[問題] mail relay問題

看板Linux作者 (what's wrong with ptt?)時間16年前 (2009/06/26 17:18), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串1/1
這是主機140.128.181.9 目前已經因為疑似relay而關閉網路 找了log檔並與對方寄來的log檔比對後 列出兩個(當然不只兩個)類似情況來請教大家 例子一 This is an email abuse report for an email message with the message-id of 20090624153823.M68031@yukosoil.com received from IP address 140.128.181.9 on Thu, 25 Jun 2009 21:27:42 -0400 For information, please review the top portion of the following page: http://postmaster.aol.com/tools/fbl.html 例子二 This is an email abuse report for an email message with the message-id of 20090625082313.M35779@onlinetransaction.lloydsTsb.org received from IP address 140.128.181.9 on Thu, 25 Jun 2009 13:02:44 -0400 For information, please review the top portion of the following page: http://postmaster.aol.com/tools/fbl.html 所以我從maillog中搜尋onlinetransaction.lloydsTsb.org 與yukosoil.com這兩組 關鍵字 節錄部份log檔如下 Jun 25 15:19:01 m2 sendmail[6699]: n5P7Ix7s006699: from=<info@onlinetransaction.lloydsTsb.org>, size=857, class=0, nrcpts=1, msgid=<20090625071824.M79761@anhui.sify.com>, proto=ESMTP, daemon=MTA, relay=m2.lxes.tc.edu.tw [140.128.181.9] Jun 25 16:05:49 m2 sendmail[7010]: n5P84d1k007010: from=<info@onlinetransaction.lloydsTsb.org>, size=889, class=0, nrcpts=500, msgid=<20090625080300.M35706@onlinetransaction.lloydsTsb.org>, proto=ESMTP, daemon=MTA, relay=m2.lxes.tc.edu.tw [140.128.181.9] Jun 25 16:58:24 m2 sendmail[7992]: n5OLGHrE011740: to=<info@yukosoil.com>, delay=11:19:58, xdelay=00:00:01, mailer=esmtp, pri=1204509, relay=yukosoil.com. [98.124.198.1], dsn=4.0.0, stat=Deferred: Connection refused by yukosoil.com. Jun 25 16:58:24 m2 sendmail[7992]: n5OKGHSU010181: to=<info@yukosoil.com>, delay=12:22:38, xdelay=00:00:00, mailer=esmtp, pri=1291564, relay=yukosoil.com., dsn=4.0.0, stat=Deferred: Connection refused by yukosoil.com. Jun 25 16:58:24 m2 sendmail[7992]: n5OKGHSv010181: to=<info@yukosoil.com>, delay=12:11:18, xdelay=00:00:00, mailer=esmtp, pri=1294509, relay=yukosoil.com., dsn=4.0.0, stat=Deferred: Connection refused by yukosoil.com. 疑問的是 我在sendmail設定檔中的access的設定為 127.0.0.1 RELAY 在relay-domains的設定為 127.0.0.1 在同個網段或是其他網段用telnet 主機 25 在rcpt to都顯示reject 不明白的是為何onlinetransaction.lloydsTsb.org 能夠relay 另一個沒有relay但是檢舉的對方會給我這information呢 是否有沒有可能如 1.mail user有人以機器上的mail申請hotmail 然後hotmail藉此得到帳號密碼而利用本機user來relay? 2.如果是本機user亂搞,log應該會顯示 3.本機user被盜帳號? 我的環境是 fedora 2 sendmail-8.12.11-4.6 openwebmail 2.52 請各位版上高手幫我抓抓可能的原因吧 非常感謝! -- ※ 發信站: 批踢踢實業坊(ptt.cc) ◆ From: 163.23.64.125
更多 bleeza 的文章
文章代碼(AID): #1AH9A1qP (Linux)