公司内某个用户老是自动对外发送邮件。谢谢
公司用户老是收到以下这样的系统退信很抱歉您发送的邮件被退回,以下是该邮件的相关信息:
被退回邮件主 题:-投资顾问咨询服务有限公司
时 间:2011-03-12 09:27:00 无法发送到 562517@qq.com退信原因收件人邮件地址(562517@qq.com)不存在,邮件无法送达。
解决方案请联系您的收件人,重新核实邮箱地址,或发送到其他收信邮箱。 您也可以向管理员报告此退信。
此外,您还可以 点击这里 获取更多关于退信的帮助信息。
系统退信,每次都会返回mail-eml附件内容如下:
Received: from szyecon.xicp.cn (unknown )
by newmx73.qq.com (NewMx) with SMTP
id ; Sat, 12 Mar 2011 05:35:50 +0800
X-QQ-DNTY: 1
X-QQ-DKIM: 9
X-QQ-SPAM:true
X-QQ-ASM: true 0.00000000000
X-QQ-SSF:000000010000000000000000031000
X-QQ-mid:mx73t1299879350t992t18613
Received: from WWWA8BF7821796 by szyecon.xicp.cn with ESMTP
(SMTPD-8.22) id A66502CC; Sat, 12 Mar 2011 05:38:45 +0800
Thread-Topic: =?gb2312?B?fs2218q5y87K18nRry23/n4uzvEg09DP3iAuKi25qyfLvg==?=
Reply-To: <1006653821@qq.com>
thread-index: AcvgNBy2Z6H8w8BgTvilOfDefVZM2Q==
From: <cxy925@szyecon.xicp.cn>
To: <537368@qq.com>,
<622477@qq.com>,
<919626@qq.com>,
<291717@qq.com>,
<749881@qq.com>,
<566121@qq.com>,
<685951@qq.com>
Subject: =?gb2312?B?fs2218q5y87K18nRry23/n4uzvEg09DP3iAuKi25qyfLvg==?=
Date: Sat, 12 Mar 2011 05:34:33 +0800
Message-ID: <C313CF86BF3A4C0E95F5FB0F9BF361D7@WWWA8BF7821796>
MIME-Version: 1.0
X-Mailer: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5931
投资顾问咨 询 服 务有 限公司
<代<髮><点> <服>
<開 <漂><数><务>
<发<保><优> <第>
<漂<真><惠> <一>
咨询热线:136,8029,2966梁经理
服务器发送日志如下:
03:12 10:32 SMTPD(db2e01710000f5b7) MAIL FROM: <cxy925@szyecon.xicp.cn>
03:12 10:32 SMTPD(db2e01710000f5b7) RCPT TO: <565693@qq.com>
03:12 10:32 SMTPD(db2e01710000f5b7) RCPT TO: <641293@qq.com>
03:12 10:32 SMTPD(db2e01710000f5b7) RCPT TO: <811527@qq.com>
03:12 10:32 SMTPD(db2e01710000f5b7) RCPT TO: <912914@qq.com>
03:12 10:32 SMTPD(db2e01710000f5b7) RCPT TO: <357573@qq.com>
03:12 10:32 SMTPD(db2e01710000f5b7) RCPT TO: <778112@qq.com>
03:12 10:32 SMTPD(db2e01710000f5b7) RCPT TO: <887874@qq.com>
03:12 10:32 SMTPD(db2e01710000f5b7) RCPT TO: <454767@qq.com>
03:12 10:32 SMTPD(db2e01710000f5b7) RCPT TO: <872384@qq.com>
03:12 10:32 SMTPD(db2e01710000f5b7) E:\IMail\spool\Ddb2e01710000f5b7.SMD 2592
03:12 10:32 SMTP-(0000000000000000) E:\IMail\spool\Qdb2e01710000f5b7.SMD Q file exceeds 512 bytes in size
03:12 10:32 SMTP-(db2e01710000f5b7) processing E:\IMail\spool\Qdb2e01710000f5b7.SMD
03:12 10:32 SMTP-(db2e01710000f5b7) Trying qq.com (0)
03:12 10:32 SMTP-(db2e01710000f5b7) Connect qq.com (1)
03:12 10:32 SMTP-(db2e01710000f5b7) 220 newmx55.qq.com MX QQ Mail Server
03:12 10:32 SMTP-(db2e01710000f5b7) >EHLO szyecon.xicp.cn
03:12 10:32 SMTP-(db2e01710000f5b7) 250-newmx55.qq.com
03:12 10:32 SMTP-(db2e01710000f5b7) 250-SIZE 73400320
03:12 10:32 SMTP-(db2e01710000f5b7) 250 OK
03:12 10:32 SMTP-(db2e01710000f5b7) >MAIL FROM:<cxy925@szyecon.xicp.cn>
03:12 10:32 SMTP-(db2e01710000f5b7) 250 Ok
03:12 10:32 SMTP-(db2e01710000f5b7) >RCPT To:<357573@qq.com>
03:12 10:32 SMTP-(db2e01710000f5b7) 250 Ok
03:12 10:32 SMTP-(db2e01710000f5b7) >RCPT To:<454767@qq.com>
03:12 10:32 SMTP-(db2e01710000f5b7) 250 Ok
03:12 10:32 SMTP-(db2e01710000f5b7) >RCPT To:<565693@qq.com>
03:12 10:32 SMTP-(db2e01710000f5b7) 250 Ok
03:12 10:32 SMTP-(db2e01710000f5b7) >RCPT To:<641293@qq.com>
03:12 10:32 SMTP-(db2e01710000f5b7) 250 Ok
03:12 10:32 SMTP-(db2e01710000f5b7) >RCPT To:<778112@qq.com>
03:12 10:32 SMTP-(db2e01710000f5b7) 250 Ok
03:12 10:32 SMTP-(db2e01710000f5b7) >DATA
03:12 10:32 SMTP-(db2e01710000f5b7) 354 End data with <CR><LF>.<CR><LF>
03:12 10:32 SMTP-(db2e01710000f5b7) >.
03:12 10:32 SMTP-(db2e01710000f5b7) 250 Ok: queued as
03:12 10:32 SMTP-(db2e01710000f5b7) rdeliver qq.com multiple (5) <cxy925@szyecon.xicp.cn> 2592
03:12 10:32 SMTP-(db2e01710000f5b7) >QUIT
03:12 10:32 SMTP-(db2e01710000f5b7) 221 Bye
03:12 10:32 SMTP-(db2e01710000f5b7) Connect qq.com (1)
03:12 10:32 SMTP-(db2e01710000f5b7) 220 newmx55.qq.com MX QQ Mail Server
03:12 10:32 SMTP-(db2e01710000f5b7) >EHLO szyecon.xicp.cn
03:12 10:32 SMTP-(db2e01710000f5b7) 250-newmx55.qq.com
03:12 10:32 SMTP-(db2e01710000f5b7) 250-SIZE 73400320
03:12 10:32 SMTP-(db2e01710000f5b7) 250 OK
03:12 10:32 SMTP-(db2e01710000f5b7) >MAIL FROM:<cxy925@szyecon.xicp.cn>
03:12 10:32 SMTP-(db2e01710000f5b7) 250 Ok
03:12 10:32 SMTP-(db2e01710000f5b7) >RCPT To:<811527@qq.com>
03:12 10:32 SMTP-(db2e01710000f5b7) 250 Ok
03:12 10:32 SMTP-(db2e01710000f5b7) >RCPT To:<872384@qq.com>
03:12 10:32 SMTP-(db2e01710000f5b7) 250 Ok
03:12 10:32 SMTP-(db2e01710000f5b7) >RCPT To:<887874@qq.com>
03:12 10:32 SMTP-(db2e01710000f5b7) 550 Mailbox unavailable or access denied
03:12 10:32 SMTP-(db2e01710000f5b7) >RCPT To:<912914@qq.com>
03:12 10:32 SMTP-(db2e01710000f5b7) 550 Mailbox unavailable or access denied
03:12 10:32 SMTP-(db2e01710000f5b7) >DATA
03:12 10:32 SMTP-(db2e01710000f5b7) 354 End data with <CR><LF>.<CR><LF>
03:12 10:32 SMTP-(db2e01710000f5b7) >.
03:12 10:32 SMTP-(db2e01710000f5b7) 250 Ok: queued as
03:12 10:32 SMTP-(db2e01710000f5b7) rdeliver qq.com multiple (2) <cxy925@szyecon.xicp.cn> 2592
03:12 10:32 SMTP-(db2e01710000f5b7) >QUIT
03:12 10:32 SMTP-(db2e01710000f5b7) 221 Bye
03:12 10:32 SMTP-(db2e01710000f5b7) Creating message from Postmaster
03:12 10:32 SMTP-(db2e01710000f5b7) Delivery process now using new file: db2f00000eb0066c
03:12 10:32 SMTP-(db2f00000eb0066c) processing E:\IMail\spool\Qdb2f00000eb0066c.GSE
03:12 10:32 SMTP-(db2e01710000f5b7) finished E:\IMail\spool\Qdb2e01710000f5b7.SMD status=2
03:12 10:32 SMTP-(db2f00000eb0066c) ldeliver szyecon.xicp.cn cxy925-main (1)2736
03:12 10:32 SMTP-(db2f00000eb0066c) finished E:\IMail\spool\Qdb2f00000eb0066c.GSE status=1
03:12 10:32 SMTPD(db3301500000f5b9) connect 119.147.10.246 port 36491
03:12 10:32 SMTPD(db3301500000f5b9) HELO smtpbg87.qq.com
03:12 10:32 SMTPD(db3301500000f5b9) MAIL FROM: <PostMaster@qq.com>
03:12 10:32 SMTPD(db3301500000f5b9) RCPT TO: <cxy925@szyecon.xicp.cn>
03:12 10:32 SMTPD(db3301500000f5b9) E:\IMail\spool\Ddb3301500000f5b9.SMD 4757
03:12 10:32 SMTPD(db3301500000f5b9) performing antispam checks
03:12 10:32 SMTP-(db3301500000f5b9) processing E:\IMail\spool\Qdb3301500000f5b9.SMD
03:12 10:32 SMTP-(db3301500000f5b9) ldeliver szyecon.xicp.cn cxy925-main (1) PostMaster@qq.com 4757
03:12 10:32 SMTP-(db3301500000f5b9) finished E:\IMail\spool\Qdb3301500000f5b9.SMD status=1 该用户反映从来没有主动对上面的邮箱发送过邮件,感觉她被中继了一样,不知理解是否正确。谢谢 修改密码之后观察看看
同时排除客户端和服务器端中病毒 或者你有耐心可以,筛选分析日志
并回溯检查日志 我公司天天见,这基本是广告信主机退信给对方主机,由于对方是伪装邮箱地址,所以对方主机又退回给你,别想太多了 莫名其妙的退信偶尔有几封都是正常的,但多了就要考虑是否是用户密码被盗了。
页:
[1]
