.png)
Algunos días recibo muchos correos electrónicos no entregados, es como si mi servidor se utilizara como retransmisión. Pero no sé si se trata solo de correos electrónicos retrodispersados o si mi servidor realmente se usa como retransmisión.
Esto es lo que encontré en mis registros:
Feb 25 14:25:22 web postfix/smtpd[31725]: 34C89740E40: client=unknown[213.6.194.39], sasl_method=PLAIN, [email protected]
Feb 25 14:25:26 web postfix/cleanup[31901]: 34C89740E40: message-id=<[email protected]>
Feb 25 14:25:26 web postfix/qmgr[419]: 34C89740E40: from=<[email protected]>, size=1585, nrcpt=20 (queue active)
Feb 25 14:25:27 web postfix/smtp[31886]: 34C89740E40: to=<[email protected]>, relay=rg.mc.surewest.net[66.60.130.16]:25, delay=5.2, delays=4.8/0.03/0.31/0, dsn=4.4.2, status=deferred (lost connection with rg.mc.surewest.net[66.60.130.16] while receiving the initial server greeting)
Feb 25 14:25:27 web postfix/smtp[31884]: 34C89740E40: host mta5.am0.yahoodns.net[98.136.217.202] said: 421 4.7.0 [GL01] Message from (188.165.245.XXX) temporarily deferred - 4.16.50. Please refer to http://postmaster.yahoo.com/errors/postmaster-21.html (in reply to MAIL FROM command)
Feb 25 14:25:27 web postfix/smtp[31884]: 34C89740E40: lost connection with mta5.am0.yahoodns.net[98.136.217.202] while sending RCPT TO
Feb 25 14:25:27 web postfix/smtp[31893]: 34C89740E40: to=<[email protected]>, relay=mx2.comcast.net[68.87.20.5]:25, delay=5.8, delays=4.8/0.02/0.42/0.54, dsn=2.0.0, status=sent (250 2.0.0 wdRA1p01Y4v68Z001dRAnJ mail accepted for delivery)
Feb 25 14:25:28 web postfix/smtp[31897]: 34C89740E40: to=<[email protected]>, relay=dnvrco-pub-iedge-vip.email.rr.com[107.14.73.70]:25, delay=6.4, delays=4.8/0.02/0.85/0.71, dsn=2.0.0, status=sent (250 2.0.0 OK DE/AB-19381-73DCDE45)
Feb 25 14:25:28 web postfix/smtp[31897]: 34C89740E40: to=<[email protected]>, relay=dnvrco-pub-iedge-vip.email.rr.com[107.14.73.70]:25, delay=6.4, delays=4.8/0.02/0.85/0.71, dsn=2.0.0, status=sent (250 2.0.0 OK DE/AB-19381-73DCDE45)
Feb 25 14:25:28 web postfix/smtp[31881]: 34C89740E40: to=<[email protected]>, relay=mx-a.mail.citi.com[67.231.145.106]:25, delay=6.5, delays=4.8/0.02/0.85/0.78, dsn=5.1.1, status=bounced (host mx-a.mail.citi.com[67.231.145.106] said: 550 5.1.1 User Unknown (in reply to RCPT TO command))
Feb 25 14:25:28 web postfix/smtp[31879]: 34C89740E40: to=<[email protected]>, relay=mailin-02.mx.aol.com[152.163.0.100]:25, delay=6.6, delays=4.8/0.02/0.6/1.2, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 7AAB070000084)
Feb 25 14:25:29 web postfix/smtp[31892]: 34C89740E40: to=<[email protected]>, relay=sprint-com.mail.protection.outlook.com[207.46.163.170]:25, delay=7.1, delays=4.8/0.02/0.28/1.9, dsn=2.6.0, status=sent (250 2.6.0 <[email protected]> [InternalId=62951335673534, Hostname=BN1BFFO11HUB034.protection.gbl] Queued mail for delivery)
Feb 25 14:25:29 web postfix/smtp[31894]: 34C89740E40: to=<[email protected]>, relay=bcc-mail.umb.com[198.179.203.71]:25, delay=7.2, delays=4.8/0.03/2.1/0.23, dsn=2.0.0, status=sent (250 2.0.0 1ss5tksr4f-1 Message accepted for delivery)
Feb 25 14:25:29 web postfix/smtp[31878]: 34C89740E40: to=<[email protected]>, relay=ksu-edu.mail.protection.outlook.com[207.46.163.138]:25, delay=7.3, delays=4.8/0.02/0.29/2.1, dsn=2.6.0, status=sent (250 2.6.0 <[email protected]> [InternalId=46664819675106, Hostname=BY2PR05MB792.namprd05.prod.outlook.com] Queued mail for delivery)
Feb 25 14:25:29 web postfix/smtp[31887]: 34C89740E40: to=<[email protected]>, relay=scripps-com.mail.protection.outlook.com[207.46.163.170]:25, delay=7.6, delays=4.8/0.02/0.71/2, dsn=2.6.0, status=sent (250 2.6.0 <[email protected]> [InternalId=28355374093650, Hostname=DM2PR0401MB1165.namprd04.prod.outlook.com] Queued mail for delivery)
Feb 25 14:25:30 web postfix/smtp[31891]: 34C89740E40: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[173.194.67.26]:25, delay=8.5, delays=4.8/0.02/0.08/3.6, dsn=2.0.0, status=sent (250 2.0.0 OK 1424870713 gi20si28955440wic.118 - gsmtp)
Feb 25 14:25:30 web postfix/smtp[31891]: 34C89740E40: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[173.194.67.26]:25, delay=8.5, delays=4.8/0.02/0.08/3.6, dsn=2.0.0, status=sent (250 2.0.0 OK 1424870713 gi20si28955440wic.118 - gsmtp)
Feb 25 14:25:30 web postfix/smtp[31891]: 34C89740E40: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[173.194.67.26]:25, delay=8.5, delays=4.8/0.02/0.08/3.6, dsn=2.0.0, status=sent (250 2.0.0 OK 1424870713 gi20si28955440wic.118 - gsmtp)
Feb 25 14:25:30 web postfix/smtp[31891]: 34C89740E40: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[173.194.67.26]:25, delay=8.5, delays=4.8/0.02/0.08/3.6, dsn=2.0.0, status=sent (250 2.0.0 OK 1424870713 gi20si28955440wic.118 - gsmtp)
Feb 25 14:25:30 web postfix/smtp[31891]: 34C89740E40: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[173.194.67.26]:25, delay=8.5, delays=4.8/0.02/0.08/3.6, dsn=2.0.0, status=sent (250 2.0.0 OK 1424870713 gi20si28955440wic.118 - gsmtp)
Feb 25 14:25:30 web postfix/smtp[31891]: 34C89740E40: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[173.194.67.26]:25, delay=8.5, delays=4.8/0.02/0.08/3.6, dsn=2.0.0, status=sent (250 2.0.0 OK 1424870713 gi20si28955440wic.118 - gsmtp)
Feb 25 14:25:30 web postfix/smtp[31891]: 34C89740E40: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[173.194.67.26]:25, delay=8.5, delays=4.8/0.02/0.08/3.6, dsn=2.0.0, status=sent (250 2.0.0 OK 1424870713 gi20si28955440wic.118 - gsmtp)
Feb 25 14:25:30 web postfix/smtp[31891]: 34C89740E40: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[173.194.67.26]:25, delay=8.5, delays=4.8/0.02/0.08/3.6, dsn=2.0.0, status=sent (250 2.0.0 OK 1424870713 gi20si28955440wic.118 - gsmtp)
Feb 25 14:25:31 web postfix/smtp[31884]: 34C89740E40: to=<[email protected]>, relay=mta5.am0.yahoodns.net[98.136.217.203]:25, delay=9.4, delays=4.8/0.03/1.3/3.2, dsn=2.0.0, status=sent (250 ok dirdel)
Feb 25 14:25:33 web postfix/smtp[31885]: 34C89740E40: to=<[email protected]>, relay=paynejones.com.inbound10.mxlogic.net[208.65.145.3]:25, delay=12, delays=4.8/0.03/5.6/1.3, dsn=5.0.0, status=bounced (host paynejones.com.inbound10.mxlogic.net[208.65.145.3] said: 554 Denied [CS] [b3dcde45.0.1466004.00-2349.2559978.p02c12m086.mxlogic.net] (Mode: normal) (in reply to end of DATA command))
Feb 25 14:25:33 web postfix/bounce[31882]: 34C89740E40: sender non-delivery notification: BC42F740E37
Feb 25 14:34:49 web postfix/qmgr[419]: 34C89740E40: from=<[email protected]>, size=1585, nrcpt=20 (queue active)
Feb 25 14:34:49 web postfix/smtp[32049]: 34C89740E40: to=<[email protected]>, relay=rg.mc.surewest.net[66.60.130.16]:25, delay=568, delays=567/0.01/0.31/0, dsn=4.4.2, status=deferred (lost connection with rg.mc.surewest.net[66.60.130.16] while receiving the initial server greeting)
Feb 25 14:44:49 web postfix/qmgr[419]: 34C89740E40: from=<[email protected]>, size=1585, nrcpt=20 (queue active)
Feb 25 14:44:54 web postfix/smtp[924]: 34C89740E40: to=<[email protected]>, relay=rg.mc.surewest.net[66.60.130.16]:25, delay=1173, delays=1167/0.02/1.9/3.7, dsn=2.0.0, status=sent (250 OK)
Feb 25 14:44:54 web postfix/qmgr[419]: 34C89740E40: removed
El *@ksu.edu no es un dominio alojado por mí.
¿Alguien puede ayudar por favor?
Gracias.
Respuesta1
Esta línea
25 de febrero 14:25:22 web postfix/smtpd[31725]: 34C89740E40: cliente=desconocido[213.6.194.39], sasl_method=PLAIN,[correo electrónico protegido]
nos dice que alguien envía un correo electrónico a través de su servidor despuésautenticación SMTPcon nombre de usuario [email protected]. En esta etapa, es probable que el spammer conozca la contraseña de ese usuario.
25 de febrero 14:25:26 web postfix/qmgr[419]: 34C89740E40: from=, size=1585, nrcpt=20 (cola activa)
Envía mensaje con dirección del remitente.[correo electrónico protegido]a 20 destinatarios. Se puede sospechar que esta actividad es una actividad de spam.
El resto de la línea eran informes postfix al enviar un mensaje.
Solución
- Cambiar la contraseña de[correo electrónico protegido]
- Inspeccione la computadora, tal vez el cliente de correo almacenó la contraseña.
- Tenga cuidado con el correo electrónico de phishing
Respuesta2
Me parece que tiene una página web que se utiliza para enviar correo a direcciones de correo electrónico ingresadas por el usuario; por lo tanto, puede que sea o no un retransmisor de correo real, pero se lo está utilizando como origen de spam.