.png)
어떤 날은 배달되지 않은 이메일을 많이 받는데, 마치 내 서버가 릴레이로 사용되는 것 같습니다. 하지만 그것이 단지 후방 산란 이메일인지 아니면 내 서버가 실제로 릴레이로 사용되는지는 알 수 없습니다.
내 로그에서 찾은 내용은 다음과 같습니다.
Feb 25 14:25:22 web postfix/smtpd[31725]: 34C89740E40: client=unknown[213.6.194.39], sasl_method=PLAIN, [email protected]
Feb 25 14:25:26 web postfix/cleanup[31901]: 34C89740E40: message-id=<[email protected]>
Feb 25 14:25:26 web postfix/qmgr[419]: 34C89740E40: from=<[email protected]>, size=1585, nrcpt=20 (queue active)
Feb 25 14:25:27 web postfix/smtp[31886]: 34C89740E40: to=<[email protected]>, relay=rg.mc.surewest.net[66.60.130.16]:25, delay=5.2, delays=4.8/0.03/0.31/0, dsn=4.4.2, status=deferred (lost connection with rg.mc.surewest.net[66.60.130.16] while receiving the initial server greeting)
Feb 25 14:25:27 web postfix/smtp[31884]: 34C89740E40: host mta5.am0.yahoodns.net[98.136.217.202] said: 421 4.7.0 [GL01] Message from (188.165.245.XXX) temporarily deferred - 4.16.50. Please refer to http://postmaster.yahoo.com/errors/postmaster-21.html (in reply to MAIL FROM command)
Feb 25 14:25:27 web postfix/smtp[31884]: 34C89740E40: lost connection with mta5.am0.yahoodns.net[98.136.217.202] while sending RCPT TO
Feb 25 14:25:27 web postfix/smtp[31893]: 34C89740E40: to=<[email protected]>, relay=mx2.comcast.net[68.87.20.5]:25, delay=5.8, delays=4.8/0.02/0.42/0.54, dsn=2.0.0, status=sent (250 2.0.0 wdRA1p01Y4v68Z001dRAnJ mail accepted for delivery)
Feb 25 14:25:28 web postfix/smtp[31897]: 34C89740E40: to=<[email protected]>, relay=dnvrco-pub-iedge-vip.email.rr.com[107.14.73.70]:25, delay=6.4, delays=4.8/0.02/0.85/0.71, dsn=2.0.0, status=sent (250 2.0.0 OK DE/AB-19381-73DCDE45)
Feb 25 14:25:28 web postfix/smtp[31897]: 34C89740E40: to=<[email protected]>, relay=dnvrco-pub-iedge-vip.email.rr.com[107.14.73.70]:25, delay=6.4, delays=4.8/0.02/0.85/0.71, dsn=2.0.0, status=sent (250 2.0.0 OK DE/AB-19381-73DCDE45)
Feb 25 14:25:28 web postfix/smtp[31881]: 34C89740E40: to=<[email protected]>, relay=mx-a.mail.citi.com[67.231.145.106]:25, delay=6.5, delays=4.8/0.02/0.85/0.78, dsn=5.1.1, status=bounced (host mx-a.mail.citi.com[67.231.145.106] said: 550 5.1.1 User Unknown (in reply to RCPT TO command))
Feb 25 14:25:28 web postfix/smtp[31879]: 34C89740E40: to=<[email protected]>, relay=mailin-02.mx.aol.com[152.163.0.100]:25, delay=6.6, delays=4.8/0.02/0.6/1.2, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 7AAB070000084)
Feb 25 14:25:29 web postfix/smtp[31892]: 34C89740E40: to=<[email protected]>, relay=sprint-com.mail.protection.outlook.com[207.46.163.170]:25, delay=7.1, delays=4.8/0.02/0.28/1.9, dsn=2.6.0, status=sent (250 2.6.0 <[email protected]> [InternalId=62951335673534, Hostname=BN1BFFO11HUB034.protection.gbl] Queued mail for delivery)
Feb 25 14:25:29 web postfix/smtp[31894]: 34C89740E40: to=<[email protected]>, relay=bcc-mail.umb.com[198.179.203.71]:25, delay=7.2, delays=4.8/0.03/2.1/0.23, dsn=2.0.0, status=sent (250 2.0.0 1ss5tksr4f-1 Message accepted for delivery)
Feb 25 14:25:29 web postfix/smtp[31878]: 34C89740E40: to=<[email protected]>, relay=ksu-edu.mail.protection.outlook.com[207.46.163.138]:25, delay=7.3, delays=4.8/0.02/0.29/2.1, dsn=2.6.0, status=sent (250 2.6.0 <[email protected]> [InternalId=46664819675106, Hostname=BY2PR05MB792.namprd05.prod.outlook.com] Queued mail for delivery)
Feb 25 14:25:29 web postfix/smtp[31887]: 34C89740E40: to=<[email protected]>, relay=scripps-com.mail.protection.outlook.com[207.46.163.170]:25, delay=7.6, delays=4.8/0.02/0.71/2, dsn=2.6.0, status=sent (250 2.6.0 <[email protected]> [InternalId=28355374093650, Hostname=DM2PR0401MB1165.namprd04.prod.outlook.com] Queued mail for delivery)
Feb 25 14:25:30 web postfix/smtp[31891]: 34C89740E40: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[173.194.67.26]:25, delay=8.5, delays=4.8/0.02/0.08/3.6, dsn=2.0.0, status=sent (250 2.0.0 OK 1424870713 gi20si28955440wic.118 - gsmtp)
Feb 25 14:25:30 web postfix/smtp[31891]: 34C89740E40: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[173.194.67.26]:25, delay=8.5, delays=4.8/0.02/0.08/3.6, dsn=2.0.0, status=sent (250 2.0.0 OK 1424870713 gi20si28955440wic.118 - gsmtp)
Feb 25 14:25:30 web postfix/smtp[31891]: 34C89740E40: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[173.194.67.26]:25, delay=8.5, delays=4.8/0.02/0.08/3.6, dsn=2.0.0, status=sent (250 2.0.0 OK 1424870713 gi20si28955440wic.118 - gsmtp)
Feb 25 14:25:30 web postfix/smtp[31891]: 34C89740E40: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[173.194.67.26]:25, delay=8.5, delays=4.8/0.02/0.08/3.6, dsn=2.0.0, status=sent (250 2.0.0 OK 1424870713 gi20si28955440wic.118 - gsmtp)
Feb 25 14:25:30 web postfix/smtp[31891]: 34C89740E40: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[173.194.67.26]:25, delay=8.5, delays=4.8/0.02/0.08/3.6, dsn=2.0.0, status=sent (250 2.0.0 OK 1424870713 gi20si28955440wic.118 - gsmtp)
Feb 25 14:25:30 web postfix/smtp[31891]: 34C89740E40: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[173.194.67.26]:25, delay=8.5, delays=4.8/0.02/0.08/3.6, dsn=2.0.0, status=sent (250 2.0.0 OK 1424870713 gi20si28955440wic.118 - gsmtp)
Feb 25 14:25:30 web postfix/smtp[31891]: 34C89740E40: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[173.194.67.26]:25, delay=8.5, delays=4.8/0.02/0.08/3.6, dsn=2.0.0, status=sent (250 2.0.0 OK 1424870713 gi20si28955440wic.118 - gsmtp)
Feb 25 14:25:30 web postfix/smtp[31891]: 34C89740E40: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[173.194.67.26]:25, delay=8.5, delays=4.8/0.02/0.08/3.6, dsn=2.0.0, status=sent (250 2.0.0 OK 1424870713 gi20si28955440wic.118 - gsmtp)
Feb 25 14:25:31 web postfix/smtp[31884]: 34C89740E40: to=<[email protected]>, relay=mta5.am0.yahoodns.net[98.136.217.203]:25, delay=9.4, delays=4.8/0.03/1.3/3.2, dsn=2.0.0, status=sent (250 ok dirdel)
Feb 25 14:25:33 web postfix/smtp[31885]: 34C89740E40: to=<[email protected]>, relay=paynejones.com.inbound10.mxlogic.net[208.65.145.3]:25, delay=12, delays=4.8/0.03/5.6/1.3, dsn=5.0.0, status=bounced (host paynejones.com.inbound10.mxlogic.net[208.65.145.3] said: 554 Denied [CS] [b3dcde45.0.1466004.00-2349.2559978.p02c12m086.mxlogic.net] (Mode: normal) (in reply to end of DATA command))
Feb 25 14:25:33 web postfix/bounce[31882]: 34C89740E40: sender non-delivery notification: BC42F740E37
Feb 25 14:34:49 web postfix/qmgr[419]: 34C89740E40: from=<[email protected]>, size=1585, nrcpt=20 (queue active)
Feb 25 14:34:49 web postfix/smtp[32049]: 34C89740E40: to=<[email protected]>, relay=rg.mc.surewest.net[66.60.130.16]:25, delay=568, delays=567/0.01/0.31/0, dsn=4.4.2, status=deferred (lost connection with rg.mc.surewest.net[66.60.130.16] while receiving the initial server greeting)
Feb 25 14:44:49 web postfix/qmgr[419]: 34C89740E40: from=<[email protected]>, size=1585, nrcpt=20 (queue active)
Feb 25 14:44:54 web postfix/smtp[924]: 34C89740E40: to=<[email protected]>, relay=rg.mc.surewest.net[66.60.130.16]:25, delay=1173, delays=1167/0.02/1.9/3.7, dsn=2.0.0, status=sent (250 OK)
Feb 25 14:44:54 web postfix/qmgr[419]: 34C89740E40: removed
*@ksu.edu는 제가 호스팅하는 도메인이 아닙니다.
누구든지 도와주실 수 있나요?
감사해요.
답변1
이 줄
2월 25일 14:25:22 웹 접미사/smtpd[31725]: 34C89740E40: 클라이언트=알 수 없음[213.6.194.39], sasl_method=PLAIN,[이메일 보호됨]
누군가가 귀하의 서버를 통해 이메일을 보낸 후SMTP 인증사용자 이름으로 [email protected]. 이 단계에서 스패머는 해당 사용자의 비밀번호를 알고 있을 가능성이 높습니다.
2월 25일 14:25:26 web postfix/qmgr[419]: 34C89740E40: from=, size=1585, nrcpt=20(큐 활성)
그는 보낸 사람 주소로 메시지를 보냅니다[이메일 보호됨]20명에게. 이 활동은 스팸 활동으로 의심될 수 있습니다.
나머지 줄은 메시지를 보낼 때 보고하는 접미사였습니다.
해결책
- 비밀번호 변경[이메일 보호됨]
- 컴퓨터를 검사하세요. 메일 클라이언트가 비밀번호를 저장했을 수도 있습니다.
- 피싱메일 조심하세요
답변2
이는 사용자가 입력한 이메일 주소로 메일을 보내는 데 사용되는 웹 페이지가 있는 것처럼 보입니다. 따라서 실제 메일 릴레이일 수도 있고 아닐 수도 있지만 스팸의 출처로 사용되고 있는 것입니다.