邮件服务器-邮件系统-邮件技术论坛(BBS)

标题: 最近被一病毒邮件攻击，有类似的吗？ [打印本页]

作者: lxwind 时间: 2004-1-29 09:54
标题: 最近被一病毒邮件攻击，有类似的吗？
这个系统运行一年多了，这两天，被病毒邮件攻击。有相同的吗？ 
不过系统到是非常正常，其实所有病毒邮件都被自动删了，而且攻击IP自动BAN。就是太无聊了。唉！ 
 
=================================================== 
# 阻止/自动 IP 屏蔽数据库 
# 
# 此文件列出了所有会自动屏蔽的 IP 地址，通过 
# 阻止/自动 IP 屏蔽系统. 
# 
# 此格式的条目: IP<空格>分钟 
# 如: 192.168.0.1 60 - 这意味着 192.168.0.1 60 分钟 
# 内不能连接。 
 
210.65.143.68 1 
218.15.145.72 4 
218.90.6.185 5 
24.201.245.36 7 
61.144.173.141 7 
211.140.105.84 9 
218.6.24.194 9 
218.91.111.172 11 
61.243.34.147 11 
218.27.162.18 12 
202.109.129.254 12 
218.75.48.174 15 
211.19.45.233 16 
61.155.112.43 17 
61.154.252.186 81 
67.85.37.51 82 
218.20.115.24 82 
221.229.241.26 83 
61.177.30.129 83 
218.0.124.106 84 
61.155.112.42 84 
218.28.11.251 85 
61.48.76.123 86 
202.108.35.192 88 
218.0.127.125 90 
219.238.159.142 91 
202.104.155.176 331 
218.72.8.67 332 
219.146.32.166 332 
61.149.103.126 333 
210.51.21.26 333 
218.104.129.24 334 
61.147.145.200 335 
211.157.4.65 335 
61.183.69.148 337 
218.80.45.187 337 
218.17.95.188 340 
202.108.255.197 341 
210.21.197.26 341 
202.96.209.52 342 
218.16.42.197 343 
61.128.128.118 344 
61.185.39.188 344 
61.145.153.22 345 
218.16.53.167 347 
218.59.16.161 348 
61.179.12.114 349 
218.91.208.58 349 
61.149.95.247 353 
218.13.162.127 353 
202.101.42.5 355 
210.243.202.121 356 
218.62.33.163 357 
218.16.45.38 357 
219.234.223.101 357 
219.156.111.121 359 
==================================================== 
 
 
 
 
Thu 2004-01-29 09:43:58: [704:389:2] 接收 SMTP 来自[61.171.209.228 : 65380]的连接 
Thu 2004-01-29 09:43:58: [704:389:2] Looking up PTR record for 61.171.209.228 (228.209.171.61.IN-ADDR.ARPA) 
Thu 2004-01-29 09:43:58: [704:389:2] 名称服务器报告域名未知。 
Thu 2004-01-29 09:43:58: [704:389:2] --> 220 toyoshima.cc ESMTP MDaemon 6.8.5; Thu, 29 Jan 2004 09:43:58 +0800 
Thu 2004-01-29 09:43:58: [704:389:2] <-- HELO RsProxy 
Thu 2004-01-29 09:43:58: [704:389:2] Performing reverse lookup on RsProxy (looking for 61.171.209.228) 
Thu 2004-01-29 09:43:58: [704:389:2] 名称服务器报告域名未知。 
Thu 2004-01-29 09:43:58: [704:389:2] --> 501 DNS 说 <RsProxy> 并不是一个真实的域名。 
Thu 2004-01-29 09:44:05: [704:389:2] Socket connection closed by the other side (how rude!) 
Thu 2004-01-29 09:44:05: [704:389:2] SMTP 连接异常终止，已发送 14 字节。 
Thu 2004-01-29 09:44:05: ---------- 
Thu 2004-01-29 09:43:45: [820:386:1] 接收 SMTP 来自[211.148.140.93 : 1557]的连接 
Thu 2004-01-29 09:43:45: [820:386:1] Looking up PTR record for 211.148.140.93 (93.140.148.211.IN-ADDR.ARPA) 
Thu 2004-01-29 09:43:54: [820:386:1] 10 秒等候 DNS 回复，时间已到 
Thu 2004-01-29 09:43:54: [820:386:1] --> 220 toyoshima.cc ESMTP MDaemon 6.8.5; Thu, 29 Jan 2004 09:43:54 +0800 
Thu 2004-01-29 09:44:15: [820:386:1] <-- EHLO pconline.com.cn 
Thu 2004-01-29 09:44:15: [820:386:1] Socket connection closed by the other side (how rude!) 
Thu 2004-01-29 09:44:15: [820:386:1] SMTP 连接异常终止，已发送 44 字节。 
Thu 2004-01-29 09:44:15: ---------- 
Thu 2004-01-29 09:44:14: [520:392:4] 接收 SMTP 来自[219.159.1.247 : 1888]的连接 
Thu 2004-01-29 09:44:14: [520:392:4] Looking up PTR record for 219.159.1.247 (247.1.159.219.IN-ADDR.ARPA) 
Thu 2004-01-29 09:44:14: [520:392:4] 名称服务器报告域名未知。 
Thu 2004-01-29 09:44:14: [520:392:4] --> 220 toyoshima.cc ESMTP MDaemon 6.8.5; Thu, 29 Jan 2004 09:44:14 +0800 
Thu 2004-01-29 09:44:15: [520:392:4] <-- EHLO tom.com 
Thu 2004-01-29 09:44:15: [520:392:4] Performing reverse lookup on tom.com (looking for 219.159.1.247) 
Thu 2004-01-29 09:44:15: [520:392:4] D=tom.com TTL=(22) A=[61.135.158.103] 
Thu 2004-01-29 09:44:15: [520:392:4] P=010 D=tom.com TTL=(30) MX=[tommx.163.net] {202.108.255.210} 
Thu 2004-01-29 09:44:15: [520:392:4] --> 250-toyoshima.cc Hello tom.com(可能被伪造), 很高兴见到你 
Thu 2004-01-29 09:44:15: [520:392:4] --> 250-VRFY 
Thu 2004-01-29 09:44:15: [520:392:4] --> 250-ETRN 
Thu 2004-01-29 09:44:15: [520:392:4] --> 250-AUTH=LOGIN 
Thu 2004-01-29 09:44:15: [520:392:4] --> 250-AUTH LOGIN CRAM-MD5 
Thu 2004-01-29 09:44:15: [520:392:4] --> 250-8BITMIME 
Thu 2004-01-29 09:44:15: [520:392:4] --> 250 SIZE 102400000 
Thu 2004-01-29 09:44:17: [520:392:4] <-- MAIL FROM:<yourname@tom.com> 
Thu 2004-01-29 09:44:17: [520:392:4] Performing reverse lookup on tom.com (looking for 219.159.1.247) 
Thu 2004-01-29 09:44:17: [520:392:4] D=tom.com TTL=(22) A=[61.135.158.106] 
Thu 2004-01-29 09:44:17: [520:392:4] P=010 D=tom.com TTL=(30) MX=[tommx.163.net] {202.108.255.210} 
Thu 2004-01-29 09:44:17: [520:392:4] 垃圾邮件封锁器正在检查 219.159.1.247 (正在连接 IP) 
Thu 2004-01-29 09:44:26: [520:392:4] Spam Blocker 10 秒等候 DNS 回复，时间已到 
Thu 2004-01-29 09:44:26: [520:392:4] --> 250 <yourname@tom.com> ，发信人完成。 
Thu 2004-01-29 09:44:27: [520:392:4] Socket connection closed by the other side (how rude!) 
Thu 2004-01-29 09:44:27: [520:392:4] SMTP 连接异常终止，已发送 44 字节。 
Thu 2004-01-29 09:44:27: ---------- 
Thu 2004-01-29 09:44:10: [680:391:3] 接收 SMTP 来自[211.150.214.148 : 4484]的连接 
Thu 2004-01-29 09:44:10: [680:391:3] Looking up PTR record for 211.150.214.148 (148.214.150.211.IN-ADDR.ARPA) 
Thu 2004-01-29 09:44:10: [680:391:3] 名称服务器报告域名未知。 
Thu 2004-01-29 09:44:10: [680:391:3] --> 220 toyoshima.cc ESMTP MDaemon 6.8.5; Thu, 29 Jan 2004 09:44:10 +0800 
Thu 2004-01-29 09:44:10: [680:391:3] <-- EHLO 21cn.com 
Thu 2004-01-29 09:44:10: [680:391:3] Performing reverse lookup on 21cn.com (looking for 211.150.214.148) 
Thu 2004-01-29 09:44:10: [680:391:3] D=21cn.com TTL=(47) A=[61.140.60.21] 
Thu 2004-01-29 09:44:10: [680:391:3] P=010 D=21cn.com TTL=(108) MX=[mta2.21cn.com] {61.140.60.70} 
Thu 2004-01-29 09:44:10: [680:391:3] P=010 D=21cn.com TTL=(108) MX=[mta.21cn.com] {61.140.60.20} 
Thu 2004-01-29 09:44:10: [680:391:3] --> 250-toyoshima.cc Hello 21cn.com(可能被伪造), 很高兴见到你 
Thu 2004-01-29 09:44:10: [680:391:3] --> 250-VRFY 
Thu 2004-01-29 09:44:10: [680:391:3] --> 250-ETRN 
Thu 2004-01-29 09:44:10: [680:391:3] --> 250-AUTH=LOGIN 
Thu 2004-01-29 09:44:10: [680:391:3] --> 250-AUTH LOGIN CRAM-MD5 
Thu 2004-01-29 09:44:10: [680:391:3] --> 250-8BITMIME 
Thu 2004-01-29 09:44:10: [680:391:3] --> 250 SIZE 102400000 
Thu 2004-01-29 09:44:11: [680:391:3] <-- MAIL FROM:<tocool@21cn.com> 
Thu 2004-01-29 09:44:11: [680:391:3] Performing reverse lookup on 21cn.com (looking for 211.150.214.148) 
Thu 2004-01-29 09:44:11: [680:391:3] D=21cn.com TTL=(47) A=[61.140.60.66] 
Thu 2004-01-29 09:44:11: [680:391:3] P=010 D=21cn.com TTL=(108) MX=[mta2.21cn.com] {61.140.60.70} 
Thu 2004-01-29 09:44:11: [680:391:3] P=010 D=21cn.com TTL=(108) MX=[mta.21cn.com] {61.140.60.20} 
Thu 2004-01-29 09:44:11: [680:391:3] 垃圾邮件封锁器正在检查 211.150.214.148 (正在连接 IP) 
Thu 2004-01-29 09:44:20: [680:391:3] Spam Blocker 10 秒等候 DNS 回复，时间已到 
Thu 2004-01-29 09:44:20: [680:391:3] --> 250 <tocool@21cn.com> ，发信人完成。 
Thu 2004-01-29 09:44:23: [680:391:3] <-- RCPT TO:<web@crsky.com> 
Thu 2004-01-29 09:44:23: [680:391:3] 遇到超过 1 个 RCPT 命令; 此连接被阻止 9999 秒延迟 
Thu 2004-01-29 09:44:23: [680:391:3] --> 250 <web@crsky.com>，收信人完成。 
Thu 2004-01-29 09:44:35: [680:391:3] Socket connection closed by the other side (how rude!) 
Thu 2004-01-29 09:44:35: [680:391:3] SMTP 连接异常终止，已发送 75 字节。 
Thu 2004-01-29 09:44:35: ---------- 
================================================================

作者: lxwind 时间: 2004-1-29 11:38
标题: Re:最近被一病毒邮件攻击，有类似的吗？
<a target=_blank href=http://securityresponse1.symantec.com/sarc/sarc-cn.nsf/html/cn-w32.novarg.a@mm.html>http://securityresponse1.symantec.com/sarc/sarc-cn.nsf/html/cn-w32.novarg.a@mm.html</a>

作者: aronin 时间: 2004-2-11 19:37
标题: Re:最近被一病毒邮件攻击，有类似的吗？
有我这里遇到的比你厉害得多，每分钟近五百的

作者: jiawang5211 时间: 2004-2-12 09:50
标题: Re:最近被一病毒邮件攻击，有类似的吗？
我们的也是呀，好在服务器挺得住 
可是总这样也不是办法呀

作者: 钉子 时间: 2004-2-12 13:18
标题: Re:最近被一病毒邮件攻击，有类似的吗？
最近的病毒真的很让人头痛.

作者: lyvinglin 时间: 2004-3-25 12:06
标题: Re:最近被一病毒邮件攻击，有类似的吗？
如何啟動垃圾邮件封锁器呢?

欢迎光临邮件服务器-邮件系统-邮件技术论坛(BBS) (http://5dmail.net/bbs/)