设为首页收藏本站
开启辅助访问
ORF反垃圾邮件系统

邮件服务器-邮件系统-邮件技术论坛(BBS)

 找回密码
 会员注册
邮件服务器-邮件系统-邮件技术论坛(BBS)»论坛首页 ≡ 邮件服务器专区≡ MDaemon Server pop 日志中显示恶意尝试帐户和密码
返回列表 发新帖
查看: 4038|回复: 4
打印 上一主题 下一主题

[求助] pop 日志中显示恶意尝试帐户和密码

[复制链接]
maxwell
跳转到指定楼层
顶楼
发表于 2008-6-20 10:10:36 | 只看该作者 回帖奖励 |倒序浏览 |阅读模式
邮件系统MD
在查询pop日志记录的时候,发现如下日志记录:
Mon 2008-06-16 09:31:07: ----------
Mon 2008-06-16 09:31:09: Session 8434; child 2
Mon 2008-06-16 09:31:08: Accepting POP connection from [216.147.161.7 : 63226]
Mon 2008-06-16 09:31:08: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:08: <-- USER root
Mon 2008-06-16 09:31:08: --> +OK root... User ok
Mon 2008-06-16 09:31:09: <-- PASS ******
Mon 2008-06-16 09:31:09: --> -ERR access denied
Mon 2008-06-16 09:31:09: POP session terminated, (Bytes in/out: 22/71)
Mon 2008-06-16 09:31:09: ----------
Mon 2008-06-16 09:31:09: Session 8435; child 3
Mon 2008-06-16 09:31:08: Accepting POP connection from [216.147.161.7 : 63228]
Mon 2008-06-16 09:31:08: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:08: <-- USER admin
Mon 2008-06-16 09:31:08: --> +OK admin... User ok
Mon 2008-06-16 09:31:09: <-- PASS ******
Mon 2008-06-16 09:31:09: --> -ERR access denied
Mon 2008-06-16 09:31:09: POP session terminated, (Bytes in/out: 24/72)
Mon 2008-06-16 09:31:09: ----------
Mon 2008-06-16 09:31:09: Session 8436; child 4
Mon 2008-06-16 09:31:08: Accepting POP connection from [216.147.161.7 : 63230]
Mon 2008-06-16 09:31:08: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:08: <-- USER webmaster
Mon 2008-06-16 09:31:08: --> +OK webmaster... User ok
Mon 2008-06-16 09:31:09: <-- PASS ******
Mon 2008-06-16 09:31:09: --> -ERR access denied
Mon 2008-06-16 09:31:09: POP session terminated, (Bytes in/out: 32/76)
Mon 2008-06-16 09:31:09: ----------
Mon 2008-06-16 09:31:09: Session 8437; child 5
Mon 2008-06-16 09:31:08: Accepting POP connection from [216.147.161.7 : 63234]
Mon 2008-06-16 09:31:08: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:09: <-- USER user
Mon 2008-06-16 09:31:09: --> +OK user... User ok
Mon 2008-06-16 09:31:09: <-- PASS ******
Mon 2008-06-16 09:31:09: --> -ERR access denied
Mon 2008-06-16 09:31:09: POP session terminated, (Bytes in/out: 22/71)
Mon 2008-06-16 09:31:09: ----------
Mon 2008-06-16 09:31:09: Session 8438; child 6
Mon 2008-06-16 09:31:08: Accepting POP connection from [216.147.161.7 : 63236]
Mon 2008-06-16 09:31:08: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:09: <-- USER test
Mon 2008-06-16 09:31:09: --> +OK test... User ok
Mon 2008-06-16 09:31:09: <-- PASS ******
Mon 2008-06-16 09:31:09: --> -ERR access denied
Mon 2008-06-16 09:31:09: POP session terminated, (Bytes in/out: 22/71)
Mon 2008-06-16 09:31:09: ----------
Mon 2008-06-16 09:31:09: Session 8439; child 7
Mon 2008-06-16 09:31:08: Accepting POP connection from [216.147.161.7 : 63237]
Mon 2008-06-16 09:31:08: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:09: <-- USER web
Mon 2008-06-16 09:31:09: --> +OK web... User ok
Mon 2008-06-16 09:31:09: <-- PASS ******
Mon 2008-06-16 09:31:09: --> -ERR access denied
Mon 2008-06-16 09:31:09: POP session terminated, (Bytes in/out: 20/70)
Mon 2008-06-16 09:31:09: ----------
Mon 2008-06-16 09:31:09: Session 8440; child 8
Mon 2008-06-16 09:31:08: Accepting POP connection from [216.147.161.7 : 63239]
Mon 2008-06-16 09:31:08: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:09: <-- USER www
Mon 2008-06-16 09:31:09: --> +OK www... User ok
Mon 2008-06-16 09:31:09: <-- PASS ******
Mon 2008-06-16 09:31:09: --> -ERR access denied
Mon 2008-06-16 09:31:09: POP session terminated, (Bytes in/out: 20/70)
Mon 2008-06-16 09:31:09: ----------
Mon 2008-06-16 09:31:09: Session 8441; child 9
Mon 2008-06-16 09:31:09: Accepting POP connection from [216.147.161.7 : 63241]
Mon 2008-06-16 09:31:09: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:09: <-- USER administrator
Mon 2008-06-16 09:31:09: --> +OK administrator... User ok
Mon 2008-06-16 09:31:09: <-- PASS ******
Mon 2008-06-16 09:31:09: --> -ERR access denied
Mon 2008-06-16 09:31:09: POP session terminated, (Bytes in/out: 40/80)
Mon 2008-06-16 09:31:09: ----------
Mon 2008-06-16 09:31:09: Session 8442; child 9
Mon 2008-06-16 09:31:09: Accepting POP connection from [216.147.161.7 : 63243]
Mon 2008-06-16 09:31:09: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:09: <-- USER oracle
Mon 2008-06-16 09:31:09: --> +OK oracle... User ok
Mon 2008-06-16 09:31:09: <-- PASS ******
Mon 2008-06-16 09:31:09: --> -ERR access denied
Mon 2008-06-16 09:31:09: POP session terminated, (Bytes in/out: 26/73)
Mon 2008-06-16 09:31:09: ----------
Mon 2008-06-16 09:31:10: Session 8443; child 8
Mon 2008-06-16 09:31:09: Accepting POP connection from [216.147.161.7 : 63244]
Mon 2008-06-16 09:31:09: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:09: <-- USER sybase
Mon 2008-06-16 09:31:09: --> +OK sybase... User ok
Mon 2008-06-16 09:31:10: <-- PASS ******
Mon 2008-06-16 09:31:10: --> -ERR access denied
Mon 2008-06-16 09:31:10: POP session terminated, (Bytes in/out: 26/73)
Mon 2008-06-16 09:31:10: ----------
Mon 2008-06-16 09:31:10: Session 8446; child 8
Mon 2008-06-16 09:31:09: Accepting POP connection from [216.147.161.7 : 63249]
Mon 2008-06-16 09:31:09: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:10: <-- USER backup
Mon 2008-06-16 09:31:10: --> +OK backup... User ok
Mon 2008-06-16 09:31:10: <-- PASS ******
Mon 2008-06-16 09:31:10: --> -ERR access denied
Mon 2008-06-16 09:31:10: POP session terminated, (Bytes in/out: 26/73)
Mon 2008-06-16 09:31:10: ----------
Mon 2008-06-16 09:31:10: Session 8444; child 8
Mon 2008-06-16 09:31:09: Accepting POP connection from [216.147.161.7 : 63247]
Mon 2008-06-16 09:31:09: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:10: <-- USER informix
Mon 2008-06-16 09:31:10: --> +OK informix... User ok
Mon 2008-06-16 09:31:10: <-- PASS ******
Mon 2008-06-16 09:31:10: --> -ERR access denied
Mon 2008-06-16 09:31:10: POP session terminated, (Bytes in/out: 30/75)
Mon 2008-06-16 09:31:10: ----------
Mon 2008-06-16 09:31:10: Session 8445; child 9
Mon 2008-06-16 09:31:09: Accepting POP connection from [216.147.161.7 : 63248]
Mon 2008-06-16 09:31:09: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:10: <-- USER oracle8
Mon 2008-06-16 09:31:10: --> +OK oracle8... User ok
Mon 2008-06-16 09:31:10: <-- PASS ******
Mon 2008-06-16 09:31:10: --> -ERR access denied
Mon 2008-06-16 09:31:10: POP session terminated, (Bytes in/out: 28/74)
Mon 2008-06-16 09:31:10: ----------
Mon 2008-06-16 09:31:10: Session 8447; child 8
Mon 2008-06-16 09:31:09: Accepting POP connection from [216.147.161.7 : 63252]
Mon 2008-06-16 09:31:09: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:10: <-- USER lizdy
Mon 2008-06-16 09:31:10: --> +OK lizdy... User ok
Mon 2008-06-16 09:31:10: <-- PASS ******
Mon 2008-06-16 09:31:10: --> -ERR access denied
Mon 2008-06-16 09:31:10: POP session terminated, (Bytes in/out: 24/72)
Mon 2008-06-16 09:31:10: ----------
Mon 2008-06-16 09:31:10: Session 8449; child 8
Mon 2008-06-16 09:31:09: Accepting POP connection from [216.147.161.7 : 63260]
Mon 2008-06-16 09:31:09: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:10: <-- USER data
Mon 2008-06-16 09:31:10: --> +OK data... User ok
Mon 2008-06-16 09:31:10: <-- PASS ******
Mon 2008-06-16 09:31:10: --> -ERR access denied
Mon 2008-06-16 09:31:10: POP session terminated, (Bytes in/out: 22/71)
Mon 2008-06-16 09:31:10: ----------
Mon 2008-06-16 09:31:10: Session 8450; child 9
Mon 2008-06-16 09:31:10: Accepting POP connection from [216.147.161.7 : 63261]
Mon 2008-06-16 09:31:10: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:10: <-- USER root
Mon 2008-06-16 09:31:10: --> +OK root... User ok
Mon 2008-06-16 09:31:10: <-- PASS ******
Mon 2008-06-16 09:31:10: --> -ERR access denied
Mon 2008-06-16 09:31:10: POP session terminated, (Bytes in/out: 24/71)
Mon 2008-06-16 09:31:10: ----------
Mon 2008-06-16 09:31:10: Session 8451; child 10
Mon 2008-06-16 09:31:10: Accepting POP connection from [216.147.161.7 : 63263]
Mon 2008-06-16 09:31:10: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:10: <-- USER admin
Mon 2008-06-16 09:31:10: --> +OK admin... User ok
Mon 2008-06-16 09:31:10: <-- PASS ******
Mon 2008-06-16 09:31:10: --> -ERR access denied
Mon 2008-06-16 09:31:10: POP session terminated, (Bytes in/out: 26/72)
Mon 2008-06-16 09:31:10: ----------
Mon 2008-06-16 09:31:10: Session 8448; child 9
Mon 2008-06-16 09:31:09: Accepting POP connection from [216.147.161.7 : 63256]
Mon 2008-06-16 09:31:09: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:10: <-- USER server
Mon 2008-06-16 09:31:10: --> +OK server... User ok
Mon 2008-06-16 09:31:10: <-- PASS ******
Mon 2008-06-16 09:31:10: --> -ERR access denied
Mon 2008-06-16 09:31:10: POP session terminated, (Bytes in/out: 26/73)
Mon 2008-06-16 09:31:10: ----------
Mon 2008-06-16 09:31:11: Session 8453; child 11
Mon 2008-06-16 09:31:10: Accepting POP connection from [216.147.161.7 : 63267]
Mon 2008-06-16 09:31:10: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:10: <-- USER access
Mon 2008-06-16 09:31:10: --> +OK access... User ok
Mon 2008-06-16 09:31:11: <-- PASS ******
Mon 2008-06-16 09:31:11: --> -ERR access denied
Mon 2008-06-16 09:31:11: POP session terminated, (Bytes in/out: 26/73)
Mon 2008-06-16 09:31:11: ----------
Mon 2008-06-16 09:31:11: Session 8452; child 10
Mon 2008-06-16 09:31:10: Accepting POP connection from [216.147.161.7 : 63264]
Mon 2008-06-16 09:31:10: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:10: <-- USER account
Mon 2008-06-16 09:31:10: --> +OK account... User ok
Mon 2008-06-16 09:31:11: <-- PASS ******
Mon 2008-06-16 09:31:11: --> -ERR access denied
Mon 2008-06-16 09:31:11: POP session terminated, (Bytes in/out: 28/74)
Mon 2008-06-16 09:31:11: ----------
Mon 2008-06-16 09:31:11: Session 8454; child 12
Mon 2008-06-16 09:31:10: Accepting POP connection from [216.147.161.7 : 63270]
Mon 2008-06-16 09:31:10: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:10: <-- USER pwrchute
Mon 2008-06-16 09:31:10: --> +OK pwrchute... User ok
Mon 2008-06-16 09:31:11: <-- PASS ******
Mon 2008-06-16 09:31:11: --> -ERR access denied
Mon 2008-06-16 09:31:11: POP session terminated, (Bytes in/out: 30/75)
Mon 2008-06-16 09:31:11: ----------
Mon 2008-06-16 09:31:11: Session 8455; child 12
Mon 2008-06-16 09:31:10: Accepting POP connection from [216.147.161.7 : 63274]
Mon 2008-06-16 09:31:10: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:11: <-- USER test
Mon 2008-06-16 09:31:11: --> +OK test... User ok
Mon 2008-06-16 09:31:11: <-- PASS ******
Mon 2008-06-16 09:31:11: --> -ERR access denied
Mon 2008-06-16 09:31:11: POP session terminated, (Bytes in/out: 24/71)
Mon 2008-06-16 09:31:11: ----------
Mon 2008-06-16 09:31:11: Session 8456; child 12
Mon 2008-06-16 09:31:10: Accepting POP connection from [216.147.161.7 : 63276]
Mon 2008-06-16 09:31:10: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:11: <-- USER web
Mon 2008-06-16 09:31:11: --> +OK web... User ok
Mon 2008-06-16 09:31:11: <-- PASS ******
Mon 2008-06-16 09:31:11: --> -ERR access denied
Mon 2008-06-16 09:31:11: POP session terminated, (Bytes in/out: 22/70)
Mon 2008-06-16 09:31:11: ----------
Mon 2008-06-16 09:31:11: Session 8458; child 10
Mon 2008-06-16 09:31:10: Accepting POP connection from [216.147.161.7 : 63285]
Mon 2008-06-16 09:31:10: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:11: <-- USER administrator
Mon 2008-06-16 09:31:11: --> +OK administrator... User ok
Mon 2008-06-16 09:31:11: <-- PASS ******
Mon 2008-06-16 09:31:11: --> -ERR access denied
Mon 2008-06-16 09:31:11: POP session terminated, (Bytes in/out: 42/80)
Mon 2008-06-16 09:31:11: ----------
Mon 2008-06-16 09:31:11: Session 8457; child 11
Mon 2008-06-16 09:31:10: Accepting POP connection from [216.147.161.7 : 63279]
Mon 2008-06-16 09:31:10: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:11: <-- USER www
Mon 2008-06-16 09:31:11: --> +OK www... User ok
Mon 2008-06-16 09:31:11: <-- PASS ******
Mon 2008-06-16 09:31:11: --> -ERR access denied
Mon 2008-06-16 09:31:11: POP session terminated, (Bytes in/out: 22/70)
Mon 2008-06-16 09:31:11: ----------
Mon 2008-06-16 09:31:11: Session 8459; child 10
Mon 2008-06-16 09:31:10: Accepting POP connection from [216.147.161.7 : 63286]
Mon 2008-06-16 09:31:10: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:11: <-- USER oracle
Mon 2008-06-16 09:31:11: --> +OK oracle... User ok
Mon 2008-06-16 09:31:11: <-- PASS ******
Mon 2008-06-16 09:31:11: --> -ERR access denied
Mon 2008-06-16 09:31:11: POP session terminated, (Bytes in/out: 28/73)
Mon 2008-06-16 09:31:11: ----------
Mon 2008-06-16 09:31:11: Session 8460; child 10
Mon 2008-06-16 09:31:10: Accepting POP connection from [216.147.161.7 : 63288]
Mon 2008-06-16 09:31:10: --> +OK sz.com POP MAIL ready
Mon 2008-06-16 09:31:11: <-- USER sybase
Mon 2008-06-16 09:31:11: --> +OK sybase... User ok
Mon 2008-06-16 09:31:11: <-- PASS ******
Mon 2008-06-16 09:31:11: --> -ERR access denied
Mon 2008-06-16 09:31:11: POP session terminated, (Bytes in/out: 28/73)
Mon 2008-06-16 09:31:11: ----------


怎样杜绝或者限制这样的ip地址呀?


另外还有一个问题,就是有用户反映有时候通过web方式使用邮件系统的时候,出现“请求会话的IP地址不合法”,怎样解决呀?

还有一个问题,就是我想看看用户通过web方式访问邮箱的一些日志信息,从那个日志文件可以看到呀,我在日志文件中找到有个IMAP的log文件,但是里面没有内容,要怎么设置再那里可以看到?

[ 本帖最后由 maxwell 于 2008-6-20 10:29 编辑 ]
欢迎关注本站的微信公众帐号,获取最新邮件资讯与技术文章!
回复

使用道具 举报

wxhsh
沙发
发表于 2008-6-20 11:28:38 | 只看该作者
1.这个没啥办法,所以MD加了个强密码验证的功能。不过一般也只能重试3次。
2.这个到如下设置,但会有安全风险

去除此选项
3.WorldClient.log

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?会员注册

x
找不到下载链接?请看5DMAIL下载区,下载说明!
回复 支持 反对

使用道具 举报

maxwell
藤椅
 楼主| 发表于 2008-6-21 19:14:57 | 只看该作者

回复 2楼 的帖子

谢谢你的回复,第一个我通过web尝试一个用户名,可以尝试很多次呀,好像没有三次限制。MD里面没有看到WorldClient.log这个日志呀
回复 支持 反对

使用道具 举报

wxhsh
板凳
发表于 2008-6-23 11:27:10 | 只看该作者
1.我指的是POP方式下的重试次数,你的问题也是说POP日志。
2.应该是有的吧,没有的话检查下,设置-日志选项:

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?会员注册

x
八招轻松获取5D金币 5DMail 论坛积分策略详解
回复 支持 反对

使用道具 举报

maxwell
报纸
 楼主| 发表于 2008-6-24 21:31:22 | 只看该作者
非常感谢,记录到了http的日志,通过测试尝试通过web方式访问发送邮件,WorldClient.log有日志记录,但是我尝试通过web方式删除邮件,并清空已删除邮件,WorldClient.log里面感觉没有记录相关信息,烦请指教
回复 支持 反对

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 会员注册

本版积分规则

小黑屋|手机版|Archiver|邮件技术资讯网

GMT+8, 2024-11-18 16:55

Powered by Discuz! X3.2

© 2001-2016 Comsenz Inc.

本论坛为非盈利中立机构,所有言论属发表者个人意见,不代表本论坛立场。内容所涉及版权和法律相关事宜请参考各自所有者的条款。
如认定侵犯了您权利,请联系我们。本论坛原创内容请联系后再行转载并务必保留我站信息。此声明修改不另行通知,保留最终解释权。
*本论坛会员专属QQ群:邮件技术资讯网会员QQ群
 *本论坛会员备用QQ群:邮件技术资讯网备用群

快速回复 返回顶部 返回列表