Guten Morgen Forum,
weil ich gestern im Webmin unter Qmail / Mail Queue so viele Einträge fand und eine Lösung gesucht habe bin ich auf die Seite von huschi.net gestossen wo ich den Artikel „Über meinen Server werden Spam's verschickt!“ gelesen habe. Ich habe die 2.Möglichkeit gewählt wo man die mail-Routine umgestalten muss.
Heute früh wie ich in die log /tmp/mail.send schaute fand ich:
Der ersten Eintrag kommt von mir als ich /usr/sbin/sendmail aufgerufen habe. Da wird nur der $USER angezeigt.
Komisch sendmail wird jede Stunde aufgerufen aber von wem?
Hier ein kurzer Auszug aus dem Maillog.
heute stehen wieder 37 Mails im Qmail / Mail Queue, hier ein Snippet einer Mail.
kann mir jemand helfen?
Danke
ron
weil ich gestern im Webmin unter Qmail / Mail Queue so viele Einträge fand und eine Lösung gesucht habe bin ich auf die Seite von huschi.net gestossen wo ich den Artikel „Über meinen Server werden Spam's verschickt!“ gelesen habe. Ich habe die 2.Möglichkeit gewählt wo man die mail-Routine umgestalten muss.
Heute früh wie ich in die log /tmp/mail.send schaute fand ich:
Code:
Wed May 21 00:48:25 CEST 2008 sendmail-wrapper called root from /usr/sbin
Wed May 21 01:40:00 CEST 2008 sendmail-wrapper called from
Wed May 21 02:40:00 CEST 2008 sendmail-wrapper called from
Wed May 21 03:03:27 CEST 2008 sendmail-wrapper called root from
Wed May 21 03:03:29 CEST 2008 sendmail-wrapper called root from
Wed May 21 03:03:29 CEST 2008 sendmail-wrapper called root from
Wed May 21 03:03:29 CEST 2008 sendmail-wrapper called root from
Wed May 21 03:03:29 CEST 2008 sendmail-wrapper called from
Wed May 21 03:40:00 CEST 2008 sendmail-wrapper called from
Wed May 21 04:40:00 CEST 2008 sendmail-wrapper called from
Wed May 21 05:40:01 CEST 2008 sendmail-wrapper called from
Wed May 21 06:40:00 CEST 2008 sendmail-wrapper called from
Wed May 21 07:40:00 CEST 2008 sendmail-wrapper called fromKomisch sendmail wird jede Stunde aufgerufen aber von wem?
Hier ein kurzer Auszug aus dem Maillog.
Code:
May 21 08:04:38 ns2 qmail-localfilter.pl: X-Spam-Status: Yes, score=9.3 required=6.0 tests=BAYES_00,
May 21 08:04:38 ns2 spamd[696]: prefork: child states: II
May 21 08:04:44 ns2 spamd[62610]: spamd: connection from localhost.mydomain.com [127.0.0.1] at port 57649
May 21 08:04:44 ns2 spamd[62610]: spamd: setuid to vpopmail succeeded
May 21 08:04:44 ns2 spamd[62610]: spamd: processing message <01c8bb19$9fd25f80$90026856@gust> for vpopmail:89
May 21 08:04:47 ns2 spamd[62610]: spamd: clean message (1.4/6.0) for vpopmail:89 in 2.9 seconds, 1429 bytes.
May 21 08:04:47 ns2 spamd[62610]: spamd: result: . 1 - BAYES_00,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK scantime=2.9,size=1429,user=vpopmail,uid=89,required_score=6.0,rhost=localhost.mydomain.com,raddr=127.0.0.1,rport=57649,mid=<01c8bb19$9fd25f80$90026856@gust>,bayes=0,autolearn=no
May 21 08:04:47 ns2 spamd[696]: prefork: child states: II
May 21 08:04:55 ns2 spamd[62610]: spamd: connection from localhost.mydomain.com [127.0.0.1] at port 62195
May 21 08:04:55 ns2 spamd[62610]: spamd: setuid to vpopmail succeeded
May 21 08:04:55 ns2 spamd[62610]: spamd: processing message <000a01c8bb08$04179aa9$66b292af@bgyhx> for vpopmail:89
May 21 08:04:56 ns2 spamd[68870]: spamd: connection from localhost.mydomain.com [127.0.0.1] at port 62974
May 21 08:04:56 ns2 spamd[68870]: spamd: setuid to vpopmail succeeded
May 21 08:04:56 ns2 spamd[68870]: spamd: processing message (unknown) for vpopmail:89
May 21 08:04:58 ns2 spamd[62610]: spamd: clean message (4.2/6.0) for vpopmail:89 in 3.0 seconds, 2801 bytes.
May 21 08:04:58 ns2 spamd[62610]: spamd: result: . 4 - BAYES_50,HTML_30_40,HTML_MESSAGE,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100,RAZOR2_CHECK,SOME_BREAKTHROUGH scantime=3.0,size=2801,user=vpopmail,uid=89,required_score=6.0,rhost=localhost.mydomain.com,raddr=127.0.0.1,rport=62195,mid=<000a01c8bb08$04179aa9$66b292af@bgyhx>,bayes=0.55607535255769,autolearn=no
May 21 08:04:59 ns2 spamd[696]: prefork: child states: IB
May 21 08:04:59 ns2 spamd[68870]: spamd: clean message (0.6/6.0) for vpopmail:89 in 3.1 seconds, 2474 bytes.
May 21 08:04:59 ns2 spamd[68870]: spamd: result: . 0 - AWL,BAYES_00,DRUGS_ERECTILE,DRUG_ED_CAPS,NO_REAL_NAME,RAZOR2_CHECK scantime=3.1,size=2474,user=vpopmail,uid=89,required_score=6.0,rhost=localhost.mydomain.com,raddr=127.0.0.1,rport=62974,mid=(unknown),bayes=0,autolearn=no
May 21 08:04:59 ns2 spamd[696]: prefork: child states: II
May 21 08:05:06 ns2 spamd[62610]: spamd: connection from localhost.mydomain.com [127.0.0.1] at port 52759
May 21 08:05:06 ns2 spamd[62610]: spamd: setuid to vpopmail succeeded
May 21 08:05:06 ns2 spamd[62610]: spamd: processing message <000701c8bb08$06a8d8ff$0a94979e@bhfuqwpw> for vpopmail:89
May 21 08:05:09 ns2 spamd[62610]: spamd: clean message (5.7/6.0) for vpopmail:89 in 3.0 seconds, 2791 bytes.
May 21 08:05:09 ns2 spamd[62610]: spamd: result: . 5 - BAYES_50,HTML_30_40,HTML_MESSAGE,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100,RAZOR2_CHECK,RCVD_NUMERIC_HELO,SOME_BREAKTHROUGH scantime=3.0,size=2791,user=vpopmail,uid=89,required_score=6.0,rhost=localhost.mydomain.com,raddr=127.0.0.1,rport=52759,mid=<000701c8bb08$06a8d8ff$0a94979e@bhfuqwpw>,bayes=0.50590068039671,autolearn=no
May 21 08:05:09 ns2 spamd[696]: prefork: child states: II
May 21 08:06:19 ns2 spamd[62610]: spamd: connection from localhost.mydomain.com [127.0.0.1] at port 52938
May 21 08:06:19 ns2 spamd[62610]: spamd: setuid to vpopmail succeeded
May 21 08:06:20 ns2 spamd[62610]: spamd: processing message <001601c8bb19$db9a5400$064d592c@celeronf6563e6> for vpopmail:89
May 21 08:06:23 ns2 spamd[62610]: spamd: clean message (-2.5/6.0) for vpopmail:89 in 3.1 seconds, 2226 bytes.
May 21 08:06:23 ns2 spamd[62610]: spamd: result: . -2 - BAYES_00,HTML_50_60,HTML_MESSAGE scantime=3.1,size=2226,user=vpopmail,uid=89,required_score=6.0,rhost=localhost.mydomain.com,raddr=127.0.0.1,rport=52938,mid=<001601c8bb19$db9a5400$064d592c@celeronf6563e6>,bayes=0,autolearn=ham
May 21 08:06:23 ns2 spamd[696]: prefork: child states: II
May 21 08:06:23 ns2 spamd[62610]: spamd: connection from localhost.mydomain.com [127.0.0.1] at port 61009
May 21 08:06:23 ns2 spamd[62610]: spamd: setuid to vpopmail succeeded
May 21 08:06:23 ns2 spamd[62610]: spamd: processing message <GgZvXtu-0087Aa-Oy@adventurous.massiveaudio.com> for vpopmail:89
May 21 08:06:25 ns2 spamd[68870]: spamd: connection from localhost.mydomain.com [127.0.0.1] at port 54337
May 21 08:06:25 ns2 spamd[68870]: spamd: setuid to vpopmail succeeded
May 21 08:06:25 ns2 spamd[68870]: spamd: processing message <KrSmQkm-0051Dn-Iu@stringy.selfknowledge.com> for vpopmail:89
May 21 08:06:26 ns2 spamd[62610]: spamd: identified spam (16.8/6.0) for vpopmail:89 in 2.9 seconds, 943 bytes.
May 21 08:06:26 ns2 spamd[62610]: spamd: result: Y 16 - BAYES_99,DATE_IN_FUTURE_03_06,DRUGS_ANXIETY,FUZZY_PHARMACY,MISSING_MIMEOLE,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,SUBJECT_FUZZY_MEDS scantime=2.9,size=943,user=vpopmail,uid=89,required_score=6.0,rhost=localhost.mydomain.com,raddr=127.0.0.1,rport=61009,mid=<GgZvXtu-0087Aa-Oy@adventurous.massiveaudio.com>,bayes=1,autolearn=no
May 21 08:06:26 ns2 qmail-localfilter.pl: Rejected spam from "Carlton Keller" <Bphil@htcia.org> to <office@werosoft.com>
May 21 08:06:26 ns2 qmail-localfilter.pl: X-Spam-Status: Yes, score=16.8 required=6.0 tests=BAYES_99,
May 21 08:06:26 ns2 spamd[696]: prefork: child states: IB
May 21 08:06:28 ns2 spamd[68870]: spamd: identified spam (16.8/6.0) for vpopmail:89 in 2.9 seconds, 984 bytes.
May 21 08:06:28 ns2 spamd[68870]: spamd: result: Y 16 - BAYES_99,DATE_IN_FUTURE_03_06,DRUGS_ANXIETY,FUZZY_PHARMACY,MISSING_MIMEOLE,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,SUBJECT_FUZZY_MEDS scantime=2.9,size=984,user=vpopmail,uid=89,required_score=6.0,rhost=localhost.mydomain.com,raddr=127.0.0.1,rport=54337,mid=<KrSmQkm-0051Dn-Iu@stringy.selfknowledge.com>,bayes=1,autolearn=no
May 21 08:06:28 ns2 spamd[696]: prefork: child states: II
May 21 08:06:28 ns2 qmail-localfilter.pl: Rejected spam from "Gerard Schneider" <eisrael@wonkette.com> to <office@mydomain.com>,
May 21 08:06:28 ns2 qmail-localfilter.pl: X-Spam-Status: Yes, score=16.8 required=6.0 tests=BAYES_99,
May 21 08:06:33 ns2 spamd[62610]: spamd: connection from localhost.mydomain.com [127.0.0.1] at port 61801
May 21 08:06:33 ns2 spamd[62610]: spamd: setuid to vpopmail succeeded
May 21 08:06:33 ns2 spamd[62610]: spamd: processing message <01c8bb54$8d294c00$bd448779@vapidityf> for vpopmail:89
May 21 08:06:36 ns2 spamd[62610]: spamd: clean message (3.0/6.0) for vpopmail:89 in 2.9 seconds, 780 bytes.
May 21 08:06:36 ns2 spamd[62610]: spamd: result: . 2 - BAYES_50,DRUGS_ERECTILE,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK scantime=2.9,size=780,user=vpopmail,uid=89,required_score=6.0,rhost=localhost.mydomain.com,raddr=127.0.0.1,rport=61801,mid=<01c8bb54$8d294c00$bd448779@vapidityf>,bayes=0.491987532695554,autolearn=no
May 21 08:06:36 ns2 spamd[696]: prefork: child states: II
May 21 08:06:37 ns2 spamd[62610]: spamd: connection from localhost.mydomain.com [127.0.0.1] at port 49673
May 21 08:06:37 ns2 spamd[62610]: spamd: setuid to vpopmail succeeded
May 21 08:06:37 ns2 spamd[62610]: spamd: processing message <6414D041.000094.50763@VSRJ> for vpopmail:89
May 21 08:06:40 ns2 spamd[62610]: spamd: clean message (1.2/6.0) for vpopmail:89 in 2.8 seconds, 797 bytes.
May 21 08:06:40 ns2 spamd[62610]: spamd: result: . 1 - BAYES_00,DATE_IN_PAST_06_12,FUZZY_CPILL,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK scantime=2.8,size=797,user=vpopmail,uid=89,required_score=6.0,rhost=localhost.mydomain.com,raddr=127.0.0.1,rport=49673,mid=<6414D041.000094.50763@VSRJ>,bayes=0,autolearn=no
May 21 08:06:40 ns2 spamd[696]: prefork: child states: II
May 21 08:06:43 ns2 spamd[62610]: spamd: connection from localhost.mydomain.com [127.0.0.1] at port 52385
May 21 08:06:43 ns2 spamd[62610]: spamd: setuid to vpopmail succeeded
May 21 08:06:43 ns2 spamd[62610]: spamd: processing message <01c8bb4c$31f35b80$823e293b@revocationxn8> for vpopmail:89
May 21 08:06:46 ns2 spamd[62610]: spamd: clean message (3.0/6.0) for vpopmail:89 in 2.9 seconds, 802 bytes.
May 21 08:06:46 ns2 spamd[62610]: spamd: result: . 2 - BAYES_50,DRUGS_ERECTILE,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK scantime=2.9,size=802,user=vpopmail,uid=89,required_score=6.0,rhost=localhost.mydomain.com,raddr=127.0.0.1,rport=52385,mid=<01c8bb4c$31f35b80$823e293b@revocationxn8>,bayes=0.517002111180266,autolearn=no
May 21 08:06:46 ns2 spamd[696]: prefork: child states: II
May 21 08:07:10 ns2 spamd[62610]: spamd: connection from localhost.mydomain.com [127.0.0.1] at port 63211
May 21 08:07:10 ns2 spamd[62610]: spamd: setuid to vpopmail succeeded
May 21 08:07:10 ns2 spamd[62610]: spamd: processing message <TcczJMk2g001baa68@ATLMX01.Atlanta.local> for vpopmail:89
May 21 08:07:13 ns2 spamd[68870]: spamd: connection from localhost.mydomain.com [127.0.0.1] at port 53226
May 21 08:07:13 ns2 spamd[68870]: spamd: setuid to vpopmail succeeded
May 21 08:07:13 ns2 spamd[68870]: spamd: processing message <4833BC28.7030402@yes-services.de> for vpopmail:89
May 21 08:07:13 ns2 spamd[62610]: spamd: clean message (2.3/6.0) for vpopmail:89 in 2.9 seconds, 3561 bytes.
May 21 08:07:13 ns2 spamd[62610]: spamd: result: . 2 - BAYES_40,DRUGS_ERECTILE,DRUG_ED_CAPS,NO_REAL_NAME,RAZOR2_CHECK scantime=2.9,size=3561,user=vpopmail,uid=89,required_score=6.0,rhost=localhost.mydomain.com,raddr=127.0.0.1,rport=63211,mid=<TcczJMk2g001baa68@ATLMX01.Atlanta.local>,bayes=0.273473082033819,autolearn=no
May 21 08:07:14 ns2 spamd[696]: prefork: child states: IB
May 21 08:07:16 ns2 spamd[68870]: spamd: clean message (-0.1/6.0) for vpopmail:89 in 2.9 seconds, 711 bytes.
May 21 08:07:16 ns2 spamd[68870]: spamd: result: . 0 - BAYES_00,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK scantime=2.9,size=711,user=vpopmail,uid=89,required_score=6.0,rhost=localhost.mydomain.com,raddr=127.0.0.1,rport=53226,mid=<4833BC28.7030402@yes-services.de>,bayes=0.000168610131942692,autolearn=no
May 21 08:07:16 ns2 spamd[696]: prefork: child states: II
May 21 08:08:30 ns2 spamd[62610]: spamd: connection from localhost.mydomain.com [127.0.0.1] at port 51778
May 21 08:08:30 ns2 spamd[62610]: spamd: setuid to vpopmail succeeded
May 21 08:08:30 ns2 spamd[62610]: spamd: processing message <01c8bb5d$34aa7c80$4b86255c@bronzelp> for vpopmail:89
May 21 08:08:33 ns2 spamd[62610]: spamd: clean message (1.8/6.0) for vpopmail:89 in 3.1 seconds, 3634 bytes.
May 21 08:08:33 ns2 spamd[62610]: spamd: result: . 1 - BAYES_00,HTML_30_40,HTML_MESSAGE,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK scantime=3.1,size=3634,user=vpopmail,uid=89,required_score=6.0,rhost=localhost.mydomain.com,raddr=127.0.0.1,rport=51778,mid=<01c8bb5d$34aa7c80$4b86255c@bronzelp>,bayes=0,autolearn=no
May 21 08:08:33 ns2 spamd[696]: prefork: child states: II
May 21 08:08:58 ns2 spamd[62610]: spamd: connection from localhost.mydomain.com [127.0.0.1] at port 50431
May 21 08:08:58 ns2 spamd[62610]: spamd: setuid to vpopmail succeeded
May 21 08:08:58 ns2 spamd[62610]: spamd: processing message <2180edf5-a39d-4c85-b24e-6445f9d9f7cf@3begmlhc01.3beg.3banken.at> for vpopmail:89
May 21 08:09:03 ns2 spamd[62610]: spamd: clean message (-1.9/6.0) for vpopmail:89 in 4.8 seconds, 19786 bytes.
May 21 08:09:03 ns2 spamd[62610]: spamd: result: . -1 - AWL,BAYES_00,HTML_40_50,HTML_MESSAGE scantime=4.8,size=19786,user=vpopmail,uid=89,required_score=6.0,rhost=localhost.mydomain.com,raddr=127.0.0.1,rport=50431,mid=<2180edf5-a39d-4c85-b24e-6445f9d9f7cf@3begmlhc01.3beg.3banken.at>,bayes=1.11022302462516e-16,autolearn=ham
May 21 08:09:03 ns2 spamd[696]: prefork: child states: IIheute stehen wieder 37 Mails im Qmail / Mail Queue, hier ein Snippet einer Mail.
Code:
Hi. This is the qmail-send program at ns2.mydomain.com.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.
<fice@mydomain.com>:
Sorry, no mailbox here by that name. vpopmail (#5.1.1)
--- Below this line is a copy of the message.
Return-Path: <wetyuopdd@youyouyou.com>
Received: (qmail 65658 invoked by uid 89); 21 May 2008 04:31:19 -0000
X-Spam-Checker-Version: SpamAssassin 3.1.6 (2006-10-03) on ns2.mydomain.com
X-Spam-Level: ****
X-Spam-Status: No, score=4.3 required=6.0 tests=BAYES_40,FUZZY_CPILL,
HTML_MESSAGE,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E8_51_100,
RAZOR2_CHECK,RCVD_NUMERIC_HELO autolearn=no version=3.1.6
Received: from unknown (HELO 221.220.248.9) (221.220.248.9)
by ns2.mydomain.com with SMTP; 21 May 2008 04:31:15 -0000
Message-ID: <000a01c8bafb$0506bcd0$86a12e9a@tvuykjpg>
From: "johny jocelyn" <wetyuopdd@youyouyou.com>
To: <fice@mydomain.com>
Subject: Your Coupon #VulLp. Cyails , yVagra adn eLvytra
Date: Wed, 21 May 2008 02:45:56 +0000kann mir jemand helfen?
Danke
ron