질문&답변
클라우드/리눅스에 관한 질문과 답변을 주고 받는 곳입니다.
리눅스 분류

제발 도와주세요..

작성자 정보

  • 최성준 작성
  • 작성일

컨텐츠 정보

본문

제 서버에서 sendmail 을 통해서.. 스팸 메일이 발송되고 있습니다.

Relay 방지해놨습니다.  바이러스 웜이 서버내에서 그런짓을 하는것 같은데 어떻게 막아야 할지를 모르겠습니다.

이하는 제 서버에서 바이러스 웜을 포함한 스팸메일을 발송하고 있다고 알리는 메세지 들입니다.

도와주세요..

----------------------------------------
스팸메일 1 로그 (ROOT로 온 메세지)
----------------------------------------

From Mailer-Daemon@firewall.stu.ac.kr  Mon Dec  2 14:41:03 2002
Return-Path: <Mailer-Daemon@firewall.stu.ac.kr>
Received: from firewall.stu.ac.kr ([211.114.16.4])
        by 제서버 (8.11.6/8.11.6) with SMTP id gB25f3R26175
        for <MAILER-DAEMON@제서버>; Mon, 2 Dec 2002 14:41:03 +0900
Date: Mon, 2 Dec 2002 14:41:03 +0900
From: Mailer-Daemon@firewall.stu.ac.kr
Message-Id: <200212020541.gB25f3R26175@제서버>
Subject: [경고] 귀하가 전송한 전자우편이 바이러스에 감염 되었습니다.
X-Mailer: SecureWorks (TM) Firewall Server 2.0 R10D SMTP
Status: RO

전송하신 전자우편의 첨부파일에서 바이러스가 발견되었습니다.

귀하의 전자우편은 수신자에게 전달되지 않았습니다. 바이러스를 제거한 후 다시 보내시
기 바랍니다.

발신자: MAILER-DAEMON@제서버
수신자: help@제서버
제목:  Undelivered Mail Returned to Sender -goldfish

바이러스이름: Win32/Yaha.worm.27648 on goldfish.mdb.pif


---------------------------------------------
또 다른 스팸메일.. (완전 악성임..)
---------------------------------------------

From nobody  Wed Dec 11 05:42:01 2002
Return-Path: <MAILER-DAEMON@제서버>
Received: from localhost (localhost)
        by 제서버 (8.11.6/8.11.6) id gBAKg1p24667;
        Wed, 11 Dec 2002 05:42:01 +0900
Date: Wed, 11 Dec 2002 05:42:01 +0900
From: Mail Delivery Subsystem <MAILER-DAEMON@제서버>
Message-Id: <200212102042.gBAKg1p24667@제서버>
To: nobody@제서버
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
        boundary="gBAKg1p24667.1039552921/제서버"
Subject: Returned mail: see transcript for details
Auto-Submitted: auto-generated (failure)
Status: RO

This is a MIME-encapsulated message

--gBAKg1p24667.1039552921/제서버

The original message was received at Wed, 11 Dec 2002 05:41:59 +0900
from nobody@localhost

   ----- The following addresses had permanent fatal errors -----
cinik_worm@yahoo.com
    (reason: 553 VS10-RT Possible forgery or deactivated due to abuse - see http:/
/help.yahoo.com/help/us/mail/spam/spam-18.html (#5.1.1))

   ----- Transcript of session follows -----
... while talking to mx2.mail.yahoo.com.:
>>> RCPT To:<cinik_worm@yahoo.com>
<<< 553 VS10-RT Possible forgery or deactivated due to abuse - see http://help.yah
oo.com/help/us/mail/spam/spam-18.html (#5.1.1)
550 5.1.1 cinik_worm@yahoo.com... User unknown

--gBAKg1p24667.1039552921/제서버
Content-Type: message/delivery-status

Reporting-MTA: dns; 제서버
Arrival-Date: Wed, 11 Dec 2002 05:41:59 +0900

Final-Recipient: RFC822; cinik_worm@yahoo.com
Action: failed
Status: 5.1.3
Remote-MTA: DNS; mx2.mail.yahoo.com
Diagnostic-Code: SMTP; 553 VS10-RT Possible forgery or deactivated due to abuse -
see http://help.yahoo.com/help/us/mail/spam/spam-18.html (#5.1.1)
Last-Attempt-Date: Wed, 11 Dec 2002 05:42:01 +0900

--gBAKg1p24667.1039552921/제서버
Content-Type: message/rfc822

Return-Path: <nobody>
Received: (from nobody@localhost)
        by 제서버 (8.11.6/8.11.6) id gBAKfxq24663
        for cinik_worm@yahoo.com; Wed, 11 Dec 2002 05:41:59 +0900
Date: Wed, 11 Dec 2002 05:41:59 +0900
From: Nobody <nobody>
Message-Id: <200212102041.gBAKfxq24663@제서버>
To: cinik_worm@yahoo.com
Subject: 제서버 IP

PROC
processor       : 0
vendor_id       : GenuineIntel
cpu family      : 6
model           : 8
model name      : Pentium III (Coppermine)
stepping        : 10
cpu MHz         : 996.881
cache size      : 256 KB
fdiv_bug        : no
hlt_bug         : no
f00f_bug        : no
coma_bug        : no
fpu             : yes
fpu_exception   : yes
cpuid level     : 2
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pa
t pse36 mmx fxsr sse
bogomips        : 1992.29

MEM
             total       used       free     shared    buffers     cached
Mem:        513368     509824       3544         72     132108     229300
-/+ buffers/cache:     148416     364952
Swap:       262120          0     262120
HDD
Filesystem            Size  Used Avail Use% Mounted on
/dev/sda5             984M  110M  824M  12% /
/dev/sda1              97M  5.8M   86M   7% /boot
/dev/sda8              11G  3.6G  7.1G  34% /home
none                  251M     0  250M   0% /dev/shm
/dev/sda6             484M  8.2M  451M   2% /tmp
/dev/sda3             1.9G  731M  1.1G  40% /usr
/dev/sda2             1.9G  258M  1.5G  14% /var
IP
eth0      Link encap:Ethernet  HWaddr 00:XX:XX:XX:XX:XX
          inet addr:제서버 IP  Bcast:211.XXX.XX.XXX  Mask:255.255.255.128
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:12897602 errors:0 dropped:0 overruns:0 frame:0
          TX packets:13281297 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:1419186902 (1353.4 Mb)  TX bytes:3240423754 (3090.3 Mb)
          Interrupt:9 Base address:0x2000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:44231 errors:0 dropped:0 overruns:0 frame:0
          TX packets:44231 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:12537799 (11.9 Mb)  TX bytes:12537799 (11.9 Mb)


--gBAKg1p24667.1039552921/제서버--

 

관련자료

댓글 1

김용준님의 댓글

  • 김용준
  • 작성일
좀더 자세한 상황을 알려주세요. 좀 정보가 부족합니다. 어떤 상황인지요~~~
목록

공지사항

뉴스광장

  • 현재 회원수 :  60,287 명
  • 현재 강좌수 :  36,942 개
  • 현재 접속자 :  473 명