sendmail relay或许不是relay问题

xuledw

25 端口 ESMTP Sendmail 8.13.1
110 端口Cyrus POP3 v2.2.12-Invoca-RPM-2.2.12-3.RHEL4.1 server ready
从今天开始发现邮件大量发送垃圾邮件
类似下面的日志这个是我关键了一个
fgrep p3Q4QPoL026102 /var/log/maillog

日志如下：

1. Apr 26 12:28:02 mail sendmail[26102]: p3Q4QPoL026102: from=<ernbra@hotmail.co.uk>, size=977, class=0, nrcpts=50, msgid=<201104260426.p3Q4QPoL026102@mail.funny.com>, proto=ESMTP, daemon=MTA, relay=dsl88-247-61362.ttnet.net.tr [88.247.239.178] (may be forged)
   
2. Apr 26 12:28:08 mail sendmail[26234]: p3Q4QPoL026102: to=<adam.thorium@8mal11.de>, delay=00:01:37, xdelay=00:00:05, mailer=esmtp, pri=1590977, relay=mail8.netbeat.de. [83.243.58.169], dsn=5.1.3, stat=User unknown
   
3. Apr 26 12:29:38 mail sendmail[26234]: p3Q4QPoL026102: to=<adam.weizen@aktionmitte.org>, delay=00:03:07, xdelay=00:01:30, mailer=esmtp, pri=1590977, relay=mail.aktionmitte.org. [70.38.45.57], dsn=4.0.0, stat=Deferred: Connection timed out with mail.aktionmitte.org.

复制代码

大致是from=<ernbra@hotmail.co.uk>来自这个地址的
当然服务器来自的很多 这个是其一
都会发送出去很多邮件 主机被肉了 还是系统的pop3漏洞？

xuledw

Apr 26 13:57:22 mail sendmail[2296]: AUTH=server, relay=94-78-73-179.nethouse.net [94.78.73.179] (may be forged), authid=administrator, mech=LOGIN, bits=0
这个地址总是来连接我的服务器
没有办法只能暂时将其discarded
Apr 26 13:57:24 mail sendmail[2063]: p3Q5uLuu002063: from=<trust@mail.com>, size=608, class=0, nrcpts=50, msgid=<201104260556.p3Q5uLuu002063@mail.funny.com>, proto=ESMTP, daemon=MTA, relay=94-78-73-179.nethouse.net [94.78.73.179] (may be forged)
Apr 26 13:57:24 mail sendmail[2063]: p3Q5uLuu002063: discarded