Multe
03.08.04, 17:48
hallo,
ich habe ein Problem mit meinem Mailserver. Nachts werden meine Logs mit
Spam geflutet.
Ich sehe auch, das einige Mails mit wwwrun@servername verschickt werden. Das kann doch nur passieren wenn der User wwwrun, also der Apache das macht.
Wie kann ich rausfinden was dort schief läuft?
Apache = 1.3.26
Beispiel:
Jul 30 06:34:28 xxxxxxxxx postfix/smtpd[28362]: lost connection after CONNECT from unknown[219.x]
Jul 30 06:34:28 xxxxxxxxx postfix/smtpd[28362]: disconnect from unknown[219x]
Jul 30 06:35:21 xxxxxxxxx postfix/smtpd[28362]: connect from unknown[203.199x]
Jul 30 06:35:22 xxxxxxxxx postfix/smtpd[28362]: A15F42F4060: client=unknown[203x\
Jul 30 06:35:22 xxxxxxxxx postfix/smtpd[28362]: reject: RCPT from unknown[203.x]: 550 <lateralled@xxxx.net>: User unknown; from=<> to=<lateralled@xxx.net>
Jul 30 06:35:33 xxxxxxxxx postfix/smtpd[28362]: disconnect from unknown[203.x]
Jul 30 06:39:41 xxxxxxxxx postfix/qmgr[21086]: 69A132F4133: from=<>, size=5644, nrcpt=1 (queue active)
Jul 30 06:39:41 xxxxxxxxx postfix/qmgr[21086]: 14E7E2F414F: from=<>, size=7009, nrcpt=1 (queue active)
Jul 30 06:39:41 xxxxxxxxx postfix/qmgr[21086]: C9E552F4143: from=<>, size=4625, nrcpt=1 (queue active)
Jul 30 06:39:41 xxxxxxxxx postfix/qmgr[21086]: C2FA32F4134: from=<>, size=2241, nrcpt=1 (queue active)
Jul 30 06:39:41 xxxxxxxxx postfix/qmgr[21086]: 971692F4140: from=<>, size=8315, nrcpt=1 (queue active)
Jul 30 06:39:41 xxxxxxxxx postfix/qmgr[21086]: 269E22F4130: from=<>, size=3234, nrcpt=1 (queue active)
Jul 30 06:39:41 xxxxxxxxx postfix/qmgr[21086]: DCDEC2F412C: from=<>, size=5184, nrcpt=1 (queue active)
Jul 30 06:39:41 xxxxxxxxx postfix/qmgr[21086]: D17462F4135: from=<>, size=5521, nrcpt=1 (queue active)
Jul 30 06:39:41 xxxxxxxxx postfix/qmgr[21086]: D607C2F412E: from=<>, size=2894, nrcpt=1 (queue active)
Jul 30 06:39:41 xxxxxxxxx postfix/qmgr[21086]: 706292F4141: from=<>, size=2229, nrcpt=1 (queue active)
Jul 30 06:39:42 xxxxxxxxx postfix/qmgr[21086]: 8E3092F4131: from=<>, size=3384, nrcpt=1 (queue active)
Jul 30 06:39:42 xxxxxxxxx postfix/qmgr[21086]: BBDA72F413A: from=<>, size=7208, nrcpt=1 (queue active)
Jul 30 06:39:42 xxxxxxxxx postfix/qmgr[21086]: BC2822F413E: from=<>, size=6612, nrcpt=1 (queue active)
Jul 30 06:39:42 xxxxxxxxx postfix/qmgr[21086]: F24702F4151: from=<>, size=5566, nrcpt=1 (queue active)
Jul 30 06:39:42 xxxxxxxxx postfix/smtp[28400]: connect to mail.oxxxxx[200.201.x]: Connection refused (port 25)
Jul 30 06:39:42 xxxxxxxxx postfix/smtp[28394]: connect to junxxx[66.36.x]: server refused mail service (port 25)
Jul 30 06:39:42 xxxxxxxxx postfix/smtp[28396]: connect to catxxxxxx[64.40.x]: Connection refused (port 25)
Gruß Malte
ich habe ein Problem mit meinem Mailserver. Nachts werden meine Logs mit
Spam geflutet.
Ich sehe auch, das einige Mails mit wwwrun@servername verschickt werden. Das kann doch nur passieren wenn der User wwwrun, also der Apache das macht.
Wie kann ich rausfinden was dort schief läuft?
Apache = 1.3.26
Beispiel:
Jul 30 06:34:28 xxxxxxxxx postfix/smtpd[28362]: lost connection after CONNECT from unknown[219.x]
Jul 30 06:34:28 xxxxxxxxx postfix/smtpd[28362]: disconnect from unknown[219x]
Jul 30 06:35:21 xxxxxxxxx postfix/smtpd[28362]: connect from unknown[203.199x]
Jul 30 06:35:22 xxxxxxxxx postfix/smtpd[28362]: A15F42F4060: client=unknown[203x\
Jul 30 06:35:22 xxxxxxxxx postfix/smtpd[28362]: reject: RCPT from unknown[203.x]: 550 <lateralled@xxxx.net>: User unknown; from=<> to=<lateralled@xxx.net>
Jul 30 06:35:33 xxxxxxxxx postfix/smtpd[28362]: disconnect from unknown[203.x]
Jul 30 06:39:41 xxxxxxxxx postfix/qmgr[21086]: 69A132F4133: from=<>, size=5644, nrcpt=1 (queue active)
Jul 30 06:39:41 xxxxxxxxx postfix/qmgr[21086]: 14E7E2F414F: from=<>, size=7009, nrcpt=1 (queue active)
Jul 30 06:39:41 xxxxxxxxx postfix/qmgr[21086]: C9E552F4143: from=<>, size=4625, nrcpt=1 (queue active)
Jul 30 06:39:41 xxxxxxxxx postfix/qmgr[21086]: C2FA32F4134: from=<>, size=2241, nrcpt=1 (queue active)
Jul 30 06:39:41 xxxxxxxxx postfix/qmgr[21086]: 971692F4140: from=<>, size=8315, nrcpt=1 (queue active)
Jul 30 06:39:41 xxxxxxxxx postfix/qmgr[21086]: 269E22F4130: from=<>, size=3234, nrcpt=1 (queue active)
Jul 30 06:39:41 xxxxxxxxx postfix/qmgr[21086]: DCDEC2F412C: from=<>, size=5184, nrcpt=1 (queue active)
Jul 30 06:39:41 xxxxxxxxx postfix/qmgr[21086]: D17462F4135: from=<>, size=5521, nrcpt=1 (queue active)
Jul 30 06:39:41 xxxxxxxxx postfix/qmgr[21086]: D607C2F412E: from=<>, size=2894, nrcpt=1 (queue active)
Jul 30 06:39:41 xxxxxxxxx postfix/qmgr[21086]: 706292F4141: from=<>, size=2229, nrcpt=1 (queue active)
Jul 30 06:39:42 xxxxxxxxx postfix/qmgr[21086]: 8E3092F4131: from=<>, size=3384, nrcpt=1 (queue active)
Jul 30 06:39:42 xxxxxxxxx postfix/qmgr[21086]: BBDA72F413A: from=<>, size=7208, nrcpt=1 (queue active)
Jul 30 06:39:42 xxxxxxxxx postfix/qmgr[21086]: BC2822F413E: from=<>, size=6612, nrcpt=1 (queue active)
Jul 30 06:39:42 xxxxxxxxx postfix/qmgr[21086]: F24702F4151: from=<>, size=5566, nrcpt=1 (queue active)
Jul 30 06:39:42 xxxxxxxxx postfix/smtp[28400]: connect to mail.oxxxxx[200.201.x]: Connection refused (port 25)
Jul 30 06:39:42 xxxxxxxxx postfix/smtp[28394]: connect to junxxx[66.36.x]: server refused mail service (port 25)
Jul 30 06:39:42 xxxxxxxxx postfix/smtp[28396]: connect to catxxxxxx[64.40.x]: Connection refused (port 25)
Gruß Malte