- 论坛徽章:
- 0
|
30可用积分
25 端口 ESMTP Sendmail 8.13.1
110 端口Cyrus POP3 v2.2.12-Invoca-RPM-2.2.12-3.RHEL4.1 server ready
从今天开始发现邮件大量发送垃圾邮件
类似下面的日志这个是我关键了一个
fgrep p3Q4QPoL026102 /var/log/maillog- Apr 26 12:28:02 mail sendmail[26102]: p3Q4QPoL026102: from=<ernbra@hotmail.co.uk>, size=977, class=0, nrcpts=50, msgid=<201104260426.p3Q4QPoL026102@mail.funny.com>, proto=ESMTP, daemon=MTA, relay=dsl88-247-61362.ttnet.net.tr [88.247.239.178] (may be forged)
- Apr 26 12:28:08 mail sendmail[26234]: p3Q4QPoL026102: to=<adam.thorium@8mal11.de>, delay=00:01:37, xdelay=00:00:05, mailer=esmtp, pri=1590977, relay=mail8.netbeat.de. [83.243.58.169], dsn=5.1.3, stat=User unknown
- Apr 26 12:29:38 mail sendmail[26234]: p3Q4QPoL026102: to=<adam.weizen@aktionmitte.org>, delay=00:03:07, xdelay=00:01:30, mailer=esmtp, pri=1590977, relay=mail.aktionmitte.org. [70.38.45.57], dsn=4.0.0, stat=Deferred: Connection timed out with mail.aktionmitte.org.
当然服务器来自的很多 这个是其一
都会发送出去很多邮件 主机被肉了 还是系统的pop3漏洞?
跟进
Apr 26 13:57:22 mail sendmail[2296]: AUTH=server, relay=94-78-73-179.nethouse.net [94.78.73.179] (may be forged), authid=administrator, mech=LOGIN, bits=0
这个地址总是来连接我的服务器
没有办法只能暂时将其discarded
Apr 26 13:57:24 mail sendmail[2063]: p3Q5uLuu002063: from=<trust@mail.com>, size=608, class=0, nrcpts=50, msgid=<201104260556.p3Q5uLuu002063@mail.funny.com>, proto=ESMTP, daemon=MTA, relay=94-78-73-179.nethouse.net [94.78.73.179] (may be forged)
Apr 26 13:57:24 mail sendmail[2063]: p3Q5uLuu002063: discarded
实在没有办法了
我直接
fgrep from= /var/log/maillog|grep -v funny.com|awk '{print$7}' > maillist
head -n 7 maillist2|awk '{print$2}'|sed 's/from=<//g'|sed 's/>,//g'
我将From比较多的感觉是恶意的地址直接给Discard
现在寻求一个彻底解决的办法
或者有更新的tcpwarpper? |
|
免费注册
发表于 2011-04-26 14:05
