PDA

Archiv verlassen und diese Seite im Standarddesign anzeigen : Bin ich evt ne Spamschleuder? Hilfe!?



[MORD]Locutus
26.04.10, 10:45
Hi,

ich hab mir eine Catchall-Mailadresse eingerichtet
und seit heute morgen krieg ich da im Minutentakt
solche Error-Meldungen von Postfix:



Betreff: Postfix SMTP server: errors from localhost[127.0.0.1]

Transcript of session follows.

Out: 220 matthias-schlich.de ESMTP Postfix (Debian/GNU)
In: EHLO localhost
Out: 250-matthias-schlich.de
Out: 250-PIPELINING
Out: 250-SIZE
Out: 250-VRFY
Out: 250-ETRN
Out: 250-STARTTLS
Out: 250-AUTH PLAIN LOGIN
Out: 250-AUTH=PLAIN LOGIN
Out: 250-ENHANCEDSTATUSCODES
Out: 250-8BITMIME
Out: 250 DSN
In: MAIL FROM:<samuelmorsemr@aol.com> BODY=7BIT
Out: 250 2.1.0 Ok
In: RCPT TO:<nathanieljust@bellsouth.net>
ORCPT=rfc822;nathanieljust@bellsouth.net
Out: 250 2.1.5 Ok
In: RCPT TO:<nathaniels@bellsouth.net> ORCPT=rfc822;nathaniels@bellsouth.net
Out: 250 2.1.5 Ok
In: RCPT TO:<nathan0716@bww.com> ORCPT=rfc822;nathan0716@bww.com
Out: 250 2.1.5 Ok
In: RCPT TO:<nathan_emanuelson@circuitcheck.com>
ORCPT=rfc822;nathan_emanuelson@circuitcheck.com
Out: 250 2.1.5 Ok
In: RCPT TO:<nathan77@earthlink.com> ORCPT=rfc822;nathan77@earthlink.com
Out: 250 2.1.5 Ok
In: RCPT TO:<nathanimg@earthlink.net> ORCPT=rfc822;nathanimg@earthlink.net
Out: 250 2.1.5 Ok
In: RCPT TO:<nathan@gearprosinc.com> ORCPT=rfc822;nathan@gearprosinc.com
Out: 250 2.1.5 Ok
In: RCPT TO:<nathangolder@gmail.com> ORCPT=rfc822;nathangolder@gmail.com
Out: 250 2.1.5 Ok
In: RCPT TO:<nathanpalmer15@gmail.com> ORCPT=rfc822;nathanpalmer15@gmail.com
Out: 250 2.1.5 Ok
In: RCPT TO:<nathaliejones@hotmail.com>
ORCPT=rfc822;nathaliejones@hotmail.com
Out: 250 2.1.5 Ok
In: RCPT TO:<nathanhogue@hotmail.com> ORCPT=rfc822;nathanhogue@hotmail.com
Out: 250 2.1.5 Ok
In: RCPT TO:<nathan@itlnet.net> ORCPT=rfc822;nathan@itlnet.net
Out: 250 2.1.5 Ok
In: RCPT TO:<nathanhodapp@msn.com> ORCPT=rfc822;nathanhodapp@msn.com
Out: 250 2.1.5 Ok
In: RCPT TO:<nathan3680@netscape.net> ORCPT=rfc822;nathan3680@netscape.net
Out: 250 2.1.5 Ok
In: RCPT TO:<nathanxzsa@netscape.net> ORCPT=rfc822;nathanxzsa@netscape.net
Out: 250 2.1.5 Ok
In: RCPT TO:<nathankeller@qwest.net> ORCPT=rfc822;nathankeller@qwest.net
Out: 250 2.1.5 Ok
In: RCPT TO:<nathan_pearson@rcds.rye.ny.us>
ORCPT=rfc822;nathan_pearson@rcds.rye.ny.us
Out: 250 2.1.5 Ok
In: RCPT TO:<nathan51@rr.com> ORCPT=rfc822;nathan51@rr.com
Out: 250 2.1.5 Ok
In: RCPT TO:<nathanielpaul1976@sbcglobal.net>
ORCPT=rfc822;nathanielpaul1976@sbcglobal.net
Out: 250 2.1.5 Ok
In: RCPT TO:<nathanmccarley@sbcglobal.net>
ORCPT=rfc822;nathanmccarley@sbcglobal.net
Out: 250 2.1.5 Ok
In: RCPT TO:<nathan_mcpherson@tfcomp.com>
ORCPT=rfc822;nathan_mcpherson@tfcomp.com
Out: 250 2.1.5 Ok
In: RCPT TO:<nathanspann3@wmconnect.com>
ORCPT=rfc822;nathanspann3@wmconnect.com
Out: 250 2.1.5 Ok
In: RCPT TO:<nathan11b@yahoo.com> ORCPT=rfc822;nathan11b@yahoo.com
Out: 250 2.1.5 Ok
In: RCPT TO:<nathan12012001@yahoo.com> ORCPT=rfc822;nathan12012001@yahoo.com
Out: 250 2.1.5 Ok
In: RCPT TO:<nathan_bengston@yahoo.com>
ORCPT=rfc822;nathan_bengston@yahoo.com
Out: 250 2.1.5 Ok
In: RCPT TO:<nathanard2000@yahoo.com> ORCPT=rfc822;nathanard2000@yahoo.com
Out: 250 2.1.5 Ok
In: RCPT TO:<nathanarvidson@yahoo.com> ORCPT=rfc822;nathanarvidson@yahoo.com
Out: 250 2.1.5 Ok
In: RCPT TO:<nathanbrumer@yahoo.com> ORCPT=rfc822;nathanbrumer@yahoo.com
Out: 250 2.1.5 Ok
In: RCPT TO:<nathandegange@yahoo.com> ORCPT=rfc822;nathandegange@yahoo.com
Out: 250 2.1.5 Ok
In: RCPT TO:<nathanelvaag@yahoo.com> ORCPT=rfc822;nathanelvaag@yahoo.com
Out: 250 2.1.5 Ok
In: RCPT TO:<nathanerich68@yahoo.com> ORCPT=rfc822;nathanerich68@yahoo.com
Out: 250 2.1.5 Ok
In: RCPT TO:<nathanflorian@yahoo.com> ORCPT=rfc822;nathanflorian@yahoo.com
Out: 250 2.1.5 Ok
In: RCPT TO:<nathanhood2003@yahoo.com> ORCPT=rfc822;nathanhood2003@yahoo.com
Out: 250 2.1.5 Ok
In: RCPT TO:<nathaniel_dejan@yahoo.com>
ORCPT=rfc822;nathaniel_dejan@yahoo.com
Out: 250 2.1.5 Ok
In: RCPT TO:<nathanielbanks2003@yahoo.com>
ORCPT=rfc822;nathanielbanks2003@yahoo.com
Out: 250 2.1.5 Ok
In: RCPT TO:<nathanielkb@yahoo.com> ORCPT=rfc822;nathanielkb@yahoo.com
Out: 250 2.1.5 Ok
In: RCPT TO:<nathanielzeinstra11@yahoo.com>
ORCPT=rfc822;nathanielzeinstra11@yahoo.com
Out: 250 2.1.5 Ok
In: RCPT TO:<nathanlover1979@yahoo.com>
ORCPT=rfc822;nathanlover1979@yahoo.com
Out: 250 2.1.5 Ok
In: RCPT TO:<nathanmomts@yahoo.com> ORCPT=rfc822;nathanmomts@yahoo.com
Out: 250 2.1.5 Ok
In: RCPT TO:<nathannoyze@yahoo.com> ORCPT=rfc822;nathannoyze@yahoo.com
Out: 250 2.1.5 Ok
In: RCPT TO:<nathansteiger@yahoo.com> ORCPT=rfc822;nathansteiger@yahoo.com
Out: 250 2.1.5 Ok
In: RCPT TO:<nathanwilliams2003@yahoo.com>
ORCPT=rfc822;nathanwilliams2003@yahoo.com
Out: 250 2.1.5 Ok
In: RCPT TO:<nathead99@yahoo.com> ORCPT=rfc822;nathead99@yahoo.com
Out: 250 2.1.5 Ok
In: RCPT TO:<nathena2005@yahoo.com> ORCPT=rfc822;nathena2005@yahoo.com
Out: 250 2.1.5 Ok
In: RCPT TO:<nathenbrown@yahoo.com> ORCPT=rfc822;nathenbrown@yahoo.com
Out: 250 2.1.5 Ok
In: RCPT TO:<nathesia_2004@yahoo.com> ORCPT=rfc822;nathesia_2004@yahoo.com
Out: 250 2.1.5 Ok
In: RCPT TO:<nathnlawrence@yahoo.com> ORCPT=rfc822;nathnlawrence@yahoo.com
Out: 250 2.1.5 Ok
In: RCPT TO:<natiahall@yahoo.com> ORCPT=rfc822;natiahall@yahoo.com
Out: 250 2.1.5 Ok
In: RCPT TO:<natiapple27@yahoo.com> ORCPT=rfc822;natiapple27@yahoo.com
Out: 250 2.1.5 Ok
In: RCPT TO:<natibitch_513@yahoo.com> ORCPT=rfc822;natibitch_513@yahoo.com
Out: 250 2.1.5 Ok
In: DATA
Out: 354 End data with <CR><LF>.<CR><LF>
Out: 451 4.3.0 Error: queue file write error



Ich befürchte jetzt, dass meine Mailserver irgendwie als Spamschleuder missbraucht wird.

System is Debian/Lenny mit ISPConfig 3
(eingerichtet wie: http://www.howtoforge.com/perfect-server-debian-lenny-ispconfig3)

bla!zilla
26.04.10, 13:53
Hallo. Schau dir mal die /var/log/mail.log an. Bis zur Klärung würde ich den Postfix stoppen.

[MORD]Locutus
26.04.10, 18:39
in /var/log/mail.log steht nur so was drin:


Apr 25 12:13:21 matthias-schlich postfix/anvil[15601]: statistics: max connection rate 1/60s for (smtp:89.120.223.66) at Apr 25 12:09:51
Apr 25 12:13:21 matthias-schlich postfix/anvil[15601]: statistics: max connection count 1 for (smtp:89.120.223.66) at Apr 25 12:09:51
Apr 25 12:13:21 matthias-schlich postfix/anvil[15601]: statistics: max cache size 1 at Apr 25 12:09:51
Apr 25 12:13:36 matthias-schlich postfix/smtpd[15689]: warning: 59.177.168.191: address not listed for hostname triband-del-59.177.168.191.bol.net.in
Apr 25 12:13:36 matthias-schlich postfix/smtpd[15689]: connect from unknown[59.177.168.191]
Apr 25 12:13:36 matthias-schlich postfix/smtpd[15692]: warning: 59.177.168.191: address not listed for hostname triband-del-59.177.168.191.bol.net.in
Apr 25 12:13:36 matthias-schlich postfix/smtpd[15692]: connect from unknown[59.177.168.191]
Apr 25 12:13:36 matthias-schlich postfix/smtpd[15693]: warning: 59.177.168.191: address not listed for hostname triband-del-59.177.168.191.bol.net.in
Apr 25 12:13:36 matthias-schlich postfix/smtpd[15693]: connect from unknown[59.177.168.191]
Apr 25 12:13:36 matthias-schlich postfix/smtpd[15694]: warning: 59.177.168.191: address not listed for hostname triband-del-59.177.168.191.bol.net.in
Apr 25 12:13:36 matthias-schlich postfix/smtpd[15694]: connect from unknown[59.177.168.191]
Apr 25 12:13:38 matthias-schlich postfix/smtpd[15692]: 09995306212: client=unknown[59.177.168.191]
Apr 25 12:13:41 matthias-schlich postfix/smtpd[15694]: 1D86E306215: client=unknown[59.177.168.191]
Apr 25 12:13:41 matthias-schlich postfix/cleanup[15696]: 09995306212: message-id=<20100425101338.09995306212@matthias-schlich.de>
Apr 25 12:13:41 matthias-schlich postfix/smtpd[15693]: C13D1306216: client=unknown[59.177.168.191]
Apr 25 12:13:43 matthias-schlich postfix/cleanup[15706]: C13D1306216: message-id=<20100425101341.C13D1306216@matthias-schlich.de>
Apr 25 12:13:45 matthias-schlich postfix/qmgr[30919]: 09995306212: from=<newsletter@alt.com>, size=30719, nrcpt=1 (queue active)
Apr 25 12:13:45 matthias-schlich postfix/smtpd[15692]: disconnect from unknown[59.177.168.191]
Apr 25 12:13:45 matthias-schlich postfix/cleanup[15701]: 1D86E306215: message-id=<20100425101341.1D86E306215@matthias-schlich.de>
Apr 25 12:13:49 matthias-schlich postfix/smtpd[15710]: connect from localhost[127.0.0.1]
Apr 25 12:13:49 matthias-schlich postfix/smtpd[15710]: 43EEF306217: client=localhost[127.0.0.1]
Apr 25 12:13:49 matthias-schlich postfix/cleanup[15696]: 43EEF306217: message-id=<20100425101338.09995306212@matthias-schlich.de>
Apr 25 12:13:49 matthias-schlich postfix/smtpd[15710]: disconnect from localhost[127.0.0.1]
Apr 25 12:13:49 matthias-schlich postfix/qmgr[30919]: 43EEF306217: from=<newsletter@alt.com>, size=31658, nrcpt=1 (queue active)
Apr 25 12:13:49 matthias-schlich amavis[13183]: (13183-15) Passed SPAMMY, [59.177.168.191] [59.177.168.191] <newsletter@alt.com> -> <junk@matthias-schlich.de>, Message-ID: <20100425101338.09995306212@matthi$
Apr 25 12:13:49 matthias-schlich postfix/smtp[15707]: 09995306212: to=<junk@matthias-schlich.de>, relay=127.0.0.1[127.0.0.1]:10024, delay=12, delays=7.4/0.01/0/4.3, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=$
Apr 25 12:13:49 matthias-schlich postfix/qmgr[30919]: 09995306212: removed
Apr 25 12:13:49 matthias-schlich postfix/pipe[15712]: 43EEF306217: to=<junk@matthias-schlich.de>, relay=maildrop, delay=0.07, delays=0.02/0.01/0/0.04, dsn=2.0.0, status=sent (delivered via maildrop service)
Apr 25 12:13:49 matthias-schlich postfix/qmgr[30919]: 43EEF306217: removed
Apr 25 12:13:49 matthias-schlich postfix/smtpd[15692]: warning: 59.177.168.191: address not listed for hostname triband-del-59.177.168.191.bol.net.in
Apr 25 12:13:49 matthias-schlich postfix/smtpd[15692]: connect from unknown[59.177.168.191]
Apr 25 12:13:50 matthias-schlich postfix/qmgr[30919]: 1D86E306215: from=<newsletter@alt.com>, size=30741, nrcpt=1 (queue active)
Apr 25 12:13:50 matthias-schlich postfix/smtpd[15694]: disconnect from unknown[59.177.168.191]
Apr 25 12:13:51 matthias-schlich postfix/smtpd[15694]: warning: 59.177.168.191: address not listed for hostname triband-del-59.177.168.191.bol.net.in
Apr 25 12:13:51 matthias-schlich postfix/smtpd[15694]: connect from unknown[59.177.168.191]
Apr 25 12:13:51 matthias-schlich postfix/smtpd[15692]: 4B769306212: client=unknown[59.177.168.191]
Apr 25 12:13:52 matthias-schlich postfix/cleanup[15696]: 4B769306212: message-id=<20100425101351.4B769306212@matthias-schlich.de>
Apr 25 12:13:52 matthias-schlich postfix/smtpd[15689]: C9797306217: client=unknown[59.177.168.191]
Apr 25 12:13:53 matthias-schlich postfix/qmgr[30919]: C13D1306216: from=<newsletter@alt.com>, size=30847, nrcpt=1 (queue active)
Apr 25 12:13:54 matthias-schlich postfix/smtpd[15710]: connect from localhost[127.0.0.1]
Apr 25 12:13:54 matthias-schlich postfix/smtpd[15710]: 05141306218: client=localhost[127.0.0.1]
Apr 25 12:13:54 matthias-schlich postfix/cleanup[15706]: 05141306218: message-id=<20100425101341.1D86E306215@matthias-schlich.de>
Apr 25 12:13:54 matthias-schlich postfix/qmgr[30919]: 05141306218: from=<newsletter@alt.com>, size=31678, nrcpt=1 (queue active)
Apr 25 12:13:54 matthias-schlich postfix/smtpd[15710]: disconnect from localhost[127.0.0.1]
Apr 25 12:13:54 matthias-schlich amavis[12795]: (12795-18) Passed SPAMMY, [59.177.168.191] [59.177.168.191] <newsletter@alt.com> -> <ail@matthias-schlich.de>, Message-ID: <20100425101341.1D86E306215@matthia$

John W
26.04.10, 20:50
Scheint zumindest jemand versucht zu haben (k.A. ob erfolgreich), denn das kam offenbar aus Indien: http://www.dnswatch.info/dns/ip-location?ip=59.177.168.191&submit=Locate+IP

Hier gibt es ein paar Tipps zum verbessern der Konfiguration (englisch): http://www.cyberciti.biz/tips/postfix-spam-filtering-with-blacklists-howto.html (http://www.cyberciti.biz/tips/postfix-spam-filtering-with-blacklists-howto.html)