imail 遭代理攻击
imail 系统遭遇国外代理的ip攻击 把25端口都堵塞了看日志是用服务器内已经不存在的用户往外发信
11:26 08:53 SMTPD(d19200ca0000079d) RCPT TO:<cndomain@hotsales.net> ORCPT=rfc822;cndomain@hotsales.net
11:26 08:53 SMTPD(d19200d40000079b) RCPT TO:<bjgwl@hotsales.net>
11:26 08:53 SMTPD(d19200d40000079b) ERR hotsales.net invalid user <bjgwl@hotsales.net
11:26 08:53 SMTPD(d19200bb000007a0) RCPT TO:<weiguowujin@hotsales.net>
11:26 08:53 SMTPD(d19200bb000007a0) ERR hotsales.net invalid user <weiguowujin@hotsales.net
11:26 08:53 SMTPD(d19200870000079f) MAIL FROM:<yangbin@hotsales.net>
11:26 08:53 SMTPD(d19301e0000007a2) connect 113.106.201.7 port 2271
11:26 08:53 SMTPD(d19200ca0000079d) g:\spool\Dd19200ca0000079d.SMD 1229
11:26 08:53 SMTPD(d19200ca0000079d) performing antispam checks
11:26 08:53 SMTPD(d19300c2000007a3) connect 110.43.27.159 port 3059
11:26 08:53 SMTPD(d19300c2000007a3) ehlo 163.com
11:26 08:53 SMTP-(d191008300000798) 250 Mail OK queued as mx2,IMmowLD7HgGH0Q1LQPSuJg--.58862S2 1259196808
11:26 08:53 SMTP-(d191008300000798) rdeliver 126.com zhangli1301@126.com (1) <zhangl@hotsales.net> 35329
11:26 08:53 SMTP-(d191008300000798) >QUIT
11:26 08:53 SMTP-(d191008300000798) 221 Bye
11:26 08:53 SMTP-(d191008300000798) finished g:\spool\Qd191008300000798.SMD status=1
11:26 08:53 SMTPD(d19301e0000007a2) ehlo xuancai.com
11:26 08:53 SMTPD(d19300c2000007a3) Mail from:<fddddddddd00@163.com>
11:26 08:53 SMTPD(d19300c2000007a3) RCPT to:<cdtaoshi@hotsales.net>
11:26 08:53 SMTPD(d19300c2000007a3) ERR hotsales.net invalid user <cdtaoshi@hotsales.net
11:26 08:53 SMTPD(d19200870000079f) RCPT TO:<yangbin@hotsales.net>
11:26 08:53 SMTPD(d19200870000079f) ERR hotsales.net invalid user <yangbin@hotsales.net
11:26 08:53 SMTPD(d19400bb000007a4) connect 59.55.242.80 port 2984
11:26 08:53 SMTPD(d19301e0000007a2) Mail from:<lipeng@xuancai.com>
11:26 08:53 SMTPD(d19400bb000007a4) ehlo gmail.com
11:26 08:53 SMTPD(d19301e0000007a2) RCPT to:<mayl@hotsales.net>
11:26 08:53 SMTPD(d19301e0000007a2) ERR hotsales.net invalid user <mayl@hotsales.net
光封ip不能解决实际问题改端口也维持不了长时间稳定 改端口 那不是你正常邮件都收不到
筛选分析日志 用了那么多年,多台服务器也都没听说过代理攻击一说,看看是谁盗用了你的帐号了吧。
页:
[1]
