exchange2003被盗用外发垃圾邮件的问题

lll11921 · 发表于 2008-10-29 15:07:57

用的exchange2003，最近发现被PBL加到了黑名单里，发到国外的信件都被退了，发现在队列里有利用postmaster发送到其他地址的信件，明显我的邮件服务器被当做垃圾邮件服务器了，请问怎样设置才能可以不让这些邮件出现？还有怎么从PBL里除掉我的IP？需要多长时间？

lmnt · 发表于 2008-10-29 15:59:01

最近这个事情忽然多了。。我也是，不知道为什么。。我明明设置了中继限制了。。。

钉子兄能出点办法不。。

lll11921 · 发表于 2008-10-30 09:05:08

没有人能帮帮忙吗？

闻烟儿去吧 · 发表于 2008-10-30 09:15:48

如果你已经设置不允许中继邮件，那检查一下你们内部是不是有电脑中病毒，乱发邮件。分析日至，看看是否能确定发这些邮件的IP。

wensing · 发表于 2008-10-30 14:47:58

看来得多看看日志..

lll11921 · 发表于 2008-10-30 15:24:22

#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2008-10-30 02:16:22
#Fields: time c-ip cs-method cs-uri-stem sc-status
02:16:22 220.168.178.207 EHLO - 250
02:16:22 220.168.178.207 MAIL - 454
02:16:22 220.168.178.207 QUIT - 240
02:17:23 121.33.58.81 EHLO - 250
02:17:23 121.33.58.81 MAIL - 454
02:17:23 121.33.58.81 QUIT - 240
02:17:30 220.168.172.9 EHLO - 250
02:17:30 220.168.172.9 MAIL - 454
02:17:30 220.168.172.9 QUIT - 240
02:24:45 119.123.72.195 EHLO - 250
02:24:45 119.123.72.195 MAIL - 454
02:24:45 119.123.72.195 QUIT - 240
02:26:20 116.21.254.68 EHLO - 250
02:26:20 116.21.254.68 MAIL - 454
02:26:20 116.21.254.68 QUIT - 240
02:26:55 121.33.59.147 EHLO - 250
02:27:00 121.33.59.147 MAIL - 454
02:27:00 121.33.59.147 QUIT - 240
02:27:27 116.25.238.78 EHLO - 250
02:27:27 116.25.238.78 MAIL - 454
02:27:27 116.25.238.78 QUIT - 240
02:27:49 220.168.178.207 EHLO - 250
02:27:49 220.168.178.207 MAIL - 454
02:27:49 220.168.178.207 QUIT - 240
02:29:25 220.168.174.155 EHLO - 250
02:29:25 220.168.174.155 MAIL - 454
02:29:25 220.168.174.155 QUIT - 240
02:31:05 220.168.182.47 EHLO - 250
02:31:05 220.168.182.47 MAIL - 454
02:31:05 220.168.182.47 QUIT - 240
02:31:23 121.33.59.147 EHLO - 250
02:34:13 121.33.59.147 QUIT - 240
02:41:25 61.145.121.82 - - 0
02:41:25 61.145.121.82 EHLO - 0
02:41:25 61.145.121.82 - - 0
02:41:25 61.145.121.82 - - 0
02:41:25 61.145.121.82 MAIL - 0
02:41:25 61.145.121.82 - - 0
02:41:25 61.145.121.82 RCPT - 0
02:41:25 61.145.121.82 - - 0
02:41:25 61.145.121.82 DATA - 0
02:41:25 61.145.121.82 - - 0
02:41:25 61.145.121.80 - - 0
02:41:25 61.145.121.80 EHLO - 0
02:41:25 61.145.121.80 - - 0
02:41:25 61.145.121.80 - - 0
02:41:25 61.145.121.80 MAIL - 0
02:41:25 61.145.121.80 - - 0
02:41:25 61.145.121.80 RCPT - 0
02:41:25 61.145.121.80 - - 0
02:41:25 61.145.121.80 DATA - 0
02:41:25 61.145.121.80 - - 0
02:41:27 151.12.179.200 - - 0
02:41:27 151.12.179.200 EHLO - 0
02:41:27 151.12.179.200 - - 0
02:41:27 151.12.179.200 - - 0
02:41:27 151.12.179.200 MAIL - 0
02:41:27 151.12.179.200 - - 0
02:41:27 151.12.179.200 RCPT - 0
02:41:28 151.12.179.200 - - 0
02:41:28 151.12.179.200 BDAT - 0
02:41:32 151.12.179.200 - - 0
02:41:32 151.12.179.200 QUIT - 0
02:41:32 151.12.179.200 - - 0
02:44:10 220.168.182.47 EHLO - 250
02:44:10 220.168.182.47 MAIL - 454
02:44:10 220.168.182.47 QUIT - 240
02:50:43 58.48.165.140 HELO - 250
02:50:43 58.48.165.140 MAIL - 454
02:50:43 58.48.165.140 QUIT - 240
02:54:11 220.168.173.89 EHLO - 250
02:54:11 220.168.173.89 MAIL - 454
02:54:11 220.168.173.89 QUIT - 240
02:58:47 211.151.253.88 EHLO - 250
02:58:47 211.151.253.88 MAIL - 454
02:58:47 211.151.253.88 QUIT - 240
02:59:47 211.151.253.70 EHLO - 250
02:59:47 211.151.253.70 MAIL - 454
02:59:47 211.151.253.70 QUIT - 240
03:01:27 218.19.227.185 EHLO - 250
03:01:27 218.19.227.185 MAIL - 454
03:01:27 218.19.227.185 QUIT - 240
03:01:59 203.188.201.173 HELO - 250
03:01:59 203.188.201.173 MAIL - 454
03:01:59 203.188.201.173 QUIT - 240
03:03:00 116.25.238.78 EHLO - 250
03:03:00 116.25.238.78 MAIL - 454
03:03:00 116.25.238.78 QUIT - 240
03:04:14 220.168.174.200 EHLO - 250
03:04:14 220.168.174.200 MAIL - 454
03:04:14 220.168.174.200 QUIT - 240
03:07:07 59.39.124.159 EHLO - 250
03:07:07 59.39.124.159 MAIL - 454
03:07:07 59.39.124.159 QUIT - 240
03:07:07 59.39.124.159 EHLO - 250
03:07:07 59.39.124.159 MAIL - 454
03:07:07 59.39.124.159 QUIT - 240
03:08:30 116.22.70.96 EHLO - 250
03:08:30 116.22.70.96 MAIL - 454
03:08:30 116.22.70.96 QUIT - 240
03:08:31 117.44.20.191 EHLO - 250
03:08:31 117.44.20.191 MAIL - 454
03:08:31 117.44.20.191 QUIT - 240
03:08:40 203.188.201.173 HELO - 250
03:08:40 203.188.201.173 MAIL - 454
03:08:40 203.188.201.173 QUIT - 240
03:12:40 220.168.174.155 EHLO - 250
03:12:40 220.168.174.155 MAIL - 454
03:12:40 220.168.174.155 QUIT - 240
03:12:55 121.33.66.16 EHLO - 250
03:12:58 121.33.66.16 MAIL - 454
03:12:58 121.33.66.16 QUIT - 240
03:21:44 220.168.172.9 EHLO - 250
03:21:44 220.168.172.9 MAIL - 454
03:21:44 220.168.172.9 QUIT - 240
03:27:56 119.129.255.150 EHLO - 250
03:27:56 119.129.255.150 MAIL - 454
03:27:56 119.129.255.150 QUIT - 240
03:28:40 203.188.201.173 HELO - 250
03:28:40 203.188.201.173 MAIL - 454
03:28:40 203.188.201.173 QUIT - 240
03:40:07 59.36.102.43 EHLO - 250
03:40:07 59.36.102.43 MAIL - 454
03:40:07 59.36.102.43 QUIT - 240
03:43:25 116.25.237.60 EHLO - 250
03:43:25 116.25.237.60 MAIL - 454
03:43:25 116.25.237.60 QUIT - 240
03:43:38 59.36.102.43 EHLO - 250
03:43:38 59.36.102.43 MAIL - 454
03:43:38 59.36.102.43 QUIT - 240
03:45:47 220.168.178.207 EHLO - 250
03:45:47 220.168.178.207 MAIL - 454
03:45:47 220.168.178.207 QUIT - 240
03:47:38 59.36.102.43 EHLO - 250
03:47:38 59.36.102.43 MAIL - 454
03:47:38 59.36.102.43 QUIT - 240
03:53:38 59.36.102.43 EHLO - 250
03:53:38 59.36.102.43 MAIL - 454
03:53:38 59.36.102.43 QUIT - 240
03:57:10 59.42.199.209 EHLO - 250
03:57:10 59.42.199.209 MAIL - 454
03:57:10 59.42.199.209 QUIT - 240
03:58:53 61.145.121.44 HELO - 250
03:58:53 61.145.121.44 MAIL - 454
03:58:53 61.145.121.44 QUIT - 240
03:59:21 195.62.223.38 EHLO - 250
03:59:21 195.62.223.38 MAIL - 454
03:59:21 195.62.223.38 QUIT - 240
03:59:37 59.36.102.43 EHLO - 250
03:59:37 59.36.102.43 MAIL - 454
03:59:37 59.36.102.43 QUIT - 240
04:00:22 195.62.223.38 EHLO - 250
04:00:25 195.62.223.38 MAIL - 454
04:00:25 195.62.223.38 QUIT - 240
04:01:26 195.62.223.38 EHLO - 250
04:01:26 195.62.223.38 MAIL - 454
04:01:26 195.62.223.38 QUIT - 240
04:01:59 203.188.201.173 HELO - 250
04:01:59 203.188.201.173 MAIL - 454
04:01:59 203.188.201.173 QUIT - 240
04:02:00 219.137.113.98 HELO - 250
04:02:00 219.137.113.98 MAIL - 454
04:02:00 219.137.113.98 QUIT - 240
04:04:56 116.25.236.160 EHLO - 250
04:04:56 116.25.236.160 MAIL - 454
04:04:56 116.25.236.160 QUIT - 240
04:05:38 59.36.102.43 EHLO - 250
04:05:38 59.36.102.43 MAIL - 454
04:05:38 59.36.102.43 QUIT - 240
04:07:39 211.151.253.70 EHLO - 250
04:07:39 211.151.253.70 MAIL - 454
04:07:39 211.151.253.70 QUIT - 240
04:08:41 211.151.253.70 EHLO - 250
04:08:41 211.151.253.70 MAIL - 454
04:08:41 211.151.253.70 QUIT - 240
04:09:48 61.145.121.44 HELO - 250
04:09:48 61.145.121.44 MAIL - 454
04:09:48 61.145.121.44 QUIT - 240
04:10:09 119.123.72.218 EHLO - 250
04:10:09 119.123.72.218 MAIL - 454
04:10:09 119.123.72.218 QUIT - 240
04:11:38 59.36.102.43 EHLO - 250
04:11:38 59.36.102.43 MAIL - 454
04:11:38 59.36.102.43 QUIT - 240
04:11:40 195.62.223.38 EHLO - 250
04:11:52 195.62.223.38 MAIL - 454
04:11:52 195.62.223.38 QUIT - 240
04:16:42 211.151.253.88 EHLO - 250
04:16:42 211.151.253.88 MAIL - 454
04:16:42 211.151.253.88 QUIT - 240
04:17:37 59.36.102.43 EHLO - 250
04:17:37 59.36.102.43 MAIL - 454
04:17:37 59.36.102.43 QUIT - 240
04:17:44 211.151.253.88 EHLO - 250
04:17:44 211.151.253.88 MAIL - 454
04:17:44 211.151.253.88 QUIT - 240
04:19:33 121.32.68.191 EHLO - 250
04:19:33 121.32.68.191 MAIL - 454
04:19:33 121.32.68.191 QUIT - 240
04:22:05 195.62.223.38 EHLO - 250
04:22:05 195.62.223.38 MAIL - 454
04:22:05 195.62.223.38 QUIT - 240
04:23:37 59.36.102.43 EHLO - 250
04:23:37 59.36.102.43 MAIL - 454
04:23:37 59.36.102.43 QUIT - 240
04:26:03 220.168.174.200 EHLO - 250
04:26:03 220.168.174.200 MAIL - 454
04:26:03 220.168.174.200 QUIT - 240
04:27:20 200.226.137.10 HELO - 250
04:27:20 200.226.137.10 MAIL - 454
04:27:20 200.226.137.10 QUIT - 240
04:29:39 59.36.102.43 EHLO - 250
04:29:39 59.36.102.43 MAIL - 454
04:29:39 59.36.102.43 QUIT - 240
04:29:46 218.19.51.35 EHLO - 250
04:29:46 218.19.51.35 EHLO - 250
04:29:46 218.19.51.35 MAIL - 454
04:29:46 218.19.51.35 QUIT - 240
04:29:50 218.19.51.35 EHLO - 250
04:29:50 218.19.51.35 MAIL - 454
04:29:50 218.19.51.35 QUIT - 240
04:29:52 218.19.51.35 MAIL - 454
04:29:52 218.19.51.35 QUIT - 240
04:29:56 218.19.51.35 EHLO - 250
04:29:56 218.19.51.35 EHLO - 250
04:29:56 218.19.51.35 MAIL - 454
04:29:56 218.19.51.35 QUIT - 240
04:29:58 218.19.51.35 MAIL - 454
04:29:58 218.19.51.35 QUIT - 240
04:30:53 61.145.121.44 HELO - 250
04:30:53 61.145.121.44 MAIL - 454
04:30:53 61.145.121.44 QUIT - 240
04:32:07 195.62.223.38 EHLO - 250
04:32:07 195.62.223.38 MAIL - 454
04:32:07 195.62.223.38 QUIT - 240
04:35:38 59.36.102.43 EHLO - 250
04:35:38 59.36.102.43 MAIL - 454
04:35:38 59.36.102.43 QUIT - 240
04:41:37 59.36.102.43 EHLO - 250
04:41:37 59.36.102.43 MAIL - 454
04:41:37 59.36.102.43 QUIT - 240

lll11921 · 发表于 2008-10-30 15:34:30

这个就是我的部分日志，我刚才又试了一下，把SMTP虚拟服务器里的身份验证的匿名访问和集成windows身份验证都不选择，选择了基本身份验证，发现从外面发来的邮件都收不到了，后来选了基本身份验证和匿名访问邮件可以收到，但是还是能在队列里看见postmaster发出去的邮件，难道关了中继限制还不行吗？这个问题到底怎么解决？？？请明白的DX帮帮忙！

钉子 · 发表于 2008-10-30 22:45:09

１.匿名访问不能去除。不然收不到外面来的邮件。
２.你的情况很有可能是某个帐号被人猜出来了，所以被用来发垃圾邮件。你装一个ORF试用版，从LOG中可以找出来被利用的用户。如果不清楚怎么做，可以在QQ找我。我帮你找出来。

lll11921 · 发表于 2008-11-1 21:49:29

现在的问题有严重了，我改了IIS的匿名访问，现在WEB页面输入正确的用户名和密码都不能进去了，我已经改回来了，但是还是能打开页面，但是输入正确的用户名和密码还是不能进去，求救呀~~~钉子兄~~~

钉子 · 发表于 2008-11-5 00:23:27

QQ　ME。

		自动登录	找回密码
密码			会员注册

[已解决] exchange2003被盗用外发垃圾邮件的问题

回复 1楼 lll11921 的帖子