서버에서 스팸이 발송됩니다.

서버에서 스팸이 계속적으로 발송되고 있습니다.

우선 급한대로 /etc/mail/access에서 relay 제한을 했지만, 근본 원인을 알고 싶습니다.

제 짧은 소견으로는  웹을 통한  스팸 메일 발송 같은데...어떤 사용자의 웹인지 알수가 없네요..

우선 메일 로그입니다.

May 17 17:12:22 idea88 sendmail[7994]: k4H8CIIr007994: ruleset=check_rcpt, arg1=<mary_xie@public1.pxptt.jx.cn>, relay=[218.234.166.70], reject
=550 5.7.1 <mary_xie@public1.pxptt.jx.cn>... Relaying denied. IP name lookup failed [218.234.166.70]
May 17 17:12:23 idea88 sendmail[7994]: k4H8CIIr007994: ruleset=check_rcpt, arg1=<rjok@yb.jl.cn>, relay=[218.234.166.70], reject=550 5.7.1 <rjo
k@yb.jl.cn>... Relaying denied. IP name lookup failed [218.234.166.70]
May 17 17:12:23 idea88 sendmail[7995]: k4H8CKIr007995: from=<fnfbgm@ms12.hinet.net>, size=2696, class=0, nrcpts=8, msgid=<5lr$s$187292-yyl$0@h
n77.z6i>, bodytype=8BITMIME, proto=SMTP, daemon=MTA, relay=219-80-29-219.static.tfn.net.tw [219.80.29.219]
May 17 17:12:23 idea88 sendmail[7994]: k4H8CIIr007994: ruleset=check_rcpt, arg1=<money@rr.com>, relay=[218.234.166.70], reject=550 5.7.1 <mone
y@rr.com>... Relaying denied. IP name lookup failed [218.234.166.70]
May 17 17:12:23 idea88 sendmail[7994]: k4H8CIIr007994: ruleset=check_rcpt, arg1=<vjju@yb.jl.cn>, relay=[218.234.166.70], reject=550 5.7.1 <vjj
u@yb.jl.cn>... Relaying denied. IP name lookup failed [218.234.166.70]
May 17 17:12:23 idea88 sendmail[7994]: k4H8CIIr007994: lost input channel from [218.234.166.70] to MTA after rcpt
May 17 17:12:23 idea88 sendmail[7994]: k4H8CIIr007994: from=<at000rhgov@i-cable.com>, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA, relay
=[218.234.166.70]
May 17 17:12:24 idea88 sendmail[7998]: k4H8CKIr007995: to=<jjmt1@ms11.hinet.net>, delay=00:00:04, xdelay=00:00:01, mailer=esmtp, pri=240515, r
elay=ms11a.hinet.net. [168.95.5.11], dsn=2.0.0, stat=Sent (QAA09346 Message accepted for delivery)
May 17 17:12:24 idea88 sendmail[7978]: k4H8BBIr007975: to=<th322890@ms10.hinet.net>, delay=00:01:12, xdelay=00:01:00, mailer=esmtp, pri=600535
, relay=ms10a.hinet.net. [168.95.5.10], dsn=4.0.0, stat=Deferred: Connection timed out with ms10a.hinet.net.
May 17 17:12:25 idea88 sendmail[7999]: ruleset=check_relay, arg1=NK219-91-92-25.adsl.dynamic.apol.com.tw, arg2=219.91.92.25, relay=NK219-91-92
-25.adsl.dynamic.apol.com.tw [219.91.92.25], reject=553 5.3.0 DENY
May 17 17:12:25 idea88 sendmail[8000]: ruleset=check_relay, arg1=NK219-91-94-196.adsl.dynamic.apol.com.tw, arg2=219.91.94.196, relay=NK219-91-

다음으로 lsof 명령어를 사용했는뎅...아래와 같은 특이 사항이 있습니다.

sendmail  6101   root    1u  IPv4                              279900     TCP 220.85.46.82:smtp->61-64-80-231-adsl-tpe.dynamic.so-net.net.tw:2635 (ESTABLISHED)
sendmail  6101   root    2w   CHR        1,3                33756 /dev/null
sendmail  6101   root    3u  unix 0xc8a1e080                64262 socket
sendmail  6101   root    4u  IPv4     279900                  TCP 220.85.46.82:smtp->61-64-80-231-adsl-tpe.dynamic.so-net.net.tw:2635 (ESTABLISHED)
sendmail  6101   root    5u  IPv4     279900                  TCP 220.85.46.82:smtp->61-64-80-231-adsl-tpe.dynamic.so-net.net.tw:2635 (ESTABLISHED)

sendmail  시작과 동시에  sendmail 프로세스가 엄청 생겨 납니다.

많은 도움 부탁드립니다.