Есть подозрение что попадая на наш mail сервер он использует его для пересылки почты, на почтовые ящики в организации спам не приходит.
Вот фрагмент
Код:
The original message was received at Tue, 17 Jul 2007 09:46:00 +0400
from localhost
with id l6H5k0S2003597
----- The following addresses had permanent fatal errors -----
<janet_shih@yahoo.com.au>
(reason: 554 delivery error: dd This user doesn't have a yahoo.com.au account (janet_shih@yahoo.com.au) [-5] - mta205.mail.re4.yahoo.com)
----- Transcript of session follows -----
... while talking to d.mx.mail.yahoo.com.:
>>> DATA
<<< 554 delivery error: dd This user doesn't have a yahoo.com.au account (janet_shih@yahoo.com.au) [-5] - mta205.mail.re4.yahoo.com
554 5.0.0 Service unavailable
X-Kaspersky: Checked
Return-Path: <MAILER-DAEMON@kabene.ru>
Received: from localhost (localhost)
by mail.kabene.ru (8.13.1/8.13.1) id l6H5k0S3003597;
Tue, 17 Jul 2007 09:46:07 +0400
Date: Tue, 17 Jul 2007 09:46:07 +0400
From: Mail Delivery Subsystem <MAILER-DAEMON@kabene.ru>
Message-Id: <200707170546.l6H5k0S3003597@mail.kabene.ru>
To: postmaster@mail.kabene.ru
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="l6H5k0S3003597.1184651167/mail.kabene.ru"
Subject: Postmaster notify: see transcript for details
Auto-Submitted: auto-generated (postmaster-notification)
Status:
kabene.ru это наш сервер. Команла netstat на почтовом сервере выдает
tcp 0 0 193.125.119.13:25 193.125.119.124:65534 ESTABLISHED
tcp 1 0 193.125.119.13:25 193.125.119.124:63214 CLOSE_WAIT
tcp 1 0 193.125.119.13:25 193.125.119.124:60942 CLOSE_WAIT
tcp 0 1 193.125.119.13:53223 168.95.5.139:25 SYN_SENT
tcp 0 0 127.0.0.1:1619 127.0.0.1:59689 CLOSE_WAIT
tcp 0 1 ::ffff:193.125.119.13:56233 ::ffff:168.95.5.119:25 SYN_SENT
tcp 0 0 ::ffff:193.125.119.13:22 ::ffff:193.125.119.12:51553 ESTABLISHED
tcp 0 0 ::ffff:193.125.119.13:52102 ::ffff:168.95.5.128:25 TIME_WAIT
tcp 0 1 ::ffff:193.125.119.13:35132 ::ffff:168.95.5.131:25 SYN_SENT
tcp 0 1 ::ffff:193.125.119.13:54644 ::ffff:168.95.5.207:25 SYN_SENT
tcp 0 1 ::ffff:193.125.119.13:35170 ::ffff:168.95.5.131:25 SYN_SENT
tcp 0 1 ::ffff:193.125.119.13:54638 ::ffff:168.95.5.207:25 SYN_SENT
tcp 0 1 ::ffff:193.125.119.13:54614 ::ffff:168.95.5.207:25 SYN_SENT
tcp 0 1 ::ffff:193.125.119.13:54611 ::ffff:168.95.5.207:25 SYN_SENT
tcp 0 1 ::ffff:193.125.119.13:35781 ::ffff:168.95.5.209:25 SYN_SENT
tcp 0 1 ::ffff:193.125.119.13:41679 ::ffff:168.95.5.160:25 SYN_SENT
tcp 0 1 ::ffff:193.125.119.13:41471 ::ffff:168.95.5.155:25 SYN_SENT
tcp 0 1 ::ffff:193.125.119.13:35738 ::ffff:168.95.5.209:25 SYN_SENT
tcp 0 0 ::ffff:193.125.119.13:36757 ::ffff:168.95.5.57:25 ESTABLISHED
tcp 0 1 ::ffff:193.125.119.13:55602 ::ffff:168.95.5.208:25 SYN_SENT
tcp 0 1 ::ffff:193.125.119.13:39782 ::ffff:168.95.5.154:25 SYN_SENT
tcp 0 1 ::ffff:193.125.119.13:55656 ::ffff:168.95.5.208:25 SYN_SENT
tcp 0 1 ::ffff:193.125.119.13:39792 ::ffff:168.95.5.154:25 SYN_SENT
tcp 0 1 ::ffff:193.125.119.13:33180 ::ffff:168.95.5.111:25 SYN_SENT
tcp 0 1 ::ffff:193.125.119.13:55620 ::ffff:168.95.5.208:25 SYN_SENT
tcp 0 0 ::ffff:193.125.119.13:33952 ::ffff:168.95.5.98:25 TIME_WAIT
tcp 0 0 ::ffff:193.125.119.13:53284 ::ffff:210.242.12.114:25 ESTABLISHED
tcp 0 1 ::ffff:193.125.119.13:57423 ::ffff:168.95.5.14:25 SYN_SENT
tcp 0 0 ::ffff:193.125.119.13:35439 ::ffff:61.30.53.130:25 ESTABLISHED
tcp 0 1 ::ffff:193.125.119.13:33139 ::ffff:168.95.5.111:25 SYN_SENT
tcp 0 1 ::ffff:193.125.119.13:33146 ::ffff:168.95.5.111:25 SYN_SENT
tcp 0 1 ::ffff:193.125.119.13:57350 ::ffff:168.95.5.118:25 SYN_SENT
tcp 0 1 ::ffff:193.125.119.13:58027 ::ffff:168.95.5.109:25 SYN_SENT
tcp 0 1 ::ffff:193.125.119.13:48961 ::ffff:168.95.6.107:25 SYN_SENT
tcp 0 1 ::ffff:193.125.119.13:44204 ::ffff:168.95.5.212:25 SYN_SENT
tcp 0 1 ::ffff:193.125.119.13:39125 ::ffff:168.95.5.112:25 SYN_SENT
tcp 0 1 ::ffff:193.125.119.13:36967 ::ffff:168.95.5.143:25 SYN_SENT
tcp 0 0 ::ffff:193.125.119.13:47252 ::ffff:168.95.5.135:25 TIME_WAIT
tcp 0 0 ::ffff:193.125.119.13:55211 ::ffff:59.120.156.198:25 TIME_WAIT
tcp 0 1 ::ffff:193.125.119.13:48392 ::ffff:168.95.5.211:25 SYN_SENT
tcp 0 1 ::ffff:193.125.119.13:35608 ::ffff:168.95.5.237:25 SYN_SENT
tcp 0 1 ::ffff:193.125.119.13:48410 ::ffff:168.95.5.211:25 SYN_SENT
tcp 0 1 ::ffff:193.125.119.13:35604 ::ffff:168.95.5.237:25 SYN_SENT
tcp 0 1 ::ffff:193.125.119.13:36176 ::ffff:168.95.5.124:25 SYN_SENT
tcp 0 1 ::ffff:193.125.119.13:48624 ::ffff:168.95.5.147:25 SYN_SENT
tcp 0 1 ::ffff:193.125.119.13:37157 ::ffff:168.95.5.156:25 SYN_SENT
tcp 0 1 ::ffff:193.125.119.13:37161 ::ffff:168.95.5.156:25 SYN_SENT
tcp 1 1 ::ffff:193.125.119.13:57397 ::ffff:203.188.197.9:25 CLOSING
tcp 0 0 ::ffff:193.125.119.13:57404 ::ffff:203.188.197.9:25 ESTABLISHED
tcp 0 1 ::ffff:193.125.119.13:51076 ::ffff:168.95.5.210:25 SYN_SENT
tcp 0 1 ::ffff:193.125.119.13:49889 ::ffff:168.95.5.33:25 SYN_SENT
tcp 0 1 ::ffff:193.125.119.13:34289 ::ffff:168.95.5.110:25 SYN_SENT
tcp 0 0 ::ffff:193.125.119.13:40684 ::ffff:168.95.5.13:25 ESTABLISHED
tcp 0 1 ::ffff:193.125.119.13:53229 ::ffff:168.95.5.139:25 SYN_SENT
Еще есть снифер он просматривая сеть говорит, что почта ходит от немоего домена на другой немой домен через меня.
Как закрыть доступ.
В файле access на mail сервере я прописал 168.95.5 REJECT
НЕ помогло
И еще я получаю письма через 193.125.119.124 (локальный ip моего прокси). Если закрыть то у меня в сети никто отсылать почту не сможет.
Как быть, подскажите?
А вот само письмо:
Код:
Received: from 210.240.192.64 by 202.88.135.24; Fri, 20 Jul 2007 04:22:13 -0400
Message-ID: <OFJRULAUCMPFYVVZITCQG@hotmail.com>
From: "жим-дHдH¦-¬rꦦЇ¬Їжц-Pдjд¤-2007¦Wп+жц-PT•¦¦" <ai.chen@msa.hinet.net>
To: jonathanyeoh@hotmail.com
Subject: ж@ж¦кё24.5¬U¦зк¦дu-LжW¬¤.¦Ї¦-е¦-ъ¦¦з¦-у
Date: Fri, 20 Jul 2007 11:24:13 +0300
X-Mailer: QUALCOMM Windows Eudora Version 5.1
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="--3010525361842455944"
X-Priority: 1
X-MSMail-Priority: High
----3010525361842455944
Content-Type: text/plain;
Content-Transfer-Encoding: quoted-printable
=A6=A8=AC=B0=A4H=A4H=BA=D9=B8r=AA=BA=BA=F4=B8=F4=A6=E6=BEP=A4j=A4=FD-2007=B6=
W=AF=C5=A6=E6=BEP=C2=F9=BA=D0
2007E-Mail=BE=D4=B0=AB=A6W=B3=E6-=B3=CC=B1j=B6=D5=AA=BA=BA=F4=B8=F4=A7Q=BE=
=B9
=A6p=AC=DD=A4=A3=A8=EC=B6l=A5=F3=A4=BA=AEe=A1A=BD=D0=AA=BD=B1=B5=C2I=C0=BB=
=BE\=C5=AA=A1C=A6A=A6=B8=C1=C2=C1=C2=B1z=A1I=A1G=A1Chttp://aol.com/redir.a=
dp?_url=3Dhttp://xyzkkuc.com/82468jsjwj
2007.E-Mail.=BE=D4=B0=AB=A6W=B3=E6=A4j=B6=B0=A6X=A6=B3=B0=F7=B6=E6=A1I
=C3n=A5=FA=B2v=A7=DA=B3=CC=B0=AA-2007E-Mail=BE=D4=B0=AB=A6W=B3=E6
----3010525361842455944--
Второе
Код:
Received: from 210.67.8.124 by 210.213.100.194; Fri, 20 Jul 2007 07:49:35 -0200
Message-ID: <XDIGZUIVIHVDHKPLIECUZ@ms29.hinet.net>
From: "ж@ж¦кё24.5¬U¦зк¦дu-LжW¬¤.¦Ї¦-е¦-ъ¦¦з¦-у" <hank-richard@yahoo.com.tw>
To: lovejolinwei@yahoo.com.tw
Subject: д-¬Є¦¦згбH2007е¦м-дu-LжW¬¤дj¦-жX¦¦згбI
Date: Fri, 20 Jul 2007 11:53:35 +0200
X-Mailer: QUALCOMM Windows Eudora Version 5.1
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="--0710561778536340741"
X-Priority: 1
X-MSMail-Priority: High
----0710561778536340741
Content-Type: text/plain;
Content-Transfer-Encoding: quoted-printable
=A6=A8=A5\=AA=BA=BF=EF=BE=DC=A5u=A6b=A4@=A9=C0=A4=A7=B6=A1-
.=A7A=A9=F1=A4=DF=A1I=AB=DC=A7=D6=B4N=C5=FD=A7A=A7=E4=A8=EC=AB=C8=A4=E1.
=BD=D0=AB=F6=B3o=F9=D8=B6i=A4J=A1G=A1Chttp://e.my.yahoo.com/config/my_pack=
age?.a=3Di&.pa=3Dadd&.pid=3D3&.p=3Dlliuya472=3D9albertsmGM&.done=3Dhttp://=
noneofdate.com/908hdhjj
=A7A=AA=BA=BA=F4=AF=B8=B7Q=BCW=A5[=A4H=AE=F0=AA=BE=A6W=AB=D7=B6=DC=A1H
=AB=F7=B8g=C0=D9=B4N=BEa=A5=A6.=A4=BA=A6=E6=A4H=AA=BA=B3=CC=B7R=A1I
----0710561778536340741--
А вот это в процесах висит:
Код:
2412 ? Ss 0:00 sendmail: ./l6H8LSYC002373 msa-mx11.hinet.net.: user
2414 ? Ss 0:00 sendmail: ./l6H8K44P002330 msa-mx9.hinet.net.: user o
2417 ? Ss 0:00 sendmail: ./l6H8Kn9U002351 msa-mx3.hinet.net.: user o
2433 ? Ss 0:00 sendmail: ./l6H8LXXO002377 msa-mx10.hinet.net.: user
2441 ? Ss 0:00 sendmail: ./l6H8LSRd002371 ms36a.hinet.net.: client g
2443 ? Ss 0:00 sendmail: ./l6H8L51o002358 msa-mx11.hinet.net.: user
2447 ? Ss 0:00 sendmail: ./l6H8MMZo002430 msa-mx1.hinet.net.: user o
2450 ? Ss 0:00 sendmail: ./l6H8LSYE002373 msa-mx2.hinet.net.: user o
2452 ? Ss 0:00 sendmail: ./l6H8Kn9W002351 msa-mx1.hinet.net.: user o
2454 ? Ss 0:00 sendmail: ./l6H8KCr4002336 msa-mx2.hinet.net.: user o
2458 ? Ss 0:00 sendmail: ./l6H8KThb002340 msa-mx2.hinet.net.: user o
2464 ? Ss 0:00 sendmail: ./l6H8L51q002358 ms54a.hinet.net.: user ope
2479 ? Ss 0:00 sendmail: ./l6H8MMZs002430 msa-mx2.hinet.net.: user o
2482 ? Ss 0:00 sendmail: ./l6H8Mi16002444 ms51a.hinet.net.: user ope
2488 ? Ss 0:00 sendmail: ./l6H8KCr6002336 ms17a.hinet.net.: client g
2495 ? Ss 0:00 sendmail: ./l6H8LSRf002371 msa-mx9.hinet.net.: user o
2498 ? Ss 0:00 sendmail: ./l6H8L51s002358 msa-mx1.hinet.net.: user o
2500 ? Ss 0:00 sendmail: ./l6H8N9Yp002472 msa-mx10.hinet.net.: user
2504 ? Ss 0:00 sendmail: ./l6H8Mi18002444 msa-mx9.hinet.net.: user o
2506 ? Ss 0:00 sendmail: ./l6H8K4mC002326 mx3.url.com.tw.: user open
2508 ? Ss 0:00 sendmail: ./l6H8LSYG002373 ms53a.hinet.net.: user ope
2566 ? Ss 0:00 sendmail: ./l6H8NVKH002492 msa-mx3.hinet.net.: user o
2570 ? Ss 0:00 sendmail: ./l6H8N9Yr002472 msa-mx7.hinet.net.: user o
2572 ? Ss 0:00 sendmail: ./l6H8OE6O002532 msa-mx11.hinet.net.: user
2574 ? Ss 0:00 sendmail: ./l6H8KCr8002336 ms2a.hinet.net.: client gr
2578 ? Ss 0:00 sendmail: ./l6H8Kn9a002351 msa-mx7.hinet.net.: user o
2579 ? Ss 0:00 sendmail: ./l6H8LSRh002371 msa-mx3.hinet.net.: user o
2580 ? Ss 0:00 sendmail: ./l6H8LSYI002373 ms8a.hinet.net.: user open
2582 ? Ss 0:00 sendmail: ./l6H8K4mE002326 msa-mx10.hinet.net.: user
2584 ? Ss 0:00 sendmail: ./l6H8Mi1A002444 ms26a.hinet.net.: user ope
2588 ? Ss 0:00 sendmail: ./l6H8L51u002358 mx5.url.com.tw.: user open
2613 ? Ss 0:00 sendmail: ./l6H8Rqba002608 ms45a.hinet.net.: user ope
2615 ? Ss 0:00 sendmail: ./l6H8Rqbc002608 ms4a.hinet.net.: client gr
2625 ? Ss 0:00 sendmail: ./l6H8RO6u002599 mail.sercomm.com.tw.: user
2629 ? Ss 0:00 sendmail: ./l6H8Rqbe002608 ms26a.hinet.net.: user ope
2633 ? Ss 0:00 sendmail: ./l6H8SjKP002618 ms25a.hinet.net.: client g
2635 ? Ss 0:00 sendmail: ./l6H8Suf6002630 ms2a.hinet.net.: client gr
2638 ? Ss 0:00 sendmail: ./l6H8Ssck002626 msa-mx10.hinet.net.: user
2640 ? Ss 0:00 sendmail: ./l6H8Rqbg002608 ms2a.hinet.net.: user open
2644 ? Ss 0:00 sendmail: ./l6H8RO6w002599 ms38a.hinet.net.: user ope
2648 ? Ss 0:00 sendmail: ./l6H8Suf8002630 ms65a.hinet.net.: user ope
2650 ? Ss 0:00 sendmail: ./l6H8SjKR002618 ms19a.hinet.net.: user ope
2652 ? Ss 0:00 sendmail: ./l6H8Sscm002626 msa-mx9.hinet.net.: user o
2654 ? Ss 0:00 sendmail: ./l6H8RO70002599 ms24a.hinet.net.: user ope
2660 ? Ss 0:00 sendmail: ./l6H8SufA002630 ms49a.hinet.net.: user ope
2662 ? Ss 0:00 sendmail: ./l6H8RO72002599 ms2a.hinet.net.: user open
2666 ? Ss 0:00 sendmail: ./l6H8SjKT002618 ms53a.hinet.net.: user ope
2676 ? Ss 0:00 sendmail: ./l6H8TMTU002641 ms27a.hinet.net.: user ope
2704 ? D 0:00 sendmail: l6H8UxZC002704 gw.kabene.ru [193.125.119.12
2742 ? Ss 0:00 sendmail: ./l6H8SjKV002618 ms42a.hinet.net.: user ope
2744 ? Ss 0:00 sshd: lee [priv]
2746 ? S 0:00 sshd: lee@pts/0
2747 pts/0 Ss 0:00 -bash
2751 ? Ss 0:00 sendmail: ./l6H8SufC002630 msa-mx1.hinet.net.: user o
2756 ? Ss 0:00 sendmail: ./l6H8TMTW002641 ms38a.hinet.net.: client g
2758 ? Ss 0:00 sendmail: ./l6H8U6pB002667 ms27a.hinet.net.: user ope
2764 ? Ss 0:00 sendmail: ./l6H8RO74002599 mx.apol.com.tw.: user open
2766 ? Ss 0:00 sendmail: ./l6H8Ssco002626 ms11a.hinet.net.: user ope
2768 ? Ss 0:00 sendmail: ./l6H8V72s002708 msa-mx7.hinet.net.: user o
2771 ? Ss 0:00 sendmail: ./l6H8Tr9r002657 mx3.url.com.tw.: client gr
2776 ? Ss 0:00 sendmail: ./l6H8U2lJ002663 ms16a.hinet.net.: user ope
Во-вторых, можно более гибко играться со спамом - отказать ему, или принять и пометить как спам, или просто слить в определенную папку(Postfix и Co так не могут делать, я не ошибаюсь?). Плюс, spamassassin прикручивается не только к MTA:) В общем, довольно гибкая штука получается.