Форум Сайтостроение Администрирование серверов

спам с моего сервера

D2
На сайте с 01.11.2011
Offline
56
daniel2207
7611

Всем привет. Прошу помочь.

Хостер пригрозил, что с моего сервера идет спам.

Посмотрел письма вот такие: 

Return-Path: <MAILER-DAEMON>

Received: from localhost (localhost)

	by vz20.hostife.net (8.14.4/8.14.4) id r7JNhKMI000701;

	Wed, 21 Aug 2013 19:29:21 +0300

Date: Wed, 21 Aug 2013 19:29:21 +0300

From: Mail Delivery Subsystem <MAILER-DAEMON>

Message-Id: <201308211629.r7JNhKMI000701@vz20.hostife.net>

To: postmaster

MIME-Version: 1.0

Content-Type: multipart/report; report-type=delivery-status;

	boundary="r7JNhKMI000701.1377102561/vz20.hostife.net"

Subject: Postmaster notify: see transcript for details

Auto-Submitted: auto-generated (postmaster-notification)



This is a MIME-encapsulated message



--r7JNhKMI000701.1377102561/vz20.hostife.net



The original message was received at Wed, 21 Aug 2013 19:29:18 +0300

from localhost

with id r7JNhKMH000701



   ----- The following addresses had permanent fatal errors -----

<info@websiteplus.ru>

    (reason: 554 5.7.1 Message rejected under suspicion of SPAM 3fgQbY5AiJ-WDKKsO6x)



   ----- Transcript of session follows -----

... while talking to mx.yandex.ru.:

>>> DATA

<<< 554 5.7.1 Message rejected under suspicion of SPAM 3fgQbY5AiJ-WDKKsO6x

554 5.0.0 Service unavailable



--r7JNhKMI000701.1377102561/vz20.hostife.net

Content-Type: message/delivery-status



Reporting-MTA: dns; vz20.hostife.net

Arrival-Date: Wed, 21 Aug 2013 19:29:18 +0300



Final-Recipient: RFC822; info@websiteplus.ru

Action: failed

Status: 5.7.1

Remote-MTA: DNS; mx.yandex.ru

Diagnostic-Code: SMTP; 554 5.7.1 Message rejected under suspicion of SPAM 3fgQbY5AiJ-WDKKsO6x

Last-Attempt-Date: Wed, 21 Aug 2013 19:29:21 +0300



--r7JNhKMI000701.1377102561/vz20.hostife.net

Content-Type: message/rfc822



Return-Path: <MAILER-DAEMON>

Received: from localhost (localhost)

	by vz20.hostife.net (8.14.4/8.14.4) id r7JNhKMH000701;

	Wed, 21 Aug 2013 19:29:18 +0300

Date: Wed, 21 Aug 2013 19:29:18 +0300

From: Mail Delivery Subsystem <MAILER-DAEMON>

Message-Id: <201308211629.r7JNhKMH000701@vz20.hostife.net>

To: <info@websiteplus.ru>

MIME-Version: 1.0

Content-Type: multipart/report; report-type=delivery-status;

	boundary="r7JNhKMH000701.1377102558/vz20.hostife.net"

Subject: Returned mail: see transcript for details

Auto-Submitted: auto-generated (failure)



This is a MIME-encapsulated message



--r7JNhKMH000701.1377102558/vz20.hostife.net



The original message was received at Sun, 18 Aug 2013 07:29:42 +0300

from localhost [127.0.0.1]



   ----- The following addresses had permanent fatal errors -----

<conrad.mikes@us.army.mil>



   ----- Transcript of session follows -----

<cophub@msdbm.com>... Deferred: Connection timed out with msdbm.com.

<bsingh184@yahoo.com>,<bwgivech1@yahoo.com>,<cbgrey2000@yahoo.com>,<ch0yz@yahoo.com>,<chantinh197620...>,<clarkgill25@yahoo.com>,<cohen.glenn65@yahoo.com>,<costelc2003@yahoo.com>,<crazymind900@yahoo.com>... Deferred

<chelizabeth1@yahoo.fr>... Deferred

... while talking to mx2.sbcglobal.am0.yahoodns.net.:

<<< 421 4.7.1 [TS03] All messages from 91.240.22.63 will be permanently deferred; Retrying will NOT succeed. See http://postmaster.yahoo.com/421-ts03.html

<briankeenan@sbcglobal.net>... Deferred: 421 4.7.1 [TS03] All messages from 91.240.22.63 will be permanently deferred; Retrying will NOT succeed. See http://postmaster.yahoo.com/421-ts03.html

... while talking to mx3.hotmail.com.:

>>> MAIL From:<info@websiteplus.ru> SIZE=1305

<<< 421 RP-001 (BAY0-MC1-F20) Unfortunately, some messages from 91.240.22.63 weren't sent. Please try again. We have limits for how many messages can be sent per hour and per day. You can also refer to http://mail.live.com/mail/troubleshooting.aspx#errors.

... while talking to mx2.hotmail.com.:

>>> MAIL From:<info@websiteplus.ru> SIZE=1305

<<< 421 RP-001 (SNT0-MC3-F34) Unfortunately, some messages from 91.240.22.63 weren't sent. Please try again. We have limits for how many messages can be sent per hour and per day. You can also refer to http://mail.live.com/mail/troubleshooting.aspx#errors.

... while talking to mx1.hotmail.com.:

>>> MAIL From:<info@websiteplus.ru> SIZE=1305

<<< 421 RP-001 (COL0-MC4-F21) Unfortunately, some messages from 91.240.22.63 weren't sent. Please try again. We have limits for how many messages can be sent per hour and per day. You can also refer to http://mail.live.com/mail/troubleshooting.aspx#errors.

... while talking to mx4.hotmail.com.:

>>> MAIL From:<info@websiteplus.ru> SIZE=1305

<<< 421 RP-001 (BAY0-MC3-F5) Unfortunately, some messages from 91.240.22.63 weren't sent. Please try again. We have limits for how many messages can be sent per hour and per day. You can also refer to http://mail.live.com/mail/troubleshooting.aspx#errors.

<bowers456@msn.com>,<charp920@hotmail.com>,<chineseman1964@hotmail.com>... Deferred: 421 RP-001 (BAY0-MC3-F5) Unfortunately, some messages from 91.240.22.63 weren't sent. Please try again. We have limits for how many messages can be sent per hour and per day. You can also refer to http://mail.live.com/mail/troubleshooting.aspx#errors.

550 5.1.2 <conrad.mikes@us.army.mil>... Host unknown (Name server: us.army.mil.: no data known)

Warning: message still undelivered after 4 hours

Will keep trying until message is 5 days old



--r7JNhKMH000701.1377102558/vz20.hostife.net

Content-Type: message/delivery-status



Reporting-MTA: dns; vz20.hostife.net

Arrival-Date: Sun, 18 Aug 2013 07:29:42 +0300



Final-Recipient: RFC822; conrad.mikes@us.army.mil

Action: failed

Status: 5.1.2

Remote-MTA: DNS; us.army.mil

Last-Attempt-Date: Wed, 21 Aug 2013 19:29:18 +0300



--r7JNhKMH000701.1377102558/vz20.hostife.net

Content-Type: message/rfc822



Return-Path: <info@websiteplus.ru>

Received: from vz20.hostife.net (localhost [127.0.0.1])

	by vz20.hostife.net (8.14.4/8.14.4) with ESMTP id r7I4TgCo009239

	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);

	Sun, 18 Aug 2013 07:29:42 +0300

Received: (from wsp@localhost)

	by vz20.hostife.net (8.14.4/8.14.4/Submit) id r7I4Tdd5009233;

	Sun, 18 Aug 2013 07:29:39 +0300

Date: Sun, 18 Aug 2013 07:29:39 +0300

Message-Id: <201308180429.r7I4Tdd5009233@vz20.hostife.net>

X-Authentication-Warning: vz20.hostife.net: wsp set sender to info@websiteplus.ru using -f

To: browngrl13@comcast.net, cop122@excite.com, charp920@hotmail.com,

        christophe.fre@wanadoo.fr, crazymind900@yahoo.com,

        conrad.mikes@us.army.mil, brown1262@comcast.net, choppa4269@yahoo.com,

        chantinh19762001@yahoo.com, cope@fhcsny.com, bsingh184@yahoo.com,

        cribail@charter.net, ch0yz@yahoo.com, bowers456@msn.com,

        christianaurel@yahoo.com, briankeenan@sbcglobal.net

Subject: Do you like talking naughty?

X-PHP-Originating-Script: 500:jcnuo.php

From: "Welsh Matt" <WelshMatt@walters2329.fsnet.co.uk>

Reply-To: "Welsh Matt" <WelshMatt@walters2329.fsnet.co.uk>

X-Mailer: PHP/5.3.23

MIME-Version: 1.0

Content-type: text/plain; charset=iso-8859-1

X-Virus-Scanned: clamav-milter 0.97.8 at vz20.hostife.net

X-Virus-Status: Clean







--r7JNhKMH000701.1377102558/vz20.hostife.net--





--r7JNhKMI000701.1377102561/vz20.hostife.net--

Сразу посмотрел это:

X-PHP-Originating-Script: 500:jcnuo.php

Но по фтп на сервере такой файл не был найден.

Куда смотреть, что делать?

Посоветуйте пожалуйста.

Заранее спасибо.

Den73
На сайте с 26.06.2010
Offline
523
Den73
#1

смотрите почтовую очередь

D2
На сайте с 01.11.2011
Offline
56
daniel2207
#2
Den73:
смотрите почтовую очередь

буду благодарен если подскажете как ее посмотреть и что именно там высматривать.

P
На сайте с 16.03.2009
Offline
144
poiuty
#3

если php5.3 и выше

включаем mail log php

в логе покажет

mail() on [/путь/до/файла:номер_строчки_mail()]: To:
D2
На сайте с 01.11.2011
Offline
56
daniel2207
#4

Все посылается с помощью sendmail: 

Aug 18 06:40:24 vz20 sendmail[32147]: r7I3eKCt032144: to=<jkitch@comcast.net>, delay=00:00:04, xdelay=00:00:01, mailer=esmtp, pri=991153, relay=mx1.comcast.net. [68.87.26.147], dsn=5.0.0, stat=Service unavailable

Aug 18 06:40:24 vz20 sendmail[31590]: r7I3bGQk031528: to=<s_juking@pstcc.edu>, delay=00:03:08, xdelay=00:00:01, mailer=esmtp, pri=1021167, relay=smtp.pstcc.edu. [198.146.192.14], dsn=5.0.0, stat=Service unavailable

Aug 18 06:40:25 vz20 sendmail[32014]: r7I3dmhk032009: to=<dumasdenis@msn.com>,<dannyedwards_6874@msn.com>, delay=00:00:37, xdelay=00:00:04, mailer=esmtp, pri=991147, relay=mx1.hotmail.com. [65.54.188.94], dsn=4.0.0, stat=Deferred: 421 RP-001 (BAY0-MC2-F38) Unfortunately, some messages from 91.240.22.63 weren't sent. Ple...t per hour and per day. You can also refer to http://mail.live.com/mail/troubleshooting.aspx#errors.

Aug 18 06:40:25 vz20 sendmail[32127]: r7I3eEYc032120: to=<WMARTINI@hot.rr.com>, delay=00:00:11, xdelay=00:00:01, mailer=esmtp, pri=991135, relay=hrndva-smtpin02.mail.rr.com. [71.74.56.244], dsn=5.0.0, stat=Service unavailable

Aug 18 06:40:25 vz20 sendmail[31619]: r7I3bdk8031616: to=<lje4@verizon.net>, delay=00:02:46, xdelay=00:00:01, mailer=esmtp, pri=1021101, relay=relay.verizon.net. [206.46.232.11], dsn=5.0.0, stat=Service unavailable

Aug 18 06:40:25 vz20 sendmail[31590]: r7I3bGQk031528: to=<o-mitere-ho@sprint.net>, delay=00:03:09, xdelay=00:00:01, mailer=esmtp, pri=1021167, relay=mail.sprintlink.net. [199.0.233.13], dsn=4.0.0, stat=Deferred: Connection reset by mail.sprintlink.net.

Aug 18 06:40:25 vz20 sendmail[31707]: STARTTLS=client, relay=mx2.cbnorcal.com., version=TLSv1/SSLv3, verify=FAIL, cipher=AES256-SHA, bits=256/256

Aug 18 06:40:25 vz20 sendmail[31590]: r7I3bGQk031528: to=<wagbmass@verizon.net>, delay=00:03:09, xdelay=00:00:00, mailer=esmtp, pri=1021167, relay=relay.verizon.net. [206.46.232.11], dsn=5.0.0, stat=Service unavailable

Aug 18 06:40:26 vz20 sendmail[32100]: r7I3e9oB032095: to=<catoruz@chilemix.com>, delay=00:00:17, xdelay=00:00:14, mailer=esmtp, pri=1021085, relay=mailstore1.secureserver.net. [72.167.238.201], dsn=5.0.0, stat=Service unavailable

Aug 18 06:40:26 vz20 sendmail[32152]: r7I3e17V032046: to=<jmlyerly@aol.com>, delay=00:00:02, xdelay=00:00:02, mailer=esmtp, pri=1021231, relay=mailin-04.mx.aol.com. [64.12.90.34], dsn=4.0.0, stat=Deferred: 421 mtain-mh01.r1000.mx.aol.com Service unavailable - try again later
Mutabors
На сайте с 17.09.2012
Offline
127
Mutabors
#5
daniel2207:
Все посылается с помощью sendmail:

Все правильно, его и использует PHP mail(). Вам выше poiuty, дал отличный и достаточный для решения Вашей проблемы совет.

Включите лог и смотрите какой из скриптов отправляет почту...

Самый продвинутый и надежный SSD хостинг рунета с изоляцией сайтов по 115 руб! (http://beget.ru/?id=332651) Контекстная реклама и продажи. Конкурентные и серые темы. Дорого! Не трать время на рутину! Ее сделают за копейки! (http://www.work-zilla.com?ref=143498)
D2
На сайте с 01.11.2011
Offline
56
daniel2207
#6

Сделал. И оказалось что посылает стандартный файл Вордпресс 

mail() on [/var/www/wsp/data/www/moi-domen.ru/wp-includes/class-phpmailer.php:516]: To: info@pochta.ru -- Headers: Date: Thu, 22 Aug 2013 13:51:39 +0000 Return-Path: wordpress@moi-domen.ru From: WordPress <wordpress@moi-domen.ru> Message-ID: <813a263ce74c20005f1a4ecc8dd4fb89@moi-domen.ru> X-Priority: 3 X-Mailer: PHPMailer 5.2.4 (http://code.google.com/a/apache-extras.org/p/phpmailer/) MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=UTF-8

mail() on [/var/www/wsp/data/www/moi-domen.ru/wp-includes/class-phpmailer.php:516]: To: sovmrtb@hotmail.com -- Headers: Date: Thu, 22 Aug 2013 13:51:39 +0000 Return-Path: wordpress@moi-domen.ru From: WordPress <wordpress@moi-domen.ru> Message-ID: <3418663f1ef3f08f092ee9b51f5c861f@jette.ru> X-Priority: 3 X-Mailer: PHPMailer 5.2.4 (http://code.google.com/a/apache-extras.org/p/phpmailer/) MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=UTF-8

Вот строки которые указаны: 

  private function mail_passthru($to, $subject, $body, $header, $params) {

    if ( ini_get('safe_mode') || !($this->UseSendmailOptions) ) {

        $rt = @mail($to, $this->EncodeHeader($this->SecureHeader($subject)), $body, $header);

    } else {

        $rt = @mail($to, $this->EncodeHeader($this->SecureHeader($subject)), $body, $header, $params);

    }

    return $rt;

  }

Подскажите как решить проблему, есть посылает стандартный файл вордпресса?

N
На сайте с 06.05.2007
Offline
419
netwind
#7

daniel2207, разумеется, wordpress ТОЖЕ может отправлять письма. Сначала надо отделить эти письма от тех, на которые жаловались. У вас ведь там в первом сообщении wordpress не упоминается.

Хотя, возможна ситуация, когда вы скачали какой-нибудь пиратский шаблон или вам взломали ворпресс и установили какой-то плагин.

Кнопка вызова админа ()
Руководство Twitter прояснило ситуацию В плагине AMP для Появился плагин к TYPO3

Авторизуйтесь или зарегистрируйтесь, чтобы оставить комментарий