有時我會收到很多未送達的電子郵件,就像我的伺服器被用作中繼一樣。但我不知道這是否只是反向散射電子郵件,還是我的伺服器真的被用作中繼。
這是我在日誌中發現的內容:
Feb 25 14:25:22 web postfix/smtpd[31725]: 34C89740E40: client=unknown[213.6.194.39], sasl_method=PLAIN, [email protected]
Feb 25 14:25:26 web postfix/cleanup[31901]: 34C89740E40: message-id=<[email protected]>
Feb 25 14:25:26 web postfix/qmgr[419]: 34C89740E40: from=<[email protected]>, size=1585, nrcpt=20 (queue active)
Feb 25 14:25:27 web postfix/smtp[31886]: 34C89740E40: to=<[email protected]>, relay=rg.mc.surewest.net[66.60.130.16]:25, delay=5.2, delays=4.8/0.03/0.31/0, dsn=4.4.2, status=deferred (lost connection with rg.mc.surewest.net[66.60.130.16] while receiving the initial server greeting)
Feb 25 14:25:27 web postfix/smtp[31884]: 34C89740E40: host mta5.am0.yahoodns.net[98.136.217.202] said: 421 4.7.0 [GL01] Message from (188.165.245.XXX) temporarily deferred - 4.16.50. Please refer to http://postmaster.yahoo.com/errors/postmaster-21.html (in reply to MAIL FROM command)
Feb 25 14:25:27 web postfix/smtp[31884]: 34C89740E40: lost connection with mta5.am0.yahoodns.net[98.136.217.202] while sending RCPT TO
Feb 25 14:25:27 web postfix/smtp[31893]: 34C89740E40: to=<[email protected]>, relay=mx2.comcast.net[68.87.20.5]:25, delay=5.8, delays=4.8/0.02/0.42/0.54, dsn=2.0.0, status=sent (250 2.0.0 wdRA1p01Y4v68Z001dRAnJ mail accepted for delivery)
Feb 25 14:25:28 web postfix/smtp[31897]: 34C89740E40: to=<[email protected]>, relay=dnvrco-pub-iedge-vip.email.rr.com[107.14.73.70]:25, delay=6.4, delays=4.8/0.02/0.85/0.71, dsn=2.0.0, status=sent (250 2.0.0 OK DE/AB-19381-73DCDE45)
Feb 25 14:25:28 web postfix/smtp[31897]: 34C89740E40: to=<[email protected]>, relay=dnvrco-pub-iedge-vip.email.rr.com[107.14.73.70]:25, delay=6.4, delays=4.8/0.02/0.85/0.71, dsn=2.0.0, status=sent (250 2.0.0 OK DE/AB-19381-73DCDE45)
Feb 25 14:25:28 web postfix/smtp[31881]: 34C89740E40: to=<[email protected]>, relay=mx-a.mail.citi.com[67.231.145.106]:25, delay=6.5, delays=4.8/0.02/0.85/0.78, dsn=5.1.1, status=bounced (host mx-a.mail.citi.com[67.231.145.106] said: 550 5.1.1 User Unknown (in reply to RCPT TO command))
Feb 25 14:25:28 web postfix/smtp[31879]: 34C89740E40: to=<[email protected]>, relay=mailin-02.mx.aol.com[152.163.0.100]:25, delay=6.6, delays=4.8/0.02/0.6/1.2, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 7AAB070000084)
Feb 25 14:25:29 web postfix/smtp[31892]: 34C89740E40: to=<[email protected]>, relay=sprint-com.mail.protection.outlook.com[207.46.163.170]:25, delay=7.1, delays=4.8/0.02/0.28/1.9, dsn=2.6.0, status=sent (250 2.6.0 <[email protected]> [InternalId=62951335673534, Hostname=BN1BFFO11HUB034.protection.gbl] Queued mail for delivery)
Feb 25 14:25:29 web postfix/smtp[31894]: 34C89740E40: to=<[email protected]>, relay=bcc-mail.umb.com[198.179.203.71]:25, delay=7.2, delays=4.8/0.03/2.1/0.23, dsn=2.0.0, status=sent (250 2.0.0 1ss5tksr4f-1 Message accepted for delivery)
Feb 25 14:25:29 web postfix/smtp[31878]: 34C89740E40: to=<[email protected]>, relay=ksu-edu.mail.protection.outlook.com[207.46.163.138]:25, delay=7.3, delays=4.8/0.02/0.29/2.1, dsn=2.6.0, status=sent (250 2.6.0 <[email protected]> [InternalId=46664819675106, Hostname=BY2PR05MB792.namprd05.prod.outlook.com] Queued mail for delivery)
Feb 25 14:25:29 web postfix/smtp[31887]: 34C89740E40: to=<[email protected]>, relay=scripps-com.mail.protection.outlook.com[207.46.163.170]:25, delay=7.6, delays=4.8/0.02/0.71/2, dsn=2.6.0, status=sent (250 2.6.0 <[email protected]> [InternalId=28355374093650, Hostname=DM2PR0401MB1165.namprd04.prod.outlook.com] Queued mail for delivery)
Feb 25 14:25:30 web postfix/smtp[31891]: 34C89740E40: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[173.194.67.26]:25, delay=8.5, delays=4.8/0.02/0.08/3.6, dsn=2.0.0, status=sent (250 2.0.0 OK 1424870713 gi20si28955440wic.118 - gsmtp)
Feb 25 14:25:30 web postfix/smtp[31891]: 34C89740E40: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[173.194.67.26]:25, delay=8.5, delays=4.8/0.02/0.08/3.6, dsn=2.0.0, status=sent (250 2.0.0 OK 1424870713 gi20si28955440wic.118 - gsmtp)
Feb 25 14:25:30 web postfix/smtp[31891]: 34C89740E40: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[173.194.67.26]:25, delay=8.5, delays=4.8/0.02/0.08/3.6, dsn=2.0.0, status=sent (250 2.0.0 OK 1424870713 gi20si28955440wic.118 - gsmtp)
Feb 25 14:25:30 web postfix/smtp[31891]: 34C89740E40: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[173.194.67.26]:25, delay=8.5, delays=4.8/0.02/0.08/3.6, dsn=2.0.0, status=sent (250 2.0.0 OK 1424870713 gi20si28955440wic.118 - gsmtp)
Feb 25 14:25:30 web postfix/smtp[31891]: 34C89740E40: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[173.194.67.26]:25, delay=8.5, delays=4.8/0.02/0.08/3.6, dsn=2.0.0, status=sent (250 2.0.0 OK 1424870713 gi20si28955440wic.118 - gsmtp)
Feb 25 14:25:30 web postfix/smtp[31891]: 34C89740E40: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[173.194.67.26]:25, delay=8.5, delays=4.8/0.02/0.08/3.6, dsn=2.0.0, status=sent (250 2.0.0 OK 1424870713 gi20si28955440wic.118 - gsmtp)
Feb 25 14:25:30 web postfix/smtp[31891]: 34C89740E40: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[173.194.67.26]:25, delay=8.5, delays=4.8/0.02/0.08/3.6, dsn=2.0.0, status=sent (250 2.0.0 OK 1424870713 gi20si28955440wic.118 - gsmtp)
Feb 25 14:25:30 web postfix/smtp[31891]: 34C89740E40: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[173.194.67.26]:25, delay=8.5, delays=4.8/0.02/0.08/3.6, dsn=2.0.0, status=sent (250 2.0.0 OK 1424870713 gi20si28955440wic.118 - gsmtp)
Feb 25 14:25:31 web postfix/smtp[31884]: 34C89740E40: to=<[email protected]>, relay=mta5.am0.yahoodns.net[98.136.217.203]:25, delay=9.4, delays=4.8/0.03/1.3/3.2, dsn=2.0.0, status=sent (250 ok dirdel)
Feb 25 14:25:33 web postfix/smtp[31885]: 34C89740E40: to=<[email protected]>, relay=paynejones.com.inbound10.mxlogic.net[208.65.145.3]:25, delay=12, delays=4.8/0.03/5.6/1.3, dsn=5.0.0, status=bounced (host paynejones.com.inbound10.mxlogic.net[208.65.145.3] said: 554 Denied [CS] [b3dcde45.0.1466004.00-2349.2559978.p02c12m086.mxlogic.net] (Mode: normal) (in reply to end of DATA command))
Feb 25 14:25:33 web postfix/bounce[31882]: 34C89740E40: sender non-delivery notification: BC42F740E37
Feb 25 14:34:49 web postfix/qmgr[419]: 34C89740E40: from=<[email protected]>, size=1585, nrcpt=20 (queue active)
Feb 25 14:34:49 web postfix/smtp[32049]: 34C89740E40: to=<[email protected]>, relay=rg.mc.surewest.net[66.60.130.16]:25, delay=568, delays=567/0.01/0.31/0, dsn=4.4.2, status=deferred (lost connection with rg.mc.surewest.net[66.60.130.16] while receiving the initial server greeting)
Feb 25 14:44:49 web postfix/qmgr[419]: 34C89740E40: from=<[email protected]>, size=1585, nrcpt=20 (queue active)
Feb 25 14:44:54 web postfix/smtp[924]: 34C89740E40: to=<[email protected]>, relay=rg.mc.surewest.net[66.60.130.16]:25, delay=1173, delays=1167/0.02/1.9/3.7, dsn=2.0.0, status=sent (250 OK)
Feb 25 14:44:54 web postfix/qmgr[419]: 34C89740E40: removed
*@ksu.edu 不是我所託管的網域。
有人可以幫忙嗎?
謝謝。
答案1
這條線
2 月 25 日 14:25:22 web postfix/smtpd[31725]: 34C89740E40: client=unknown[213.6.194.39], sasl_method=PLAIN,[電子郵件受保護]
告訴我們有人透過您的伺服器發送電子郵件SMTP 驗證使用使用者名稱[email protected]
.在此階段,垃圾郵件發送者可能已經知道該使用者的密碼。
2 月 25 日 14:25:26 web postfix/qmgr[419]: 34C89740E40: from=, size=1585, nrcpt=20 (佇列活動)
他發送帶有寄件者地址的訊息[電子郵件受保護]至 20 位收件人。此活動可能被懷疑為垃圾郵件活動。
該行的其餘部分是發送訊息時的 postfix 報告。
解決方案
- 更改密碼[電子郵件受保護]
- 檢查電腦,可能是郵件用戶端儲存了密碼
- 小心網路釣魚電子郵件
答案2
在我看來,您有一個網頁用於將郵件發送到用戶輸入的電子郵件地址 - 因此您可能是也可能不是實際的郵件中繼,但您正被用作垃圾郵件的來源。