今天早上到公司，发现Mdaemon系统里，发送队列达68000+，重试队列28000+，整个机器处于半崩溃状态。
检查发现对列中很多的邮件发向以yahoo.com.tw和hinet.net结尾的邮箱，没有发件人，即From一列是空白的。
我打开队列框，大概要反应5分钟才显示出来，几经折腾，系统终于崩溃，图标一直显示红状态。公司分公司的电话一个接一个，我满头冒汗...
于是先把老服务器拉出来再先用起来，搞了很久没了解到底是什么问题。老服务器在今天使用过程中也会出现极多的这种莫名其妙的邮件，我每隔5分钟就得去清除一次。
以下是截图，向各位请教，到底是哪个方面出了问题。麻烦详细的讲下，对这个Mdaemon系统还没十分深刻的掌握，谢谢！！

检查一下smtp-out的记录，看是被人猜出中继了呢，还是垃圾邮件攻击。

这个问题在我装天网防火墙后，消失了一段时间，我以为就这样结束了。
但是今天又发现有这个问题了，防火墙是一直报警。一下贴出防火墙日志，和Mdaemon记录。

防火墙日志：
[16:55:36] 204.13.69.237 的2998 端口停止对本机发送数据，
           TCP标志：FAP
           该操作被拒绝。

[16:55:36] 205.209.161.94试图连接本机的Smtp[25]端口，
           TCP标志：S，
           该操作被拒绝。

[16:55:36] 204.13.69.237试图连接本机的Smtp[25]端口，
           TCP标志：S，
           该操作被拒绝。

[16:55:37] 66.79.170.154试图连接本机的Smtp[25]端口，
           TCP标志：S，
           该操作被拒绝。

[16:55:37] 204.13.69.110试图连接本机的Smtp[25]端口，
           TCP标志：S，
           该操作被拒绝。

[16:55:39] 66.79.170.154 的4012 端口停止对本机发送数据，
           TCP标志：FAP
           该操作被拒绝。

[16:55:39] 205.209.161.94试图连接本机的Smtp[25]端口，
           TCP标志：S，
           该操作被拒绝。

[16:55:39] 204.13.69.85试图连接本机的Smtp[25]端口，
           TCP标志：S，
           该操作被拒绝。

[16:55:39] 204.13.69.85试图连接本机的Smtp[25]端口，
           TCP标志：S，
           该操作被拒绝。

[16:55:40] 204.13.69.237 的2998 端口停止对本机发送数据，
           TCP标志：FAP
           该操作被拒绝。

[16:55:40] 66.79.170.154试图连接本机的Smtp[25]端口，
           TCP标志：S，
           该操作被拒绝。

[16:55:40] 204.13.69.110试图连接本机的Smtp[25]端口，
           TCP标志：S，
           该操作被拒绝。

[16:55:41] 66.79.170.154试图连接本机的Smtp[25]端口，
           TCP标志：S，
           该操作被拒绝。

[16:55:41] 204.13.69.237试图连接本机的Smtp[25]端口，
           TCP标志：S，
           该操作被拒绝。

[16:55:42] 204.13.69.237试图连接本机的Smtp[25]端口，
           TCP标志：S，
           该操作被拒绝。

[16:55:44] 204.13.69.14试图连接本机的Smtp[25]端口，
           TCP标志：S，
           该操作被拒绝。

[16:55:45] 205.209.161.94试图连接本机的Smtp[25]端口，
           TCP标志：S，
           该操作被拒绝。

[16:55:46] 208.77.45.43试图连接本机的Smtp[25]端口，
           TCP标志：S，
           该操作被拒绝。

[16:55:46] 66.79.170.154试图连接本机的Smtp[25]端口，
           TCP标志：S，
           该操作被拒绝。

[16:55:46] 204.13.69.110试图连接本机的Smtp[25]端口，
           TCP标志：S，
           该操作被拒绝。

[16:55:47] 204.13.69.14试图连接本机的Smtp[25]端口，
           TCP标志：S，
           该操作被拒绝。

[16:55:48] 204.13.69.237 的2998 端口停止对本机发送数据，
           TCP标志：FAP
           该操作被拒绝。

[16:55:48] 168.95.5.55试图连接本机的2381端口，
           TCP标志：S，
           该操作被拒绝。

[16:55:49] 208.77.45.43试图连接本机的Smtp[25]端口，
           TCP标志：S，
           该操作被拒绝。

[16:55:49] 66.79.170.154试图连接本机的Smtp[25]端口，
           TCP标志：S，
           该操作被拒绝。

[16:55:51] 58.251.91.32试图连接本机的Smtp[25]端口，
           TCP标志：S，
           该操作被拒绝。

[16:55:51] 204.13.69.85试图连接本机的Smtp[25]端口，
           TCP标志：S，
           该操作被拒绝。

[16:55:52] 66.79.170.154试图连接本机的Smtp[25]端口，
           TCP标志：S，
           该操作被拒绝。

[16:55:53] 204.13.69.85试图连接本机的Smtp[25]端口，
           TCP标志：S，
           该操作被拒绝。

[16:55:53] 204.13.69.14试图连接本机的Smtp[25]端口，
           TCP标志：S，
           该操作被拒绝。

[16:55:54] 168.95.5.55试图连接本机的Smtp[25]端口，
           TCP标志：S，
           该操作被拒绝。

[16:55:54] 204.13.69.85试图连接本机的Smtp[25]端口，
           TCP标志：S，
           该操作被拒绝。

[16:55:55] 208.77.45.43试图连接本机的Smtp[25]端口，
           TCP标志：S，
           该操作被拒绝。

[16:55:55] 204.13.69.110试图连接本机的Smtp[25]端口，
           TCP标志：S，
           该操作被拒绝。

Mdaemon 记录：
Thu 2008-04-17 17:39:34: ----------
Thu 2008-04-17 17:39:14: [-1:7862] > Parsing Message <D:\MDAEMON\Remoteq\pd50000058173.msg>
Thu 2008-04-17 17:39:14: [-1:7862] > From: (sender not specified)
Thu 2008-04-17 17:39:14: [-1:7862] > To: a7777@ms61.hinet.net
Thu 2008-04-17 17:39:14: [-1:7862] > Subject: =?BIG5?B?uWSm67BdtEm63rJ6vdK1e6RApn41MLDzvdKhQaV1rW44ODg4sF+hSQ==?=
Thu 2008-04-17 17:39:14: [-1:7862] > Message-ID:
Thu 2008-04-17 17:39:14: [-1:7862] MX-record resolution of [ms61.hinet.net] in progress (DNS Server: 61.177.7.1)...
Thu 2008-04-17 17:39:14: [-1:7862] P=000 D=ms61.hinet.net TTL=(1313) MX=[ms61a.hinet.net] {168.95.5.61}
Thu 2008-04-17 17:39:14: [-1:7862] Attempting MX: P=000 D=ms61.hinet.net TTL=(1313) MX=[ms61a.hinet.net] {168.95.5.61}
Thu 2008-04-17 17:39:14: [-1:7862] Attempting SMTP connection to [168.95.5.61 : 25]
Thu 2008-04-17 17:39:14: [884:7862] Waiting for socket connection...
Thu 2008-04-17 17:39:35: [884:7862] Winsock Error 10060 The connection timed out.
Thu 2008-04-17 17:39:35: [884:7862] This message is 2 minutes old; it has 58 minutes left in this queue
Thu 2008-04-17 17:39:35: [884:7862] SMTP session abnormally terminated, 0 bytes transferred.
Thu 2008-04-17 17:39:35: ----------
Thu 2008-04-17 17:39:44: [1092:7907] Message received from msg-g09pmirpcam [204.13.69.14] <> with SMTP for <gagej@ms10.hinet.net> [Size 3984]
Thu 2008-04-17 17:39:44: [1092:7907] Message received from msg-g09pmirpcam [204.13.69.14] <> with SMTP for <ivemyc@ms10.hinet.net> [Size 3984]
Thu 2008-04-17 17:39:44: [1092:7907] Message received from msg-g09pmirpcam [204.13.69.14] <> with SMTP for <hi217240@yahoo.com.tw> [Size 3984]
Thu 2008-04-17 17:39:44: [1092:7907] Message received from msg-g09pmirpcam [204.13.69.14] <> with SMTP for <hollandbean@yahoo.com.tw> [Size 3984]
Thu 2008-04-17 17:39:44: [1092:7907] Message received from msg-g09pmirpcam [204.13.69.14] <> with SMTP for <hotfish76@yahoo.com.tw> [Size 3984]
Thu 2008-04-17 17:39:44: [1092:7907] Message received from msg-g09pmirpcam [204.13.69.14] <> with SMTP for <i230505@yahoo.com.tw> [Size 3984]
Thu 2008-04-17 17:39:45: [1092:7907] Message received from msg-g09pmirpcam [204.13.69.14] <> with SMTP for <i79108@yahoo.com.tw> [Size 3984]
Thu 2008-04-17 17:39:45: [1092:7907] Message received from msg-g09pmirpcam [204.13.69.14] <> with SMTP for <i_love_8jo3@yahoo.com.tw> [Size 3984]
Thu 2008-04-17 17:39:45: [1092:7907] Message received from msg-g09pmirpcam [204.13.69.14] <> with SMTP for <if_abc@yahoo.com.tw> [Size 3984]
Thu 2008-04-17 17:39:45: [1092:7907] Message received from msg-g09pmirpcam [204.13.69.14] <> with SMTP for <ilgsun@yahoo.com.tw> [Size 3984]
Thu 2008-04-17 17:39:45: [1092:7907] Message received from msg-g09pmirpcam [204.13.69.14] <> with SMTP for <j98399@yahoo.com.tw> [Size 3984]
Thu 2008-04-17 17:39:45: [1092:7907] Message received from msg-g09pmirpcam [204.13.69.14] <> with SMTP for <jean_sold_nike@yahoo.com.tw> [Size 3984]
Thu 2008-04-17 17:39:45: [1092:7907] Message received from msg-g09pmirpcam [204.13.69.14] <> with SMTP for <jennychin2005@yahoo.com.tw> [Size 3984]
Thu 2008-04-17 17:39:45: [1092:7907] Message received from msg-g09pmirpcam [204.13.69.14] <> with SMTP for <jiang8706@yahoo.com.tw> [Size 3984]
Thu 2008-04-17 17:39:45: [1092:7907] Message received from msg-g09pmirpcam [204.13.69.14] <> with SMTP for <joannaspa@yahoo.com.tw> [Size 3984]
Thu 2008-04-17 17:39:45: [1092:7907] Message received from msg-g09pmirpcam [204.13.69.14] <> with SMTP for <john363657@yahoo.com.tw> [Size 3984]
Thu 2008-04-17 17:39:45: [1092:7907] Message received from msg-g09pmirpcam [204.13.69.14] <> with SMTP for <johnblake@yahoo.com.tw> [Size 3984]
Thu 2008-04-17 17:39:45: [1092:7907] Message received from msg-g09pmirpcam [204.13.69.14] <> with SMTP for <jojoblack@yahoo.com.tw> [Size 3984]
Thu 2008-04-17 17:39:45: [1092:7907] Message received from msg-g09pmirpcam [204.13.69.14] <> with SMTP for <jossey.tw@yahoo.com.tw> [Size 3984]
Thu 2008-04-17 17:39:45: [1092:7907] Message received from msg-g09pmirpcam [204.13.69.14] <> with SMTP for <k824622@yahoo.com.tw> [Size 3984]
Thu 2008-04-17 17:39:45: [1092:7907] Message received from msg-g09pmirpcam [204.13.69.14] <> with SMTP for <kangaroo1127@yahoo.com.tw> [Size 3984]
Thu 2008-04-17 17:39:45: [1092:7907] Message received from msg-g09pmirpcam [204.13.69.14] <> with SMTP for <kcgtyrone@yahoo.com.tw> [Size 3984]
Thu 2008-04-17 17:39:34: [1092:7907] Accepting SMTP connection from [204.13.69.14]
Thu 2008-04-17 17:39:34: [1092:7907] 220 mytrans-int.com ESMTP MDaemon 6.0.3; Thu, 17 Apr 2008 17:39:34 +0800
Thu 2008-04-17 17:39:35: [1092:7907] EHLO msg-g09pmirpcam
Thu 2008-04-17 17:39:35: [1092:7907] 250-mytrans-int.com Hello msg-g09pmirpcam, pleased to meet you
Thu 2008-04-17 17:39:35: [1092:7907] 250-ETRN
Thu 2008-04-17 17:39:35: [1092:7907] 250-AUTH LOGIN CRAM-MD5
Thu 2008-04-17 17:39:35: [1092:7907] 250 SIZE 0
Thu 2008-04-17 17:39:35: [1092:7907] AUTH LOGIN
Thu 2008-04-17 17:39:35: [1092:7907] 334 VXNlcm5hbWU6
Thu 2008-04-17 17:39:35: [1092:7907] YWRtaW4=
Thu 2008-04-17 17:39:35: [1092:7907] 334 UGFzc3dvcmQ6
Thu 2008-04-17 17:39:36: [1092:7907] YWRtaW4=
Thu 2008-04-17 17:39:36: [1092:7907] 235 Authentication successful
Thu 2008-04-17 17:39:36: [1092:7907] Authenticated as admin@mytrans-int.com
Thu 2008-04-17 17:39:36: [1092:7907] RSET
Thu 2008-04-17 17:39:36: [1092:7907] 250 RSET? Well, ok.
Thu 2008-04-17 17:39:36: [1092:7907] MAIL FROM:<>
Thu 2008-04-17 17:39:36: [1092:7907] 250 <>, Sender ok
Thu 2008-04-17 17:39:36: [1092:7907] RCPT TO:<jossey.tw@yahoo.com.tw>
Thu 2008-04-17 17:39:36: [1092:7907] 250 <jossey.tw@yahoo.com.tw>, Recipient ok
Thu 2008-04-17 17:39:36: [1092:7907] RCPT TO:<i230505@yahoo.com.tw>
Thu 2008-04-17 17:39:36: [1092:7907] 250 <i230505@yahoo.com.tw>, Recipient ok
Thu 2008-04-17 17:39:37: [1092:7907] RCPT TO:<j6065@ms8.hinet.net>
Thu 2008-04-17 17:39:37: [1092:7907] 250 <j6065@ms8.hinet.net>, Recipient ok
Thu 2008-04-17 17:39:37: [1092:7907] RCPT TO:<hotfish76@yahoo.com.tw>
Thu 2008-04-17 17:39:37: [1092:7907] 250 <hotfish76@yahoo.com.tw>, Recipient ok
Thu 2008-04-17 17:39:37: [1092:7907] RCPT TO:<insfl@ms9.hinet.net>
Thu 2008-04-17 17:39:37: [1092:7907] 250 <insfl@ms9.hinet.net>, Recipient ok
Thu 2008-04-17 17:39:37: [1092:7907] RCPT TO:<gagej@ms10.hinet.net>
Thu 2008-04-17 17:39:37: [1092:7907] 250 <gagej@ms10.hinet.net>, Recipient ok
Thu 2008-04-17 17:39:38: [1092:7907] RCPT TO:<jojoblack@yahoo.com.tw>
Thu 2008-04-17 17:39:38: [1092:7907] 250 <jojoblack@yahoo.com.tw>, Recipient ok
Thu 2008-04-17 17:39:38: [1092:7907] RCPT TO:<jean_sold_nike@yahoo.com.tw>
Thu 2008-04-17 17:39:38: [1092:7907] 250 <jean_sold_nike@yahoo.com.tw>, Recipient ok
Thu 2008-04-17 17:39:38: [1092:7907] RCPT TO:<jiang8706@yahoo.com.tw>
Thu 2008-04-17 17:39:38: [1092:7907] 250 <jiang8706@yahoo.com.tw>, Recipient ok
Thu 2008-04-17 17:39:38: [1092:7907] RCPT TO:<i_love_8jo3@yahoo.com.tw>
Thu 2008-04-17 17:39:38: [1092:7907] 250 <i_love_8jo3@yahoo.com.tw>, Recipient ok
Thu 2008-04-17 17:39:38: [1092:7907] RCPT TO:<johnblake@yahoo.com.tw>
Thu 2008-04-17 17:39:38: [1092:7907] 250 <johnblake@yahoo.com.tw>, Recipient ok
Thu 2008-04-17 17:39:39: [1092:7907] RCPT TO:<k824622@yahoo.com.tw>
Thu 2008-04-17 17:39:39: [1092:7907] 250 <k824622@yahoo.com.tw>, Recipient ok
Thu 2008-04-17 17:39:39: [1092:7907] RCPT TO:<if_abc@yahoo.com.tw>
Thu 2008-04-17 17:39:39: [1092:7907] 250 <if_abc@yahoo.com.tw>, Recipient ok
Thu 2008-04-17 17:39:39: [1092:7907] RCPT TO:<john363657@yahoo.com.tw>
Thu 2008-04-17 17:39:39: [1092:7907] 250 <john363657@yahoo.com.tw>, Recipient ok
Thu 2008-04-17 17:39:39: [1092:7907] RCPT TO:<ifer@ms28.hinet.net>
Thu 2008-04-17 17:39:39: [1092:7907] 250 <ifer@ms28.hinet.net>, Recipient ok
Thu 2008-04-17 17:39:39: [1092:7907] RCPT TO:<jd889416@ms46.hinet.net>
Thu 2008-04-17 17:39:39: [1092:7907] 250 <jd889416@ms46.hinet.net>, Recipient ok
Thu 2008-04-17 17:39:40: [1092:7907] RCPT TO:<htchang@ms39.hinet.net>
Thu 2008-04-17 17:39:40: [1092:7907] 250 <htchang@ms39.hinet.net>, Recipient ok
Thu 2008-04-17 17:39:40: [1092:7907] RCPT TO:<j98399@yahoo.com.tw>
Thu 2008-04-17 17:39:40: [1092:7907] 250 <j98399@yahoo.com.tw>, Recipient ok
Thu 2008-04-17 17:39:40: [1092:7907] RCPT TO:<gtfy@msa.hinet.net>
Thu 2008-04-17 17:39:40: [1092:7907] 250 <gtfy@msa.hinet.net>, Recipient ok
Thu 2008-04-17 17:39:40: [1092:7907] RCPT TO:<kangaroo1127@yahoo.com.tw>
Thu 2008-04-17 17:39:40: [1092:7907] 250 <kangaroo1127@yahoo.com.tw>, Recipient ok
Thu 2008-04-17 17:39:40: [1092:7907] RCPT TO:<ilgsun@yahoo.com.tw>
Thu 2008-04-17 17:39:41: [1092:7907] 250 <ilgsun@yahoo.com.tw>, Recipient ok
Thu 2008-04-17 17:39:41: [1092:7907] RCPT TO:<j2g3h6r8r3@ms15.hinet.net>
Thu 2008-04-17 17:39:41: [1092:7907] 250 <j2g3h6r8r3@ms15.hinet.net>, Recipient ok
Thu 2008-04-17 17:39:41: [1092:7907] RCPT TO:<i79108@yahoo.com.tw>
Thu 2008-04-17 17:39:41: [1092:7907] 250 <i79108@yahoo.com.tw>, Recipient ok
Thu 2008-04-17 17:39:41: [1092:7907] RCPT TO:<gjyiyuh@ms66.hinet.net>
Thu 2008-04-17 17:39:41: [1092:7907] 250 <gjyiyuh@ms66.hinet.net>, Recipient ok
Thu 2008-04-17 17:39:41: [1092:7907] RCPT TO:<ivemyc@ms10.hinet.net>
Thu 2008-04-17 17:39:41: [1092:7907] 250 <ivemyc@ms10.hinet.net>, Recipient ok
Thu 2008-04-17 17:39:42: [1092:7907] RCPT TO:<hollandbean@yahoo.com.tw>
Thu 2008-04-17 17:39:42: [1092:7907] 250 <hollandbean@yahoo.com.tw>, Recipient ok
Thu 2008-04-17 17:39:42: [1092:7907] RCPT TO:<kcgtyrone@yahoo.com.tw>
Thu 2008-04-17 17:39:42: [1092:7907] 250 <kcgtyrone@yahoo.com.tw>, Recipient ok
Thu 2008-04-17 17:39:42: [1092:7907] RCPT TO:<jennychin2005@yahoo.com.tw>
Thu 2008-04-17 17:39:42: [1092:7907] 250 <jennychin2005@yahoo.com.tw>, Recipient ok
Thu 2008-04-17 17:39:42: [1092:7907] RCPT TO:<joannaspa@yahoo.com.tw>
Thu 2008-04-17 17:39:42: [1092:7907] 250 <joannaspa@yahoo.com.tw>, Recipient ok
Thu 2008-04-17 17:39:42: [1092:7907] RCPT TO:<hi217240@yahoo.com.tw>
Thu 2008-04-17 17:39:42: [1092:7907] 250 <hi217240@yahoo.com.tw>, Recipient ok
Thu 2008-04-17 17:39:43: [1092:7907] DATA
Thu 2008-04-17 17:39:43: [1092:7907] Storing <d:\mdaemon\smtpin\53\md50000000160.tmp>
Thu 2008-04-17 17:39:43: [1092:7907] 354 Enter mail, end with <CRLF>.<CRLF>
Thu 2008-04-17 17:39:43: [1092:7907] 250 Ok, message saved
Thu 2008-04-17 17:39:44: [1092:7907] SMTP session abnormally terminated, 3987 bytes transferred.
Thu 2008-04-17 17:39:44: [1092:7907] Shuffling message(s) into proper queue(s)
Thu 2008-04-17 17:39:44: [1092:7907] Message received from msg-g09pmirpcam [204.13.69.14] <> with SMTP for <j2g3h6r8r3@ms15.hinet.net> [Size 3984]
Thu 2008-04-17 17:39:44: [1092:7907] Message received from msg-g09pmirpcam [204.13.69.14] <> with SMTP for <ifer@ms28.hinet.net> [Size 3984]
Thu 2008-04-17 17:39:44: [1092:7907] Message received from msg-g09pmirpcam [204.13.69.14] <> with SMTP for <htchang@ms39.hinet.net> [Size 3984]
Thu 2008-04-17 17:39:44: [1092:7907] Message received from msg-g09pmirpcam [204.13.69.14] <> with SMTP for <jd889416@ms46.hinet.net> [Size 3984]
Thu 2008-04-17 17:39:44: [1092:7907] Message received from msg-g09pmirpcam [204.13.69.14] <> with SMTP for <gjyiyuh@ms66.hinet.net> [Size 3984]
Thu 2008-04-17 17:39:44: [1092:7907] Message received from msg-g09pmirpcam [204.13.69.14] <> with SMTP for <j6065@ms8.hinet.net> [Size 3984]
Thu 2008-04-17 17:39:44: [1092:7907] Message received from msg-g09pmirpcam [204.13.69.14] <> with SMTP for <insfl@ms9.hinet.net> [Size 3984]
Thu 2008-04-17 17:39:44: [1092:7907] Message received from msg-g09pmirpcam [204.13.69.14] <> with SMTP for <gtfy@msa.hinet.net> [Size 3984]
Thu 2008-04-17 17:39:45: ----------
Thu 2008-04-17 17:39:47: [1128:7909] Message received from msg-g09pmirpcam [204.13.69.110] <> with SMTP for <garycheong@ms24.hinet.net> [Size 3936]
Thu 2008-04-17 17:39:47: [1128:7909] Message received from msg-g09pmirpcam [204.13.69.110] <> with SMTP for <j2611@ms24.hinet.net> [Size 3936]
Thu 2008-04-17 17:39:47: [1128:7909] Message received from msg-g09pmirpcam [204.13.69.110] <> with SMTP for <hcf626@yahoo.com.tw> [Size 3936]
Thu 2008-04-17 17:39:47: [1128:7909] Message received from msg-g09pmirpcam [204.13.69.110] <> with SMTP for <inin5648@yahoo.com.tw> [Size 3936]
Thu 2008-04-17 17:39:47: [1128:7909] Message received from msg-g09pmirpcam [204.13.69.110] <> with SMTP for <j740763968@yahoo.com.tw> [Size 3936]
Thu 2008-04-17 17:39:47: [1128:7909] Message received from msg-g09pmirpcam [204.13.69.110] <> with SMTP for <jammytsio@yahoo.com.tw> [Size 3936]
Thu 2008-04-17 17:39:47: [1128:7909] Message received from msg-g09pmirpcam [204.13.69.110] <> with SMTP for <jason11130@yahoo.com.tw> [Size 3936]
Thu 2008-04-17 17:39:47: [1128:7909] Message received from msg-g09pmirpcam [204.13.69.110] <> with SMTP for <jason913@yahoo.com.tw> [Size 3936]
Thu 2008-04-17 17:39:47: [1128:7909] Message received from msg-g09pmirpcam [204.13.69.110] <> with SMTP for <johnnyid4@yahoo.com.tw> [Size 3936]
Thu 2008-04-17 17:39:47: [1128:7909] Message received from msg-g09pmirpcam [204.13.69.110] <> with SMTP for <jttf3@yahoo.com.tw> [Size 3936]
Thu 2008-04-17 17:39:47: [1128:7909] Message received from msg-g09pmirpcam [204.13.69.110] <> with SMTP for <judy852@yahoo.com.tw> [Size 3936]
Thu 2008-04-17 17:39:47: [1128:7909] Message received from msg-g09pmirpcam [204.13.69.110] <> with SMTP for <k22012201@yahoo.com.tw> [Size 3936]
Thu 2008-04-17 17:39:40: [1128:7909] Accepting SMTP connection from [204.13.69.110]
Thu 2008-04-17 17:39:40: [1128:7909] 220 mytrans-int.com ESMTP MDaemon 6.0.3; Thu, 17 Apr 2008 17:39:40 +0800
Thu 2008-04-17 17:39:41: [1128:7909] EHLO msg-g09pmirpcam
Thu 2008-04-17 17:39:41: [1128:7909] 250-mytrans-int.com Hello msg-g09pmirpcam, pleased to meet you
Thu 2008-04-17 17:39:41: [1128:7909] 250-ETRN
Thu 2008-04-17 17:39:41: [1128:7909] 250-AUTH LOGIN CRAM-MD5
Thu 2008-04-17 17:39:41: [1128:7909] 250 SIZE 0
Thu 2008-04-17 17:39:41: [1128:7909] AUTH LOGIN
Thu 2008-04-17 17:39:41: [1128:7909] 334 VXNlcm5hbWU6
Thu 2008-04-17 17:39:41: [1128:7909] YWRtaW4=
Thu 2008-04-17 17:39:41: [1128:7909] 334 UGFzc3dvcmQ6
Thu 2008-04-17 17:39:42: [1128:7909] YWRtaW4=
Thu 2008-04-17 17:39:42: [1128:7909] 235 Authentication successful
Thu 2008-04-17 17:39:42: [1128:7909] Authenticated as admin@mytrans-int.com
Thu 2008-04-17 17:39:42: [1128:7909] RSET
Thu 2008-04-17 17:39:42: [1128:7909] 250 RSET? Well, ok.
Thu 2008-04-17 17:39:42: [1128:7909] MAIL FROM:<>
Thu 2008-04-17 17:39:42: [1128:7909] 250 <>, Sender ok
Thu 2008-04-17 17:39:42: [1128:7909] RCPT TO:<jttf3@yahoo.com.tw>
Thu 2008-04-17 17:39:42: [1128:7909] 250 <jttf3@yahoo.com.tw>, Recipient ok
Thu 2008-04-17 17:39:43: [1128:7909] RCPT TO:<judy852@yahoo.com.tw>
Thu 2008-04-17 17:39:43: [1128:7909] 250 <judy852@yahoo.com.tw>, Recipient ok
Thu 2008-04-17 17:39:43: [1128:7909] RCPT TO:<igsho@ms26.hinet.net>
Thu 2008-04-17 17:39:43: [1128:7909] 250 <igsho@ms26.hinet.net>, Recipient ok
Thu 2008-04-17 17:39:43: [1128:7909] RCPT TO:<jason913@yahoo.com.tw>
Thu 2008-04-17 17:39:43: [1128:7909] 250 <jason913@yahoo.com.tw>, Recipient ok
Thu 2008-04-17 17:39:43: [1128:7909] RCPT TO:<j740763968@yahoo.com.tw>
Thu 2008-04-17 17:39:43: [1128:7909] 250 <j740763968@yahoo.com.tw>, Recipient ok
Thu 2008-04-17 17:39:43: [1128:7909] RCPT TO:<jammytsio@yahoo.com.tw>
Thu 2008-04-17 17:39:43: [1128:7909] 250 <jammytsio@yahoo.com.tw>, Recipient ok
Thu 2008-04-17 17:39:44: [1128:7909] RCPT TO:<garycheong@ms24.hinet.net>
Thu 2008-04-17 17:39:44: [1128:7909] 250 <garycheong@ms24.hinet.net>, Recipient ok
Thu 2008-04-17 17:39:44: [1128:7909] RCPT TO:<jason11130@yahoo.com.tw>
Thu 2008-04-17 17:39:44: [1128:7909] 250 <jason11130@yahoo.com.tw>, Recipient ok
Thu 2008-04-17 17:39:44: [1128:7909] RCPT TO:<hcf626@yahoo.com.tw>
Thu 2008-04-17 17:39:44: [1128:7909] 250 <hcf626@yahoo.com.tw>, Recipient ok
Thu 2008-04-17 17:39:44: [1128:7909] RCPT TO:<k22012201@yahoo.com.tw>
Thu 2008-04-17 17:39:44: [1128:7909] 250 <k22012201@yahoo.com.tw>, Recipient ok
Thu 2008-04-17 17:39:45: [1128:7909] RCPT TO:<inin5648@yahoo.com.tw>
Thu 2008-04-17 17:39:45: [1128:7909] 250 <inin5648@yahoo.com.tw>, Recipient ok
Thu 2008-04-17 17:39:45: [1128:7909] RCPT TO:<johnnyid4@yahoo.com.tw>
Thu 2008-04-17 17:39:45: [1128:7909] 250 <johnnyid4@yahoo.com.tw>, Recipient ok
Thu 2008-04-17 17:39:45: [1128:7909] RCPT TO:<j2611@ms24.hinet.net>
Thu 2008-04-17 17:39:45: [1128:7909] 250 <j2611@ms24.hinet.net>, Recipient ok
Thu 2008-04-17 17:39:45: [1128:7909] DATA
Thu 2008-04-17 17:39:45: [1128:7909] Storing <d:\mdaemon\smtpin\54\md50000000160.tmp>
Thu 2008-04-17 17:39:45: [1128:7909] 354 Enter mail, end with <CRLF>.<CRLF>
Thu 2008-04-17 17:39:46: [1128:7909] 250 Ok, message saved
Thu 2008-04-17 17:39:47: [1128:7909] SMTP session abnormally terminated, 3941 bytes transferred.
Thu 2008-04-17 17:39:47: [1128:7909] Shuffling message(s) into proper queue(s)
Thu 2008-04-17 17:39:47: [1128:7909] Message received from msg-g09pmirpcam [204.13.69.110] <> with SMTP for <igsho@ms26.hinet.net> [Size 3936]
Thu 2008-04-17 17:39:47: ----------


前次发的两个图，依然有这个现象。
不知道我是被中继了，还是被攻击了，请高手指点！谢谢了！！

我可能没有说详细。今天的详细情况是这样的，我把防火墙一般情况下，设置的防御等级状态是中。今天去看邮件服务器时，发现发送队列又有3W+，感觉又不对劲了。于是把防火墙等级改为高，于是得到防火墙拦截外网访问的日志。在这种状态下，我局域网同样也无法连接到邮件服务器了... 我就把等级改为中，同时手动去删除那些烦人的邮件，数量非常之多，有时1秒时间就会使发送队列排60。Mdaemon的记录便是这种状态下得出的。
请各位帮忙想想，到底是怎么一回事，有什么有效的解决途径？谢谢了！
另外，我的邮件服务器并没有硬件防火墙，会不会跟这个也有关系。

204.13.69.14
204.13.69.110

将这个两个IP屏蔽观察 一下

直接*@yahoo.com.tw屏蔽掉

你的域是mytrans-int.com嗎？啟用了SMTP驗證嗎？
若是，就是被人猜到了admin的密碼。修改它的密碼吧。
Authenticated as admin@mytrans-int.com

谢谢楼上几位回答
屏蔽IP太难实现了，以上贴的内容只是一小部分，IP远不止这两个。
除了*@yahoo.com.tw，还有一个*@hinet.net，都是台湾省域名，但不知道公司里有没有员工有这些联系，不敢贸然屏蔽。
admin的这行我也看到了，我已经把admin用户删除了，目前正在观察中。

我的朋友遇到过，是因为帐户的用户名和密码被猜到！一定要注意邮件帐户名和用户名不同，密码使用强密码！