新手救助，我刚装好MD没用两天，今天被用来做肉鸡，怎么办

004103 · 发表于 2009-5-20 23:13:24

今天下午，发现不能收发邮件，你看服务器收发了上万封的邮件，服务器是收到后就发向目标地址，我想不是垃圾邮件类的，应该是被别人利用做转发邮件的服务器了。我都把安全规则启用，目前是把它挡住在端口外，但是还是不停的占用我的端口，我现在只能发，不能收

，跪求大家帮忙

004103 · 发表于 2009-5-20 23:35:05

Wed 2009-05-20 23:28:22: 发件人试图投递邮件到未知地址
Wed 2009-05-20 23:28:22: --> 550 <julie_chen01@yahoo.com.tw>, Recipient unknown
Wed 2009-05-20 23:28:38: <-- RCPT TO: <k0982242499@yahoo.com.tw>
Wed 2009-05-20 23:28:38: Checking if we are a valid MX for yahoo.com.tw
Wed 2009-05-20 23:28:38: *  P=005 S=000 D=yahoo.com.tw TTL=(7) MX=[mx2.mail.tw.yahoo.com] {203.188.197.10}
Wed 2009-05-20 23:28:38: *  P=005 S=001 D=yahoo.com.tw TTL=(7) MX=[mx1.mail.tw.yahoo.com] {203.188.197.9}
Wed 2009-05-20 23:28:38: 发件人试图投递邮件到未知地址
Wed 2009-05-20 23:28:38: --> 550 <k0982242499@yahoo.com.tw>, Recipient unknown
Wed 2009-05-20 23:28:48: <-- RSET
Wed 2009-05-20 23:28:48: --> 250 RSET? Well, ok.
Wed 2009-05-20 23:29:07: <-- MAIL FROM: <jylizprnozrab@ms32.hinet.net>
Wed 2009-05-20 23:29:07: Performing IP lookup (ms32.hinet.net)
Wed 2009-05-20 23:29:07: *  D=ms32.hinet.net TTL=(1087) A=[168.95.4.32]
Wed 2009-05-20 23:29:07: *  P=000 S=000 D=ms32.hinet.net TTL=(1083) MX=[ms32a.hinet.net] {168.95.5.32}
Wed 2009-05-20 23:29:07: ---- End IP lookup results
Wed 2009-05-20 23:29:07: Performing SPF lookup (ms32.hinet.net / 192.200.117.1)
Wed 2009-05-20 23:29:07: *  Result: none; no SPF record in DNS
Wed 2009-05-20 23:29:07: ---- End SPF results
Wed 2009-05-20 23:29:07: --> 250 <jylizprnozrab@ms32.hinet.net>, Sender ok
Wed 2009-05-20 23:29:22: <-- RCPT TO: <liz_010137@yahoo.com.tw>
Wed 2009-05-20 23:29:22: Checking if we are a valid MX for yahoo.com.tw
Wed 2009-05-20 23:29:22: *  P=005 S=000 D=yahoo.com.tw TTL=(7) MX=[mx2.mail.tw.yahoo.com] {203.188.197.10}
Wed 2009-05-20 23:29:22: *  P=005 S=001 D=yahoo.com.tw TTL=(7) MX=[mx1.mail.tw.yahoo.com] {203.188.197.9}
Wed 2009-05-20 23:29:22: 发件人试图投递邮件到未知地址
Wed 2009-05-20 23:29:22: --> 550 <liz_010137@yahoo.com.tw>, Recipient unknown
Wed 2009-05-20 23:29:32: <-- RCPT TO: <grace1992jim@yahoo.com.tw>
Wed 2009-05-20 23:29:32: Checking if we are a valid MX for yahoo.com.tw
Wed 2009-05-20 23:29:32: *  P=005 S=000 D=yahoo.com.tw TTL=(7) MX=[mx2.mail.tw.yahoo.com] {203.188.197.10}
Wed 2009-05-20 23:29:32: *  P=005 S=001 D=yahoo.com.tw TTL=(7) MX=[mx1.mail.tw.yahoo.com] {203.188.197.9}
Wed 2009-05-20 23:29:32: 发件人试图投递邮件到未知地址
Wed 2009-05-20 23:29:32: --> 550 <grace1992jim@yahoo.com.tw>, Recipient unknown
Wed 2009-05-20 23:29:42: <-- RCPT TO: <homygod20002001@yahoo.com.tw>
Wed 2009-05-20 23:29:42: Checking if we are a valid MX for yahoo.com.tw
Wed 2009-05-20 23:29:42: *  P=005 S=000 D=yahoo.com.tw TTL=(2) MX=[mx1.mail.tw.yahoo.com] {203.188.197.9}
Wed 2009-05-20 23:29:42: *  P=005 S=001 D=yahoo.com.tw TTL=(2) MX=[mx2.mail.tw.yahoo.com] {203.188.197.10}
Wed 2009-05-20 23:29:42: 发件人试图投递邮件到未知地址
Wed 2009-05-20 23:29:42: --> 550 <homygod20002001@yahoo.com.tw>, Recipient unknown
Wed 2009-05-20 23:29:53: <-- RCPT TO: <henrychen5858@yahoo.com.tw>
Wed 2009-05-20 23:29:53: Checking if we are a valid MX for yahoo.com.tw
Wed 2009-05-20 23:29:53: *  P=005 S=000 D=yahoo.com.tw TTL=(2) MX=[mx1.mail.tw.yahoo.com] {203.188.197.9}
Wed 2009-05-20 23:29:53: *  P=005 S=001 D=yahoo.com.tw TTL=(2) MX=[mx2.mail.tw.yahoo.com] {203.188.197.10}
Wed 2009-05-20 23:29:53: 发件人试图投递邮件到未知地址
Wed 2009-05-20 23:29:53: --> 550 <henrychen5858@yahoo.com.tw>, Recipient unknown
Wed 2009-05-20 23:30:03: <-- RCPT TO: <elva-0824@yahoo.com.tw>
Wed 2009-05-20 23:30:03: Checking if we are a valid MX for yahoo.com.tw
Wed 2009-05-20 23:30:03: *  P=005 S=000 D=yahoo.com.tw TTL=(1) MX=[mx1.mail.tw.yahoo.com] {203.188.197.9}
Wed 2009-05-20 23:30:03: *  P=005 S=001 D=yahoo.com.tw TTL=(1) MX=[mx2.mail.tw.yahoo.com] {203.188.197.10}
Wed 2009-05-20 23:30:03: 发件人试图投递邮件到未知地址
Wed 2009-05-20 23:30:03: --> 550 <elva-0824@yahoo.com.tw>, Recipient unknown
Wed 2009-05-20 23:30:14: <-- RCPT TO: <hisanicknick@yahoo.com.tw>
Wed 2009-05-20 23:30:14: Checking if we are a valid MX for yahoo.com.tw
Wed 2009-05-20 23:30:14: *  P=005 S=000 D=yahoo.com.tw TTL=(6) MX=[mx1.mail.tw.yahoo.com] {203.188.197.9}
Wed 2009-05-20 23:30:14: *  P=005 S=001 D=yahoo.com.tw TTL=(6) MX=[mx2.mail.tw.yahoo.com] {203.188.197.10}
Wed 2009-05-20 23:30:14: 发件人试图投递邮件到未知地址
Wed 2009-05-20 23:30:14: --> 550 <hisanicknick@yahoo.com.tw>, Recipient unknown
Wed 2009-05-20 23:31:04: Winsock Error 10060 连接超时。
Wed 2009-05-20 23:31:04: SMTP 会话终止（in/out 字节： 720/1107）
Wed 2009-05-20 23:31:04: ----------

xfhj · 发表于 2009-5-21 07:49:51

把IP加入黑名单试试看啊

004103 · 发表于 2009-5-21 08:25:39

我加了，该做的防护我都做了

004103 · 发表于 2009-5-21 10:59:34

坐等高手或者有相同遭遇的提供帮助

liuheliuxi · 发表于 2009-5-22 11:51:08

开启动态屏蔽，2分钟内连接超过5次就屏蔽这个IP地址30分钟
记得如果外面有子公司，把子公司的IP地址加到白名单

004103 · 发表于 2009-5-22 13:42:15

不是多少频率，是不停的在出现，

我也按你们的方法做了防护，在昨天中午又都一切正常了

也不知道是怎么解决的

		自动登录	找回密码
密码			会员注册

[求助] 新手救助，我刚装好MD没用两天，今天被用来做肉鸡，怎么办

附上日志，恳请高手帮忙

我加了，该做的防护我都做了

坐等高手或者有相同遭遇的提供帮助