spool 文件夹问题
环境:windows2003+imail8.22春节过后就发现每天spool文件夹有大量的smd,gse文件,有3,4千个之多,发件人收件人都不是本公司的邮件用户,导致本公司要发的邮件发不出去
smtp设置:no mail reply,check valid sender, disable smtp"auth"
另,望高手赐教,如何隐藏自己的邮件服务器?说的详细些,谢谢。 分析一些日志 会有结果的 查看队列,发现都是由***@aol.com或者***@dulwichpicturegallery.org.uk向外发送,
这说明是我的邮件服务器被入侵了?
现在我把这两个域名放在killlist里了,这样管用吗? 治标不治本
你要查到问题在哪里 我把那两个域名放在killlist里后,队列里空了,不像前两天,队列里有上百个多待发邮件
可是,队列虽然空了,但spool文件夹里还有几十个smd文件,这是为什么?我看日期,还有昨天的smd文件。smd文件不是待发的邮件吗?可队列是空的呀
原帖由 lgj858 于 2010-3-2 19:31 发表 http://bbs.5dmail.net/images/common/back.gif
治标不治本
你要查到问题在哪里
望斑竹赐教,问题可能出在哪里。之前我没做过调整
我的2003系统开了系统防火墙,但队列作了例外。 你要做几样工作
1.检查你的配置是否已经安全
2.服务器无木马
3.筛选分析日志,查找这些队列是利用的哪个帐号通过验证的
4.如果找到这个帐号密码也不是很简单的,那么去检查客户端是不是中木马了 服务器上如果只跑IMAIL,而无其它大型网站之类在运行,中木马的可能性几乎为零,队列里那么多邮件,唯一的可能只是有帐号因密码太简单而被盗用了,我自己就在几台服务器上碰到过,帐号名一般是service、temp、admin之类的,当然还有些简单的英文名字,从日志里找出来改掉就是了。 简单点,把SMTP的LOG发给大家,找出来告诉你。 log太大,已被我删了。。。。。。:L 我把日志贴上来,斑竹帮看看,我截了一段,日志txt文件居然有140多兆,spool你有2万多个文件
系统是2003,没开防火墙,木马用360查过,没有发现,只运行Imail8.22和FTP,没有其他的了
在smtp设置里,我居然没有找到Refuse NULL <> Sender的选项,但我看imail8的说明文件里说有,奇怪:(
03:15 23:59 SMTP-(36b4028c00000bb7) >EHLO 我的域名
03:15 23:59 SMTPD(59160093000006eb) RCPT TO:<avrt@bigfoot.com>
03:15 23:59 SMTP-(368d02c000000b87) MX connect fail "202.106.199.35"
03:15 23:59 SMTP-(368d02c000000b87) Trying petri.de (0)
03:15 23:59 SMTP-(367e030200000b7b) 221 2.0.0 Service closing transmission channel
03:15 23:59 SMTP-(367e030200000b7b) Trying hughes.net (0)
03:15 23:59 SMTP-(36b4028c00000bb7) 250-sj1-dm02.mta.everyone.net
03:15 23:59 SMTP-(36b4028c00000bb7) 250-PIPELINING
03:15 23:59 SMTP-(36b4028c00000bb7) 250-SIZE 50000000
03:15 23:59 SMTP-(36b4028c00000bb7) 250-AUTH PLAIN LOGIN
03:15 23:59 SMTP-(36b4028c00000bb7) 250-AUTH=LOGIN
03:15 23:59 SMTP-(36b4028c00000bb7) 250-STARTTLS
03:15 23:59 SMTP-(36b4028c00000bb7) 250 8BITMIME
03:15 23:59 SMTP-(36b4028c00000bb7) >MAIL FROM:<raliatsmth@earthlink.net>
03:15 23:59 SMTP-(36b302d200000bb6) 221 2.0.0 Bye
03:15 23:59 SMTP-(36b302d200000bb6) Trying wocal.com (0)
03:15 23:59 SMTP-(369b024600000b98) 354 go ahead
03:15 23:59 SMTP-(369b024600000b98) >.
03:15 23:59 SMTP-(368d02c000000b87) Connect petri.de (1)
03:15 23:59 SMTP-(369f027600000ba0) Connect mag-uk.org (1)
03:15 23:59 SMTP-(36b4028c00000bb7) 250 Sender okay
03:15 23:59 SMTP-(36b4028c00000bb7) >RCPT To:<fletcherel@limso.net>
03:15 23:59 SMTPD(59260177000006fa) RCPT TO:<awu@cbpu.com>
03:15 23:59 SMTP-(36b302d200000bb6) Connect wocal.com (1)
03:15 23:59 SMTPD(59160283000006ec) RCPT TO:<awalthourmd@students.mcg.edu>
03:15 23:59 SMTP-(36b201b400000bb4) 250-aspen.websitewelcome.com Hello 我的域名 [我的ip]
03:15 23:59 SMTP-(36b201b400000bb4) 250-SIZE 52428800
03:15 23:59 SMTP-(36b201b400000bb4) 250-PIPELINING
03:15 23:59 SMTP-(36b201b400000bb4) 250-AUTH PLAIN LOGIN
03:15 23:59 SMTP-(36b201b400000bb4) 250-STARTTLS
03:15 23:59 SMTP-(36b201b400000bb4) 250 HELP
03:15 23:59 SMTP-(36b201b400000bb4) >MAIL FROM:<raliatsmth@earthlink.net>
03:15 23:59 SMTP-(368d02c000000b87) 220-server.serverstep.de ESMTP Exim 4.69 #1 Mon, 15 Mar 2010 16:59:01 +0100
03:15 23:59 SMTP-(368d02c000000b87) 220-We do not authorize the use of this system to transport unsolicited,
03:15 23:59 SMTP-(368d02c000000b87) 220 and/or bulk e-mail.
03:15 23:59 SMTP-(368d02c000000b87) >EHLO 我的域名
03:15 23:59 SMTP-(36b302d200000bb6) 220-gator366.hostgator.com ESMTP Exim 4.69 #1 Mon, 15 Mar 2010 10:59:02 -0500
03:15 23:59 SMTP-(36b302d200000bb6) 220-We do not authorize the use of this system to transport unsolicited,
03:15 23:59 SMTP-(36b302d200000bb6) 220 and/or bulk e-mail.
03:15 23:59 SMTP-(36b302d200000bb6) >EHLO 我的域名
03:15 23:59 SMTP-(36b4028c00000bb7) 550 Recipient Rejected: Account Inactive
03:15 23:59 SMTP-(36b4028c00000bb7) >QUIT
03:15 23:59 SMTP-(36b201b400000bb4) 250 OK
03:15 23:59 SMTP-(36b201b400000bb4) >RCPT To:<flemingpstz@massagency.com>
03:15 23:59 SMTP-(368d02c000000b87) 250-server.serverstep.de Hello 我的域名
03:15 23:59 SMTP-(368d02c000000b87) 250-SIZE 52428800
03:15 23:59 SMTP-(368d02c000000b87) 250-AUTH PLAIN LOGIN
03:15 23:59 SMTP-(368d02c000000b87) 250 HELP
03:15 23:59 SMTP-(368d02c000000b87) >MAIL FROM:<raliatsmth@earthlink.net>
03:15 23:59 SMTP-(36b4028c00000bb7) 221 Bye
03:15 23:59 SMTP-(36b4028c00000bb7) Trying 1000demenageurs.com (0)
03:15 23:59 SMTPD(591401fa000006e8) RCPT TO:<awadjo@yahoo.com>
03:15 23:59 SMTP-(36b302d200000bb6) 250-gator366.hostgator.com Hello 我的域名 [我的ip]
03:15 23:59 SMTP-(36b302d200000bb6) 250-SIZE 52428800
03:15 23:59 SMTP-(36b302d200000bb6) 250-PIPELINING
03:15 23:59 SMTP-(36b302d200000bb6) 250-AUTH PLAIN LOGIN
03:15 23:59 SMTP-(36b302d200000bb6) 250-STARTTLS
03:15 23:59 SMTP-(36b302d200000bb6) 250 HELP
03:15 23:59 SMTP-(36b302d200000bb6) >MAIL FROM:<raliatsmth@earthlink.net>
03:15 23:59 SMTP-(369c02cc00000b9b) 250 ok 1268668741 qp 16184
03:15 23:59 SMTP-(369c02cc00000b9b) rdeliver headstar.com access-consult@headstar.com (1)
<imf.update@neu.com.cn> 2435
03:15 23:59 SMTP-(369c02cc00000b9b) >QUIT
03:15 23:59 SMTP-(367e030200000b7b) Connect hughes.net (1)
03:15 23:59 SMTPD(5923026d000006f7) RCPT TO:<awlankford@centurytel.net>
03:15 23:59 SMTPD(591701cb000006ed) RCPT TO:<awbdev@mchsi.com>
03:15 23:59 SMTPD(59180221000006ef) RCPT TO:<awesome_gurl_22@hotmail.com>
03:15 23:59 SMTP-(36b501a100000bb9) 554 imta34.emeryville.ca.mail.comcast.net comcast 我的ip Comcast requires that all mail servers must have a PTR record with a valid Reverse DNS entry. Currently your mail server does not fill that requirement. For more information, refer to: http://help.comcast.net/content/faq/PTR
03:15 23:59 SMTP-(36b501a100000bb9) SMTP_DELIV_FAILED
03:15 23:59 SMTP-(36b501a100000bb9) >QUIT
03:15 23:59 SMTP-(368d02c000000b87) 250 OK
03:15 23:59 SMTP-(368d02c000000b87) >RCPT To:<flatterye7@petri.de>
03:15 23:59 SMTP-(36a0026400000ba1) 250 2.1.5 OK 32si5120331iwn.17
03:15 23:59 SMTP-(36a0026400000ba1) >DATA
03:15 23:59 SMTPD(591c0251000006f3) RCPT TO:<awilliamsfamily@bellsouth.net>
03:15 23:59 SMTPD(591b0181000006f2) RCPT TO:<awhite57@carolina.rr.com>
03:15 23:59 SMTPD(592401ad000006f9) RCPT TO:<aworley420@yahoo.com>
03:15 23:59 SMTPD(59130260000006e6) RCPT TO:<avonjess@yahoo.com>
03:15 23:59 SMTP-(36b501a100000bb9)
03:15 23:59 SMTP-(36b501a100000bb9) Trying sbcglobal.net (0)
03:15 23:59 SMTPD(59160093000006eb) RCPT TO:<avrxsport@lantil.net>
03:15 23:59 SMTPD(58fc021c000006d8) RCPT TO:<mwilson911@cox.net>
03:15 23:59 SMTP-(368d02c000000b87) 550 5.1.1 User unknown: flatterye7@petri.de
03:15 23:59 SMTP-(368d02c000000b87) >QUIT
03:15 23:59 SMTPD(5947017400000707) [我的ip] connect 82.128.34.115 port 1900
03:15 23:59 SMTPD(58ed01f5000006d2) RCPT TO:<mtrocola26@yahoo.com>
03:15 23:59 SMTP-(367e030200000b7b) 220 mx.b.hostedemail.com SMTP
03:15 23:59 SMTP-(367e030200000b7b) >EHLO 我的域名
03:15 23:59 SMTPD(59260177000006fa) RCPT TO:<awu@gi.com>
03:15 23:59 SMTPD(59160283000006ec) RCPT TO:<awalton26@aol.com>
03:15 23:59 SMTPD(591a01b8000006f1) RCPT TO:<myla_citizen@yahoo.com>
03:15 23:59 SMTP-(36af02f600000bac) 250 Ok
03:15 23:59 SMTP-(36af02f600000bac) >DATA
03:15 23:59 SMTP-(36b501a100000bb9) Connect sbcglobal.net (1)
03:15 23:59 SMTPD(5942022700000703) Authenticated rock@我的域名, session treated as local.
03:15 23:59 SMTP-(368d02c000000b87) 221 server.serverstep.de closing connection
03:15 23:59 SMTP-(368d02c000000b87) Trying verizon.net (0)
03:15 23:59 SMTP-(369c02cc00000b9b) 221 headstar.positive-dedicated.net
03:15 23:59 SMTP-(369c02cc00000b9b) Trying littleleague.org (0)
03:15 23:59 SMTP-(365801cf00000b30) MX connect fail "82.98.86.161"
03:15 23:59 SMTP-(365801cf00000b30) Trying pb-eba.com (0)
03:15 23:59 SMTP-(36a0026400000ba1) 354Go ahead 32si5120331iwn.17
03:15 23:59 SMTP-(36a0026400000ba1) >.
03:15 23:59 SMTP-(36af02f600000bac) 354 End data with <CR><LF>.<CR><LF>
03:15 23:59 SMTP-(367e030200000b7b) 250-imf10.b.hostedemail.com
03:15 23:59 SMTP-(367e030200000b7b) 250-PIPELINING
03:15 23:59 SMTP-(367e030200000b7b) 250-SIZE 26214400
03:15 23:59 SMTP-(367e030200000b7b) 250-ETRN
03:15 23:59 SMTP-(367e030200000b7b) 250-ENHANCEDSTATUSCODES
03:15 23:59 SMTP-(367e030200000b7b) 250-8BITMIME
03:15 23:59 SMTP-(367e030200000b7b) 250 DSN
03:15 23:59 SMTP-(367e030200000b7b) >MAIL FROM:<cbndeptt@gmail.com>
03:15 23:59 SMTP-(36af02f600000bac) >.
03:15 23:59 SMTP-(36b501a100000bb9) 220 nlpi081.prodigy.net ESMTP Sendmail 8.13.8 inb ipv6 jeff0203/8.13.8; Mon, 15 Mar 2010 10:59:02 -0500
03:15 23:59 SMTP-(36b501a100000bb9) >EHLO 我的域名
03:15 23:59 SMTP-(36b302d200000bb6) 250 OK
03:15 23:59 SMTP-(36b302d200000bb6) >RCPT To:<fleshliest21@wocal.com>
03:15 23:59 SMTP-(368d02c000000b87) Connect verizon.net (1)
03:15 23:59 SMTP-(3691017600000b8c) Connect brbj.com (1)
03:15 23:59 SMTP-(369c02cc00000b9b) Connect littleleague.org (1)
03:15 23:59 SMTPD(591701cb000006ed) RCPT TO:<awbeck01@sbcglobal.net>
03:15 23:59 SMTPD(591401fa000006e8) RCPT TO:<awadorguk1@aol.com>
03:15 23:59 SMTP-(367e030200000b7b) 250 2.1.0 Ok
03:15 23:59 SMTP-(367e030200000b7b) >RCPT To:<bkawzy@hughes.net>
03:15 23:59 SMTP-(365801cf00000b30) Connect pb-eba.com (1)
03:15 23:59 SMTPD(59180221000006ef) RCPT TO:<awesome_like_that@yahoo.com>
03:15 23:59 SMTPD(5923026d000006f7) RCPT TO:<awleung@atvci.net>
03:15 23:59 SMTPD(591c0251000006f3) RCPT TO:<awilliamson2@wi.rr.com>
03:15 23:59 SMTPD(591b0181000006f2) RCPT TO:<awhitejr@pol.net>
03:15 23:59 SMTPD(592401ad000006f9) RCPT TO:<aworm@supanet.com>
03:15 23:59 SMTPD(59130260000006e6) RCPT TO:<avonkrad@naver.com>
03:15 23:59 SMTP-(369b024600000b98) 250 ok 1268668742 qp 3426
03:15 23:59 SMTP-(369b024600000b98) rdeliver yahoogroups.com acba_functions@yahoogroups.com (1) <imf.update@neu.com.cn> 2435
03:15 23:59 SMTP-(369b024600000b98) >QUIT
03:15 23:59 SMTPD(59160093000006eb) RCPT TO:<avs.comp@northlink.net>
03:15 23:59 SMTP-(36b501a100000bb9) 250-nlpi081.prodigy.net Hello [我的ip], pleased to meet you
03:15 23:59 SMTP-(36b501a100000bb9) 250 ENHANCEDSTATUSCODES
03:15 23:59 SMTP-(36b501a100000bb9) >MAIL FROM:<imf.update@neu.com.cn>
03:15 23:59 SMTP-(36b302d200000bb6) 550 No Such User Here
03:15 23:59 SMTP-(36b302d200000bb6) >QUIT
03:15 23:59 SMTP-(368d02c000000b87) 571 Email from 我的ip is currently blocked by Verizon
Online's anti-spam system. The email sender or Email Service Provider may visit
http://www.verizon.net/whitelist and request removal of the block. 100315
03:15 23:59 SMTP-(368d02c000000b87) SMTP_DELIV_FAILED
03:15 23:59 SMTP-(368d02c000000b87) >QUIT
03:15 23:59 SMTP-(368d02c000000b87)
03:15 23:59 SMTP-(368d02c000000b87) Trying bewerbung-gut.de (0)
