Bonjour,
J'ai l'impression, et plus même, qu'on parvient à utiliser le smtp de mon serveur sous R3 d'ovh pour envoyer du spam. Je reçois des mails de ce genre :
This is the mail system at host buzionweb.fr.
I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can delete your own text from the attached returned message.
The mail system
: host mx-ha03.web.de[212.227.15.17] said: 550 Requested
action not taken: mailbox unavailable (in reply to RCPT TO command)
détails en pièce jointe :
Reporting-MTA: dns; buzionweb.fr
X-Postfix-Queue-ID: 418E57EA56
X-Postfix-Sender: rfc822; postmaster@reves-de-plaisirs.info
Arrival-Date: Mon, 7 Mar 2016 15:07:21 +0100 (CET)
Final-Recipient: rfc822; huashuasdhuahu@web.de
Original-Recipient: rfc822;huashuasdhuahu@web.de
Action: failed
Status: 5.0.0
Remote-MTA: dns; mx-ha03.web.de
Diagnostic-Code: smtp; 550 Requested action not taken: mailbox unavailable
2 comptes m'ont remonté ce genre de messages. J'ai pensé en premier lieu que le mot de passe d'authentification smtp pouvait être compromis, j'ai donc changé les mots de passes des deux sites concernés. Si sur le premier ça c'est arreté, sur le second non. Je ne pense pas non plus qu'un formulaire php puisse être en cause parce que le nom de domaine sur lequel persiste l'envoi de spam n'héberge aucun site.
Comment savoir d'où proviennent ces mails ? J'ai regardé le fichier mailog dans /home/log mais je ne le trouve pas très bavard :
Mar 7 11:27:29 ns338640 postfix/smtpd[13990]: connect from binnsolucionesinformaticas.vservers.es[91.142.211.47]
Mar 7 11:27:29 ns338640 postfix/smtpd[13990]: warning: connect to Milter service inet:localhost:8891: Connection refused
Mar 7 11:27:29 ns338640 postfix/smtpd[13990]: setting up TLS connection from binnsolucionesinformaticas.vservers.es[91.142.211.47]
Mar 7 11:27:29 ns338640 postfix/smtpd[13990]: Anonymous TLS connection established from binnsolucionesinformaticas.vservers.es[91.142.211.47]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Mar 7 11:27:29 ns338640 postfix/smtpd[13990]: BCDC17E9CD: client=binnsolucionesinformaticas.vservers.es[91.142.211.47], sasl_method=PLAIN, sasl_username=postmaster@reves-de-plaisirs.info
Mar 7 11:27:29 ns338640 postfix/cleanup[15272]: BCDC17E9CD: message-id=<5b2367ad3d5a7e6d1070af57838508f9@edificioducal .es>
Mar 7 11:27:30 ns338640 postfix/qmgr[3785]: BCDC17E9CD: from=, size=1304, nrcpt=1 (queue active)
Mar 7 11:27:30 ns338640 postfix/smtpd[13990]: disconnect from binnsolucionesinformaticas.vservers.es[91.142.211.47]
Mar 7 11:27:30 ns338640 postfix/smtpd[13990]: connect from cafecontinuosl.vservers.es[91.142.211.47]
Mar 7 11:27:30 ns338640 postfix/smtpd[13990]: warning: connect to Milter service inet:localhost:8891: Connection refused
Mar 7 11:27:30 ns338640 postfix/smtpd[13990]: setting up TLS connection from cafecontinuosl.vservers.es[91.142.211.47]
Mar 7 11:27:30 ns338640 postfix/smtpd[13990]: Anonymous TLS connection established from cafecontinuosl.vservers.es[91.142.211.47]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Mar 7 11:27:30 ns338640 postfix/smtp[16219]: 0B5AD7E9CF: to=, relay=mx4.hotmail.com[65.55.37.88]:25, delay=1.2, delays=0.13/0/0.44/0.66, dsn=2.0.0, status=sent (250 Queued mail for delivery)
Mar 7 11:27:30 ns338640 postfix/qmgr[3785]: 0B5AD7E9CF: removed
Mar 7 11:27:30 ns338640 postfix/smtpd[13990]: 5BC087E9CE: client=cafecontinuosl.vservers.es[91.142.211.47], sasl_method=PLAIN, sasl_username=postmaster@reves-de-plaisirs.info
Mar 7 11:27:30 ns338640 postfix/cleanup[15272]: 5BC087E9CE: message-id=
Mar 7 11:27:30 ns338640 postfix/qmgr[3785]: 5BC087E9CE: from=, size=1312, nrcpt=1 (queue active)
Mar 7 11:27:30 ns338640 postfix/smtpd[13990]: disconnect from cafecontinuosl.vservers.es[91.142.211.47]
Mar 7 11:27:30 ns338640 postfix/smtpd[13990]: connect from binnsolucionesinformaticas.vservers.es[91.142.211.47]
Mar 7 11:27:30 ns338640 postfix/smtpd[13990]: warning: connect to Milter service inet:localhost:8891: Connection refused
Mar 7 11:27:30 ns338640 postfix/smtpd[13990]: setting up TLS connection from binnsolucionesinformaticas.vservers.es[91.142.211.47]
Mar 7 11:27:30 ns338640 postfix/smtpd[13990]: Anonymous TLS connection established from binnsolucionesinformaticas.vservers.es[91.142.211.47]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Mar 7 11:27:30 ns338640 postfix/smtpd[13990]: CC6FB7E9CF: client=binnsolucionesinformaticas.vservers.es[91.142.211.47], sasl_method=PLAIN, sasl_username=postmaster@reves-de-plaisirs.info
Mar 7 11:27:30 ns338640 postfix/cleanup[15272]: CC6FB7E9CF: message-id=<964ab6555edbc020ff8f03c7e9e2d1d9@edificioducal .es>
Mar 7 11:27:30 ns338640 postfix/smtp[16084]: BCDC17E9CD: to=, relay=mx2.optonline.net[167.206.4.79]:25, delay=1.1, delays=0.29/0/0.49/0.34, dsn=5.7.1, status=bounced (host mx2.optonline.net[167.206.4.79] said: 554 5.7.1 Spam detected by content scanner. Message rejected. (in reply to end of DATA command))
Mar 7 11:27:30 ns338640 postfix/cleanup[16920]: DEC597E9D1: message-id=<20160307102730.DEC597E9D1@buzionweb.fr>
Mar 7 11:27:30 ns338640 postfix/qmgr[3785]: DEC597E9D1: from=<>, size=3341, nrcpt=1 (queue active)
Mar 7 11:27:30 ns338640 postfix/qmgr[3785]: CC6FB7E9CF: from=, size=1304, nrcpt=1 (queue active)
Mar 7 11:27:30 ns338640 postfix/bounce[16917]: BCDC17E9CD: sender non-delivery notification: DEC597E9D1
Mar 7 11:27:30 ns338640 postfix/qmgr[3785]: BCDC17E9CD: removed
Mar 7 11:27:30 ns338640 postfix/smtpd[13990]: disconnect from binnsolucionesinformaticas.vservers.es[91.142.211.47]
Mar 7 11:27:31 ns338640 dovecot: lda(postmaster@reves-de-plaisirs.info): sieve: msgid=<20160307102730.DEC597E9D1@buzionweb.fr>: stored mail into mailbox 'INBOX'
Mar 7 11:27:31 ns338640 postfix/pipe[15290]: DEC597E9D1: to=, relay=dovecot, delay=0.19, delays=0.05/0/0/0.14, dsn=2.0.0, status=sent (delivered via dovecot service)
Mar 7 11:27:31 ns338640 postfix/qmgr[3785]: DEC597E9D1: removed
Mar 7 11:27:31 ns338640 postfix/smtpd[13990]: connect from cafecontinuosl.vservers.es[91.142.211.47]
Mar 7 11:27:31 ns338640 postfix/smtpd[13990]: warning: connect to Milter service inet:localhost:8891: Connection refused
Mar 7 11:27:31 ns338640 postfix/smtpd[13990]: setting up TLS connection from cafecontinuosl.vservers.es[91.142.211.47]
Mar 7 11:27:31 ns338640 postfix/smtpd[13990]: Anonymous TLS connection established from cafecontinuosl.vservers.es[91.142.211.47]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Mar 7 11:27:31 ns338640 postfix/smtpd[13990]: 510B27E9CD: client=cafecontinuosl.vservers.es[91.142.211.47], sasl_method=PLAIN, sasl_username=postmaster@reves-de-plaisirs.info
Mar 7 11:27:31 ns338640 postfix/smtp[16219]: 5BC087E9CE: to=, relay=cdptpa-pub-iedge-vip.email.rr.com[107.14.166.70]:25, delay=0.98, delays=0.15/0/0.5/0.33, dsn=2.0.0, status=sent (250 2.0.0 OK D3/FF-26225-3975DD65)
Mar 7 11:27:31 ns338640 postfix/qmgr[3785]: 5BC087E9CE: removed
Ce genre de ligne m'intrigue quand même par contre :
Anonymous TLS connection established from binnsolucionesinformaticas.vservers.es[91.142.211.47]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Il n'y a pas de SMTP ouvert de configuré, on ne peut se connecter au smtp que via authentification. ça viendrait de cette ligne ?
Je suis un peu perdu, merci d'avance pour votre aide.