Postfixがハッキングされました。助けてください。 [閉じる]

postfixとdovecotをインストールしてSPF DKIMとDMARCを設定しましたが、Linodeアカウントの使用量が高いと報告され、アカウントでスパムがたくさん見つかるまですべてがスムーズに実行されました。サフィックスを閉じました。

指示：

1. メッセージは私のドメインから送信されますが、ユーザーnoidadeafsocietyは私が作成したものではなく、スパマーによって作成された仮想ユーザーです。

   sender_fullname: www-data
   sender: [email protected]
   

   上記のユーザーは私のmysql仮想ユーザーデータベースには存在しません。

2. PHPスクリプトを指すヘッダーの次の行を参照してください。

   X-PHP-Originating-Script: 33:isyfoyvr.php(1189) : runtime-created function(1) : eval()'d code(1) : eval()'d code
   

3. ポート25を介してサーバーからリモートまたはローカルに自分のIPにTelnetに接続することはできません。

postfix main.cf以下は私のファイルの関連部分です

smtp_tls_security_level = may
smtpd_tls_security_level = may

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = brahmaforces.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
#mydestination = $myhostname, brahmaforces.com, brahmaforces, localhost.localdomain, localhost, noidadeafsociety.org
mydestination = localhost

relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
message_size_limit = 31457280
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
home_mailbox = Maildir/
#virtual_alias_maps = hash:/etc/postfix/virtual

#Append the following line for local mail delivery to all virtual domains listed inside the MySQL table.

virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf

policyd-spf_time_limit = 3600

以下はキューのメッセージヘッダーです。

$ sudo postcat -q A1E705E545
*** ENVELOPE RECORDS deferred/A/A1E705E545 ***
message_size:            2198             223               1               0            2198               0
message_arrival_time: Tue Oct 24 06:47:29 2017
create_time: Tue Oct 24 13:39:04 2017
named_attribute: rewrite_context=local
sender_fullname: www-data
sender: [email protected]
*** MESSAGE CONTENTS deferred/A/A1E705E545 ***
Received: by brahmaforces.com (Postfix, from userid 33)
    id A1E705E545; Tue, 24 Oct 2017 06:47:29 +0530 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=noidadeafsociety.org;
    s=201710; t=1508832544;
    bh=6CNiZnlc0CH/LHm0VunVcXnxzPy9g3UAgtmu7mN62Yw=;
    h=To:Subject:Date:From:From;
    b=IO42NgZb1I7qjGaAQJL/Y0Dc4Q6Mv9WOCTPjGcCpFOtw/hPB4cf+PJXoAYmUCoyFG
     DSgVv1SqBx/W35pLLIedqciQhEnTlxbJCxKox2d7mIlZz6Vg5ywYlMbgJ/fBsZB+hD
     kJThn9Hex9a9OEL1ERZW5v8bxFpg3QY+A9jeizmX7FhQ1nLYwv5iLDP4FT+Qn6Zu3i
     9aRWSraMF+YplLwpUqzLWecZqB+9tUZHNZpC6eMg+UHFwrSSXbdDMtcmRFDDmmKnmG
     H5pHBqz86blZ6Ohf/ndca3KUqN+mo249lbo/5rq5pYyOESDwxiYNQy8MvZa8WYqIA6
     tsh23D6Ei1eWw==
To: [email protected]
Subject: You're sleeping, and this program earns money!
X-PHP-Originating-Script: 33:isyfoyvr.php(1189) : runtime-created function(1) : eval()'d code(1) : eval()'d code
Date: Tue, 24 Oct 2017 06:47:29 +0530
From: "Justin F." <[email protected]>
Message-ID: <[email protected]>
X-Mailer: PHPMailer 5.2.23 (https://github.com/PHPMailer/PHPMailer)
MIME-Version: 1.0
Content-Type: multipart/alternative;
    boundary="b1_79a51f9aa51cafb7505a4c92abc93109"
Content-Transfer-Encoding: 8bit

This is a multi-part message in MIME format.

--b1_79a51f9aa51cafb7505a4c92abc93109
Content-Type: text/plain; charset=us-ascii

There's nothing wrong to dream about the money that would appear out of nowhere. No one would refuse such happiness. But a dream like this, anybody especially was not true... until recently.

A group of German scientists are able to invent a program that makes money and allows you to forget about work and enjoy life.

It can bring you riches in a few weeks! { http://www.sriplasticenterprises.com/reduce.php?utm_source=67ksjr2535&utm_medium=ygapipe66p&utm_campaign=9h2vb6lp17&utm_term=5t9tgb2h6h&utm_content=s4mdh3336q } Come on click on the link and learn more...


--b1_79a51f9aa51cafb7505a4c92abc93109
Content-Type: text/html; charset=us-ascii

<html>
<body>
There's nothing wrong to dream about the money that would appear out of nowhere. No one would refuse such happiness. But a dream like this, anybody especially was not true... until recently.<br>
<br>
A group of German scientists are able to invent a program that makes money and allows you to forget about work and enjoy life.<br>
<br>
It can bring you riches in a few weeks! <a href="http://www.sriplasticenterprises.com/reduce.php?utm_source=67ksjr2535&utm_medium=ygapipe66p&utm_campaign=9h2vb6lp17&utm_term=5t9tgb2h6h&utm_content=s4mdh3336q">Come on click on the link and learn more...</a><br>
</body>
</html>