Ma ona taką samą datę i rozmiar jak oryginał, jedyne co to zmienia się uid.
Tworzone jest nieregularnie w tempie 5-10 sztuk na minutę. Gdzie np przez 10 minut nie ma nic a w sekundę robi się 50 kopii. Albo np co 10 sekund wpada po kilka.
Któryś proces poczty robi takie cuda. Dzieje się to jak zauważyłem na razie tylko w jednym katalogu. (podejrzewam też Eseta o takie szaleństwo - ale też nie mam pomysłu jak wykryć że to "użytkownik" sam sobie przez IMAPa wrzuca emaile).
Reset serwera nie pomógł.
Kod: Zaznacz cały
/vmail/mojadomena.pl/skrzynkapocztowa/.Wiadomo&AVs-ci-&AVs-mieci/cur
Kod: Zaznacz cały
root@mojadomena:/virtual/vmail/mojadomena.pl/skrzynka/.Wiadomo&AVs-ci-&AVs-mieci/cur# ls -la
total 141928
drwx------ 2 vmail vmail 61440 Feb 5 11:01 .
drwx------ 5 vmail vmail 4096 Feb 5 11:09 ..
-rw------- 1 vmail vmail 837251 Feb 2 22:36 1580818934.M271096P2270.mojadomena,S=837251,W=848207:2,S
-rw------- 1 vmail vmail 837251 Feb 2 22:36 1580818936.M336474P2270.mojadomena,S=837251,W=848207:2,S
-rw------- 1 vmail vmail 837251 Feb 2 22:36 1580818937.M896906P2270.mojadomena,S=837251,W=848207:2,S
-rw------- 1 vmail vmail 837251 Feb 2 22:36 1580818939.M428545P2270.mojadomena,S=837251,W=848207:2,S
-rw------- 1 vmail vmail 837251 Feb 2 22:36 1580818947.M765606P2280.mojadomena,S=837251,W=848207:2,S
-rw------- 1 vmail vmail 837251 Feb 2 22:36 1580819047.M753783P2308.mojadomena,S=837251,W=848207:2,S
-rw------- 1 vmail vmail 837251 Feb 2 22:36 1580819213.M720466P2383.mojadomena,S=837251,W=848207:2,S
-rw------- 1 vmail vmail 837251 Feb 2 22:36 1580819279.M38498P2383.mojadomena,S=837251,W=848207:2,S
-rw------- 1 vmail vmail 837251 Feb 2 22:36 1580819283.M267475P2383.mojadomena,S=837251,W=848207:2,
-rw------- 1 vmail vmail 837251 Feb 2 22:36 1580819613.M13903P2481.mojadomena,S=837251,W=848207:2,S
-rw------- 1 vmail vmail 837251 Feb 2 22:36 1580819620.M868763P2481.mojadomena,S=837251,W=848207:2,S
-rw------- 1 vmail vmail 837251 Feb 2 22:36 1580819644.M274908P2481.mojadomena,S=837251,W=848207:2,S
-rw------- 1 vmail vmail 837251 Feb 2 22:36 1580819644.M685240P2481.mojadomena,S=837251,W=848207:2,S
-rw------- 1 vmail vmail 837251 Feb 2 22:36 1580819645.M418185P2481.mojadomena,S=837251,W=848207:2,S
Kod: Zaznacz cały
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 28560 3480 ? Ss Feb04 0:00 init -z
root 2 0.0 0.0 0 0 ? S Feb04 0:00 [kthreadd/2129]
root 3 0.0 0.0 0 0 ? S Feb04 0:00 [khelper/2129]
root 54 0.0 0.0 38744 1300 ? Ss Feb04 0:00 /lib/systemd/systemd-udevd
root 78 0.0 0.4 90648 35972 ? Ss Feb04 0:11 /lib/systemd/systemd-journald
root 289 0.0 0.0 13988 988 ? Ss Feb04 0:00 /usr/bin/rsync --daemon --no-detach
root 290 0.0 0.0 28908 1324 ? Ss Feb04 0:00 /usr/sbin/cron -f
clamav 291 0.0 0.0 97672 7640 ? Ss Feb04 0:02 /usr/bin/freshclam -d --foreground=true
root 292 0.0 0.0 19800 1240 ? Ss Feb04 0:00 /lib/systemd/systemd-logind
message+ 295 0.0 0.0 42068 1600 ? Ss Feb04 0:00 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
bind 303 0.0 0.2 327636 18156 ? Ssl Feb04 0:00 /usr/sbin/named -f -u bind
root 306 0.0 0.0 17672 1536 ? Ss Feb04 0:03 /usr/sbin/dovecot -F
systemd+ 337 0.0 0.0 25692 968 ? Ss Feb04 0:00 /lib/systemd/systemd-resolved
root 338 0.0 0.0 186904 2264 ? Ssl Feb04 0:05 /usr/sbin/rsyslogd -n
clamav 340 0.0 10.3 1090232 869716 ? Ssl Feb04 1:17 /usr/sbin/clamd --foreground=true
opendma+ 356 0.0 0.0 424852 1668 ? Ssl Feb04 0:02 /usr/sbin/opendmarc -c /etc/opendmarc.conf -u opendmarc -P /var/run/opendmarc/opendmarc.pid -p inet:54321@localhost
dovecot 363 0.0 0.0 9192 1104 ? S Feb04 0:01 dovecot/anvil
root 364 0.0 0.0 9320 1236 ? S Feb04 0:01 dovecot/log
root 378 0.0 0.0 23108 2736 ? S Feb04 0:03 dovecot/config
root 384 0.0 0.0 55124 2964 ? Ss Feb04 0:00 /usr/sbin/sshd -D
opendkim 394 0.0 0.0 85364 1536 ? Ss Feb04 0:00 /usr/sbin/opendkim -x /etc/opendkim.conf -u opendkim -P /var/run/opendkim/opendkim.pid -p inet:12345@localhost
opendkim 397 0.0 0.1 560804 9468 ? Sl Feb04 0:05 /usr/sbin/opendkim -x /etc/opendkim.conf -u opendkim -P /var/run/opendkim/opendkim.pid -p inet:12345@localhost
proftpd 426 0.0 0.0 122884 2540 ? Ss Feb04 0:00 proftpd: (accepting connections)
root 442 0.0 0.0 23252 1828 ? S Feb04 0:00 /bin/bash /usr/bin/mysqld_safe
root 452 0.0 0.0 12608 832 tty2 Ss+ Feb04 0:00 /sbin/agetty --noclear tty2 linux
root 453 0.0 0.0 15640 832 tty1 Ss+ Feb04 0:00 /sbin/agetty --noclear --keep-baud console 115200 38400 9600 vt102
polw 466 0.0 0.1 68888 16460 ? Ss Feb04 0:00 policyd-weight (master)
polw 471 0.0 0.1 68888 16212 ? Ss Feb04 0:00 policyd-weight (cache)
root 513 0.0 0.2 329444 22880 ? Ss Feb04 0:01 /usr/sbin/apache2 -k start
root 536 0.1 0.1 1790044 12672 ? Sl Feb04 2:05 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid
mysql 618 0.0 1.1 675336 100288 ? Sl Feb04 0:36 /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib/mysql/plugin --user=mysql --skip-log-error --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/run/mysqld/mysqld.sock --port=3306
root 619 0.0 0.0 25124 972 ? S Feb04 0:00 logger -t mysqld -p daemon.error
amavis 729 0.0 0.7 180728 62028 ? Ss Feb04 0:00 /usr/sbin/amavisd-new (master)
root 975 0.0 0.0 36116 2524 ? Ss Feb04 0:02 /usr/lib/postfix/master
postfix 983 0.0 0.0 38348 2712 ? S Feb04 0:00 qmgr -l -t fifo -u
dovenull 1000 0.0 0.0 18164 3136 ? S Feb04 0:00 dovecot/imap-login
vmail 1009 0.0 0.0 21816 3212 ? S Feb04 0:00 dovecot/imap
postfix 1030 0.0 0.0 42796 3476 ? S Feb04 0:00 tlsmgr -l -t unix -u -c
polw 1926 0.0 0.2 69664 18000 ? S Feb04 0:00 policyd-weight (child)
polw 2551 0.0 0.2 69680 18028 ? S Feb04 0:01 policyd-weight (child)
amavis 5856 0.0 0.7 260364 65812 ? S Feb04 0:00 /usr/sbin/amavisd-new (ch18-avail)
dovecot 10703 0.0 0.0 114172 3184 ? S Feb04 0:02 dovecot/auth
postfix 10727 0.0 0.0 38180 2484 ? S Feb04 0:00 anvil -l -t unix -u -c
vmail 10778 0.0 0.0 114132 3300 ? S Feb04 0:01 dovecot/auth -w
amavis 16324 0.0 0.7 259532 65004 ? S 03:49 0:00 /usr/sbin/amavisd-new (ch6-avail)
www-data 17840 0.0 0.2 334928 19284 ? S 06:25 0:00 /usr/sbin/apache2 -k start
www-data 17842 0.0 0.1 334136 15584 ? S 06:25 0:00 /usr/sbin/apache2 -k start
www-data 17843 0.0 0.1 333416 14904 ? S 06:25 0:00 /usr/sbin/apache2 -k start
www-data 17844 0.0 0.1 334136 15516 ? S 06:25 0:00 /usr/sbin/apache2 -k start
www-data 17845 0.0 0.1 330112 11720 ? S 06:25 0:00 /usr/sbin/apache2 -k start
www-data 18077 0.0 0.2 334268 17872 ? S 06:44 0:00 /usr/sbin/apache2 -k start
amavis 19094 0.0 0.7 260820 65912 ? S 07:49 0:01 /usr/sbin/amavisd-new (ch14-avail)
www-data 19538 0.0 0.1 329892 10928 ? S 08:14 0:00 /usr/sbin/apache2 -k start
www-data 19539 0.0 0.2 334736 17516 ? S 08:14 0:00 /usr/sbin/apache2 -k start
www-data 19541 0.0 0.1 334288 15944 ? S 08:14 0:00 /usr/sbin/apache2 -k start
www-data 20169 0.0 0.1 333332 13560 ? S 08:48 0:00 /usr/sbin/apache2 -k start
root 20532 0.0 0.0 80104 3920 ? Ss 09:03 0:00 sshd: sethiel [priv]
seth+ 20541 0.0 0.0 80104 2076 ? S 09:03 0:00 sshd: sethiel@pts/0
seth+ 20542 0.0 0.0 23288 2192 pts/0 Ss 09:03 0:00 -bash
root 20554 0.0 0.0 47764 1688 pts/0 S 09:03 0:00 su -
root 20557 0.0 0.0 23348 2252 pts/0 S 09:03 0:00 -su
root 20561 0.0 0.0 53520 5680 pts/0 S+ 09:03 0:00 mc
root 20563 0.0 0.0 23348 2236 pts/1 Ss 09:03 0:00 bash -rcfile .bashrc
postfix 21529 0.0 0.0 38180 2504 ? S 09:41 0:00 pickup -l -t fifo -u -c -o content_filter=
amavis 21690 0.0 0.7 260764 65660 ? S 09:47 0:00 /usr/sbin/amavisd-new (ch8-avail)
dovenull 22048 0.0 0.0 18164 3144 ? S 10:04 0:00 dovecot/imap-login
vmail 22049 0.0 0.0 22160 3164 ? S 10:04 0:00 dovecot/imap
dovenull 22050 0.0 0.0 18164 3144 ? S 10:04 0:00 dovecot/imap-login
vmail 22051 0.0 0.0 21632 3012 ? S 10:04 0:00 dovecot/imap
postfix 22088 0.0 0.0 146128 6888 ? S 10:05 0:00 smtpd -n smtp -t inet -u -c -o stress= -s 2 -o content_filter=smtp-amavis:[127.0.0.1]:10024 -o cleanup_service_name=cleanup-ext
amavis 22346 0.0 0.7 258688 63660 ? S 10:11 0:00 /usr/sbin/amavisd-new (ch5-avail)
postfix 22989 0.0 0.0 146060 6808 ? S 10:33 0:00 smtpd -n smtp -t inet -u -c -o stress= -s 2 -o content_filter=smtp-amavis:[127.0.0.1]:10024 -o cleanup_service_name=cleanup-ext
dovenull 23065 0.0 0.0 18164 3136 ? S 10:36 0:00 dovecot/imap-login
vmail 23068 0.0 0.0 21880 3024 ? S 10:36 0:00 dovecot/imap
root 23323 0.0 0.0 13280 1596 ? S 10:41 0:00 dovecot/ssl-params
dovenull 23341 0.0 0.0 18164 3136 ? S 10:44 0:00 dovecot/imap-login
vmail 23344 0.0 0.0 44740 8024 ? S 10:44 0:00 dovecot/imap
postfix 23375 0.0 0.0 146056 6680 ? S 10:45 0:00 smtpd -n smtp -t inet -u -c -o stress= -s 2 -o content_filter=smtp-amavis:[127.0.0.1]:10024 -o cleanup_service_name=cleanup-ext
dovenull 23406 0.0 0.0 18164 3136 ? S 10:46 0:00 dovecot/imap-login
vmail 23407 0.0 0.0 27720 3984 ? S 10:46 0:00 dovecot/imap
dovenull 23446 0.0 0.0 18164 3144 ? S 10:48 0:00 dovecot/imap-login
vmail 23447 0.0 0.0 21476 2432 ? S 10:48 0:00 dovecot/imap
postfix 23468 0.0 0.0 134224 4096 ? S 10:49 0:00 proxymap -t unix -u
postfix 23469 0.0 0.0 38308 2952 ? S 10:49 0:00 trivial-rewrite -n rewrite -t unix -u -c
dovenull 23531 0.0 0.0 18164 3124 ? S 10:52 0:00 dovecot/imap-login
vmail 23532 0.0 0.0 21588 2636 ? S 10:52 0:00 dovecot/imap
postfix 23544 0.1 0.0 145856 6556 ? S 10:52 0:01 smtpd -n smtps -t inet -u -c -o stress= -s 2 -o smtpd_tls_security_level=encrypt -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions=reject_sender_login_mismatch,permit_sasl_authenticated,reject
postfix 23590 0.0 0.0 38180 2380 ? S 10:53 0:00 spawn -n policy-spf -t unix user=nobody argv=/usr/sbin/postfix-policyd-spf-perl
nobody 23591 0.0 0.2 63948 19860 ? Ss 10:53 0:00 /usr/bin/perl /usr/sbin/postfix-policyd-spf-perl
amavis 23604 0.0 0.7 258784 63792 ? S 10:53 0:00 /usr/sbin/amavisd-new (ch1-avail)
dovenull 23605 0.0 0.0 18164 3124 ? S 10:53 0:00 dovecot/imap-login
vmail 23606 0.0 0.0 23088 3212 ? S 10:53 0:00 dovecot/imap
dovenull 23609 0.0 0.0 18164 3116 ? S 10:53 0:00 dovecot/imap-login
vmail 23610 0.0 0.0 21088 2048 ? S 10:53 0:00 dovecot/imap
dovenull 23662 0.0 0.0 18164 3148 ? S 10:55 0:00 dovecot/imap-login
vmail 23663 0.0 0.0 37296 5608 ? S 10:55 0:00 dovecot/imap
postfix 23674 0.0 0.0 146024 6632 ? S 10:55 0:00 smtpd -n smtps -t inet -u -c -o stress= -s 2 -o smtpd_tls_security_level=encrypt -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions=reject_sender_login_mismatch,permit_sasl_authenticated,reject
postfix 23676 0.0 0.0 42984 3116 ? S 10:55 0:00 cleanup -z -t unix -u -c
dovenull 23703 0.0 0.0 18164 3120 ? S 10:56 0:00 dovecot/imap-login
vmail 23704 0.0 0.0 21088 2044 ? S 10:56 0:00 dovecot/imap
dovenull 23705 0.0 0.0 18164 3152 ? S 10:56 0:00 dovecot/imap-login
vmail 23706 0.0 0.0 21312 2432 ? S 10:56 0:00 dovecot/imap
dovenull 23724 0.0 0.0 18164 3148 ? S 10:57 0:00 dovecot/imap-login
vmail 23725 0.0 0.0 21300 2472 ? S 10:57 0:00 dovecot/imap
dovenull 23738 0.0 0.0 18164 3160 ? S 10:58 0:00 dovecot/imap-login
vmail 23739 0.0 0.0 21744 2556 ? S 10:58 0:00 dovecot/imap
dovenull 23746 0.0 0.0 18164 3148 ? S 10:58 0:00 dovecot/imap-login
vmail 23747 0.0 0.0 21100 2416 ? S 10:58 0:00 dovecot/imap
postfix 23854 0.0 0.0 62868 4684 ? S 11:02 0:00 smtpd -n 127.0.0.1:10025 -t inet -u -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_address_mappings,no_header_body_checks,no_unknown_recipient_checks,no_milters
postfix 23856 0.0 0.0 38192 2912 ? S 11:02 0:00 trivial-rewrite -n rewrite -t unix -u -c
postfix 23878 0.0 0.0 38180 2376 ? S 11:03 0:00 spawn -n policy-spf -t unix user=nobody argv=/usr/sbin/postfix-policyd-spf-perl
nobody 23879 0.0 0.2 63952 19852 ? Ss 11:03 0:00 /usr/bin/perl /usr/sbin/postfix-policyd-spf-perl
postfix 23885 0.0 0.0 65248 5368 ? S 11:03 0:00 smtpd -n submission -t inet -u -c -o stress= -s 2 -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o milter_macro_daemon_name=ORIGINATING -o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject -o smtpd_proxy_filter= -o smtpd_sender_restrictions=reject_sender_login_mismatch,permit_sasl_authenticated,reject -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o receive_override_options=no_header_body_checks
dovenull 23902 0.0 0.0 18152 3044 ? S 11:05 0:00 dovecot/pop3-login
root 23903 0.0 0.0 20508 1320 pts/1 R+ 11:05 0:00 ps aux