莫名邮件途径邮件服务器
今天早上到公司,发现Mdaemon系统里,发送队列达68000+,重试队列28000+,整个机器处于半崩溃状态。检查发现对列中很多的邮件发向以yahoo.com.tw和hinet.net结尾的邮箱,没有发件人,即From一列是空白的。
我打开队列框,大概要反应5分钟才显示出来,几经折腾,系统终于崩溃,图标一直显示红状态。公司分公司的电话一个接一个,我满头冒汗...
于是先把老服务器拉出来再先用起来,搞了很久没了解到底是什么问题。老服务器在今天使用过程中也会出现极多的这种莫名其妙的邮件,我每隔5分钟就得去清除一次。
以下是截图,向各位请教,到底是哪个方面出了问题。麻烦详细的讲下,对这个Mdaemon系统还没十分深刻的掌握,谢谢!! 检查一下smtp-out的记录,看是被人猜出中继了呢,还是垃圾邮件攻击。 这个问题在我装天网防火墙后,消失了一段时间,我以为就这样结束了。
但是今天又发现有这个问题了,防火墙是一直报警。一下贴出防火墙日志,和Mdaemon记录。
防火墙日志:
[16:55:36] 204.13.69.237 的2998 端口停止对本机发送数据,
TCP标志:FAP
该操作被拒绝。
[16:55:36] 205.209.161.94试图连接本机的Smtp[25]端口,
TCP标志:S,
该操作被拒绝。
[16:55:36] 204.13.69.237试图连接本机的Smtp[25]端口,
TCP标志:S,
该操作被拒绝。
[16:55:37] 66.79.170.154试图连接本机的Smtp[25]端口,
TCP标志:S,
该操作被拒绝。
[16:55:37] 204.13.69.110试图连接本机的Smtp[25]端口,
TCP标志:S,
该操作被拒绝。
[16:55:39] 66.79.170.154 的4012 端口停止对本机发送数据,
TCP标志:FAP
该操作被拒绝。
[16:55:39] 205.209.161.94试图连接本机的Smtp[25]端口,
TCP标志:S,
该操作被拒绝。
[16:55:39] 204.13.69.85试图连接本机的Smtp[25]端口,
TCP标志:S,
该操作被拒绝。
[16:55:39] 204.13.69.85试图连接本机的Smtp[25]端口,
TCP标志:S,
该操作被拒绝。
[16:55:40] 204.13.69.237 的2998 端口停止对本机发送数据,
TCP标志:FAP
该操作被拒绝。
[16:55:40] 66.79.170.154试图连接本机的Smtp[25]端口,
TCP标志:S,
该操作被拒绝。
[16:55:40] 204.13.69.110试图连接本机的Smtp[25]端口,
TCP标志:S,
该操作被拒绝。
[16:55:41] 66.79.170.154试图连接本机的Smtp[25]端口,
TCP标志:S,
该操作被拒绝。
[16:55:41] 204.13.69.237试图连接本机的Smtp[25]端口,
TCP标志:S,
该操作被拒绝。
[16:55:42] 204.13.69.237试图连接本机的Smtp[25]端口,
TCP标志:S,
该操作被拒绝。
[16:55:44] 204.13.69.14试图连接本机的Smtp[25]端口,
TCP标志:S,
该操作被拒绝。
[16:55:45] 205.209.161.94试图连接本机的Smtp[25]端口,
TCP标志:S,
该操作被拒绝。
[16:55:46] 208.77.45.43试图连接本机的Smtp[25]端口,
TCP标志:S,
该操作被拒绝。
[16:55:46] 66.79.170.154试图连接本机的Smtp[25]端口,
TCP标志:S,
该操作被拒绝。
[16:55:46] 204.13.69.110试图连接本机的Smtp[25]端口,
TCP标志:S,
该操作被拒绝。
[16:55:47] 204.13.69.14试图连接本机的Smtp[25]端口,
TCP标志:S,
该操作被拒绝。
[16:55:48] 204.13.69.237 的2998 端口停止对本机发送数据,
TCP标志:FAP
该操作被拒绝。
[16:55:48] 168.95.5.55试图连接本机的2381端口,
TCP标志:S,
该操作被拒绝。
[16:55:49] 208.77.45.43试图连接本机的Smtp[25]端口,
TCP标志:S,
该操作被拒绝。
[16:55:49] 66.79.170.154试图连接本机的Smtp[25]端口,
TCP标志:S,
该操作被拒绝。
[16:55:51] 58.251.91.32试图连接本机的Smtp[25]端口,
TCP标志:S,
该操作被拒绝。
[16:55:51] 204.13.69.85试图连接本机的Smtp[25]端口,
TCP标志:S,
该操作被拒绝。
[16:55:52] 66.79.170.154试图连接本机的Smtp[25]端口,
TCP标志:S,
该操作被拒绝。
[16:55:53] 204.13.69.85试图连接本机的Smtp[25]端口,
TCP标志:S,
该操作被拒绝。
[16:55:53] 204.13.69.14试图连接本机的Smtp[25]端口,
TCP标志:S,
该操作被拒绝。
[16:55:54] 168.95.5.55试图连接本机的Smtp[25]端口,
TCP标志:S,
该操作被拒绝。
[16:55:54] 204.13.69.85试图连接本机的Smtp[25]端口,
TCP标志:S,
该操作被拒绝。
[16:55:55] 208.77.45.43试图连接本机的Smtp[25]端口,
TCP标志:S,
该操作被拒绝。
[16:55:55] 204.13.69.110试图连接本机的Smtp[25]端口,
TCP标志:S,
该操作被拒绝。 Mdaemon 记录:
Thu 2008-04-17 17:39:34: ----------
Thu 2008-04-17 17:39:14: [-1:7862] > Parsing Message <D:\MDAEMON\Remoteq\pd50000058173.msg>
Thu 2008-04-17 17:39:14: [-1:7862] > From: (sender not specified)
Thu 2008-04-17 17:39:14: [-1:7862] > To: [email]a7777@ms61.hinet.net[/email]
Thu 2008-04-17 17:39:14: [-1:7862] > Subject: =?BIG5?B?uWSm67BdtEm63rJ6vdK1e6RApn41MLDzvdKhQaV1rW44ODg4sF+hSQ==?=
Thu 2008-04-17 17:39:14: [-1:7862] > Message-ID:
Thu 2008-04-17 17:39:14: [-1:7862] MX-record resolution of [ms61.hinet.net] in progress (DNS Server: 61.177.7.1)...
Thu 2008-04-17 17:39:14: [-1:7862] P=000 D=ms61.hinet.net TTL=(1313) MX=[ms61a.hinet.net] {168.95.5.61}
Thu 2008-04-17 17:39:14: [-1:7862] Attempting MX: P=000 D=ms61.hinet.net TTL=(1313) MX=[ms61a.hinet.net] {168.95.5.61}
Thu 2008-04-17 17:39:14: [-1:7862] Attempting SMTP connection to [168.95.5.61 : 25]
Thu 2008-04-17 17:39:14: [884:7862] Waiting for socket connection...
Thu 2008-04-17 17:39:35: [884:7862] Winsock Error 10060 The connection timed out.
Thu 2008-04-17 17:39:35: [884:7862] This message is 2 minutes old; it has 58 minutes left in this queue
Thu 2008-04-17 17:39:35: [884:7862] SMTP session abnormally terminated, 0 bytes transferred.
Thu 2008-04-17 17:39:35: ----------
Thu 2008-04-17 17:39:44: [1092:7907] Message received from msg-g09pmirpcam [204.13.69.14] <> with SMTP for <[email]gagej@ms10.hinet.net[/email]> [Size 3984]
Thu 2008-04-17 17:39:44: [1092:7907] Message received from msg-g09pmirpcam [204.13.69.14] <> with SMTP for <[email]ivemyc@ms10.hinet.net[/email]> [Size 3984]
Thu 2008-04-17 17:39:44: [1092:7907] Message received from msg-g09pmirpcam [204.13.69.14] <> with SMTP for <[email]hi217240@yahoo.com.tw[/email]> [Size 3984]
Thu 2008-04-17 17:39:44: [1092:7907] Message received from msg-g09pmirpcam [204.13.69.14] <> with SMTP for <[email]hollandbean@yahoo.com.tw[/email]> [Size 3984]
Thu 2008-04-17 17:39:44: [1092:7907] Message received from msg-g09pmirpcam [204.13.69.14] <> with SMTP for <[email]hotfish76@yahoo.com.tw[/email]> [Size 3984]
Thu 2008-04-17 17:39:44: [1092:7907] Message received from msg-g09pmirpcam [204.13.69.14] <> with SMTP for <[email]i230505@yahoo.com.tw[/email]> [Size 3984]
Thu 2008-04-17 17:39:45: [1092:7907] Message received from msg-g09pmirpcam [204.13.69.14] <> with SMTP for <[email]i79108@yahoo.com.tw[/email]> [Size 3984]
Thu 2008-04-17 17:39:45: [1092:7907] Message received from msg-g09pmirpcam [204.13.69.14] <> with SMTP for <[email]i_love_8jo3@yahoo.com.tw[/email]> [Size 3984]
Thu 2008-04-17 17:39:45: [1092:7907] Message received from msg-g09pmirpcam [204.13.69.14] <> with SMTP for <[email]if_abc@yahoo.com.tw[/email]> [Size 3984]
Thu 2008-04-17 17:39:45: [1092:7907] Message received from msg-g09pmirpcam [204.13.69.14] <> with SMTP for <[email]ilgsun@yahoo.com.tw[/email]> [Size 3984]
Thu 2008-04-17 17:39:45: [1092:7907] Message received from msg-g09pmirpcam [204.13.69.14] <> with SMTP for <[email]j98399@yahoo.com.tw[/email]> [Size 3984]
Thu 2008-04-17 17:39:45: [1092:7907] Message received from msg-g09pmirpcam [204.13.69.14] <> with SMTP for <[email]jean_sold_nike@yahoo.com.tw[/email]> [Size 3984]
Thu 2008-04-17 17:39:45: [1092:7907] Message received from msg-g09pmirpcam [204.13.69.14] <> with SMTP for <[email]jennychin2005@yahoo.com.tw[/email]> [Size 3984]
Thu 2008-04-17 17:39:45: [1092:7907] Message received from msg-g09pmirpcam [204.13.69.14] <> with SMTP for <[email]jiang8706@yahoo.com.tw[/email]> [Size 3984]
Thu 2008-04-17 17:39:45: [1092:7907] Message received from msg-g09pmirpcam [204.13.69.14] <> with SMTP for <[email]joannaspa@yahoo.com.tw[/email]> [Size 3984]
Thu 2008-04-17 17:39:45: [1092:7907] Message received from msg-g09pmirpcam [204.13.69.14] <> with SMTP for <[email]john363657@yahoo.com.tw[/email]> [Size 3984]
Thu 2008-04-17 17:39:45: [1092:7907] Message received from msg-g09pmirpcam [204.13.69.14] <> with SMTP for <[email]johnblake@yahoo.com.tw[/email]> [Size 3984]
Thu 2008-04-17 17:39:45: [1092:7907] Message received from msg-g09pmirpcam [204.13.69.14] <> with SMTP for <[email]jojoblack@yahoo.com.tw[/email]> [Size 3984]
Thu 2008-04-17 17:39:45: [1092:7907] Message received from msg-g09pmirpcam [204.13.69.14] <> with SMTP for <[email]jossey.tw@yahoo.com.tw[/email]> [Size 3984]
Thu 2008-04-17 17:39:45: [1092:7907] Message received from msg-g09pmirpcam [204.13.69.14] <> with SMTP for <[email]k824622@yahoo.com.tw[/email]> [Size 3984]
Thu 2008-04-17 17:39:45: [1092:7907] Message received from msg-g09pmirpcam [204.13.69.14] <> with SMTP for <[email]kangaroo1127@yahoo.com.tw[/email]> [Size 3984]
Thu 2008-04-17 17:39:45: [1092:7907] Message received from msg-g09pmirpcam [204.13.69.14] <> with SMTP for <[email]kcgtyrone@yahoo.com.tw[/email]> [Size 3984]
Thu 2008-04-17 17:39:34: [1092:7907] Accepting SMTP connection from [204.13.69.14]
Thu 2008-04-17 17:39:34: [1092:7907] 220 mytrans-int.com ESMTP MDaemon 6.0.3; Thu, 17 Apr 2008 17:39:34 +0800
Thu 2008-04-17 17:39:35: [1092:7907] EHLO msg-g09pmirpcam
Thu 2008-04-17 17:39:35: [1092:7907] 250-mytrans-int.com Hello msg-g09pmirpcam, pleased to meet you
Thu 2008-04-17 17:39:35: [1092:7907] 250-ETRN
Thu 2008-04-17 17:39:35: [1092:7907] 250-AUTH LOGIN CRAM-MD5
Thu 2008-04-17 17:39:35: [1092:7907] 250 SIZE 0
Thu 2008-04-17 17:39:35: [1092:7907] AUTH LOGIN
Thu 2008-04-17 17:39:35: [1092:7907] 334 VXNlcm5hbWU6
Thu 2008-04-17 17:39:35: [1092:7907] YWRtaW4=
Thu 2008-04-17 17:39:35: [1092:7907] 334 UGFzc3dvcmQ6
Thu 2008-04-17 17:39:36: [1092:7907] YWRtaW4=
Thu 2008-04-17 17:39:36: [1092:7907] 235 Authentication successful
Thu 2008-04-17 17:39:36: [1092:7907] Authenticated as [email]admin@mytrans-int.com[/email]
Thu 2008-04-17 17:39:36: [1092:7907] RSET
Thu 2008-04-17 17:39:36: [1092:7907] 250 RSET? Well, ok.
Thu 2008-04-17 17:39:36: [1092:7907] MAIL FROM:<>
Thu 2008-04-17 17:39:36: [1092:7907] 250 <>, Sender ok
Thu 2008-04-17 17:39:36: [1092:7907] RCPT TO:<[email]jossey.tw@yahoo.com.tw[/email]>
Thu 2008-04-17 17:39:36: [1092:7907] 250 <[email]jossey.tw@yahoo.com.tw[/email]>, Recipient ok
Thu 2008-04-17 17:39:36: [1092:7907] RCPT TO:<[email]i230505@yahoo.com.tw[/email]>
Thu 2008-04-17 17:39:36: [1092:7907] 250 <[email]i230505@yahoo.com.tw[/email]>, Recipient ok
Thu 2008-04-17 17:39:37: [1092:7907] RCPT TO:<[email]j6065@ms8.hinet.net[/email]>
Thu 2008-04-17 17:39:37: [1092:7907] 250 <[email]j6065@ms8.hinet.net[/email]>, Recipient ok
Thu 2008-04-17 17:39:37: [1092:7907] RCPT TO:<[email]hotfish76@yahoo.com.tw[/email]>
Thu 2008-04-17 17:39:37: [1092:7907] 250 <[email]hotfish76@yahoo.com.tw[/email]>, Recipient ok
Thu 2008-04-17 17:39:37: [1092:7907] RCPT TO:<[email]insfl@ms9.hinet.net[/email]>
Thu 2008-04-17 17:39:37: [1092:7907] 250 <[email]insfl@ms9.hinet.net[/email]>, Recipient ok
Thu 2008-04-17 17:39:37: [1092:7907] RCPT TO:<[email]gagej@ms10.hinet.net[/email]>
Thu 2008-04-17 17:39:37: [1092:7907] 250 <[email]gagej@ms10.hinet.net[/email]>, Recipient ok
Thu 2008-04-17 17:39:38: [1092:7907] RCPT TO:<[email]jojoblack@yahoo.com.tw[/email]>
Thu 2008-04-17 17:39:38: [1092:7907] 250 <[email]jojoblack@yahoo.com.tw[/email]>, Recipient ok
Thu 2008-04-17 17:39:38: [1092:7907] RCPT TO:<[email]jean_sold_nike@yahoo.com.tw[/email]>
Thu 2008-04-17 17:39:38: [1092:7907] 250 <[email]jean_sold_nike@yahoo.com.tw[/email]>, Recipient ok
Thu 2008-04-17 17:39:38: [1092:7907] RCPT TO:<[email]jiang8706@yahoo.com.tw[/email]>
Thu 2008-04-17 17:39:38: [1092:7907] 250 <[email]jiang8706@yahoo.com.tw[/email]>, Recipient ok
Thu 2008-04-17 17:39:38: [1092:7907] RCPT TO:<[email]i_love_8jo3@yahoo.com.tw[/email]>
Thu 2008-04-17 17:39:38: [1092:7907] 250 <[email]i_love_8jo3@yahoo.com.tw[/email]>, Recipient ok
Thu 2008-04-17 17:39:38: [1092:7907] RCPT TO:<[email]johnblake@yahoo.com.tw[/email]>
Thu 2008-04-17 17:39:38: [1092:7907] 250 <[email]johnblake@yahoo.com.tw[/email]>, Recipient ok
Thu 2008-04-17 17:39:39: [1092:7907] RCPT TO:<[email]k824622@yahoo.com.tw[/email]>
Thu 2008-04-17 17:39:39: [1092:7907] 250 <[email]k824622@yahoo.com.tw[/email]>, Recipient ok
Thu 2008-04-17 17:39:39: [1092:7907] RCPT TO:<[email]if_abc@yahoo.com.tw[/email]>
Thu 2008-04-17 17:39:39: [1092:7907] 250 <[email]if_abc@yahoo.com.tw[/email]>, Recipient ok
Thu 2008-04-17 17:39:39: [1092:7907] RCPT TO:<[email]john363657@yahoo.com.tw[/email]>
Thu 2008-04-17 17:39:39: [1092:7907] 250 <[email]john363657@yahoo.com.tw[/email]>, Recipient ok
Thu 2008-04-17 17:39:39: [1092:7907] RCPT TO:<[email]ifer@ms28.hinet.net[/email]>
Thu 2008-04-17 17:39:39: [1092:7907] 250 <[email]ifer@ms28.hinet.net[/email]>, Recipient ok
Thu 2008-04-17 17:39:39: [1092:7907] RCPT TO:<[email]jd889416@ms46.hinet.net[/email]>
Thu 2008-04-17 17:39:39: [1092:7907] 250 <[email]jd889416@ms46.hinet.net[/email]>, Recipient ok
Thu 2008-04-17 17:39:40: [1092:7907] RCPT TO:<[email]htchang@ms39.hinet.net[/email]>
Thu 2008-04-17 17:39:40: [1092:7907] 250 <[email]htchang@ms39.hinet.net[/email]>, Recipient ok
Thu 2008-04-17 17:39:40: [1092:7907] RCPT TO:<[email]j98399@yahoo.com.tw[/email]>
Thu 2008-04-17 17:39:40: [1092:7907] 250 <[email]j98399@yahoo.com.tw[/email]>, Recipient ok
Thu 2008-04-17 17:39:40: [1092:7907] RCPT TO:<[email]gtfy@msa.hinet.net[/email]>
Thu 2008-04-17 17:39:40: [1092:7907] 250 <[email]gtfy@msa.hinet.net[/email]>, Recipient ok
Thu 2008-04-17 17:39:40: [1092:7907] RCPT TO:<[email]kangaroo1127@yahoo.com.tw[/email]>
Thu 2008-04-17 17:39:40: [1092:7907] 250 <[email]kangaroo1127@yahoo.com.tw[/email]>, Recipient ok
Thu 2008-04-17 17:39:40: [1092:7907] RCPT TO:<[email]ilgsun@yahoo.com.tw[/email]>
Thu 2008-04-17 17:39:41: [1092:7907] 250 <[email]ilgsun@yahoo.com.tw[/email]>, Recipient ok
Thu 2008-04-17 17:39:41: [1092:7907] RCPT TO:<[email]j2g3h6r8r3@ms15.hinet.net[/email]>
Thu 2008-04-17 17:39:41: [1092:7907] 250 <[email]j2g3h6r8r3@ms15.hinet.net[/email]>, Recipient ok
Thu 2008-04-17 17:39:41: [1092:7907] RCPT TO:<[email]i79108@yahoo.com.tw[/email]>
Thu 2008-04-17 17:39:41: [1092:7907] 250 <[email]i79108@yahoo.com.tw[/email]>, Recipient ok
Thu 2008-04-17 17:39:41: [1092:7907] RCPT TO:<[email]gjyiyuh@ms66.hinet.net[/email]>
Thu 2008-04-17 17:39:41: [1092:7907] 250 <[email]gjyiyuh@ms66.hinet.net[/email]>, Recipient ok
Thu 2008-04-17 17:39:41: [1092:7907] RCPT TO:<[email]ivemyc@ms10.hinet.net[/email]>
Thu 2008-04-17 17:39:41: [1092:7907] 250 <[email]ivemyc@ms10.hinet.net[/email]>, Recipient ok
Thu 2008-04-17 17:39:42: [1092:7907] RCPT TO:<[email]hollandbean@yahoo.com.tw[/email]>
Thu 2008-04-17 17:39:42: [1092:7907] 250 <[email]hollandbean@yahoo.com.tw[/email]>, Recipient ok
Thu 2008-04-17 17:39:42: [1092:7907] RCPT TO:<[email]kcgtyrone@yahoo.com.tw[/email]>
Thu 2008-04-17 17:39:42: [1092:7907] 250 <[email]kcgtyrone@yahoo.com.tw[/email]>, Recipient ok
Thu 2008-04-17 17:39:42: [1092:7907] RCPT TO:<[email]jennychin2005@yahoo.com.tw[/email]>
Thu 2008-04-17 17:39:42: [1092:7907] 250 <[email]jennychin2005@yahoo.com.tw[/email]>, Recipient ok
Thu 2008-04-17 17:39:42: [1092:7907] RCPT TO:<[email]joannaspa@yahoo.com.tw[/email]>
Thu 2008-04-17 17:39:42: [1092:7907] 250 <[email]joannaspa@yahoo.com.tw[/email]>, Recipient ok
Thu 2008-04-17 17:39:42: [1092:7907] RCPT TO:<[email]hi217240@yahoo.com.tw[/email]>
Thu 2008-04-17 17:39:42: [1092:7907] 250 <[email]hi217240@yahoo.com.tw[/email]>, Recipient ok
Thu 2008-04-17 17:39:43: [1092:7907] DATA
Thu 2008-04-17 17:39:43: [1092:7907] Storing <d:\mdaemon\smtpin\53\md50000000160.tmp>
Thu 2008-04-17 17:39:43: [1092:7907] 354 Enter mail, end with <CRLF>.<CRLF>
Thu 2008-04-17 17:39:43: [1092:7907] 250 Ok, message saved
Thu 2008-04-17 17:39:44: [1092:7907] SMTP session abnormally terminated, 3987 bytes transferred.
Thu 2008-04-17 17:39:44: [1092:7907] Shuffling message(s) into proper queue(s)
Thu 2008-04-17 17:39:44: [1092:7907] Message received from msg-g09pmirpcam [204.13.69.14] <> with SMTP for <[email]j2g3h6r8r3@ms15.hinet.net[/email]> [Size 3984]
Thu 2008-04-17 17:39:44: [1092:7907] Message received from msg-g09pmirpcam [204.13.69.14] <> with SMTP for <[email]ifer@ms28.hinet.net[/email]> [Size 3984]
Thu 2008-04-17 17:39:44: [1092:7907] Message received from msg-g09pmirpcam [204.13.69.14] <> with SMTP for <[email]htchang@ms39.hinet.net[/email]> [Size 3984]
Thu 2008-04-17 17:39:44: [1092:7907] Message received from msg-g09pmirpcam [204.13.69.14] <> with SMTP for <[email]jd889416@ms46.hinet.net[/email]> [Size 3984]
Thu 2008-04-17 17:39:44: [1092:7907] Message received from msg-g09pmirpcam [204.13.69.14] <> with SMTP for <[email]gjyiyuh@ms66.hinet.net[/email]> [Size 3984]
Thu 2008-04-17 17:39:44: [1092:7907] Message received from msg-g09pmirpcam [204.13.69.14] <> with SMTP for <[email]j6065@ms8.hinet.net[/email]> [Size 3984]
Thu 2008-04-17 17:39:44: [1092:7907] Message received from msg-g09pmirpcam [204.13.69.14] <> with SMTP for <[email]insfl@ms9.hinet.net[/email]> [Size 3984]
Thu 2008-04-17 17:39:44: [1092:7907] Message received from msg-g09pmirpcam [204.13.69.14] <> with SMTP for <[email]gtfy@msa.hinet.net[/email]> [Size 3984]
Thu 2008-04-17 17:39:45: ----------
Thu 2008-04-17 17:39:47: [1128:7909] Message received from msg-g09pmirpcam [204.13.69.110] <> with SMTP for <[email]garycheong@ms24.hinet.net[/email]> [Size 3936]
Thu 2008-04-17 17:39:47: [1128:7909] Message received from msg-g09pmirpcam [204.13.69.110] <> with SMTP for <[email]j2611@ms24.hinet.net[/email]> [Size 3936]
Thu 2008-04-17 17:39:47: [1128:7909] Message received from msg-g09pmirpcam [204.13.69.110] <> with SMTP for <[email]hcf626@yahoo.com.tw[/email]> [Size 3936]
Thu 2008-04-17 17:39:47: [1128:7909] Message received from msg-g09pmirpcam [204.13.69.110] <> with SMTP for <[email]inin5648@yahoo.com.tw[/email]> [Size 3936]
Thu 2008-04-17 17:39:47: [1128:7909] Message received from msg-g09pmirpcam [204.13.69.110] <> with SMTP for <[email]j740763968@yahoo.com.tw[/email]> [Size 3936]
Thu 2008-04-17 17:39:47: [1128:7909] Message received from msg-g09pmirpcam [204.13.69.110] <> with SMTP for <[email]jammytsio@yahoo.com.tw[/email]> [Size 3936]
Thu 2008-04-17 17:39:47: [1128:7909] Message received from msg-g09pmirpcam [204.13.69.110] <> with SMTP for <[email]jason11130@yahoo.com.tw[/email]> [Size 3936]
Thu 2008-04-17 17:39:47: [1128:7909] Message received from msg-g09pmirpcam [204.13.69.110] <> with SMTP for <[email]jason913@yahoo.com.tw[/email]> [Size 3936]
Thu 2008-04-17 17:39:47: [1128:7909] Message received from msg-g09pmirpcam [204.13.69.110] <> with SMTP for <[email]johnnyid4@yahoo.com.tw[/email]> [Size 3936]
Thu 2008-04-17 17:39:47: [1128:7909] Message received from msg-g09pmirpcam [204.13.69.110] <> with SMTP for <[email]jttf3@yahoo.com.tw[/email]> [Size 3936]
Thu 2008-04-17 17:39:47: [1128:7909] Message received from msg-g09pmirpcam [204.13.69.110] <> with SMTP for <[email]judy852@yahoo.com.tw[/email]> [Size 3936]
Thu 2008-04-17 17:39:47: [1128:7909] Message received from msg-g09pmirpcam [204.13.69.110] <> with SMTP for <[email]k22012201@yahoo.com.tw[/email]> [Size 3936]
Thu 2008-04-17 17:39:40: [1128:7909] Accepting SMTP connection from [204.13.69.110]
Thu 2008-04-17 17:39:40: [1128:7909] 220 mytrans-int.com ESMTP MDaemon 6.0.3; Thu, 17 Apr 2008 17:39:40 +0800
Thu 2008-04-17 17:39:41: [1128:7909] EHLO msg-g09pmirpcam
Thu 2008-04-17 17:39:41: [1128:7909] 250-mytrans-int.com Hello msg-g09pmirpcam, pleased to meet you
Thu 2008-04-17 17:39:41: [1128:7909] 250-ETRN
Thu 2008-04-17 17:39:41: [1128:7909] 250-AUTH LOGIN CRAM-MD5
Thu 2008-04-17 17:39:41: [1128:7909] 250 SIZE 0
Thu 2008-04-17 17:39:41: [1128:7909] AUTH LOGIN
Thu 2008-04-17 17:39:41: [1128:7909] 334 VXNlcm5hbWU6
Thu 2008-04-17 17:39:41: [1128:7909] YWRtaW4=
Thu 2008-04-17 17:39:41: [1128:7909] 334 UGFzc3dvcmQ6
Thu 2008-04-17 17:39:42: [1128:7909] YWRtaW4=
Thu 2008-04-17 17:39:42: [1128:7909] 235 Authentication successful
Thu 2008-04-17 17:39:42: [1128:7909] Authenticated as [email]admin@mytrans-int.com[/email]
Thu 2008-04-17 17:39:42: [1128:7909] RSET
Thu 2008-04-17 17:39:42: [1128:7909] 250 RSET? Well, ok.
Thu 2008-04-17 17:39:42: [1128:7909] MAIL FROM:<>
Thu 2008-04-17 17:39:42: [1128:7909] 250 <>, Sender ok
Thu 2008-04-17 17:39:42: [1128:7909] RCPT TO:<[email]jttf3@yahoo.com.tw[/email]>
Thu 2008-04-17 17:39:42: [1128:7909] 250 <[email]jttf3@yahoo.com.tw[/email]>, Recipient ok
Thu 2008-04-17 17:39:43: [1128:7909] RCPT TO:<[email]judy852@yahoo.com.tw[/email]>
Thu 2008-04-17 17:39:43: [1128:7909] 250 <[email]judy852@yahoo.com.tw[/email]>, Recipient ok
Thu 2008-04-17 17:39:43: [1128:7909] RCPT TO:<[email]igsho@ms26.hinet.net[/email]>
Thu 2008-04-17 17:39:43: [1128:7909] 250 <[email]igsho@ms26.hinet.net[/email]>, Recipient ok
Thu 2008-04-17 17:39:43: [1128:7909] RCPT TO:<[email]jason913@yahoo.com.tw[/email]>
Thu 2008-04-17 17:39:43: [1128:7909] 250 <[email]jason913@yahoo.com.tw[/email]>, Recipient ok
Thu 2008-04-17 17:39:43: [1128:7909] RCPT TO:<[email]j740763968@yahoo.com.tw[/email]>
Thu 2008-04-17 17:39:43: [1128:7909] 250 <[email]j740763968@yahoo.com.tw[/email]>, Recipient ok
Thu 2008-04-17 17:39:43: [1128:7909] RCPT TO:<[email]jammytsio@yahoo.com.tw[/email]>
Thu 2008-04-17 17:39:43: [1128:7909] 250 <[email]jammytsio@yahoo.com.tw[/email]>, Recipient ok
Thu 2008-04-17 17:39:44: [1128:7909] RCPT TO:<[email]garycheong@ms24.hinet.net[/email]>
Thu 2008-04-17 17:39:44: [1128:7909] 250 <[email]garycheong@ms24.hinet.net[/email]>, Recipient ok
Thu 2008-04-17 17:39:44: [1128:7909] RCPT TO:<[email]jason11130@yahoo.com.tw[/email]>
Thu 2008-04-17 17:39:44: [1128:7909] 250 <[email]jason11130@yahoo.com.tw[/email]>, Recipient ok
Thu 2008-04-17 17:39:44: [1128:7909] RCPT TO:<[email]hcf626@yahoo.com.tw[/email]>
Thu 2008-04-17 17:39:44: [1128:7909] 250 <[email]hcf626@yahoo.com.tw[/email]>, Recipient ok
Thu 2008-04-17 17:39:44: [1128:7909] RCPT TO:<[email]k22012201@yahoo.com.tw[/email]>
Thu 2008-04-17 17:39:44: [1128:7909] 250 <[email]k22012201@yahoo.com.tw[/email]>, Recipient ok
Thu 2008-04-17 17:39:45: [1128:7909] RCPT TO:<[email]inin5648@yahoo.com.tw[/email]>
Thu 2008-04-17 17:39:45: [1128:7909] 250 <[email]inin5648@yahoo.com.tw[/email]>, Recipient ok
Thu 2008-04-17 17:39:45: [1128:7909] RCPT TO:<[email]johnnyid4@yahoo.com.tw[/email]>
Thu 2008-04-17 17:39:45: [1128:7909] 250 <[email]johnnyid4@yahoo.com.tw[/email]>, Recipient ok
Thu 2008-04-17 17:39:45: [1128:7909] RCPT TO:<[email]j2611@ms24.hinet.net[/email]>
Thu 2008-04-17 17:39:45: [1128:7909] 250 <[email]j2611@ms24.hinet.net[/email]>, Recipient ok
Thu 2008-04-17 17:39:45: [1128:7909] DATA
Thu 2008-04-17 17:39:45: [1128:7909] Storing <d:\mdaemon\smtpin\54\md50000000160.tmp>
Thu 2008-04-17 17:39:45: [1128:7909] 354 Enter mail, end with <CRLF>.<CRLF>
Thu 2008-04-17 17:39:46: [1128:7909] 250 Ok, message saved
Thu 2008-04-17 17:39:47: [1128:7909] SMTP session abnormally terminated, 3941 bytes transferred.
Thu 2008-04-17 17:39:47: [1128:7909] Shuffling message(s) into proper queue(s)
Thu 2008-04-17 17:39:47: [1128:7909] Message received from msg-g09pmirpcam [204.13.69.110] <> with SMTP for <[email]igsho@ms26.hinet.net[/email]> [Size 3936]
Thu 2008-04-17 17:39:47: ----------
前次发的两个图,依然有这个现象。
不知道我是被中继了,还是被攻击了,请高手指点!谢谢了!! 我可能没有说详细。今天的详细情况是这样的,我把防火墙一般情况下,设置的防御等级状态是中。今天去看邮件服务器时,发现发送队列又有3W+,感觉又不对劲了。于是把防火墙等级改为高,于是得到防火墙拦截外网访问的日志。在这种状态下,我局域网同样也无法连接到邮件服务器了... 我就把等级改为中,同时手动去删除那些烦人的邮件,数量非常之多,有时1秒时间就会使发送队列排60。Mdaemon的记录便是这种状态下得出的。
请各位帮忙想想,到底是怎么一回事,有什么有效的解决途径?谢谢了!
另外,我的邮件服务器并没有硬件防火墙,会不会跟这个也有关系。 204.13.69.14
204.13.69.110
将这个两个IP屏蔽观察 一下 直接*@yahoo.com.tw屏蔽掉 你的域是mytrans-int.com嗎?啟用了SMTP驗證嗎?
若是,就是被人猜到了admin的密碼。修改它的密碼吧。
Authenticated as [email]admin@mytrans-int.com[/email] 谢谢楼上几位回答
屏蔽IP太难实现了,以上贴的内容只是一小部分,IP远不止这两个。
除了*@yahoo.com.tw,还有一个*@hinet.net,都是台湾省域名,但不知道公司里有没有员工有这些联系,不敢贸然屏蔽。
admin的这行我也看到了,我已经把admin用户删除了,目前正在观察中。 我的朋友遇到过,是因为帐户的用户名和密码被猜到!一定要注意邮件帐户名和用户名不同,密码使用强密码! 首先,屏蔽*@yahoo.com.tw和*@ms24.hinet.net这两个。
接着,修改管理员密码。
检查自己的中继。 今天我也碰到了这个问题,请问如何解决的? 你看看你邮件服务器的版本是多少?如果9+的话开一下反向散射保护~~
还有的话 在动态屏蔽里面做一下设置,然后把“高级”里面列出来的ip放到 ip屏蔽里面去,等到没有新ip的出现之后,把动态屏蔽回复到原来的设置。
[attach]6196[/attach]
页:
[1]