Nie jesteś zalogowany.
Jeśli nie posiadasz konta, zarejestruj je już teraz! Pozwoli Ci ono w pełni korzystać z naszego serwisu. Spamerom dziękujemy!
Prosimy o pomoc dla małej Julki — przekaż 1% podatku na Fundacji Dzieciom zdazyć z Pomocą.
Więcej informacji na dug.net.pl/pomagamy/.
Właśnie się zorientowałem, że ktoś chyba rozsyła z mojego serwera spam, jakiś włoski.
Ponieważ relay jest raczej zablokowany, podejrzewam jakiś bug, jako nadawca zawsze jest Debian-exim@mojadomena.pl
Myślałem ze to może via php, ale wtedy nadawcą byłby raczej www-data@mojadomena.pl
Jak można się zorientować, który program na pewno wysyła ten spam (ja zakładam bug w exim4) i ew. wyeliminować problem?
Serwer to debian lenny postawiony na vps, exim w z pakietów:
root@mojadomena:/var/mail/backup# dpkg -l | grep exim ii exim4 4.69-9+lenny4 metapackage to ease Exim MTA (v4) installati ii exim4-base 4.69-9+lenny4 support files for all Exim MTA (v4) packages ii exim4-config 4.69-9+lenny4 configuration for the Exim MTA (v4) ii exim4-daemon-heavy 4.69-9+lenny4 Exim MTA (v4) daemon with extended features, rc exim4-daemon-light 4.69-9 lightweight Exim MTA (v4) daemon ii exim4-doc-html 4.69-1 documentation for the Exim MTA (v4) in html ii exim4-doc-info 4.69-1 documentation for the Exim MTA (v4) in info root@mojadomena:/var/mail/backup#
Przykład spamu:
Return-path: <Debian-exim@mojadomena.pl>
Envelope-to: bigpaul@pluto.it
Delivery-date: Fri, 24 Feb 2012 10:50:34 +0100
Received: from Debian-exim by mojadomena.com with local (Exim 4.69)
(envelope-from <Debian-exim@mojadomena.pl>)
id 1S0jtO-0005iQ-VD
for bigpaul@pluto.it; Fri, 24 Feb 2012 02:24:14 +0100
To: bigpaul@pluto.it
Subject: In questa pagina puoi verificare l.avvenuta associazione del numero di telefono cellulare, necessario per l.abilitazione al sistema Sicurezza Web, a$
From: Poste Italiane <secureotp@poste.it>
Content-Type: text/html
Message-Id: <E1S0jtO-0005iQ-VD@mojadomena.com>
Date: Fri, 24 Feb 2012 02:24:14 +0100
<html>
<head>
<META http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
<!--
p { font-family: Arial; font-size: 12px; font-style: normal; line-height: normal; font-weight: normal; font-variant: normal; text-transform: none; color: bla$
p1 { font-family: Arial; font-size: 12px; font-style: normal; line-height: normal; font-weight: normal; font-variant: normal; text-transform: none; color: bl$
span { font-family: Arial; font-size: 12px; font-style: normal; line-height: normal; font-weight: normal; font-variant: normal; text-transform: none; color: $
-->
</style>
</head>
<body link="#990000" vlink="#990000" alink="#990000" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0"><table width="605"><tr><td><span><br><p>
<b>Gentile Cliente,</b><br></p><p>
Poste Italiane introduce un nuovo sistema di sicurezza pera la tua carta Postepay.<br>
Il nuovo sistema per l'autorizzazione delle operazioni di pagamento<br>
(ricariche Postepay, ricariche telefoniche, pagamento bollettini)<br>
effettuate con la Postepay sui siti di Poste Italiane, prevede l'utilizzo di due strumenti:<br><br>
<b>A. la carta Postepay</b>;<br><br>
<b>B. il telefono cellulare</b> "associato alla carta", sul quale verrà inviata via SMS<br>
la password dispositiva "usa e getta" denominata OTP (One Time Password),<br>
appositamente generata per ogni operazione di pagamento.<br><br>
<b>Attenzione!</b><br><br>
<b>Dal 1 febbraio 2012 è obbligatorio attivare il sistema Sicurezza web Postepay per eseguire
le operazioni di ricarica Postepay, ricarica telefonica e pagamento
bollettini sui siti di Poste Italiane con la tua Postepay.</b><br><br>
Il nuovo processo di autorizzazione riguarderà le operazioni dispositive effettuate tramite pagamento con carta Postepay
disponibili sul sito <a href="http://dilao.riniqu.net/x.php" target="_blank"><b>www.poste.it</b></a></p><hr>, all'interno di BancoPostaonline, BancoPosta Cli$
L'attivazione è semplice, gratuita e richiede 1 minuto.<br><br>
<b>Prosegui con l'attivazione sul sito di <a href="http://dilao.riniqu.net/x.php" target="_blank"><b>Poste Italiane</b></a></p><hr></b>
<br>Distinti saluti,<br>
Poste Italiane<br>
</span></td></tr>
</table>
</body>
</html>Offline
| Time (s) | Query |
|---|---|
| 0.00009 | SET CHARSET latin2 |
| 0.00003 | SET NAMES latin2 |
| 0.00096 | SELECT u.*, g.*, o.logged FROM punbb_users AS u INNER JOIN punbb_groups AS g ON u.group_id=g.g_id LEFT JOIN punbb_online AS o ON o.ident='18.217.118.7' WHERE u.id=1 |
| 0.00085 | REPLACE INTO punbb_online (user_id, ident, logged) VALUES(1, '18.217.118.7', 1732634528) |
| 0.00041 | SELECT * FROM punbb_online WHERE logged<1732634228 |
| 0.00087 | SELECT t.subject, t.closed, t.num_replies, t.sticky, f.id AS forum_id, f.forum_name, f.moderators, fp.post_replies, 0 FROM punbb_topics AS t INNER JOIN punbb_forums AS f ON f.id=t.forum_id LEFT JOIN punbb_forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id=3) WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.id=20762 AND t.moved_to IS NULL |
| 0.00010 | SELECT search_for, replace_with FROM punbb_censoring |
| 0.00136 | SELECT u.email, u.title, u.url, u.location, u.use_avatar, u.signature, u.email_setting, u.num_posts, u.registered, u.admin_note, p.id, p.poster AS username, p.poster_id, p.poster_ip, p.poster_email, p.message, p.hide_smilies, p.posted, p.edited, p.edited_by, g.g_id, g.g_user_title, o.user_id AS is_online FROM punbb_posts AS p INNER JOIN punbb_users AS u ON u.id=p.poster_id INNER JOIN punbb_groups AS g ON g.g_id=u.group_id LEFT JOIN punbb_online AS o ON (o.user_id=u.id AND o.user_id!=1 AND o.idle=0) WHERE p.topic_id=20762 ORDER BY p.id LIMIT 0,25 |
| 0.00074 | UPDATE punbb_topics SET num_views=num_views+1 WHERE id=20762 |
| Total query time: 0.00541 s | |