065sx623nw7y Content-Type: text/html; charset=«koi8-r» Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; charset=3Dkoi8-r"> <STYLE></STYLE> </HEAD> <BODY> <table width=3D"735" height=3D"246" border=3D"0" align=3D"center" cellpad= ding=3D"8"> <tr> <td width=3D"725"><p align=3D"center"><strong><font color=3D"#8D5A9F"= size=3D"+2" face=3D"Calibri">=ED=D9 =D3=CF=C8=D2=C1=CE=D1=C5=CD =D4=CF, = =DE=D4=CF =D3=CF=DA=C4=C1=CC=C1 =D0=D2=C9=D2=CF=C4=C1! =E9 =C4=C5=CC=C1= =C5=CD =DC=D4=CF =CB=D2=C1=D3=C9=D7=CF!</font></strong><font face=3D"Cali= bri"><br> <br> <strong><font color=3D"#8D5A9F">=F7=CF=D3=C8=C9=D4=C9=D4=C5=CC=D8= =CE=D9=C5 =CB=CF=CD=D0=CF=DA=C9=C3=C9=C9 =C9=DA =CE=C1=D4=D5=D2=C1=CC= =D8=CE=D9=C8 =C3=D7=C5=D4=CF=D7 =D7 =D3=D4=C5=CB=CC=C5</font></strong> - = =DC=D4=CF =D0=CF=C4=C1=D2=CF=CB, =C2=D5=CB=C5=D4 =C9 =D7=C1=DB=C5 =C9= =D3=CB=CC=C0=DE=C9=D4=C5=CC=D8=CE=CF=C5 =CF=D4=CE=CF=DB=C5=CE=C9=C5 =CB = =C1=C4=D2=C5=D3=C1=D4=D5 =D7 =CF=C4=CE=CF=CD =D3=CF=D3=D5=C4=C5!<br> <br> <strong><font color=3D"#8D5A9F">=EE=C1=D4=D5=D2=C1=CC=D8=CE=D9=C5 = =C3=D7=C5=D4=D9 =D7 =D3=D4=C5=CB=CC=C5 =CF=D4 Natural Flower Products Co<= /font></strong><font color=3D"#8D5A9F">.</font>, Ltd. (=F4=C1=C9=CC=C1=CE= =C4) =C9=CD=C5=C0=D4 =D2=D1=C4 =CF=DE=C5=D7=C9=C4=CE=D9=C8 =D0=D2=C5=C9= =CD=D5=DD=C5=D3=D4=D7:</font></p> <ul> <li><font face=3D"Calibri">=D3=CF=C8=D2=C1=CE=D1=C0=D4 =D0=C5=D2=D7= =CF=DA=C4=C1=CE=CE=D9=CA =D7=C9=C4 =CE=C5 =CD=C5=CE=C5=C5 8-=C9 =CC=C5=D4= ;</font></li> <li><font face=3D"Calibri">=CE=C5 =D7=D9=DA=D9=D7=C1=C0=D4 =C1=CC= =CC=C5=D2=C7=C9=C9;</font></li> <li><font face=3D"Calibri">=CE=C5 =D4=D2=C5=C2=D5=C0=D4 =D5=C8=CF= =C4=C1;</font></li> <li><font face=3D"Calibri">=D3=CF=DE=C5=D4=C1=C0=D4 =D7 =D3=C5=C2= =C5 =D7=D9=D3=CF=CB=CF=C5 =CB=C1=DE=C5=D3=D4=D7=CF =C9 =D7=CF=D3=C8=C9=D4= =C9=D4=C5=CC=D8=CE=D9=C5 =D7=CE=C5=DB=CE=C9=C5 =C8=C1=D2=C1=CB=D4=C5=D2= =C9=D3=D4=C9=CB=C9;</font></li> <li><font face=3D"Calibri">=CD=D9 =C9=D3=D0=CF=CC=D8=DA=D5=C5=CD = =D5=CE=C9=CB=C1=CC=D8=CE=D9=CA =D7 =D3=D7=CF=C5=CD =D2=CF=C4=C5 =CD=C5=D4= =CF=C4 =CF=C2=C5=DA=D7=CF=D6=C9=D7=C1=CE=C9=D1 =C2=C5=DA =C8=C9=CD=C9=C9 = =C9 =D2=C5=C1=CB=D4=C9=D7=CF=D7;</font></li> <li><font face=3D"Calibri">=D7=D9 =D0=D2=C9=CF=C2=D2=C5=D4=C1=C5=D4= =C5 =C3=D7=C5=D4=D9 =D7 =D3=D4=C5=CB=CC=C5 =CE=C5=D0=CF=D3=D2=C5=C4=D3=D4= =D7=C5=CE=CE=CF =CF=D4 =D0=D2=CF=C9=DA=D7=CF=C4=C9=D4=C5=CC=D1;</font></l= i> <li><font face=3D"Calibri">=CD=D9 =D0=D2=C5=C4=CC=C1=C7=C1=C5=CD = =D7=C1=DB=C5=CD=D5 =D7=CE=C9=CD=C1=CE=C9=C0 =C6=CC=CF=D2=C9=D3=D4=C9=DE= =C5=D3=CB=C9=C5 =CB=CF=CD=D0=CF=DA=C9=C3=C9=C9 =D5=CE=C9=CB=C1=CC=D8=CE= =CF=C7=CF =C4=C9=DA=C1=CA=CE=C1 =CE=C1 =CC=C0=C2=CF=CA =D7=CB=D5=D3.</fon= t><font color=3D"#03468A" face=3D"Calibri"><br> <strong><br> =EE=C1=D4=D5=D2=C1=CC=D8=CE=D9=C5 =C3=D7=C5=D4=D9 =D7 =D3=D4=C5= =CB=CC=C5 =CF=D4 Natural Flower Products Co., Ltd. (=F4=C1=C9=CC=C1=CE=C4= ) - =D0=D2=C9=D2=CF=C4=C1 =CB=D2=C1=D3=CF=D4=D9!</strong></font><font col= or=3D"#03468A"></font></li> </ul> <table width=3D"749" border=3D"0"> <tr> <td width=3D"274" height=3D"118" valign=3D"top"><p align=3D"cente= r"><strong><font color=3D"#BB62BE" face=3D"Calibri">=E3=D7=C5=D4=D9 =D7 = =D3=D4=C5=CB=CC=C5 «=F7 =CC=C0=C2=D7=C9»</font></strong><font face=3D"Cal= ibri"><br> <font size=3D"-1">=E4=CC=D1 =D2=CF=CD=C1=CE=D4=C9=DE=CE=D9= =C8 =CD=CF=CD=C5=CE=D4=CF=D7!</font></font></p> <p align=3D"center"><img src=3D"http://s019.radikal.ru/i605/160= 3/62/59e38aa91ff8.jpg" width=3D"195" height=3D"202"></p></td> <td width=3D"256" valign=3D"top"><p align=3D"center"><strong><fon= t color=3D"#BB62BE" face=3D"Calibri">=E3=D7=C5=D4=D9 =D7 =D3=D4=C5=CB=CC= =C5 «=F4=C1=CE=C5=C3 =C3=D7=C5=D4=CF=D7»</font><font face=3D"Calibri"><br=


</font></strong><font size=3D"-1" face=3D"Calibri">=F5=D7=CC=C5= =CB=C1=D4=C5=CC=D8=CE=C1=D1 =C9=C7=D2=C1 =C3=D7=C5=D4=C1 =C9 =C3=D7=C5=D4= =CF=D7!</font><br> <br> <img src=3D"http://s020.radikal.ru/i702/1603/4c/fe28e651c894.jp= g" width=3D"195" height=3D"195"></p> </td> <td width=3D"205" valign=3D"top"><p align=3D"center"><strong><fon= t color=3D"#BB62BE" face=3D"Calibri">=E3=D7=C5=D4=D9 =D7 =D3=D4=C5=CB=CC= =C5 «=E3=C9=D4=D2=C9=CE»</font></strong><font size=3D"-1" face=3D"Calibri= «><br> =F7=C5=DE=CE=CF=C5 =CC=C5=D4=CF =D7 =D4=D7=CF=C5=CD =C9=CE=D4= =C5=D2=D8=C5=D2=C5!</font><br> <br> <img src=3D»http://s020.radikal.ru/i712/1603/ea/a349ed9a38ca.jp= g" width=3D"195" height=3D"195"></p> </td> </tr> <tr> <td height=3D"140" valign=3D"top"><p align=3D"center"><strong><fo= nt color=3D"#BB62BE" face=3D"Calibri">=E3=D7=C5=D4=D9 =D7 =D3=D4=C5=CB=CC= =C5 «=EB=D2=C1=D3=CE=C1=D1 =D3=D4=D2=C1=D3=D4=D8»</font><font face=3D"Cal= ibri"><br> </font></strong><font size=3D"-1" face=3D"Calibri">=E4=CC=D1 =D0= =D2=C9=D1=D4=CE=D9=C8 =D0=D2=CF=C2=D5=D6=C4=C5=CE=C9=CA =C9 =D4=CF=CD=CE= =D9=C8 =D7=C5=DE=C5=D2=CF=D7!</font><br> <br> <img src=3D"http://s019.radikal.ru/i609/1603/1b/c5bac41c1= 672.jpg" width=3D"195" height=3D"195"><br> </p> </td> <td valign=3D"top"><p align=3D"center"><strong><font color=3D"#BB= 62BE" face=3D"Calibri">=E3=D7=C5=D4=D9 =D7 =D3=D4=C5=CB=CC=C5 «=E4=C9=CB= =C1=D1 =CF=D2=C8=C9=C4=C5=D1»</font></strong><font size=3D"-1" face=3D"Ca= libri"><br> =FC=CB=DA=CF=D4=C9=DE=C5=D3=CB=C9=CA =CF=C1=DA=C9=D3 =D5 =D4=C5= =C2=D1 =C4=CF=CD=C1!</font><br> <br> <img src=3D"http://s019.radikal.ru/i644/1603/2b/76f87ec8e0d7.jp= g" width=3D"195" height=3D"195"><br> </p> </td> <td valign=3D"top"><p align=3D"center"><strong><font color=3D"#BB= 62BE" face=3D"Calibri">=E3=D7=C5=D4=D9 =D7 =D3=D4=C5=CB=CC=C5 «=E6=CC=C9= =D2=D4»</font><font face=3D"Calibri"><br> </font></strong><font size=3D"-1" face=3D"Calibri">=ED=D5=DA=C1 = =D4=D7=CF=C9=C8 =DE=D5=D7=D3=D4=D7!</font><br> <br> <img src=3D"http://s016.radikal.ru/i337/1603/6c/3ce0cc415= 64f.jpg" width=3D"195" height=3D"195"><br> </p> </td> </tr> </table> <table width=3D"280" align=3D"center"> <tr> <td width=3D"270" height=3D"107" valign=3D"top"><p align=3D"cente= r"><strong><font color=3D"#BB62BE" face=3D"Calibri">=E3=D7=C5=D4=D9 =D7 = =D3=D4=C5=CB=CC=C5 «=F3=CF=CC=CE=C5=DE=CE=D9=C5 =C4=CE=C9»</font><font fa= ce=3D"Calibri"><br> </font></strong><font size=3D"-1" face=3D"Calibri">=F4=C5=D4-=C1-= =D4=C5=D4 =D3 =CB=D2=C1=D3=CF=D4=CF=CA!</font><br> <br> <img src=3D"http://s19.radikal.ru/i192/1603/c9/278c40efb4= 27.jpg" width=3D"195" height=3D"195"><br> </p> </td> </tr> </table> <br> <p align=3D"center"><font size=3D"+4" face=3D"Calibri"><a href=3D"htt= p://ekologiya-ros.ru" style=3D"color:#8D5A9F;«><strong>>=EE=E1=FB =F3= =E1=EA=F4< </strong></a></font></p></td> </tr> </table>

</BODY></HTML>

--065sx623nw7y--

Где это у меня дырка? полагаю рассылка идет от какого-то сайта? Подскажите куда копать и что происходит =)

PS Чет не получается загнать тело и заголовки под спойлер =(



Последнее исправление: Aeooe (всего исправлений: 2)
Samba: не пускает на ресурсы
Ocs-inventory

Это локальный процесс рассылает, например дырявый пхп скрипт.

Так верстают топики только мудаки, откройте для себя pastebin.

hizel ★★★★★
()
Вы не можете добавлять комментарии в эту тему. Тема перемещена в архив.
Samba: не пускает на ресурсы
Admin
Ocs-inventory