[求助]怎么查出局域几哪部机在发病毒邮件？

cove

也许不该在这里提问的^_^<br>
<br>
从Imail的记录文件里可以查出一个IP在发病毒邮件，而刚好这个IP是我自己的局域的IP。现在的问题是怎么查出是哪部机在发病毒邮件？用什么软件？<br>
<br>

cloudx

你怎么查到的？把你的日志文件帖出来看看？

badwrs2000

你都知道是自己的局域的IP，还不知道是哪部机器？？

cove

20040510 060508 127.0.0.1 SMTPD (0027012C) [127.0.0.1] MAIL FROM:<webmaster@****.com><br>
20040510 060508 127.0.0.1 SMTPD (0027012C) [127.0.0.1] RCPT TO:<huili5198@sina.com><br>
20040510 060508 127.0.0.1 SMTPD (0027012C) [127.0.0.1] d:\IMail\spool\Dab140027012c8553.SMD 1285<br>
20040510 060508 127.0.0.1 SMTPD (0027012C) performing antispam checks<br>
20040510 060942 127.0.0.1 SMTPD (0028012C) [61.***.***.***] connect 61.157.139.230 port 37015<br>
20040510 060942 127.0.0.1 SMTPD (0028012C) [61.157.139.230] EHLO ****.com<br>
20040510 060942 127.0.0.1 SMTPD (0028012C) [61.157.139.230] MAIL FROM:<game@****.com><br>
20040510 060942 127.0.0.1 SMTPD (0028012C) [61.157.139.230] RCPT TO:<webmaster@****.com><br>
20040510 060942 127.0.0.1 SMTPD (0028012C) [61.157.139.230] ERR ****.com invalid user <webmaster@****.com<br>
20040510 063233 127.0.0.1 SMTP (00000000) Info - Queue manager starting Queue run 87 <br>
20040510 064816 127.0.0.1 SMTPD (0029012C) [61.***.***.***] connect 61.129.59.47 port 17129<br>
20040510 064816 127.0.0.1 SMTPD (0029012C) [61.129.59.47] HELO mx47.eachnet.com<br>
20040510 064816 127.0.0.1 SMTPD (0029012C) [61.129.59.47] MAIL FROM:<eoi@eachnet.com><br>
20040510 064816 127.0.0.1 SMTPD (0029012C) [61.129.59.47] RCPT TO:<tenten@****.net><br>
20040510 064816 127.0.0.1 SMTPD (0029012C) [61.129.59.47] d:\IMail\spool\Db5300029012c0553.SMD 14962<br>
20040510 064816 127.0.0.1 SMTPD (0029012C) performing antispam checks<br>
20040510 064849 127.0.0.1 SMTP (0368002B) processing d:\IMail\spool\Qb5300029012c0553.SMD<br>
20040510 064849 127.0.0.1 SMTP (0368002B) Got White List and Content Filter for ****.com<br>
20040510 064849 127.0.0.1 SMTP (0368002B) [eachnet.com] in white list<br>
20040510 064849 127.0.0.1 SMTP (0368002B) ldeliver chencheng.net tenten-main (1) eoi@eachnet.com 14962<br>
20040510 064849 127.0.0.1 SMTP (0368002B) ldeliver ****.com all-main (1) eoi@eachnet.com 14962<br>
20040510 064849 127.0.0.1 SMTP (0368002B) finished d:\IMail\spool\Qb5300029012c0553.SMD status=1<br>
20040510 070234 127.0.0.1 SMTP (00000000) Info - Queue manager starting Queue run 88 <br>
20040510 073234 127.0.0.1 SMTP (00000000) Info - Queue manager starting Queue run 89 <br>
20040510 080234 127.0.0.1 SMTP (00000000) Info - Queue manager starting Queue run 90 <br>
20040510 083234 127.0.0.1 SMTP (00000000) Info - Queue manager starting Queue run 91 <br>
20040510 085531 127.0.0.1 SMTPD (002A012C) [61.***.***.***] connect 61.157.139.230 port 37725<br>
20040510 085531 127.0.0.1 SMTPD (002A012C) [61.157.139.230] EHLO ****.com<br>
20040510 085531 127.0.0.1 SMTPD (002A012C) [61.157.139.230] MAIL FROM:<zhang98722@6.com.cn><br>
20040510 085531 127.0.0.1 SMTPD (002A012C) [61.157.139.230] RCPT TO:<webmaster@****.com><br>
20040510 085531 127.0.0.1 SMTPD (002A012C) [61.157.139.230] ERR ****.com invalid user <webmaster@****.com<br>
20040510 090234 127.0.0.1 SMTP (00000000) Info - Queue manager starting Queue run 92 <br>
SYSLOGD 8.01, Copyright ? 1994-2001, Ipswitch, Inc.<br>
20040510 091459 0.0.0.0:514 Server ready for action<br>
20040510 092915 127.0.0.1 POP3D (00000198) logon success for cove ****.com from 220.***.***.***<br>
20040510 092916 127.0.0.1 POP3D (00000198) logoff for cove R:1, D:0, P:0<br>
20040510 092920 127.0.0.1 POP3D (00000198) logon success for cove ****.com from 220.***.***.***<br>
20040510 092921 127.0.0.1 POP3D (00000198) logoff for cove R:1, D:1, P:0<br>
20040510 094458 127.0.0.1 SMTP (00000000) Info - Queue manager starting Queue run 1 <br>
20040510 094712 127.0.0.1 SMTPD (01FF0082) [61.***.***.***] connect 220.***.***.*** port 45306<br>
20040510 094712 127.0.0.1 SMTPD (015C00C2) [61.***.***.***] connect 220.***.***.*** port 45307<br>
20040510 094712 127.0.0.1 SMTPD (01FF0082) [220.***.***.***] EHLO ****.com<br>
20040510 094712 127.0.0.1 SMTPD (015C00C2) [220.***.***.***] EHLO ****.com<br>
20040510 094712 127.0.0.1 SMTPD (01FF0082) [220.***.***.***] MAIL FROM:<angie@taiwanslot.com.tw><br>
20040510 094712 127.0.0.1 SMTPD (015C00C2) [220.***.***.***] MAIL FROM:<sm01084@****.com><br>
20040510 094712 127.0.0.1 SMTPD (01FF0082) [220.***.***.***] RCPT TO:<01020@****.com><br>
20040510 094712 127.0.0.1 SMTPD (01FF0082) [220.***.***.***] ERR ****.com invalid user <01020@****.com<br>
20040510 094712 127.0.0.1 SMTPD (015C00C2) [220.***.***.***] RCPT TO:<chinagame@****.com><br>
20040510 094717 127.0.0.1 SMTPD (02030082) [61.***.***.***] connect 220.***.***.*** port 45310<br>
20040510 094717 127.0.0.1 SMTPD (02030082) [220.***.***.***] EHLO ****.com<br>
20040510 094717 127.0.0.1 SMTPD (02030082) [220.***.***.***] MAIL FROM:<20040504101100.sm01060@****.com><br>
20040510 094717 127.0.0.1 SMTPD (02030082) [220.***.***.***] RCPT TO:<01020@****.com><br>
20040510 094717 127.0.0.1 SMTPD (02030082) [220.***.***.***] ERR ****.com invalid user <01020@****.com<br>
20040510 094717 127.0.0.1 SMTPD (02040082) [61.***.***.***] connect 220.***.***.*** port 45311<br>
20040510 094717 127.0.0.1 SMTPD (02040082) [220.***.***.***] EHLO ****.com<br>
20040510 094718 127.0.0.1 SMTPD (02040082) [220.***.***.***] MAIL FROM:<56098832@****.com><br>
20040510 094718 127.0.0.1 SMTPD (02040082) [220.***.***.***] RCPT TO:<chinagame@****.com><br>
20040510 094722 127.0.0.1 SMTPD (02040082) [220.***.***.***] d:\IMail\spool\Ddf26020400827434.SMD 0<br>
20040510 094722 127.0.0.1 SMTPD (02040082) performing antispam checks<br>
20040510 094722 127.0.0.1 SMTPD (02040082) [00001812] <****.com> BLACKLIST: connecting to service (spamhaus:*:sbl.spamhaus.org)<br>
20040510 094723 127.0.0.1 SMTPD (015C00C2) [220.***.***.***] d:\IMail\spool\Ddf20015c00c25e2b.SMD 0<br>
20040510 094723 127.0.0.1 SMTPD (015C00C2) performing antispam checks<br>
20040510 094723 127.0.0.1 SMTPD (015C00C2) [00001488] <****.com> BLACKLIST: connecting to service (spamhaus:*:sbl.spamhaus.org)<br>
20040510 094725 127.0.0.1 SMTPD (015D00C2) [61.***.***.***] connect 220.***.***.*** port 45317<br>
20040510 094725 127.0.0.1 SMTPD (015D00C2) [220.***.***.***] EHLO ****.com<br>
20040510 094725 127.0.0.1 SMTPD (015D00C2) [220.***.***.***] MAIL FROM:<0050156167@terrapinnmail.terrapinn.com><br>
20040510 094725 127.0.0.1 SMTPD (015D00C2) [220.***.***.***] RCPT TO:<89849886@****.com><br>
20040510 094725 127.0.0.1 SMTPD (015D00C2) [220.***.***.***] ERR ****.com invalid user <89849886@****.com<br>
20040510 094725 127.0.0.1 SMTPD (015F00C2) [61.***.***.***] connect 220.***.***.*** port 45318<br>
20040510 094725 127.0.0.1 SMTPD (015F00C2) [220.***.***.***] EHLO ****.com<br>
20040510 094725 127.0.0.1 SMTPD (015F00C2) [220.***.***.***] MAIL FROM:<peter@taiwanslot.com.tw><br>
20040510 094725 127.0.0.1 SMTPD (015F00C2) [220.***.***.***] RCPT TO:<editor@****.com><br>
20040510 094729 127.0.0.1 SMTPD (015F00C2) [220.***.***.***] d:\IMail\spool\Ddf2d015f00c29151.SMD 0<br>
20040510 094729 127.0.0.1 SMTPD (015F00C2) performing antispam checks<br>
20040510 094729 127.0.0.1 SMTPD (015F00C2) [00001448] <****.com> BLACKLIST: connecting to service (spamhaus:*:sbl.spamhaus.org)<br>
20040510 094734 127.0.0.1 SMTPD (016200C2) [61.***.***.***] connect 220.***.***.*** port 45321<br>
20040510 094734 127.0.0.1 SMTPD (016200C2) [220.***.***.***] EHLO ****.com<br>
20040510 094734 127.0.0.1 SMTPD (016200C2) [220.***.***.***] MAIL FROM:<help@winzip.com><br>
20040510 094734 127.0.0.1 SMTPD (016200C2) [220.***.***.***] RCPT TO:<01052@****.com><br>
20040510 094734 127.0.0.1 SMTPD (016200C2) [220.***.***.***] ERR ****.com invalid user <01052@****.com<br>
20040510 094743 127.0.0.1 SMTPD (016700C2) [61.***.***.***] connect 220.***.***.*** port 45325<br>
20040510 094743 127.0.0.1 SMTPD (016700C2) [220.***.***.***] EHLO ****.com<br>
<br>
220.****是我现在的IP，61.**是我服务器的IP ***.com是我的域名<br>
<br>
<br>
我想，贴出这么多应该可以证明了是我的局域里的机器在发病毒邮件了吧。至于我不知道是哪部机器，，那是因为、、、我不可能只设定我一部机可以发E-mail而别的机不可以发吧(虽然我做得到，但做不得)

badwrs2000

那你的问题应该不是 “而刚好这个IP是我自己的局域的IP” <br>
<br>
提问请描述清楚！ 谢谢合作！

badwrs2000

你可以在 220.**** 上查看TCP连接情况吗？<br>
<br>
或者你可以在局域网里sniffer啊～