邮件服务器-邮件系统-邮件技术论坛(BBS)

标题: imail 遭代理攻击 [打印本页]

---

作者: seganet    时间: 2009-11-26 09:04
标题: imail 遭代理攻击
imail 系统遭遇国外代理的ip攻击 把25端口都堵塞了
看日志是用服务器内已经不存在的用户往外发信

11:26 08:53 SMTPD(d19200ca0000079d) [81.95.8.80] RCPT TO:<cndomain@hotsales.net> ORCPT=rfc822;cndomain@hotsales.net
11:26 08:53 SMTPD(d19200d40000079b) [213.217.40.74] RCPT TO:<bjgwl@hotsales.net>
11:26 08:53 SMTPD(d19200d40000079b) [213.217.40.74] ERR hotsales.net invalid user <bjgwl@hotsales.net
11:26 08:53 SMTPD(d19200bb000007a0) [207.200.19.209] RCPT TO:<weiguowujin@hotsales.net>
11:26 08:53 SMTPD(d19200bb000007a0) [207.200.19.209] ERR hotsales.net invalid user <weiguowujin@hotsales.net
11:26 08:53 SMTPD(d19200870000079f) [200.196.186.120] MAIL FROM:<yangbin@hotsales.net>
11:26 08:53 SMTPD(d19301e0000007a2) [192.168.0.237] connect 113.106.201.7 port 2271
11:26 08:53 SMTPD(d19200ca0000079d) [81.95.8.80] g:\spool\Dd19200ca0000079d.SMD 1229
11:26 08:53 SMTPD(d19200ca0000079d) performing antispam checks
11:26 08:53 SMTPD(d19300c2000007a3) [192.168.0.237] connect 110.43.27.159 port 3059
11:26 08:53 SMTPD(d19300c2000007a3) [110.43.27.159] ehlo 163.com
11:26 08:53 SMTP-(d191008300000798) 250 Mail OK queued as mx2,IMmowLD7HgGH0Q1LQPSuJg--.58862S2 1259196808
11:26 08:53 SMTP-(d191008300000798) rdeliver 126.com zhangli1301@126.com (1) <zhangl@hotsales.net> 35329
11:26 08:53 SMTP-(d191008300000798) >QUIT
11:26 08:53 SMTP-(d191008300000798) 221 Bye
11:26 08:53 SMTP-(d191008300000798) finished g:\spool\Qd191008300000798.SMD status=1
11:26 08:53 SMTPD(d19301e0000007a2) [113.106.201.7] ehlo xuancai.com
11:26 08:53 SMTPD(d19300c2000007a3) [110.43.27.159] Mail from:<fddddddddd00@163.com>
11:26 08:53 SMTPD(d19300c2000007a3) [110.43.27.159] RCPT to:<cdtaoshi@hotsales.net>
11:26 08:53 SMTPD(d19300c2000007a3) [110.43.27.159] ERR hotsales.net invalid user <cdtaoshi@hotsales.net
11:26 08:53 SMTPD(d19200870000079f) [200.196.186.120] RCPT TO:<yangbin@hotsales.net>
11:26 08:53 SMTPD(d19200870000079f) [200.196.186.120] ERR hotsales.net invalid user <yangbin@hotsales.net
11:26 08:53 SMTPD(d19400bb000007a4) [192.168.0.237] connect 59.55.242.80 port 2984
11:26 08:53 SMTPD(d19301e0000007a2) [113.106.201.7] Mail from:<lipeng@xuancai.com>
11:26 08:53 SMTPD(d19400bb000007a4) [59.55.242.80] ehlo gmail.com
11:26 08:53 SMTPD(d19301e0000007a2) [113.106.201.7] RCPT to:<mayl@hotsales.net>
11:26 08:53 SMTPD(d19301e0000007a2) [113.106.201.7] ERR hotsales.net invalid user <mayl@hotsales.net


光封ip不能解决实际问题  改端口也维持不了长时间稳定

---

作者: lgj858    时间: 2009-11-26 09:51
改端口 那不是你正常邮件都收不到
筛选分析日志

---

作者: ineedrmb    时间: 2009-12-4 13:25
用了那么多年，多台服务器也都没听说过代理攻击一说，看看是谁盗用了你的帐号了吧。

---

欢迎光临 邮件服务器-邮件系统-邮件技术论坛(BBS) (http://www.5dmail.net/bbs/)

Powered by Discuz! X3.2