ORF反垃圾邮件系统

邮件服务器-邮件系统-邮件技术论坛(BBS)

 找回密码
 会员注册
查看: 23000|回复: 22
打印 上一主题 下一主题

[求助] spool 文件夹问题

[复制链接]
跳转到指定楼层
顶楼
发表于 2010-3-2 10:00:15 | 只看该作者 回帖奖励 |倒序浏览 |阅读模式
环境:windows2003+imail8.22
春节过后就发现每天spool文件夹有大量的smd,gse文件,有3,4千个之多,发件人收件人都不是本公司的邮件用户,导致本公司要发的邮件发不出去
smtp设置:no mail reply,check valid sender, disable smtp"auth"
另,望高手赐教,如何隐藏自己的邮件服务器?说的详细些,谢谢。
沙发
发表于 2010-3-2 11:10:10 | 只看该作者
分析一些日志 会有结果的
藤椅
 楼主| 发表于 2010-3-2 13:02:04 | 只看该作者
查看队列,发现都是由***@aol.com或者***@dulwichpicturegallery.org.uk向外发送,
这说明是我的邮件服务器被入侵了?
现在我把这两个域名放在killlist里了,这样管用吗?
板凳
发表于 2010-3-2 19:31:43 | 只看该作者
治标不治本
你要查到问题在哪里
报纸
 楼主| 发表于 2010-3-3 14:48:41 | 只看该作者
我把那两个域名放在killlist里后,队列里空了,不像前两天,队列里有上百个多待发邮件
可是,队列虽然空了,但spool文件夹里还有几十个smd文件,这是为什么?我看日期,还有昨天的smd文件。smd文件不是待发的邮件吗?可队列是空的呀

原帖由 lgj858 于 2010-3-2 19:31 发表
治标不治本
你要查到问题在哪里


望斑竹赐教,问题可能出在哪里。之前我没做过调整
我的2003系统开了系统防火墙,但队列作了例外。
地板
发表于 2010-3-3 18:34:09 | 只看该作者
你要做几样工作
1.检查你的配置是否已经安全
2.服务器无木马
3.筛选分析日志,查找这些队列是利用的哪个帐号通过验证的
4.如果找到这个帐号密码也不是很简单的,那么去检查客户端是不是中木马了
7
发表于 2010-3-4 12:17:10 | 只看该作者
服务器上如果只跑IMAIL,而无其它大型网站之类在运行,中木马的可能性几乎为零,队列里那么多邮件,唯一的可能只是有帐号因密码太简单而被盗用了,我自己就在几台服务器上碰到过,帐号名一般是service、temp、admin之类的,当然还有些简单的英文名字,从日志里找出来改掉就是了。
8
发表于 2010-3-5 01:02:03 | 只看该作者
简单点,把SMTP的LOG发给大家,找出来告诉你。
9
 楼主| 发表于 2010-3-8 19:31:20 | 只看该作者
log太大,已被我删了。。。。。。
10
 楼主| 发表于 2010-3-16 14:55:19 | 只看该作者
我把日志贴上来,斑竹帮看看,我截了一段,日志txt文件居然有140多兆,spool你有2万多个文件
系统是2003,没开防火墙,木马用360查过,没有发现,只运行Imail8.22和FTP,没有其他的了
在smtp设置里,我居然没有找到Refuse NULL <> Sender的选项,但我看imail8的说明文件里说有,奇怪

03:15 23:59 SMTP-(36b4028c00000bb7) >EHLO 我的域名
03:15 23:59 SMTPD(59160093000006eb) [82.128.19.206] RCPT TO:<avrt@bigfoot.com>
03:15 23:59 SMTP-(368d02c000000b87) MX connect fail "202.106.199.35"
03:15 23:59 SMTP-(368d02c000000b87) Trying petri.de (0)
03:15 23:59 SMTP-(367e030200000b7b) 221 2.0.0 Service closing transmission channel
03:15 23:59 SMTP-(367e030200000b7b) Trying hughes.net (0)
03:15 23:59 SMTP-(36b4028c00000bb7) 250-sj1-dm02.mta.everyone.net
03:15 23:59 SMTP-(36b4028c00000bb7) 250-PIPELINING
03:15 23:59 SMTP-(36b4028c00000bb7) 250-SIZE 50000000
03:15 23:59 SMTP-(36b4028c00000bb7) 250-AUTH PLAIN LOGIN
03:15 23:59 SMTP-(36b4028c00000bb7) 250-AUTH=LOGIN
03:15 23:59 SMTP-(36b4028c00000bb7) 250-STARTTLS
03:15 23:59 SMTP-(36b4028c00000bb7) 250 8BITMIME
03:15 23:59 SMTP-(36b4028c00000bb7) >MAIL FROM:<raliatsmth@earthlink.net>
03:15 23:59 SMTP-(36b302d200000bb6) 221 2.0.0 Bye
03:15 23:59 SMTP-(36b302d200000bb6) Trying wocal.com (0)
03:15 23:59 SMTP-(369b024600000b98) 354 go ahead
03:15 23:59 SMTP-(369b024600000b98) >.
03:15 23:59 SMTP-(368d02c000000b87) Connect petri.de [69.50.213.17:25] (1)
03:15 23:59 SMTP-(369f027600000ba0) Connect mag-uk.org [80.176.86.92:25] (1)
03:15 23:59 SMTP-(36b4028c00000bb7) 250 Sender okay
03:15 23:59 SMTP-(36b4028c00000bb7) >RCPT To:<fletcherel@limso.net>
03:15 23:59 SMTPD(59260177000006fa) [82.128.19.206] RCPT TO:<awu@cbpu.com>
03:15 23:59 SMTP-(36b302d200000bb6) Connect wocal.com [74.54.176.226:25] (1)
03:15 23:59 SMTPD(59160283000006ec) [82.128.19.206] RCPT TO:<awalthourmd@students.mcg.edu>
03:15 23:59 SMTP-(36b201b400000bb4) 250-aspen.websitewelcome.com Hello 我的域名 [我的ip]
03:15 23:59 SMTP-(36b201b400000bb4) 250-SIZE 52428800
03:15 23:59 SMTP-(36b201b400000bb4) 250-PIPELINING
03:15 23:59 SMTP-(36b201b400000bb4) 250-AUTH PLAIN LOGIN
03:15 23:59 SMTP-(36b201b400000bb4) 250-STARTTLS
03:15 23:59 SMTP-(36b201b400000bb4) 250 HELP
03:15 23:59 SMTP-(36b201b400000bb4) >MAIL FROM:<raliatsmth@earthlink.net>
03:15 23:59 SMTP-(368d02c000000b87) 220-server.serverstep.de ESMTP Exim 4.69 #1 Mon, 15 Mar 2010 16:59:01 +0100
03:15 23:59 SMTP-(368d02c000000b87) 220-We do not authorize the use of this system to transport unsolicited,
03:15 23:59 SMTP-(368d02c000000b87) 220 and/or bulk e-mail.
03:15 23:59 SMTP-(368d02c000000b87) >EHLO 我的域名
03:15 23:59 SMTP-(36b302d200000bb6) 220-gator366.hostgator.com ESMTP Exim 4.69 #1 Mon, 15 Mar 2010 10:59:02 -0500
03:15 23:59 SMTP-(36b302d200000bb6) 220-We do not authorize the use of this system to transport unsolicited,
03:15 23:59 SMTP-(36b302d200000bb6) 220 and/or bulk e-mail.
03:15 23:59 SMTP-(36b302d200000bb6) >EHLO 我的域名
03:15 23:59 SMTP-(36b4028c00000bb7) 550 Recipient Rejected: Account Inactive
03:15 23:59 SMTP-(36b4028c00000bb7) >QUIT
03:15 23:59 SMTP-(36b201b400000bb4) 250 OK
03:15 23:59 SMTP-(36b201b400000bb4) >RCPT To:<flemingpstz@massagency.com>
03:15 23:59 SMTP-(368d02c000000b87) 250-server.serverstep.de Hello 我的域名

[127.0.0.1]
03:15 23:59 SMTP-(368d02c000000b87) 250-SIZE 52428800
03:15 23:59 SMTP-(368d02c000000b87) 250-AUTH PLAIN LOGIN
03:15 23:59 SMTP-(368d02c000000b87) 250 HELP
03:15 23:59 SMTP-(368d02c000000b87) >MAIL FROM:<raliatsmth@earthlink.net>
03:15 23:59 SMTP-(36b4028c00000bb7) 221 Bye
03:15 23:59 SMTP-(36b4028c00000bb7) Trying 1000demenageurs.com (0)
03:15 23:59 SMTPD(591401fa000006e8) [82.128.19.206] RCPT TO:<awadjo@yahoo.com>
03:15 23:59 SMTP-(36b302d200000bb6) 250-gator366.hostgator.com Hello 我的域名 [我的ip]
03:15 23:59 SMTP-(36b302d200000bb6) 250-SIZE 52428800
03:15 23:59 SMTP-(36b302d200000bb6) 250-PIPELINING
03:15 23:59 SMTP-(36b302d200000bb6) 250-AUTH PLAIN LOGIN
03:15 23:59 SMTP-(36b302d200000bb6) 250-STARTTLS
03:15 23:59 SMTP-(36b302d200000bb6) 250 HELP
03:15 23:59 SMTP-(36b302d200000bb6) >MAIL FROM:<raliatsmth@earthlink.net>
03:15 23:59 SMTP-(369c02cc00000b9b) 250 ok 1268668741 qp 16184
03:15 23:59 SMTP-(369c02cc00000b9b) rdeliver headstar.com access-consult@headstar.com (1)
<imf.update@neu.com.cn> 2435
03:15 23:59 SMTP-(369c02cc00000b9b) >QUIT
03:15 23:59 SMTP-(367e030200000b7b) Connect hughes.net [64.98.36.4:25] (1)
03:15 23:59 SMTPD(5923026d000006f7) [82.128.19.206] RCPT TO:<awlankford@centurytel.net>
03:15 23:59 SMTPD(591701cb000006ed) [82.128.19.206] RCPT TO:<awbdev@mchsi.com>
03:15 23:59 SMTPD(59180221000006ef) [82.128.19.206] RCPT TO:<awesome_gurl_22@hotmail.com>
03:15 23:59 SMTP-(36b501a100000bb9) 554 imta34.emeryville.ca.mail.comcast.net comcast 我的ip Comcast requires that all mail servers must have a PTR record with a valid Reverse DNS entry. Currently your mail server does not fill that requirement. For more information, refer to: http://help.comcast.net/content/faq/PTR
03:15 23:59 SMTP-(36b501a100000bb9) SMTP_DELIV_FAILED
03:15 23:59 SMTP-(36b501a100000bb9) >QUIT
03:15 23:59 SMTP-(368d02c000000b87) 250 OK
03:15 23:59 SMTP-(368d02c000000b87) >RCPT To:<flatterye7@petri.de>
03:15 23:59 SMTP-(36a0026400000ba1) 250 2.1.5 OK 32si5120331iwn.17
03:15 23:59 SMTP-(36a0026400000ba1) >DATA
03:15 23:59 SMTPD(591c0251000006f3) [82.128.19.206] RCPT TO:<awilliamsfamily@bellsouth.net>
03:15 23:59 SMTPD(591b0181000006f2) [82.128.19.206] RCPT TO:<awhite57@carolina.rr.com>
03:15 23:59 SMTPD(592401ad000006f9) [82.128.19.206] RCPT TO:<aworley420@yahoo.com>
03:15 23:59 SMTPD(59130260000006e6) [82.128.19.206] RCPT TO:<avonjess@yahoo.com>
03:15 23:59 SMTP-(36b501a100000bb9)
03:15 23:59 SMTP-(36b501a100000bb9) Trying sbcglobal.net (0)
03:15 23:59 SMTPD(59160093000006eb) [82.128.19.206] RCPT TO:<avrxsport@lantil.net>
03:15 23:59 SMTPD(58fc021c000006d8) [82.128.34.115] RCPT TO:<mwilson911@cox.net>
03:15 23:59 SMTP-(368d02c000000b87) 550 5.1.1 User unknown: flatterye7@petri.de
03:15 23:59 SMTP-(368d02c000000b87) >QUIT
03:15 23:59 SMTPD(5947017400000707) [我的ip] connect 82.128.34.115 port 1900
03:15 23:59 SMTPD(58ed01f5000006d2) [82.128.34.115] RCPT TO:<mtrocola26@yahoo.com>
03:15 23:59 SMTP-(367e030200000b7b) 220 mx.b.hostedemail.com SMTP
03:15 23:59 SMTP-(367e030200000b7b) >EHLO 我的域名
03:15 23:59 SMTPD(59260177000006fa) [82.128.19.206] RCPT TO:<awu@gi.com>
03:15 23:59 SMTPD(59160283000006ec) [82.128.19.206] RCPT TO:<awalton26@aol.com>
03:15 23:59 SMTPD(591a01b8000006f1) [82.128.34.115] RCPT TO:<myla_citizen@yahoo.com>
03:15 23:59 SMTP-(36af02f600000bac) 250 Ok
03:15 23:59 SMTP-(36af02f600000bac) >DATA
03:15 23:59 SMTP-(36b501a100000bb9) Connect sbcglobal.net [207.115.36.20:25] (1)
03:15 23:59 SMTPD(5942022700000703) Authenticated rock@我的域名, session treated as local.
03:15 23:59 SMTP-(368d02c000000b87) 221 server.serverstep.de closing connection
03:15 23:59 SMTP-(368d02c000000b87) Trying verizon.net (0)
03:15 23:59 SMTP-(369c02cc00000b9b) 221 headstar.positive-dedicated.net
03:15 23:59 SMTP-(369c02cc00000b9b) Trying littleleague.org (0)
03:15 23:59 SMTP-(365801cf00000b30) MX connect fail "82.98.86.161"
03:15 23:59 SMTP-(365801cf00000b30) Trying pb-eba.com (0)
03:15 23:59 SMTP-(36a0026400000ba1) 354  Go ahead 32si5120331iwn.17
03:15 23:59 SMTP-(36a0026400000ba1) >.
03:15 23:59 SMTP-(36af02f600000bac) 354 End data with <CR><LF>.<CR><LF>
03:15 23:59 SMTP-(367e030200000b7b) 250-imf10.b.hostedemail.com
03:15 23:59 SMTP-(367e030200000b7b) 250-PIPELINING
03:15 23:59 SMTP-(367e030200000b7b) 250-SIZE 26214400
03:15 23:59 SMTP-(367e030200000b7b) 250-ETRN
03:15 23:59 SMTP-(367e030200000b7b) 250-ENHANCEDSTATUSCODES
03:15 23:59 SMTP-(367e030200000b7b) 250-8BITMIME
03:15 23:59 SMTP-(367e030200000b7b) 250 DSN
03:15 23:59 SMTP-(367e030200000b7b) >MAIL FROM:<cbndeptt@gmail.com>
03:15 23:59 SMTP-(36af02f600000bac) >.
03:15 23:59 SMTP-(36b501a100000bb9) 220 nlpi081.prodigy.net ESMTP Sendmail 8.13.8 inb ipv6 jeff0203/8.13.8; Mon, 15 Mar 2010 10:59:02 -0500
03:15 23:59 SMTP-(36b501a100000bb9) >EHLO 我的域名
03:15 23:59 SMTP-(36b302d200000bb6) 250 OK
03:15 23:59 SMTP-(36b302d200000bb6) >RCPT To:<fleshliest21@wocal.com>
03:15 23:59 SMTP-(368d02c000000b87) Connect verizon.net [206.46.232.11:25] (1)
03:15 23:59 SMTP-(3691017600000b8c) Connect brbj.com [216.99.131.2:25] (1)
03:15 23:59 SMTP-(369c02cc00000b9b) Connect littleleague.org [12.151.2.241:25] (1)
03:15 23:59 SMTPD(591701cb000006ed) [82.128.19.206] RCPT TO:<awbeck01@sbcglobal.net>
03:15 23:59 SMTPD(591401fa000006e8) [82.128.19.206] RCPT TO:<awadorguk1@aol.com>
03:15 23:59 SMTP-(367e030200000b7b) 250 2.1.0 Ok
03:15 23:59 SMTP-(367e030200000b7b) >RCPT To:<bkawzy@hughes.net>
03:15 23:59 SMTP-(365801cf00000b30) Connect pb-eba.com [194.250.97.250:25] (1)
03:15 23:59 SMTPD(59180221000006ef) [82.128.19.206] RCPT TO:<awesome_like_that@yahoo.com>
03:15 23:59 SMTPD(5923026d000006f7) [82.128.19.206] RCPT TO:<awleung@atvci.net>
03:15 23:59 SMTPD(591c0251000006f3) [82.128.19.206] RCPT TO:<awilliamson2@wi.rr.com>
03:15 23:59 SMTPD(591b0181000006f2) [82.128.19.206] RCPT TO:<awhitejr@pol.net>
03:15 23:59 SMTPD(592401ad000006f9) [82.128.19.206] RCPT TO:<aworm@supanet.com>
03:15 23:59 SMTPD(59130260000006e6) [82.128.19.206] RCPT TO:<avonkrad@naver.com>
03:15 23:59 SMTP-(369b024600000b98) 250 ok 1268668742 qp 3426
03:15 23:59 SMTP-(369b024600000b98) rdeliver yahoogroups.com acba_functions@yahoogroups.com (1) <imf.update@neu.com.cn> 2435
03:15 23:59 SMTP-(369b024600000b98) >QUIT
03:15 23:59 SMTPD(59160093000006eb) [82.128.19.206] RCPT TO:<avs.comp@northlink.net>
03:15 23:59 SMTP-(36b501a100000bb9) 250-nlpi081.prodigy.net Hello [我的ip], pleased to meet you
03:15 23:59 SMTP-(36b501a100000bb9) 250 ENHANCEDSTATUSCODES
03:15 23:59 SMTP-(36b501a100000bb9) >MAIL FROM:<imf.update@neu.com.cn>
03:15 23:59 SMTP-(36b302d200000bb6) 550 No Such User Here
03:15 23:59 SMTP-(36b302d200000bb6) >QUIT
03:15 23:59 SMTP-(368d02c000000b87) 571 Email from 我的ip is currently blocked by Verizon

Online's anti-spam system. The email sender or Email Service Provider may visit

http://www.verizon.net/whitelist and request removal of the block. 100315
03:15 23:59 SMTP-(368d02c000000b87) SMTP_DELIV_FAILED
03:15 23:59 SMTP-(368d02c000000b87) >QUIT
03:15 23:59 SMTP-(368d02c000000b87)
03:15 23:59 SMTP-(368d02c000000b87) Trying bewerbung-gut.de (0)
您需要登录后才可以回帖 登录 | 会员注册

本版积分规则

小黑屋|手机版|Archiver|邮件技术资讯网

GMT+8, 2024-12-24 21:54

Powered by Discuz! X3.2

© 2001-2016 Comsenz Inc.

本论坛为非盈利中立机构,所有言论属发表者个人意见,不代表本论坛立场。内容所涉及版权和法律相关事宜请参考各自所有者的条款。
如认定侵犯了您权利,请联系我们。本论坛原创内容请联系后再行转载并务必保留我站信息。此声明修改不另行通知,保留最终解释权。
*本论坛会员专属QQ群:邮件技术资讯网会员QQ群
*本论坛会员备用QQ群:邮件技术资讯网备用群

快速回复 返回顶部 返回列表