我已经检查过了,/etc/passwd中没有发送垃圾邮件的账户呀。
支持 Red Hat Enterprise Linux, CentOS, Scientific Linux, Debian, Ubuntu, FreeBSD, OpenBSD
您尚未登陆。 请选择登陆或是注册一个新账号。
iRedMail 开源邮件服务解决方案 » 由 dannil 发表的文章
我已经检查过了,/etc/passwd中没有发送垃圾邮件的账户呀。
这是pw@example.com转发给我的邮件,源文件如下:
Return-Path: <pw@example.com>
Delivered-To: dannil@example.com
Received: from localhost (mail.example.com [127.0.0.1])
by mail.example.com (iRedMail) with ESMTP id C52301900620
for <dannil@example.com>; Fri, 22 Apr 2011 11:17:51 +0800 (CST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=example.com; h=
user-agent:message-id:reply-to:organization:subject:subject:to
:from:from:date:date:content-transfer-encoding:content-type
:content-type:mime-version; s=dkim; t=1303442270; x=1304306270;
bh=YG5w/mlztxnWf4+Ba4Wmu2feBcpPCVSMVb8S9RTxoGk=; b=Rl5dIcNwIPVI
NvuH3OhKlRI5pq2l5VJsgcuOe8M6qbzfwQ50STYwHe7Pdj9e8wxk/CU90H05qGbg
XNeZgVU29aVOOiC7cxrMJ0zSjjintCzFDBvr9TsCfPw7RrGr8nlKd6xT49m4Xoo1
o6WLE+MSFUOhIN1Vb4x8TN8TLnvRWqI=
X-Virus-Scanned: Debian amavisd-new at mail.example.com
Received: from mail.example.com ([127.0.0.1])
by localhost (mail.example.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id Q9QT-doKjcxw for <dannil@example.com>;
Fri, 22 Apr 2011 11:17:50 +0800 (CST)
Received: from mail.example.com (mail.example.com [127.0.0.1])
by mail.example.com (iRedMail) with ESMTP id 7283E19002A4
for <dannil@example.com>; Fri, 22 Apr 2011 11:17:50 +0800 (CST)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8;
format=flowed
Content-Transfer-Encoding: 8bit
Date: Fri, 22 Apr 2011 11:17:50 +0800
From: =?UTF-8?Q?=E7=8E=8B=E5=9B=BD=E7=BB=B4?= <pw@example.com>
To: =?UTF-8?Q?=E7=8E=8B=E7=AB=8B=E6=9D=B0?= <dannil@example.com>
Subject: Fwd: most#article#lives
Organization: =?UTF-8?Q?=E6=97=A0=E9=94=A1=E7=99=BE=E6=AD=A5=E7=A7=91?=
=?UTF-8?Q?=E6=8A=80=E6=9C=89=E9=99=90=E5=85=AC=E5=8F=B8?=
Reply-To: <pw@example.com>
Mail-Reply-To: <pw@example.com>
Message-ID: <2d1b65a61cf904d03b6a811414d01422@example.com>
X-Sender: pw@example.com
User-Agent: =?UTF-8?Q?=E6=97=A0=E9=94=A1=E7=99=BE=E6=AD=A5=E7=A7=91?=
=?UTF-8?Q?=E6=8A=80=E6=9C=89=E9=99=90=E5=85=AC=E5=8F=B8=E7=94=B5=E5=AD=90?=
=?UTF-8?Q?=E9=82=AE=E4=BB=B6=E7=B3=BB=E7=BB=9F/0=2E5=2E1?=
-------- Original Message --------
Subject: most#article#lives
Date: Thu, 21 Apr 2011 07:08:04 +0800 (CST)
From: qualityglobe@mail.example.com
To: pw@example.com
When you feel depressed and lonely, it's better to have a cup of tea &
visit your closest friends.
http://bit.ly/g6bOnZ
一般服务器被黑该如何排查呢?第一次被黑,不知道该从何下手,抓狂....
我用nmap扫描了一下。发现多开了下面的端口
PORT STATE SERVICE
53/tcp filtered domain
222/tcp filtered rsh-spx
4444/tcp filtered krb524
4445/tcp filtered unknown
8081/tcp filtered blackice-icecap
8099/tcp filtered unknown
今天收到邮件服务器不存在的用户发来的邮件,邮件地址是不规则的,如:201104220323@example.com。他会发送邮件到服务器内的其他用户或是其他域(ade@yhoo.com.cn)。我第一感觉是被黑了,查看了日志fail2ban,有几十个不同的IP请求ssh失败。但是其他的日志到没有异常,用ps 和netstat都没有查看的异常的进程和网络连接。
请教排查的方法,不胜感激。
电邮服务器软件环境:
Ubuntu 10.04 LTD
iRedMail 0.6.1(LDAP方式)
Roundcubemail
MySQL
.....
为什么我的mail.log文件是空的?只有lycan这一个用户有时候接收不到邮件
是在Ubuntu Server 10.04 LTS 系统上部署iRedMail,接收其他域邮件的时候(如163、Gmail),别人发送过来的邮件需要过很长时间才可以收到,有时候根本收不到。在域内发送邮件就没有问题,1分钟之内就可以收到了。
我查看sieve.log日志如下:
root@mail:/var/log# tail sieve.log
Dec 08 15:53:46 deliver(lycan@ldomain.com): Info: Quota warning: bytes=912680550 (85%) messages=0 command=/usr/local/bin/dovecot-quota-warning.sh 85
Dec 08 15:53:46 deliver(lycan@ldomain.com): Info: Quota warning: bytes=966367641 (90%) messages=0 command=/usr/local/bin/dovecot-quota-warning.sh 90
Dec 08 15:53:46 deliver(lycan@ldomain.com): Info: Quota warning: bytes=1020054732 (95%) messages=0 command=/usr/local/bin/dovecot-quota-warning.sh 95
Dec 08 15:53:46 deliver(lycan@ldomain.com): Info: maildir: data=~/vmail1/ldomain.com/l/ly/lyc/lycan-2010.08.11.15.08.38//Maildir/
Dec 08 15:53:46 deliver(lycan@ldomain.com): Info: maildir++: root=/var/vmail/vmail1/ldomain.com/l/ly/lyc/lycan-2010.08.11.15.08.38//Maildir, index=, control=, inbox=/var/vmail/vmail1/ldomain.com/l/ly/lyc/lycan-2010.08.11.15.08.38//Maildir
Dec 08 15:53:46 deliver(lycan@ldomain.com): Info: sieve: using sieve path for user's script: /var/vmail/sieve/ldomain.com/lycan/dovecot.sieve
Dec 08 15:53:46 deliver(lycan@ldomain.com): Info: sieve: opening script /var/vmail/sieve/ldomain.com/lycan/dovecot.sieve
Dec 08 15:53:46 deliver(lycan@ldomain.com): Info: sieve: executing compiled script /var/vmail/sieve/ldomain.com/lycan/dovecot.sieve
Dec 08 15:53:46 deliver(lycan@ldomain.com): Info: Namespace : Using permissions from /var/vmail/vmail1/ldomain.com/l/ly/lyc/lycan-2010.08.11.15.08.38//Maildir: mode=0700 gid=-1
Dec 08 15:53:46 deliver(lycan@ldomain.com): Info: sieve: msgid=<BLU0-SMTP140407D0E42BE2D97154F2ECF2D0@phx.gbl>: stored mail into mailbox 'INBOX'
这是什么原因,邮箱空间分配1G,在WebMail看只占用了3%,请大家帮忙分析一下.谢谢了.
我也遇到过这样的情况,在升级到RoundCubeMail-0.4的时候出现的,不过把roundcubemail数据库清空一下,重新登录就没有问题了,不知道为什么..
插件的问题解决了。需要在main.ini.php中启用相应的插件就可以了
好像是RoundCubeMail 的问题。我升级到了0.4的版本后,修改附件大小后就可以正常发送100M(我设置为100M)以下的附件了,但是password插件无法使用了,我修改了password的config.ini.php中的相关信息后无法使用。又将iRedMail-0.6.1-snapshots中的password复制到RoundCubeMail0.4的plugines里面同样没有效果。
我也遇到了同样的情况.
我修改了/etc/postfix/main.cf中的 message_size_limit,message_size_limit
mailbox_size_limit = 104857600 #100M
message_size_limit = 104857600 #100M
编辑了/etc/php5/apache2/php.ini 文件
upload_max_filesize = 100M;
post_max_size = 100M;
改了/usr/share/apache2/roundcube/.htaccess 文件
php_value upload_max_filesize 100M
php_value post_max_size 100M
结果还是不可以发送5M的邮件
iRedMail 开源邮件服务解决方案 » 由 dannil 发表的文章
Powered by PunBB, supported by Informer Technologies, Inc.
Currently installed 3 official extensions. Copyright © 2003–2010 PunBB.
页面生成时间 0.018 秒, 共执行查询 55 条