邮件服务器-邮件系统-邮件技术论坛(BBS)

标题: spool 文件夹问题 [打印本页]

作者: badboylife 时间: 2010-3-2 10:00
标题: spool 文件夹问题
环境：windows2003+imail8.22
春节过后就发现每天spool文件夹有大量的smd，gse文件，有3，4千个之多，发件人收件人都不是本公司的邮件用户，导致本公司要发的邮件发不出去
smtp设置：no mail reply，check valid sender, disable smtp"auth"
另，望高手赐教，如何隐藏自己的邮件服务器？说的详细些，谢谢。

作者: lgj858 时间: 2010-3-2 11:10
分析一些日志会有结果的

作者: badboylife 时间: 2010-3-2 13:02
查看队列，发现都是由***@aol.com或者***@dulwichpicturegallery.org.uk向外发送，
这说明是我的邮件服务器被入侵了？
现在我把这两个域名放在killlist里了，这样管用吗？

作者: lgj858 时间: 2010-3-2 19:31
治标不治本
你要查到问题在哪里

作者: badboylife 时间: 2010-3-3 14:48
我把那两个域名放在killlist里后，队列里空了，不像前两天，队列里有上百个多待发邮件
可是，队列虽然空了，但spool文件夹里还有几十个smd文件，这是为什么？我看日期，还有昨天的smd文件。smd文件不是待发的邮件吗？可队列是空的呀

原帖由 lgj858 于 2010-3-2 19:31 发表
治标不治本
你要查到问题在哪里

望斑竹赐教，问题可能出在哪里。之前我没做过调整
我的2003系统开了系统防火墙，但队列作了例外。

作者: lgj858 时间: 2010-3-3 18:34
你要做几样工作
1.检查你的配置是否已经安全
2.服务器无木马
3.筛选分析日志，查找这些队列是利用的哪个帐号通过验证的
4.如果找到这个帐号密码也不是很简单的，那么去检查客户端是不是中木马了

作者: ineedrmb 时间: 2010-3-4 12:17
服务器上如果只跑IMAIL，而无其它大型网站之类在运行，中木马的可能性几乎为零，队列里那么多邮件，唯一的可能只是有帐号因密码太简单而被盗用了，我自己就在几台服务器上碰到过，帐号名一般是service、temp、admin之类的，当然还有些简单的英文名字，从日志里找出来改掉就是了。

作者: 钉子 时间: 2010-3-5 01:02
简单点，把SMTP的LOG发给大家，找出来告诉你。

作者: badboylife 时间: 2010-3-8 19:31
log太大，已被我删了。。。。。。

作者: badboylife 时间: 2010-3-16 14:55
我把日志贴上来，斑竹帮看看，我截了一段，日志txt文件居然有140多兆，spool你有2万多个文件
系统是2003，没开防火墙，木马用360查过，没有发现，只运行Imail8.22和FTP，没有其他的了
在smtp设置里，我居然没有找到Refuse NULL <> Sender的选项，但我看imail8的说明文件里说有，奇怪

03:15 23:59 SMTP-(36b4028c00000bb7) >EHLO 我的域名
03:15 23:59 SMTPD(59160093000006eb) [82.128.19.206] RCPT TO:<avrt@bigfoot.com>
03:15 23:59 SMTP-(368d02c000000b87) MX connect fail "202.106.199.35"
03:15 23:59 SMTP-(368d02c000000b87) Trying petri.de (0)
03:15 23:59 SMTP-(367e030200000b7b) 221 2.0.0 Service closing transmission channel
03:15 23:59 SMTP-(367e030200000b7b) Trying hughes.net (0)
03:15 23:59 SMTP-(36b4028c00000bb7) 250-sj1-dm02.mta.everyone.net
03:15 23:59 SMTP-(36b4028c00000bb7) 250-PIPELINING
03:15 23:59 SMTP-(36b4028c00000bb7) 250-SIZE 50000000
03:15 23:59 SMTP-(36b4028c00000bb7) 250-AUTH PLAIN LOGIN
03:15 23:59 SMTP-(36b4028c00000bb7) 250-AUTH=LOGIN
03:15 23:59 SMTP-(36b4028c00000bb7) 250-STARTTLS
03:15 23:59 SMTP-(36b4028c00000bb7) 250 8BITMIME
03:15 23:59 SMTP-(36b4028c00000bb7) >MAIL FROM:<raliatsmth@earthlink.net>
03:15 23:59 SMTP-(36b302d200000bb6) 221 2.0.0 Bye
03:15 23:59 SMTP-(36b302d200000bb6) Trying wocal.com (0)
03:15 23:59 SMTP-(369b024600000b98) 354 go ahead
03:15 23:59 SMTP-(369b024600000b98) >.
03:15 23:59 SMTP-(368d02c000000b87) Connect petri.de [69.50.213.17:25] (1)
03:15 23:59 SMTP-(369f027600000ba0) Connect mag-uk.org [80.176.86.92:25] (1)
03:15 23:59 SMTP-(36b4028c00000bb7) 250 Sender okay
03:15 23:59 SMTP-(36b4028c00000bb7) >RCPT To:<fletcherel@limso.net>
03:15 23:59 SMTPD(59260177000006fa) [82.128.19.206] RCPT TO:<awu@cbpu.com>
03:15 23:59 SMTP-(36b302d200000bb6) Connect wocal.com [74.54.176.226:25] (1)
03:15 23:59 SMTPD(59160283000006ec) [82.128.19.206] RCPT TO:<awalthourmd@students.mcg.edu>
03:15 23:59 SMTP-(36b201b400000bb4) 250-aspen.websitewelcome.com Hello 我的域名 [我的ip]
03:15 23:59 SMTP-(36b201b400000bb4) 250-SIZE 52428800
03:15 23:59 SMTP-(36b201b400000bb4) 250-PIPELINING
03:15 23:59 SMTP-(36b201b400000bb4) 250-AUTH PLAIN LOGIN
03:15 23:59 SMTP-(36b201b400000bb4) 250-STARTTLS
03:15 23:59 SMTP-(36b201b400000bb4) 250 HELP
03:15 23:59 SMTP-(36b201b400000bb4) >MAIL FROM:<raliatsmth@earthlink.net>
03:15 23:59 SMTP-(368d02c000000b87) 220-server.serverstep.de ESMTP Exim 4.69 #1 Mon, 15 Mar 2010 16:59:01 +0100
03:15 23:59 SMTP-(368d02c000000b87) 220-We do not authorize the use of this system to transport unsolicited,
03:15 23:59 SMTP-(368d02c000000b87) 220 and/or bulk e-mail.
03:15 23:59 SMTP-(368d02c000000b87) >EHLO 我的域名
03:15 23:59 SMTP-(36b302d200000bb6) 220-gator366.hostgator.com ESMTP Exim 4.69 #1 Mon, 15 Mar 2010 10:59:02 -0500
03:15 23:59 SMTP-(36b302d200000bb6) 220-We do not authorize the use of this system to transport unsolicited,
03:15 23:59 SMTP-(36b302d200000bb6) 220 and/or bulk e-mail.
03:15 23:59 SMTP-(36b302d200000bb6) >EHLO 我的域名
03:15 23:59 SMTP-(36b4028c00000bb7) 550 Recipient Rejected: Account Inactive
03:15 23:59 SMTP-(36b4028c00000bb7) >QUIT
03:15 23:59 SMTP-(36b201b400000bb4) 250 OK
03:15 23:59 SMTP-(36b201b400000bb4) >RCPT To:<flemingpstz@massagency.com>
03:15 23:59 SMTP-(368d02c000000b87) 250-server.serverstep.de Hello 我的域名

[127.0.0.1]
03:15 23:59 SMTP-(368d02c000000b87) 250-SIZE 52428800
03:15 23:59 SMTP-(368d02c000000b87) 250-AUTH PLAIN LOGIN
03:15 23:59 SMTP-(368d02c000000b87) 250 HELP
03:15 23:59 SMTP-(368d02c000000b87) >MAIL FROM:<raliatsmth@earthlink.net>
03:15 23:59 SMTP-(36b4028c00000bb7) 221 Bye
03:15 23:59 SMTP-(36b4028c00000bb7) Trying 1000demenageurs.com (0)
03:15 23:59 SMTPD(591401fa000006e8) [82.128.19.206] RCPT TO:<awadjo@yahoo.com>
03:15 23:59 SMTP-(36b302d200000bb6) 250-gator366.hostgator.com Hello 我的域名 [我的ip]
03:15 23:59 SMTP-(36b302d200000bb6) 250-SIZE 52428800
03:15 23:59 SMTP-(36b302d200000bb6) 250-PIPELINING
03:15 23:59 SMTP-(36b302d200000bb6) 250-AUTH PLAIN LOGIN
03:15 23:59 SMTP-(36b302d200000bb6) 250-STARTTLS
03:15 23:59 SMTP-(36b302d200000bb6) 250 HELP
03:15 23:59 SMTP-(36b302d200000bb6) >MAIL FROM:<raliatsmth@earthlink.net>
03:15 23:59 SMTP-(369c02cc00000b9b) 250 ok 1268668741 qp 16184
03:15 23:59 SMTP-(369c02cc00000b9b) rdeliver headstar.com access-consult@headstar.com (1)
<imf.update@neu.com.cn> 2435
03:15 23:59 SMTP-(369c02cc00000b9b) >QUIT
03:15 23:59 SMTP-(367e030200000b7b) Connect hughes.net [64.98.36.4:25] (1)
03:15 23:59 SMTPD(5923026d000006f7) [82.128.19.206] RCPT TO:<awlankford@centurytel.net>
03:15 23:59 SMTPD(591701cb000006ed) [82.128.19.206] RCPT TO:<awbdev@mchsi.com>
03:15 23:59 SMTPD(59180221000006ef) [82.128.19.206] RCPT TO:<awesome_gurl_22@hotmail.com>
03:15 23:59 SMTP-(36b501a100000bb9) 554 imta34.emeryville.ca.mail.comcast.net comcast 我的ip Comcast requires that all mail servers must have a PTR record with a valid Reverse DNS entry. Currently your mail server does not fill that requirement. For more information, refer to: http://help.comcast.net/content/faq/PTR
03:15 23:59 SMTP-(36b501a100000bb9) SMTP_DELIV_FAILED
03:15 23:59 SMTP-(36b501a100000bb9) >QUIT
03:15 23:59 SMTP-(368d02c000000b87) 250 OK
03:15 23:59 SMTP-(368d02c000000b87) >RCPT To:<flatterye7@petri.de>
03:15 23:59 SMTP-(36a0026400000ba1) 250 2.1.5 OK 32si5120331iwn.17
03:15 23:59 SMTP-(36a0026400000ba1) >DATA
03:15 23:59 SMTPD(591c0251000006f3) [82.128.19.206] RCPT TO:<awilliamsfamily@bellsouth.net>
03:15 23:59 SMTPD(591b0181000006f2) [82.128.19.206] RCPT TO:<awhite57@carolina.rr.com>
03:15 23:59 SMTPD(592401ad000006f9) [82.128.19.206] RCPT TO:<aworley420@yahoo.com>
03:15 23:59 SMTPD(59130260000006e6) [82.128.19.206] RCPT TO:<avonjess@yahoo.com>
03:15 23:59 SMTP-(36b501a100000bb9)
03:15 23:59 SMTP-(36b501a100000bb9) Trying sbcglobal.net (0)
03:15 23:59 SMTPD(59160093000006eb) [82.128.19.206] RCPT TO:<avrxsport@lantil.net>
03:15 23:59 SMTPD(58fc021c000006d8) [82.128.34.115] RCPT TO:<mwilson911@cox.net>
03:15 23:59 SMTP-(368d02c000000b87) 550 5.1.1 User unknown: flatterye7@petri.de
03:15 23:59 SMTP-(368d02c000000b87) >QUIT
03:15 23:59 SMTPD(5947017400000707) [我的ip] connect 82.128.34.115 port 1900
03:15 23:59 SMTPD(58ed01f5000006d2) [82.128.34.115] RCPT TO:<mtrocola26@yahoo.com>
03:15 23:59 SMTP-(367e030200000b7b) 220 mx.b.hostedemail.com SMTP
03:15 23:59 SMTP-(367e030200000b7b) >EHLO 我的域名
03:15 23:59 SMTPD(59260177000006fa) [82.128.19.206] RCPT TO:<awu@gi.com>
03:15 23:59 SMTPD(59160283000006ec) [82.128.19.206] RCPT TO:<awalton26@aol.com>
03:15 23:59 SMTPD(591a01b8000006f1) [82.128.34.115] RCPT TO:<myla_citizen@yahoo.com>
03:15 23:59 SMTP-(36af02f600000bac) 250 Ok
03:15 23:59 SMTP-(36af02f600000bac) >DATA
03:15 23:59 SMTP-(36b501a100000bb9) Connect sbcglobal.net [207.115.36.20:25] (1)
03:15 23:59 SMTPD(5942022700000703) Authenticated rock@我的域名, session treated as local.
03:15 23:59 SMTP-(368d02c000000b87) 221 server.serverstep.de closing connection
03:15 23:59 SMTP-(368d02c000000b87) Trying verizon.net (0)
03:15 23:59 SMTP-(369c02cc00000b9b) 221 headstar.positive-dedicated.net
03:15 23:59 SMTP-(369c02cc00000b9b) Trying littleleague.org (0)
03:15 23:59 SMTP-(365801cf00000b30) MX connect fail "82.98.86.161"
03:15 23:59 SMTP-(365801cf00000b30) Trying pb-eba.com (0)
03:15 23:59 SMTP-(36a0026400000ba1) 354 Go ahead 32si5120331iwn.17
03:15 23:59 SMTP-(36a0026400000ba1) >.
03:15 23:59 SMTP-(36af02f600000bac) 354 End data with <CR><LF>.<CR><LF>
03:15 23:59 SMTP-(367e030200000b7b) 250-imf10.b.hostedemail.com
03:15 23:59 SMTP-(367e030200000b7b) 250-PIPELINING
03:15 23:59 SMTP-(367e030200000b7b) 250-SIZE 26214400
03:15 23:59 SMTP-(367e030200000b7b) 250-ETRN
03:15 23:59 SMTP-(367e030200000b7b) 250-ENHANCEDSTATUSCODES
03:15 23:59 SMTP-(367e030200000b7b) 250-8BITMIME
03:15 23:59 SMTP-(367e030200000b7b) 250 DSN
03:15 23:59 SMTP-(367e030200000b7b) >MAIL FROM:<cbndeptt@gmail.com>
03:15 23:59 SMTP-(36af02f600000bac) >.
03:15 23:59 SMTP-(36b501a100000bb9) 220 nlpi081.prodigy.net ESMTP Sendmail 8.13.8 inb ipv6 jeff0203/8.13.8; Mon, 15 Mar 2010 10:59:02 -0500
03:15 23:59 SMTP-(36b501a100000bb9) >EHLO 我的域名
03:15 23:59 SMTP-(36b302d200000bb6) 250 OK
03:15 23:59 SMTP-(36b302d200000bb6) >RCPT To:<fleshliest21@wocal.com>
03:15 23:59 SMTP-(368d02c000000b87) Connect verizon.net [206.46.232.11:25] (1)
03:15 23:59 SMTP-(3691017600000b8c) Connect brbj.com [216.99.131.2:25] (1)
03:15 23:59 SMTP-(369c02cc00000b9b) Connect littleleague.org [12.151.2.241:25] (1)
03:15 23:59 SMTPD(591701cb000006ed) [82.128.19.206] RCPT TO:<awbeck01@sbcglobal.net>
03:15 23:59 SMTPD(591401fa000006e8) [82.128.19.206] RCPT TO:<awadorguk1@aol.com>
03:15 23:59 SMTP-(367e030200000b7b) 250 2.1.0 Ok
03:15 23:59 SMTP-(367e030200000b7b) >RCPT To:<bkawzy@hughes.net>
03:15 23:59 SMTP-(365801cf00000b30) Connect pb-eba.com [194.250.97.250:25] (1)
03:15 23:59 SMTPD(59180221000006ef) [82.128.19.206] RCPT TO:<awesome_like_that@yahoo.com>
03:15 23:59 SMTPD(5923026d000006f7) [82.128.19.206] RCPT TO:<awleung@atvci.net>
03:15 23:59 SMTPD(591c0251000006f3) [82.128.19.206] RCPT TO:<awilliamson2@wi.rr.com>
03:15 23:59 SMTPD(591b0181000006f2) [82.128.19.206] RCPT TO:<awhitejr@pol.net>
03:15 23:59 SMTPD(592401ad000006f9) [82.128.19.206] RCPT TO:<aworm@supanet.com>
03:15 23:59 SMTPD(59130260000006e6) [82.128.19.206] RCPT TO:<avonkrad@naver.com>
03:15 23:59 SMTP-(369b024600000b98) 250 ok 1268668742 qp 3426
03:15 23:59 SMTP-(369b024600000b98) rdeliver yahoogroups.com acba_functions@yahoogroups.com (1) <imf.update@neu.com.cn> 2435
03:15 23:59 SMTP-(369b024600000b98) >QUIT
03:15 23:59 SMTPD(59160093000006eb) [82.128.19.206] RCPT TO:<avs.comp@northlink.net>
03:15 23:59 SMTP-(36b501a100000bb9) 250-nlpi081.prodigy.net Hello [我的ip], pleased to meet you
03:15 23:59 SMTP-(36b501a100000bb9) 250 ENHANCEDSTATUSCODES
03:15 23:59 SMTP-(36b501a100000bb9) >MAIL FROM:<imf.update@neu.com.cn>
03:15 23:59 SMTP-(36b302d200000bb6) 550 No Such User Here
03:15 23:59 SMTP-(36b302d200000bb6) >QUIT
03:15 23:59 SMTP-(368d02c000000b87) 571 Email from 我的ip is currently blocked by Verizon

Online's anti-spam system. The email sender or Email Service Provider may visit

http://www.verizon.net/whitelist and request removal of the block. 100315
03:15 23:59 SMTP-(368d02c000000b87) SMTP_DELIV_FAILED
03:15 23:59 SMTP-(368d02c000000b87) >QUIT
03:15 23:59 SMTP-(368d02c000000b87)
03:15 23:59 SMTP-(368d02c000000b87) Trying bewerbung-gut.de (0)

作者: ineedrmb 时间: 2010-3-29 11:11
说了和木马无关了，你这种情况只可能是被盗用作转发了，通过日志查询器找到那个帐号就行了。

作者: badboylife 时间: 2010-3-29 17:46

原帖由 ineedrmb 于 2010-3-29 11:11 发表
说了和木马无关了，你这种情况只可能是被盗用作转发了，通过日志查询器找到那个帐号就行了。

斑竹，日志查询器是在哪里？8.22有吗？从来没用过

作者: tdk 时间: 2010-3-29 21:03
http://www.abuse.net/relay.html
先去这里测试一下有没有被匿名中继的可能

作者: badboylife 时间: 2010-3-30 09:37
谢谢斑竹 tdk ，去了你给的网页，测试没有被匿名中继

作者: lgj858 时间: 2010-3-30 14:14
日志的筛选分析工具本身就自带的
到开始菜单里面去找

作者: badboylife 时间: 2010-3-30 16:43
呵呵，找到筛选分析工具了，用imai好多年，还是第一次用

挺好使的
谢谢斑竹

作者: tdk 时间: 2010-3-30 20:41
标题: 回复 16楼 badboylife 的帖子
用了筛选工具，有结果了吗

作者: badboylife 时间: 2010-4-7 12:26
筛选日志，不太看得懂，斑竹帮分析分析我贴上来
Analyze V1.0

Log Start 04/06 00:02:00 - Log End 04/06 23:59:00
Logs Analyzed:
D:\IMail\spool\sys0406.txt
-------------------------------------------------------------------------------
SMTPD Connections
Occurrences Connecting IP
-------------------------------------------------------------------------------
Total - 1384

1,067 我的ip
10 timed
6 190.131.27.85
4 90.194.207.217
3 12.130.137.125
2 75.223.8.15
2 80.188.115.92
.......
-------------------------------------------------------------------------------
SMTPD Errors
Occurrences Error
-------------------------------------------------------------------------------
Total - 3

1 Invalid User IP = 118.168.141.12
1 Invalid User IP = 118.168.142.81
1 Invalid User IP = 114.45.1.39
-------------------------------------------------------------------------------
SMTP Local Deliveries
Occurrences Recipient
-------------------------------------------------------------------------------
Total - 145

61 我的用户1
47 我的用户2
37 我的用户3
-------------------------------------------------------------------------------
SMTP Senders (Remote Deliveries)
Occurrences Sender
-------------------------------------------------------------------------------
Total - 0
-------------------------------------------------------------------------------
SMTP Senders (Local Deliveries)
Occurrences Sender
-------------------------------------------------------------------------------

Total - 145

3 anamaria_jodieyt@emr.net
3 malisaelisaqk@alfa.com
3 florrie_juli_je@ge-smart.com
3 backjj@latimes.com
3 eldora_rubi_sp@wwdb.org
3 e.darnellji@gbusiness.com
3 c_tracy_ww@ryeco.com
3 roadbedem@wixgame.com
3 temilia_it@carrier.utc.com
3 trompe3y@sofitel.com
3 v.sherriepb@wmle.com
3 bjacqualine_bm@ep.com
3 boughtmd@yourdictionary.com
3 vickey_olimpia_dv@novellus.com
3 t_indiraga@jencoprod.com
3 distinguishkj@maylane.com
3 biniv5@911tabs.com
3 n_brandoneg@jmfarms.com
3 mlidiajo@aebi.com
3 angeleleonorch@avaya.com
3 kamilahmuoi_xd@accused.com
3 nakiafletabg@litai.com
3 mdiamondjv@dyckes.com
3 cleotildelouiexj@ksb.com
3 t_marhta_ce@toto.net
3 extracellulareg@vignette.com
3 carolynn.svetlanaok@naturalimpulse.com
3 alease.cheryllls@telenor.com
2 我的用户1
2 我的用户2
1 uxaee8450@sky.com
1 ogysew2559@hinet.net
1 ozeymumiy3839@otenet.gr
..........
-------------------------------------------------------------------------------
SMTP Remote Delivieries
Occurrences Recipient
-------------------------------------------------------------------------------
Total - 0
-------------------------------------------------------------------------------
SMTP Deliveries to host
Occurrences Host
-------------------------------------------------------------------------------
Total - 0
-------------------------------------------------------------------------------
SMTP Errors
Occurrences Error
-------------------------------------------------------------------------------
Total - 0
-------------------------------------------------------------------------------
SMTP Mx Failures
Occurrences IP
-------------------------------------------------------------------------------
Total - 0
-------------------------------------------------------------------------------
Web Logins
Occurrences User
-------------------------------------------------------------------------------
Total - 0
-------------------------------------------------------------------------------
Web Files
Occurrences File
-------------------------------------------------------------------------------
Total - 0
-------------------------------------------------------------------------------
Web HEAD Requests
Occurrences IP
-------------------------------------------------------------------------------
Total - 0
-------------------------------------------------------------------------------
Web Hits
Occurrences IP
------------------------------------------------------------------------------
Total - 0
-------------------------------------------------------------------------------
Web Errors
Occurrences IP
-------------------------------------------------------------------------------
Total - 0
-------------------------------------------------------------------------------
Pop Logon
Occurrences User
-------------------------------------------------------------------------------
Total - 67

59 我的用户3
4 我的用户2
4 我的用户1
-------------------------------------------------------------------------------
IMAP Login
Occurrences User
------------------------------------------------------------------------------
Total - 0
-------------------------------------------------------------------------------
IMAP Errors
Occurrences User
-------------------------------------------------------------------------------
Total - 0
-------------------------------------------------------------------------------
POP Errors
Occurrences User
-------------------------------------------------------------------------------
Total - 0
-------------------------------------------------------------------------------
Unknown Log Lines
Occurrences Message
-------------------------------------------------------------------------------
Total - 110

72 ***************************************************
36 Listen Thread Exiting - ***************************
2 Protocol Handler Invalid State 1
-------------------------------------------------------------------------------
Domain Senders - Remote Delivery
Size Occurrences Domain
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Remote Delivery - Senders
Size Occurrences Sender
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Remote Recipients by Domain
Size Occurrences Domain
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Local Recipients by Sender Domain
Size Occurrences Domain
-------------------------------------------------------------------------------

27,341 3 我的域名
20,329 2 doruk.net.tr
19,166 2 telecomitalia.it
18,516 3 maylane.com
18,441 2 rima-tde.net
18,345 3 wixgame.com
18,327 3 latimes.com
18,294 3 yourdictionary.com
18,189 3 sofitel.com
18,176 2 saudi.net.sa
18,138 3 vignette.com
18,051 3 911tabs.com
15,281 2 sky.com
14,514 2 alicedsl.de
14,204 1 info.snapfish.com
10,843 1 verizon.net
10,802 1 fpt.vn
10,735 1 veloxzone.com.br
10,179 1 ono.com
10,135 1 virtua.com.br
10,056 1 gaoland.net
10,049 1 com.pl
10,032 1 hinet.net
9,876 1 brasiltelecom.net.br
9,813 1 ukrtel.net
9,740 1 danisnet.md
9,738 1 btopenworld.com
..........
-------------------------------------------------------------------------------
Local Deliveries by Sender
Size Occurrences Sender
-------------------------------------------------------------------------------

18,516 3 distinguishkj@maylane.com
18,345 3 roadbedem@wixgame.com
18,329 2 我的用户1
18,327 3 backjj@latimes.com
18,294 3 boughtmd@yourdictionary.com
18,189 3 trompe3y@sofitel.com
18,138 3 extracellulareg@vignette.com
18,051 3 biniv5@911tabs.com
14,204 1 snapfish@info.snapfish.com
10,843 1 asevaa5093@verizon.net
10,802 1 oqania7573@fpt.vn
10,735 1 fodyd6823@veloxzone.com.br
10,457 1 ulylyewemu6133@doruk.net.tr
10,179 1 egosoisu9505@ono.com
10,135 1 wenobeje2853@virtua.com.br
10,056 1 xusihejyx4285@gaoland.net
................
-------------------------------------------------------------------------------
Local Recipients

Size Occurrences User
-------------------------------------------------------------------------------

236,319 47 我的用户1
205,628 61 我的用户2
153,391 37 我的用户3
-------------------------------------------------------------------------------
Local Recipent Domains
Size Occurrences Domain
-------------------------------------------------------------------------------
595,338 145 我的域名

作者: ineedrmb 时间: 2010-4-9 16:54
从你的日志分析结果里看，并没有明显的被利用的情况。

作者: badboylife 时间: 2010-4-12 10:01
SMTP Senders (Local Deliveries) 是什么意思，这里大部分都是别人的邮箱地址，怎么就成了sender了？

作者: shaosenjiang 时间: 2010-9-9 06:08
标题: 我也遇到了相同问题
我也遇到了相同问题，谁能帮帮我啊！！！！

作者: jiang_tao 时间: 2010-10-26 12:20
用isplcln吧，参数比如加 -n 5 -l 30 删除所有的5天以上的没有日志的邮件和30天以上的有日志的邮件.

作者: ineedrmb 时间: 2010-10-28 11:58
删日志并不是好办法，关键要找到日志过大的原因所在。

欢迎光临邮件服务器-邮件系统-邮件技术论坛(BBS) (http://5dmail.net/bbs/)