设为首页收藏本站
开启辅助访问
ORF反垃圾邮件系统

邮件服务器-邮件系统-邮件技术论坛(BBS)

 找回密码
 会员注册
邮件服务器-邮件系统-邮件技术论坛(BBS)»论坛首页 ≡ 邮件服务器专区≡ MDaemon Server 邮件服务器被人不定期中继
返回列表 发新帖
查看: 5646|回复: 4
打印 上一主题 下一主题

[求助] 邮件服务器被人不定期中继

[复制链接]
heieye104
跳转到指定楼层
顶楼
发表于 2009-10-26 09:33:30 | 只看该作者 回帖奖励 |倒序浏览 |阅读模式
最近检查日志发现邮件服务器不定时被人当作中继服务器使用,不知道有没有遇到过,邮件服务器中继功能已关闭

日志如下(SMTP 出日志)
Mon 2009-10-26 02:05:44: Parsing message <d:\mdaemon\queues\remote\pd50000748011.msg>
Mon 2009-10-26 02:05:44: *  From: yhu.gooy@hgfe.com
Mon 2009-10-26 02:05:44: *  To: zttz@live.cn
Mon 2009-10-26 02:05:44: *  Subject: =?GB2312?B?sNfB7Ljf0Kew7LmrvLzE3ChQUFQrRXhjZWwr06bTw8zhyf0p?=
Mon 2009-10-26 02:05:44: *  Message-ID:
Mon 2009-10-26 02:05:44: 试图 SMTP 连接到 [live.cn]
Mon 2009-10-26 02:05:44: 正在解析 [live.cn] MX 记录 (DNS 服务器:203.196.2.6)...
Mon 2009-10-26 02:05:44: *  P=005 S=000 D=live.cn TTL=(21) MX=[mx1.hotmail.com] {65.55.37.72}
Mon 2009-10-26 02:05:44: *  P=005 S=001 D=live.cn TTL=(21) MX=[mx2.hotmail.com] {65.55.37.120}
Mon 2009-10-26 02:05:44: *  P=005 S=002 D=live.cn TTL=(21) MX=[mx3.hotmail.com] {65.55.37.104}
Mon 2009-10-26 02:05:44: *  P=005 S=003 D=live.cn TTL=(21) MX=[mx4.hotmail.com]
Mon 2009-10-26 02:05:44: *  P=005 S=004 D=live.cn TTL=(21) MX=[mx1.hotmail.com] {65.55.37.88} multi-homed
Mon 2009-10-26 02:05:44: *  P=005 S=005 D=live.cn TTL=(21) MX=[mx1.hotmail.com] {65.55.37.104} multi-homed
Mon 2009-10-26 02:05:44: *  P=005 S=006 D=live.cn TTL=(21) MX=[mx1.hotmail.com] {65.55.37.120} multi-homed
Mon 2009-10-26 02:05:44: *  P=005 S=007 D=live.cn TTL=(21) MX=[mx1.hotmail.com] {65.55.92.136} multi-homed
Mon 2009-10-26 02:05:44: *  P=005 S=008 D=live.cn TTL=(21) MX=[mx1.hotmail.com] {65.55.92.184} multi-homed
Mon 2009-10-26 02:05:44: *  P=005 S=009 D=live.cn TTL=(21) MX=[mx2.hotmail.com] {65.55.92.136} multi-homed
Mon 2009-10-26 02:05:44: *  P=005 S=010 D=live.cn TTL=(21) MX=[mx2.hotmail.com] {65.55.92.152} multi-homed
Mon 2009-10-26 02:05:44: *  P=005 S=011 D=live.cn TTL=(21) MX=[mx2.hotmail.com] {65.55.37.72} multi-homed
Mon 2009-10-26 02:05:44: *  P=005 S=012 D=live.cn TTL=(21) MX=[mx2.hotmail.com] {65.55.37.88} multi-homed
Mon 2009-10-26 02:05:44: *  P=005 S=013 D=live.cn TTL=(21) MX=[mx2.hotmail.com] {65.55.37.104} multi-homed
Mon 2009-10-26 02:05:44: *  P=005 S=014 D=live.cn TTL=(21) MX=[mx3.hotmail.com] {65.55.37.120} multi-homed
Mon 2009-10-26 02:05:44: *  P=005 S=015 D=live.cn TTL=(21) MX=[mx3.hotmail.com] {65.55.92.152} multi-homed
Mon 2009-10-26 02:05:44: *  P=005 S=016 D=live.cn TTL=(21) MX=[mx3.hotmail.com] {65.55.92.168} multi-homed
Mon 2009-10-26 02:05:44: *  P=005 S=017 D=live.cn TTL=(21) MX=[mx3.hotmail.com] {65.55.37.72} multi-homed
Mon 2009-10-26 02:05:44: *  P=005 S=018 D=live.cn TTL=(21) MX=[mx3.hotmail.com] {65.55.37.88} multi-homed
Mon 2009-10-26 02:05:44: 试图 SMTP 连接到 [65.55.37.72:25]
Mon 2009-10-26 02:05:44: 正在等待套接字连接...
Mon 2009-10-26 02:05:44: *  连接已建立(127.0.0.1:4311 -> 65.55.37.72:25)
Mon 2009-10-26 02:05:44: 正在等待协议启动...
Mon 2009-10-26 02:05:44: <-- 220 col0-mc1-f18.Col0.hotmail.com Sending unsolicited commercial or bulk e-mail to Microsoft's computer network is prohibited. Other

restrictions are found at http://privacy.msn.com/Anti-spam/. Violations will result in use of equipment located in Cali
Mon 2009-10-26 02:05:44: --> EHLO mail.a.com
Mon 2009-10-26 02:05:44: <-- 250-col0-mc1-f18.Col0.hotmail.com (3.9.0.73) Hello [211.152.109.65]
Mon 2009-10-26 02:05:44: <-- 250-SIZE 29696000
Mon 2009-10-26 02:05:44: <-- 250-PIPELINING
Mon 2009-10-26 02:05:44: <-- 250-8bitmime
Mon 2009-10-26 02:05:44: <-- 250-BINARYMIME
Mon 2009-10-26 02:05:44: <-- 250-CHUNKING
Mon 2009-10-26 02:05:44: <-- 250-AUTH LOGIN
Mon 2009-10-26 02:05:44: <-- 250-AUTH=LOGIN
Mon 2009-10-26 02:05:44: <-- 250 OK
Mon 2009-10-26 02:05:44: --> MAIL From:<yhu.gooy@hgfe.com> SIZE=12503
Mon 2009-10-26 02:05:45: <-- 250 yhu.gooy@hgfe.com....Sender OK
Mon 2009-10-26 02:05:45: --> RCPT To:<zttz@live.cn>
Mon 2009-10-26 02:05:45: <-- 250 zttz@live.cn
Mon 2009-10-26 02:05:45: --> DATA
Mon 2009-10-26 02:05:45: <-- 354 Start mail input; end with <CRLF>.<CRLF>
Mon 2009-10-26 02:05:45: 正在发送 <d:\mdaemon\queues\remote\pd50000748011.msg> 到 [65.55.37.72]
Mon 2009-10-26 02:05:46: 传输完成
Mon 2009-10-26 02:05:46: <-- 250 <COL0-MC1-F185XAEwHi01810ee1@col0-mc1-f18.Col0.hotmail.com> Queued mail for delivery
Mon 2009-10-26 02:05:46: --> QUIT
Mon 2009-10-26 02:05:46: <-- 221 col0-mc1-f18.Col0.hotmail.com Service closing transmission channel
Mon 2009-10-26 02:05:46: SMTP 会话成功(进/出字节:762/12611)
Mon 2009-10-26 02:05:46: ----------
Mon 2009-10-26 02:26:24: Session 3059; child 1
Mon 2009-10-26 02:26:23: Parsing message <d:\mdaemon\queues\remote\pd35000748012.msg>
Mon 2009-10-26 02:26:23: *  From: msxdjo@magazine.99bill.com
Mon 2009-10-26 02:26:23: *  To: lu-xianyu@163.com
Mon 2009-10-26 02:26:23: *  Subject: =?GB2312?B?uanTpjA5xOq5+rzKwLS7qrLJubrJzMP7wrzXytS0?=
Mon 2009-10-26 02:26:23: *  Message-ID: <f9b791a935802469d056ff7d13680dd0@magazine3.99bill.com>
Mon 2009-10-26 02:26:23: 试图 SMTP 连接到 [163.com]
Mon 2009-10-26 02:26:23: 正在解析 [163.com] MX 记录 (DNS 服务器:203.196.5.6)...
Mon 2009-10-26 02:26:23: *  P=010 S=000 D=163.com TTL=(42) MX=[mxnew-a.163.com] {220.181.12.70}
Mon 2009-10-26 02:26:23: *  P=010 S=001 D=163.com TTL=(42) MX=[mxnew-b.163.com] {220.181.12.81}
Mon 2009-10-26 02:26:23: *  P=010 S=002 D=163.com TTL=(42) MX=[mxnew-c.163.com]
Mon 2009-10-26 02:26:23: *  P=010 S=003 D=163.com TTL=(42) MX=[mxnew-d.163.com]
Mon 2009-10-26 02:26:23: *  P=010 S=004 D=163.com TTL=(42) MX=[mxnew-a.163.com] {220.181.12.71} multi-homed
Mon 2009-10-26 02:26:23: *  P=010 S=005 D=163.com TTL=(42) MX=[mxnew-a.163.com] {220.181.12.72} multi-homed
Mon 2009-10-26 02:26:23: *  P=010 S=006 D=163.com TTL=(42) MX=[mxnew-a.163.com] {220.181.12.79} multi-homed
Mon 2009-10-26 02:26:23: *  P=010 S=007 D=163.com TTL=(42) MX=[mxnew-a.163.com] {220.181.12.52} multi-homed
Mon 2009-10-26 02:26:23: *  P=010 S=008 D=163.com TTL=(42) MX=[mxnew-a.163.com] {220.181.12.53} multi-homed
Mon 2009-10-26 02:26:23: *  P=010 S=009 D=163.com TTL=(42) MX=[mxnew-a.163.com] {220.181.12.55} multi-homed
Mon 2009-10-26 02:26:23: *  P=010 S=010 D=163.com TTL=(42) MX=[mxnew-a.163.com] {220.181.12.56} multi-homed
Mon 2009-10-26 02:26:23: *  P=010 S=011 D=163.com TTL=(42) MX=[mxnew-a.163.com] {220.181.12.57} multi-homed
Mon 2009-10-26 02:26:23: *  P=010 S=012 D=163.com TTL=(42) MX=[mxnew-a.163.com] {220.181.12.58} multi-homed
Mon 2009-10-26 02:26:23: *  P=010 S=013 D=163.com TTL=(42) MX=[mxnew-a.163.com] {220.181.12.59} multi-homed
Mon 2009-10-26 02:26:23: *  P=010 S=014 D=163.com TTL=(42) MX=[mxnew-a.163.com] {220.181.12.69} multi-homed
Mon 2009-10-26 02:26:23: *  P=010 S=015 D=163.com TTL=(42) MX=[mxnew-b.163.com] {220.181.12.83} multi-homed
Mon 2009-10-26 02:26:23: *  P=010 S=016 D=163.com TTL=(42) MX=[mxnew-b.163.com] {220.181.12.84} multi-homed
Mon 2009-10-26 02:26:23: *  P=010 S=017 D=163.com TTL=(42) MX=[mxnew-b.163.com] {220.181.12.85} multi-homed
Mon 2009-10-26 02:26:23: *  P=010 S=018 D=163.com TTL=(42) MX=[mxnew-b.163.com] {220.181.12.51} multi-homed
Mon 2009-10-26 02:26:23: *  P=010 S=019 D=163.com TTL=(42) MX=[mxnew-b.163.com] {220.181.12.59} multi-homed
Mon 2009-10-26 02:26:23: *  P=010 S=020 D=163.com TTL=(42) MX=[mxnew-b.163.com] {220.181.12.60} multi-homed
Mon 2009-10-26 02:26:23: *  P=010 S=021 D=163.com TTL=(42) MX=[mxnew-b.163.com] {220.181.12.61} multi-homed
Mon 2009-10-26 02:26:23: *  P=010 S=022 D=163.com TTL=(42) MX=[mxnew-b.163.com] {220.181.12.80} multi-homed
Mon 2009-10-26 02:26:23: 试图 SMTP 连接到 [220.181.12.70:25]
Mon 2009-10-26 02:26:23: 正在等待套接字连接...
Mon 2009-10-26 02:26:23: *  连接已建立(127.0.0.1:4576 -> 220.181.12.70:25)
Mon 2009-10-26 02:26:23: 正在等待协议启动...
Mon 2009-10-26 02:26:24: <-- 220 163.com Anti-spam GT for Coremail System (163com[20090903])
Mon 2009-10-26 02:26:24: --> EHLO mail.a.com
Mon 2009-10-26 02:26:24: <-- 250-mail
Mon 2009-10-26 02:26:24: <-- 250-PIPELINING
Mon 2009-10-26 02:26:24: <-- 250-AUTH LOGIN PLAIN
Mon 2009-10-26 02:26:24: <-- 250-AUTH=LOGIN PLAIN
Mon 2009-10-26 02:26:24: <-- 250-coremail 1U702Iq1cx7nn48twnFpTcJGFyFZ-VUdr43Wosqpfu2mT9f84xE827rUUUUjjIY0xxv8UJJMjq31IkIcUJUUUU8=
Mon 2009-10-26 02:26:24: <-- 250 8BITMIME
Mon 2009-10-26 02:26:24: --> MAIL From:<lina@a.com>
Mon 2009-10-26 02:26:24: <-- 250 Mail OK
Mon 2009-10-26 02:26:24: --> RCPT To:<lu-xianyu@163.com>
Mon 2009-10-26 02:26:24: <-- 550 User suspended: lu-xianyu@163.com
Mon 2009-10-26 02:26:24: --> QUIT
Mon 2009-10-26 02:26:24: <-- 221 Bye
Mon 2009-10-26 02:26:24: SMTP 会话终止(in/out 字节: 313/92)
Mon 2009-10-26 02:26:24: ----------
Mon 2009-10-26 02:47:09: Session 3349; child 1
Mon 2009-10-26 02:47:05: Parsing message <d:\mdaemon\queues\remote\pd50000748013.msg>
Mon 2009-10-26 02:47:05: *  From: setserkz@topshipchem.com
Mon 2009-10-26 02:47:05: *  To: hekaicn@gmail.com
Mon 2009-10-26 02:47:05: *  Subject: =?gb2312?B?UFBUK0V4Y2VsK9Om08PM4cn9?=
Mon 2009-10-26 02:47:05: *  Message-ID: <20091026024637842713@dolr>
Mon 2009-10-26 02:47:05: 试图 SMTP 连接到 [gmail.com]
Mon 2009-10-26 02:47:05: 正在解析 [gmail.com] MX 记录 (DNS 服务器:203.196.0.6)...
Mon 2009-10-26 02:47:05: *  P=005 S=004 D=gmail.com TTL=(52) MX=[gmail-smtp-in.l.google.com] {209.85.222.14}
Mon 2009-10-26 02:47:05: *  P=010 S=000 D=gmail.com TTL=(52) MX=[alt1.gmail-smtp-in.l.google.com] {209.85.217.34}
Mon 2009-10-26 02:47:05: *  P=020 S=003 D=gmail.com TTL=(52) MX=[alt2.gmail-smtp-in.l.google.com] {74.125.93.114}
Mon 2009-10-26 02:47:05: *  P=030 S=001 D=gmail.com TTL=(52) MX=[alt3.gmail-smtp-in.l.google.com] {216.239.59.27}
Mon 2009-10-26 02:47:05: *  P=040 S=002 D=gmail.com TTL=(52) MX=[alt4.gmail-smtp-in.l.google.com] {209.85.220.40}
Mon 2009-10-26 02:47:05: 试图 SMTP 连接到 [209.85.222.14:25]
Mon 2009-10-26 02:47:05: 正在等待套接字连接...
Mon 2009-10-26 02:47:06: *  连接已建立(127.0.0.1:4873 -> 209.85.222.14:25)
Mon 2009-10-26 02:47:06: 正在等待协议启动...
Mon 2009-10-26 02:47:06: <-- 220 mx.google.com ESMTP 14si26431030pzk.123
Mon 2009-10-26 02:47:06: --> EHLO mail.a.com
Mon 2009-10-26 02:47:06: <-- 250-mx.google.com at your service, [211.152.109.65]
Mon 2009-10-26 02:47:06: <-- 250-SIZE 35651584
Mon 2009-10-26 02:47:06: <-- 250-8BITMIME
Mon 2009-10-26 02:47:06: <-- 250-ENHANCEDSTATUSCODES
Mon 2009-10-26 02:47:06: <-- 250 PIPELINING
Mon 2009-10-26 02:47:06: --> MAIL From:<setserkz@topshipchem.com> SIZE=14191
Mon 2009-10-26 02:47:07: <-- 250 2.1.0 OK 14si26431030pzk.123
Mon 2009-10-26 02:47:07: --> RCPT To:<hekaicn@gmail.com>
Mon 2009-10-26 02:47:07: <-- 250 2.1.5 OK 14si26431030pzk.123
Mon 2009-10-26 02:47:07: --> DATA
Mon 2009-10-26 02:47:07: <-- 354  Go ahead 14si26431030pzk.123
Mon 2009-10-26 02:47:07: 正在发送 <d:\mdaemon\queues\remote\pd50000748013.msg> 到 [209.85.222.14]
Mon 2009-10-26 02:47:08: 传输完成
Mon 2009-10-26 02:47:09: <-- 250 2.0.0 OK 1256496432 14si26431030pzk.123
Mon 2009-10-26 02:47:09: --> QUIT
Mon 2009-10-26 02:47:09: <-- 221 2.0.0 closing connection 14si26431030pzk.123
Mon 2009-10-26 02:47:09: SMTP 会话成功(进/出字节:370/14311)

[ 本帖最后由 heieye104 于 2009-10-26 09:35 编辑 ]
欢迎关注本站的微信公众帐号,获取最新邮件资讯与技术文章!
回复

使用道具 举报

nfore
沙发
发表于 2009-10-26 15:04:57 | 只看该作者
中继功能 有没有关闭 ? 关闭了还被中继?
找不到下载链接?请看5DMAIL下载区,下载说明!
回复 支持 反对

使用道具 举报

heieye104
藤椅
 楼主| 发表于 2009-10-26 17:09:12 | 只看该作者
中继功能一直关掉,最近才发现被人中继了,
回复 支持 反对

使用道具 举报

heieye104
板凳
 楼主| 发表于 2009-10-26 17:10:01 | 只看该作者
最多的时候中继的流量达到6个G左右.都是在0点--8点之间
八招轻松获取5D金币 5DMail 论坛积分策略详解
回复 支持 反对

使用道具 举报

tdk
报纸
发表于 2009-10-27 17:19:44 | 只看该作者
用户密码太简单被猜解了吗?
md的日志看的不是很明白,没看出来用那个用户登录认证的,
然后发送时候是否冒用了其他用户
回复 支持 反对

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 会员注册

本版积分规则

小黑屋|手机版|Archiver|邮件技术资讯网

GMT+8, 2024-5-29 07:49

Powered by Discuz! X3.2

© 2001-2016 Comsenz Inc.

本论坛为非盈利中立机构,所有言论属发表者个人意见,不代表本论坛立场。内容所涉及版权和法律相关事宜请参考各自所有者的条款。
如认定侵犯了您权利,请联系我们。本论坛原创内容请联系后再行转载并务必保留我站信息。此声明修改不另行通知,保留最终解释权。
*本论坛会员专属QQ群:邮件技术资讯网会员QQ群
 *本论坛会员备用QQ群:邮件技术资讯网备用群

快速回复 返回顶部 返回列表