Current time: 11-28-2024, 06:10 AM Hello There, Guest! (LoginRegister)


Thread Closed 
Server versendet SPAM?!
Author Message
Illidan Offline
Junior Member
*

Posts: 93
Joined: May 2007
Reputation: 2
Post: #21
RE: Server versendet SPAM?!
Kennst du die Mail Adresse jbltaz@aol.com?

Vielleicht konnte postfix die Mails die ganze Zeit nicht senden und jetzt sendet er alle aufeinmal.
05-20-2010 11:25 PM
Visit this user's website Find all posts by this user
izo Offline
Junior Member
*

Posts: 45
Joined: Nov 2009
Reputation: 0
Post: #22
RE: Server versendet SPAM?!
und mit zgrep:


vz146:~# zgrep 1905860B1EA /var/log/mail.info.1.gz
May 18 03:30:24 vz146 postfix/qmgr[2136]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 18 03:30:24 vz146 postfix/qmgr[2136]: 1905860B1EA: to=<jbltaz@aol.com>, relay=none, delay=273571, delays=273571/0.03/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[205.188.146.194] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)
May 18 04:39:30 vz146 postfix/qmgr[2136]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 18 04:39:30 vz146 postfix/qmgr[2136]: 1905860B1EA: to=<jbltaz@aol.com>, relay=none, delay=277717, delays=277717/0.02/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-01.mx.aol.com[64.12.90.1] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)
May 18 05:46:49 vz146 postfix/qmgr[2136]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 18 05:46:49 vz146 postfix/qmgr[2136]: 1905860B1EA: to=<jbltaz@aol.com>, relay=none, delay=281755, delays=281755/0.02/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[205.188.103.2] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)
May 18 06:59:07 vz146 postfix/qmgr[2136]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 18 06:59:07 vz146 postfix/qmgr[2136]: 1905860B1EA: to=<jbltaz@aol.com>, relay=none, delay=286094, delays=286094/0.02/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[64.12.90.66] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)
May 18 08:06:19 vz146 postfix/qmgr[2136]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 18 08:08:14 vz146 postfix/smtp[2450]: 1905860B1EA: host mailin-04.mx.aol.com[64.12.90.34] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html
May 18 08:08:15 vz146 postfix/smtp[2450]: 1905860B1EA: host mailin-01.mx.aol.com[64.12.90.1] said: 421 4.2.1 MSG=: (HVU:B2) http://postmaster.info.aol.com/errors/421hvub2.html (in reply to end of DATA command)
May 18 08:08:15 vz146 postfix/smtp[2450]: 1905860B1EA: host mailin-02.mx.aol.com[205.188.103.1] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html
May 18 08:08:15 vz146 postfix/smtp[2450]: 1905860B1EA: host mailin-03.mx.aol.com[64.12.90.97] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html
May 18 08:08:16 vz146 postfix/smtp[2450]: 1905860B1EA: to=<jbltaz@aol.com>, relay=mailin-02.mx.aol.com[205.188.155.110]:25, delay=290242, delays=290125/115/1.8/0, dsn=4.7.1, status=deferred (host mailin-02.mx.aol.com[205.188.155.110] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)
May 18 09:17:16 vz146 postfix/qmgr[2136]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 18 09:17:16 vz146 postfix/qmgr[2136]: 1905860B1EA: to=<jbltaz@aol.com>, relay=none, delay=294382, delays=294382/0/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-01.mx.aol.com[64.12.90.98] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)
May 18 10:31:39 vz146 postfix/qmgr[2136]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 18 10:31:39 vz146 postfix/qmgr[2136]: 1905860B1EA: to=<jbltaz@aol.com>, relay=none, delay=298845, delays=298845/0.01/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-03.mx.aol.com[64.12.90.97] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)
May 18 11:42:20 vz146 postfix/qmgr[2136]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 18 11:42:20 vz146 postfix/qmgr[2136]: 1905860B1EA: to=<jbltaz@aol.com>, relay=none, delay=303086, delays=303086/0/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-03.mx.aol.com[64.12.137.169] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)
May 18 12:53:29 vz146 postfix/qmgr[2136]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 18 12:53:29 vz146 postfix/qmgr[2136]: 1905860B1EA: to=<jbltaz@aol.com>, relay=none, delay=307355, delays=307355/0.03/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-01.mx.aol.com[205.188.146.193] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)
May 18 14:01:56 vz146 postfix/qmgr[2136]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 18 14:01:56 vz146 postfix/qmgr[2136]: 1905860B1EA: to=<jbltaz@aol.com>, relay=none, delay=311462, delays=311462/0/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-02.mx.aol.com[205.188.155.110] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)
May 18 15:13:28 vz146 postfix/qmgr[7035]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 18 15:13:28 vz146 postfix/qmgr[7035]: 1905860B1EA: to=<jbltaz@aol.com>, relay=none, delay=315755, delays=315755/0.03/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-01.mx.aol.com[205.188.146.193] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)
May 18 16:23:20 vz146 postfix/qmgr[7035]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 18 16:23:23 vz146 postfix/qmgr[7035]: 1905860B1EA: to=<jbltaz@aol.com>, relay=none, delay=319950, delays=319946/3.2/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-01.mx.aol.com[205.188.146.193] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)
May 18 17:33:26 vz146 postfix/qmgr[7035]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 18 17:33:26 vz146 postfix/qmgr[7035]: 1905860B1EA: to=<jbltaz@aol.com>, relay=none, delay=324153, delays=324153/0/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-03.mx.aol.com[64.12.137.169] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)
May 18 18:43:17 vz146 postfix/qmgr[7035]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 18 18:43:27 vz146 postfix/qmgr[7035]: 1905860B1EA: to=<jbltaz@aol.com>, relay=none, delay=328353, delays=328343/10/0/0, dsn=4.3.0, status=deferred (mail transport unavailable)
May 18 19:53:24 vz146 postfix/qmgr[7035]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 18 19:53:24 vz146 postfix/qmgr[7035]: 1905860B1EA: to=<jbltaz@aol.com>, relay=none, delay=332550, delays=332550/0.03/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-03.mx.aol.com[64.12.137.169] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)
May 18 21:03:33 vz146 postfix/qmgr[7035]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 18 21:03:33 vz146 postfix/qmgr[7035]: 1905860B1EA: to=<jbltaz@aol.com>, relay=none, delay=336759, delays=336759/0.03/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-01.mx.aol.com[205.188.59.194] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)
May 18 22:13:19 vz146 postfix/qmgr[7035]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 18 22:13:20 vz146 postfix/qmgr[7035]: 1905860B1EA: to=<jbltaz@aol.com>, relay=none, delay=340947, delays=340945/1.7/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-02.mx.aol.com[205.188.103.1] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)
May 18 23:21:17 vz146 postfix/qmgr[7035]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 18 23:21:17 vz146 postfix/qmgr[7035]: 1905860B1EA: to=<jbltaz@aol.com>, relay=none, delay=345023, delays=345023/0.01/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[64.12.90.66] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)
May 19 00:36:00 vz146 postfix/qmgr[26688]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 19 00:36:00 vz146 postfix/qmgr[26688]: 1905860B1EA: to=<jbltaz@aol.com>, relay=none, delay=349506, delays=349506/0.02/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-03.mx.aol.com[64.12.90.33] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)
May 19 01:42:43 vz146 postfix/qmgr[26688]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 19 01:42:43 vz146 postfix/qmgr[26688]: 1905860B1EA: to=<jbltaz@aol.com>, relay=none, delay=353510, delays=353510/0/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-02.mx.aol.com[64.12.90.65] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)
vz146:~#
(05-20-2010 11:24 PM)joximu Wrote:  noch früher....

irgendwo müsste sowas wie das kommen:
Code:
postfix/smtpd[28367]: connect from blu0-omc1-s3.blu0.hotmail.com[65.55.116.14]
postfix/smtpd[28367]: 4F0201A0C079: client=blu0-omc1-s3.blu0.hotmail.com[65.55.116.14]
postfix/cleanup[28729]: 4F0201A0C079: message-id=<BLU0-SMTP9653603E2E81DE5E097A3896FF0@phx.gbl>

und erst später dann das:
postfix/qmgr[2541]: 4F0201A0C079: from=<zqwxwas367@msn.com>, size=5053, nrcpt=2 (queue active)
... und wohin es geht....

ja, einfach ist es nicht... aber es kann Spass machen Wink

/J


Hmm... wie komme ich denn weiter zutrück?

das problem tauchte 13-14.5. das erste mal auf

(05-20-2010 11:25 PM)Illidan Wrote:  Kennst du die Mail Adresse jbltaz@aol.com?

Vielleicht konnte postfix die Mails die ganze Zeit nicht senden und jetzt sendet er alle aufeinmal.

ne- kenn ich nicht.... aber hast recht, schon komisch - das immer wieder diese addy kommt.
Ganz am Anfang wenn ich die LOG datei mit (cat /var/log/mail.log) aufrufe kommt das hier:

May 20 04:19:17 vz146 pop3d: LOGIN FAILED, user=zb, ip=[::ffff:219.143.199.164]
May 20 04:19:22 vz146 pop3d: Disconnected, ip=[::ffff:219.143.199.164]
May 20 04:19:23 vz146 pop3d: Connection, ip=[::ffff:219.143.199.164]
May 20 04:19:23 vz146 pop3d: LOGIN FAILED, user=zb, ip=[::ffff:219.143.199.164]
May 20 04:19:28 vz146 pop3d: Disconnected, ip=[::ffff:219.143.199.164]
May 20 04:19:29 vz146 pop3d: Connection, ip=[::ffff:219.143.199.164]
May 20 04:19:29 vz146 pop3d: LOGIN FAILED, user=cvsroot, ip=[::ffff:219.143.199. 164]
May 20 04:19:34 vz146 pop3d: Disconnected, ip=[::ffff:219.143.199.164]
May 20 04:19:35 vz146 pop3d: Connection, ip=[::ffff:219.143.199.164]
May 20 04:19:35 vz146 pop3d: LOGIN FAILED, user=cvsroot, ip=[::ffff:219.143.199. 164]
May 20 04:19:40 vz146 pop3d: Disconnected, ip=[::ffff:219.143.199.164]
May 20 04:19:40 vz146 pop3d: Connection, ip=[::ffff:219.143.199.164]
May 20 04:19:41 vz146 pop3d: LOGIN FAILED, user=dam, ip=[::ffff:219.143.199.164]
May 20 04:19:46 vz146 pop3d: Disconnected, ip=[::ffff:219.143.199.164]
May 20 04:19:46 vz146 pop3d: Connection, ip=[::ffff:219.143.199.164]
May 20 04:19:47 vz146 pop3d: LOGIN FAILED, user=help, ip=[::ffff:219.143.199.164 ]
May 20 04:19:52 vz146 pop3d: Disconnected, ip=[::ffff:219.143.199.164]
May 20 04:19:52 vz146 pop3d: Connection, ip=[::ffff:219.143.199.164]
May 20 04:19:55 vz146 pop3d: LOGIN FAILED, user=root, ip=[::ffff:219.143.199.164 ]
May 20 04:20:00 vz146 pop3d: Disconnected, ip=[::ffff:219.143.199.164]
May 20 04:20:01 vz146 pop3d: Connection, ip=[::ffff:219.143.199.164]
May 20 04:20:02 vz146 postfix/pickup[18622]: 96E9DF74073: uid=106 from=<smmsp>
May 20 04:20:02 vz146 postfix/cleanup[18896]: 96E9DF74073: message-id=<201005200 22002.96E9DF74073@vz146.worldserver.net>
May 20 04:20:03 vz146 pop3d: LOGIN FAILED, user=root, ip=[::ffff:219.143.199.164 ]
May 20 04:20:08 vz146 pop3d: Disconnected, ip=[::ffff:219.143.199.164]
May 20 04:20:09 vz146 pop3d: Connection, ip=[::ffff:219.143.199.164]
May 20 04:20:11 vz146 pop3d: LOGIN FAILED, user=root, ip=[::ffff:219.143.199.164 ]
May 20 04:20:17 vz146 pop3d: Disconnected, ip=[::ffff:219.143.199.164]
May 20 04:20:17 vz146 pop3d: Connection, ip=[::ffff:219.143.199.164]
May 20 04:20:20 vz146 pop3d: LOGIN FAILED, user=root, ip=[::ffff:219.143.199.164 ]
May 20 04:20:25 vz146 pop3d: Disconnected, ip=[::ffff:219.143.199.164]
May 20 04:20:25 vz146 pop3d: Connection, ip=[::ffff:219.143.199.164]
May 20 04:20:27 vz146 pop3d: LOGIN FAILED, user=root, ip=[::ffff:219.143.199.164 ]
May 20 04:20:32 vz146 pop3d: Disconnected, ip=[::ffff:219.143.199.164]
May 20 04:20:33 vz146 pop3d: Connection, ip=[::ffff:219.143.199.164]
May 20 04:20:35 vz146 pop3d: LOGIN FAILED, user=root, ip=[::ffff:219.143.199.164 ]
May 20 04:20:41 vz146 pop3d: Disconnected, ip=[::ffff:219.143.199.164]
May 20 04:20:41 vz146 pop3d: Connection, ip=[::ffff:219.143.199.164]
May 20 04:20:43 vz146 pop3d: LOGIN FAILED, user=root, ip=[::ffff:219.143.199.164 ]
May 20 04:20:49 vz146 pop3d: Disconnected, ip=[::ffff:219.143.199.164]
May 20 04:20:49 vz146 pop3d: Connection, ip=[::ffff:219.143.199.164]
May 20 04:20:52 vz146 pop3d: LOGIN FAILED, user=root, ip=[::ffff:219.143.199.164 ]
May 20 04:20:57 vz146 pop3d: Disconnected, ip=[::ffff:219.143.199.164]
May 20 04:20:57 vz146 pop3d: Connection, ip=[::ffff:219.143.199.164]
May 20 04:21:00 vz146 pop3d: LOGIN FAILED, user=root, ip=[::ffff:219.143.199.164 ]
May 20 04:21:05 vz146 pop3d: Disconnected, ip=[::ffff:219.143.199.164]
May 20 04:21:05 vz146 pop3d: Connection, ip=[::ffff:219.143.199.164]
May 20 04:21:08 vz146 pop3d: LOGIN FAILED, user=root, ip=[::ffff:219.143.199.164 ]
May 20 04:21:13 vz146 pop3d: Disconnected, ip=[::ffff:219.143.199.164]
May 20 04:21:13 vz146 pop3d: Connection, ip=[::ffff:219.143.199.164]
May 20 04:21:16 vz146 pop3d: LOGIN FAILED, user=root, ip=[::ffff:219.143.199.164 ]
May 20 04:21:21 vz146 pop3d: Disconnected, ip=[::ffff:219.143.199.164]
May 20 04:21:21 vz146 pop3d: Connection, ip=[::ffff:219.143.199.164]
May 20 04:21:24 vz146 pop3d: LOGIN FAILED, user=root, ip=[::ffff:219.143.199.164 ]
May 20 04:21:29 vz146 pop3d: Disconnected, ip=[::ffff:219.143.199.164]
May 20 04:21:30 vz146 pop3d: Connection, ip=[::ffff:219.143.199.164]
May 20 04:21:32 vz146 pop3d: LOGIN FAILED, user=root, ip=[::ffff:219.143.199.164 ]
May 20 04:21:38 vz146 pop3d: Disconnected, ip=[::ffff:219.143.199.164]
May 20 04:21:38 vz146 pop3d: Connection, ip=[::ffff:219.143.199.164]
May 20 04:21:40 vz146 pop3d: LOGIN FAILED, user=root, ip=[::ffff:219.143.199.164 ]
May 20 04:21:45 vz146 pop3d: Disconnected, ip=[::ffff:219.143.199.164]
May 20 04:21:46 vz146 pop3d: Connection, ip=[::ffff:219.143.199.164]
May 20 04:21:49 vz146 pop3d: LOGIN FAILED, user=root, ip=[::ffff:219.143.199.164 ]
May 20 04:21:54 vz146 pop3d: Disconnected, ip=[::ffff:219.143.199.164]
May 20 04:21:54 vz146 pop3d: Connection, ip=[::ffff:219.143.199.164]
May 20 04:21:56 vz146 pop3d: LOGIN FAILED, user=root, ip=[::ffff:219.143.199.164 ]
May 20 04:22:02 vz146 pop3d: Disconnected, ip=[::ffff:219.143.199.164]
May 20 04:22:02 vz146 pop3d: Connection, ip=[::ffff:219.143.199.164]
May 20 04:22:05 vz146 pop3d: LOGIN FAILED, user=root, ip=[::ffff:219.143.199.164 ]
May 20 04:22:10 vz146 pop3d: Disconnected, ip=[::ffff:219.143.199.164]
May 20 04:22:10 vz146 pop3d: Connection, ip=[::ffff:219.143.199.164]
May 20 04:22:12 vz146 pop3d: LOGIN FAILED, user=root, ip=[::ffff:219.143.199.164 ]
May 20 04:22:18 vz146 pop3d: Disconnected, ip=[::ffff:219.143.199.164]
May 20 04:22:18 vz146 pop3d: Connection, ip=[::ffff:219.143.199.164]
May 20 04:22:20 vz146 pop3d: LOGIN FAILED, user=root, ip=[::ffff:219.143.199.164 ]
May 20 04:22:25 vz146 pop3d: Disconnected, ip=[::ffff:219.143.199.164]
May 20 04:22:25 vz146 pop3d: Connection, ip=[::ffff:219.143.199.164]
May 20 04:22:28 vz146 pop3d: LOGIN FAILED, user=root, ip=[::ffff:219.143.199.164 ]
May 20 04:22:33 vz146 pop3d: Disconnected, ip=[::ffff:219.143.199.164]
May 20 04:22:33 vz146 pop3d: Connection, ip=[::ffff:219.143.199.164]
May 20 04:22:36 vz146 pop3d: LOGIN FAILED, user=root, ip=[::ffff:219.143.199.164 ]
May 20 04:22:41 vz146 pop3d: Disconnected, ip=[::ffff:219.143.199.164]
May 20 04:22:42 vz146 pop3d: Connection, ip=[::ffff:219.143.199.164]
May 20 04:22:44 vz146 pop3d: LOGIN FAILED, user=root, ip=[::ffff:219.143.199.164 ]
May 20 04:22:49 vz146 pop3d: Disconnected, ip=[::ffff:219.143.199.164]
May 20 04:22:49 vz146 pop3d: Connection, ip=[::ffff:219.143.199.164]
May 20 04:22:51 vz146 pop3d: LOGIN FAILED, user=root, ip=[::ffff:219.143.199.164 ]
May 20 04:22:56 vz146 pop3d: Disconnected, ip=[::ffff:219.143.199.164]
May 20 04:22:57 vz146 pop3d: Connection, ip=[::ffff:219.143.199.164]
May 20 04:22:59 vz146 pop3d: LOGIN FAILED, user=root, ip=[::ffff:219.143.199.164 ]
May 20 04:23:04 vz146 pop3d: Disconnected, ip=[::ffff:219.143.199.164]
May 20 04:23:05 vz146 pop3d: Connection, ip=[::ffff:219.143.199.164]
May 20 04:23:05 vz146 pop3d: LOGIN FAILED, user=jun, ip=[::ffff:219.143.199.164]
May 20 04:23:10 vz146 pop3d: Disconnected, ip=[::ffff:219.143.199.164]
May 20 04:23:11 vz146 pop3d: Connection, ip=[::ffff:219.143.199.164]
May 20 04:23:11 vz146 pop3d: LOGIN FAILED, user=elena, ip=[::ffff:219.143.199.16 4]
May 20 04:23:16 vz146 pop3d: Disconnected, ip=[::ffff:219.143.199.164]
May 20 04:23:17 vz146 pop3d: Connection, ip=[::ffff:219.143.199.164]
May 20 04:23:18 vz146 pop3d: LOGIN FAILED, user=root, ip=[::ffff:219.143.199.164 ]
May 20 04:23:23 vz146 pop3d: Disconnected, ip=[::ffff:219.143.199.164]
May 20 04:23:24 vz146 pop3d: Connection, ip=[::ffff:219.143.199.164]
May 20 04:23:26 vz146 pop3d: LOGIN FAILED, user=root, ip=[::ffff:219.143.199.164 ]
May 20 04:23:31 vz146 pop3d: Disconnected, ip=[::ffff:219.143.199.164]
May 20 04:23:31 vz146 pop3d: Connection, ip=[::ffff:219.143.199.164]
May 20 04:23:35 vz146 pop3d: LOGIN FAILED, user=root, ip=[::ffff:219.143.199.164 ]
May 20 04:23:40 vz146 pop3d: Disconnected, ip=[::ffff:219.143.199.164]
May 20 04:23:40 vz146 pop3d: Connection, ip=[::ffff:219.143.199.164]
May 20 04:23:42 vz146 pop3d: LOGIN FAILED, user=root, ip=[::ffff:219.143.199.164 ]
May 20 04:23:47 vz146 pop3d: Disconnected, ip=[::ffff:219.143.199.164]
May 20 04:23:48 vz146 pop3d: Connection, ip=[::ffff:219.143.199.164]
May 20 04:23:50 vz146 pop3d: LOGIN FAILED, user=root, ip=[::ffff:219.143.199.164 ]
May 20 04:23:55 vz146 pop3d: Disconnected, ip=[::ffff:219.143.199.164]
May 20 04:23:55 vz146 pop3d: Connection, ip=[::ffff:219.143.199.164]
May 20 04:23:58 vz146 pop3d: LOGIN FAILED, user=root, ip=[::ffff:219.143.199.164 ]
May 20 04:24:03 vz146 pop3d: Disconnected, ip=[::ffff:219.143.199.164]
May 20 04:24:03 vz146 pop3d: Connection, ip=[::ffff:219.143.199.164]
May 20 04:24:05 vz146 pop3d: LOGIN FAILED, user=root, ip=[::ffff:219.143.199.164 ]
May 20 04:24:11 vz146 pop3d: Disconnected, ip=[::ffff:219.143.199.164]
May 20 04:24:11 vz146 pop3d: Connection, ip=[::ffff:219.143.199.164]
May 20 04:24:11 vz146 pop3d: LOGIN FAILED, user=b, ip=[::ffff:219.143.199.164]
May 20 04:24:17 vz146 pop3d: Disconnected, ip=[::ffff:219.143.199.164]
May 20 04:24:17 vz146 pop3d: Connection, ip=[::ffff:219.143.199.164]
May 20 04:24:17 vz146 pop3d: LOGIN FAILED, user=rea, ip=[::ffff:219.143.199.164]
May 20 04:24:23 vz146 pop3d: Disconnected, ip=[::ffff:219.143.199.164]
May 20 04:24:23 vz146 pop3d: Connection, ip=[::ffff:219.143.199.164]
May 20 04:24:25 vz146 pop3d: LOGIN FAILED, user=root, ip=[::ffff:219.143.199.164 ]
May 20 04:24:30 vz146 pop3d: Disconnected, ip=[::ffff:219.143.199.164]
May 20 04:24:30 vz146 pop3d: Connection, ip=[::ffff:219.143.199.164]
May 20 04:24:33 vz146 pop3d: LOGIN FAILED, user=root, ip=[::ffff:219.143.199.164 ]
May 20 04:24:38 vz146 pop3d: Disconnected, ip=[::ffff:219.143.199.164]
May 20 04:24:38 vz146 pop3d: Connection, ip=[::ffff:219.143.199.164]
May 20 04:24:40 vz146 pop3d: LOGIN FAILED, user=root, ip=[::ffff:219.143.199.164 ]
May 20 04:24:46 vz146 pop3d: Disconnected, ip=[::ffff:219.143.199.164]
May 20 04:24:46 vz146 pop3d: Connection, ip=[::ffff:219.143.199.164]
May 20 04:24:48 vz146 pop3d: LOGIN FAILED, user=root, ip=[::ffff:219.143.199.164 ]
May 20 04:24:53 vz146 pop3d: Disconnected, ip=[::ffff:219.143.199.164]
May 20 04:24:54 vz146 pop3d: Connection, ip=[::ffff:219.143.199.164]
May 20 04:24:56 vz146 pop3d: LOGIN FAILED, user=root, ip=[::ffff:219.143.199.164 ]
May 20 04:25:01 vz146 pop3d: Disconnected, ip=[::ffff:219.143.199.164]
May 20 04:25:02 vz146 pop3d: Connection, ip=[::ffff:219.143.199.164]
May 20 04:25:04 vz146 pop3d: LOGIN FAILED, user=root, ip=[::ffff:219.143.199.164 ]
May 20 04:25:10 vz146 pop3d: Disconnected, ip=[::ffff:219.143.199.164]
May 20 04:25:10 vz146 pop3d: Connection, ip=[::ffff:219.143.199.164]
May 20 04:25:12 vz146 pop3d: LOGIN FAILED, user=root, ip=[::ffff:219.143.199.164 ]
May 20 04:25:18 vz146 pop3d: Disconnected, ip=[::ffff:219.143.199.164]
May 20 04:25:18 vz146 pop3d: Connection, ip=[::ffff:219.143.199.164]
May 20 04:25:20 vz146 pop3d: LOGIN FAILED, user=root, ip=[::ffff:219.143.199.164 ]
May 20 04:25:25 vz146 pop3d: Disconnected, ip=[::ffff:219.143.199.164]
May 20 04:25:26 vz146 pop3d: Connection, ip=[::ffff:219.143.199.164]
May 20 04:25:28 vz146 pop3d: LOGIN FAILED, user=root, ip=[::ffff:219.143.199.164 ]
May 20 04:25:33 vz146 pop3d: Disconnected, ip=[::ffff:219.143.199.164]
May 20 04:25:33 vz146 pop3d: Connection, ip=[::ffff:219.143.199.164]
May 20 04:25:36 vz146 pop3d: LOGIN FAILED, user=root, ip=[::ffff:219.143.199.164 ]
May 20 04:25:41 vz146 pop3d: Disconnected, ip=[::ffff:219.143.199.164]
May 20 04:25:42 vz146 pop3d: Connection, ip=[::ffff:219.143.199.164]
May 20 04:25:44 vz146 pop3d: LOGIN FAILED, user=root, ip=[::ffff:219.143.199.164 ]
May 20 04:25:49 vz146 pop3d: Disconnected, ip=[::ffff:219.143.199.164]
May 20 04:25:49 vz146 pop3d: Connection, ip=[::ffff:219.143.199.164]
May 20 04:25:51 vz146 pop3d: LOGIN FAILED, user=root, ip=[::ffff:219.143.199.164 ]
May 20 04:25:57 vz146 pop3d: Disconnected, ip=[::ffff:219.143.199.164]
May 20 04:25:57 vz146 pop3d: Connection, ip=[::ffff:219.143.199.164]
May 20 04:26:00 vz146 pop3d: LOGIN FAILED, user=root, ip=[::ffff:219.143.199.164 ]
May 20 04:26:05 vz146 pop3d: Disconnected, ip=[::ffff:219.143.199.164]
May 20 04:26:05 vz146 pop3d: Connection, ip=[::ffff:219.143.199.164]
May 20 04:26:07 vz146 pop3d: LOGIN FAILED, user=root, ip=[::ffff:219.143.199.164 ]
May 20 04:26:12 vz146 pop3d: Disconnected, ip=[::ffff:219.143.199.164]
May 20 04:26:12 vz146 pop3d: Connection, ip=[::ffff:219.143.199.164]
May 20 04:26:15 vz146 pop3d: LOGIN FAILED, user=root, ip=[::ffff:219.143.199.164 ]
May 20 04:26:20 vz146 pop3d: Disconnected, ip=[::ffff:219.143.199.164]
May 20 04:26:20 vz146 pop3d: Connection, ip=[::ffff:219.143.199.164]
May 20 04:26:23 vz146 pop3d: LOGIN FAILED, u^Z
[1]+ Stopped cat /var/log/mail.log
vz146:~#
(This post was last modified: 05-20-2010 11:43 PM by izo.)
05-20-2010 11:27 PM
Find all posts by this user
joximu Offline
helper
*****
Moderators

Posts: 7,024
Joined: Jan 2007
Reputation: 92
Post: #23
RE: Server versendet SPAM?!
hm - kannst du die mail.info.2.gz und mail.info.3.gz und ggf. noch ältere durchsuchen - wir brauchen den Anfang der Geschichte...

zu deinen letzten Log-Einträgen: installier mal fail2ban oder so - dein Server steht unter Hackversuchen....

/J
05-20-2010 11:58 PM
Visit this user's website Find all posts by this user
xxo Offline
Junior Member
*

Posts: 38
Joined: Sep 2008
Reputation: 0
Post: #24
RE: Server versendet SPAM?!
Schaust du dir die Laufzeiten mal an, dein Server ist ganrnicht mehr aktuell aktiv. Das war er (delay=273571) vor 3,16 Tagen. Was du hast, ist der zu versendende Müll, den AOL nicht will. Mach erstmal die postfix queue leer. Tipp: such nach postfix queue leeren.
Dann suchst du, im log vom 17. nach erfolgten, passenden logins.
Tipp: grep "pop3d: LOGIN,"
Login Failed kannst du getrost ignorieren.

Und bitte bemühe die Suchmaschine, dabei kannst du nämlich auch noch was lernen. Es bringt dir nix, einfach stumpf copy&paste zu machen.
05-21-2010 12:14 AM
Find all posts by this user
izo Offline
Junior Member
*

Posts: 45
Joined: Nov 2009
Reputation: 0
Post: #25
RE: Server versendet SPAM?!
kann es sein das die logs nicht mehr drauf sind?

hackversuche - na toll! noch ne neuikeit! Was macht das PRG?

2.gz

vz146:~# zgrep 1905860B1EA /var/log/mail.info.2.gz
May 17 03:25:17 vz146 postfix/qmgr[16500]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 17 03:25:17 vz146 postfix/qmgr[16500]: 1905860B1EA: to=<jbltaz@aol.com>, relay=none, delay=186863, delays=186863/0/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[205.188.146.194] refused to talk to me: 554 5.7.1 : (RLY:B1) http://postmaster.info.aol.com/errors/554rlyb1.html)
May 17 04:34:59 vz146 postfix/qmgr[16500]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 17 04:34:59 vz146 postfix/qmgr[16500]: 1905860B1EA: to=<jbltaz@aol.com>, relay=none, delay=191045, delays=191045/0/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-02.mx.aol.com[205.188.190.1] refused to talk to me: 554 5.7.1 : (RLY:B1) http://postmaster.info.aol.com/errors/554rlyb1.html)
May 17 05:45:03 vz146 postfix/qmgr[16500]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 17 05:45:03 vz146 postfix/qmgr[16500]: 1905860B1EA: to=<jbltaz@aol.com>, relay=none, delay=195250, delays=195250/0/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[64.12.90.66] refused to talk to me: 554 5.7.1 : (RLY:B1) http://postmaster.info.aol.com/errors/554rlyb1.html)
May 17 06:55:11 vz146 postfix/qmgr[16500]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 17 06:55:11 vz146 postfix/qmgr[16500]: 1905860B1EA: to=<jbltaz@aol.com>, relay=none, delay=199457, delays=199457/0.02/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[205.188.103.2] refused to talk to me: 554 5.7.1 : (RLY:B1) http://postmaster.info.aol.com/errors/554rlyb1.html)
May 17 08:04:51 vz146 postfix/qmgr[16500]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 17 08:04:57 vz146 postfix/qmgr[16500]: 1905860B1EA: to=<jbltaz@aol.com>, relay=none, delay=203643, delays=203638/5.5/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-01.mx.aol.com[205.188.59.194] refused to talk to me: 554 5.7.1 : (RLY:B1) http://postmaster.info.aol.com/errors/554rlyb1.html)
May 17 09:15:03 vz146 postfix/qmgr[16500]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 17 09:15:03 vz146 postfix/qmgr[16500]: 1905860B1EA: to=<jbltaz@aol.com>, relay=none, delay=207849, delays=207849/0/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[64.12.90.34] refused to talk to me: 554 5.7.1 : (RLY:B1) http://postmaster.info.aol.com/errors/554rlyb1.html)
May 17 10:24:55 vz146 postfix/qmgr[16500]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 17 10:24:55 vz146 postfix/qmgr[16500]: 1905860B1EA: to=<jbltaz@aol.com>, relay=none, delay=212042, delays=212042/0/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-02.mx.aol.com[64.12.90.65] refused to talk to me: 554 5.7.1 : (RLY:B1) http://postmaster.info.aol.com/errors/554rlyb1.html)
May 17 11:35:13 vz146 postfix/qmgr[16500]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 17 11:35:13 vz146 postfix/qmgr[16500]: 1905860B1EA: to=<jbltaz@aol.com>, relay=none, delay=216259, delays=216259/0/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-02.mx.aol.com[205.188.103.1] refused to talk to me: 554 5.7.1 : (RLY:B1) http://postmaster.info.aol.com/errors/554rlyb1.html)
May 17 12:45:03 vz146 postfix/qmgr[16500]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 17 12:45:04 vz146 postfix/qmgr[16500]: 1905860B1EA: to=<jbltaz@aol.com>, relay=none, delay=220450, delays=220450/0.03/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[205.188.146.194] refused to talk to me: 554 5.7.1 : (RLY:B1) http://postmaster.info.aol.com/errors/554rlyb1.html)
May 17 13:55:19 vz146 postfix/qmgr[16500]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 17 13:55:19 vz146 postfix/qmgr[16500]: 1905860B1EA: to=<jbltaz@aol.com>, relay=none, delay=224666, delays=224666/0.02/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-02.mx.aol.com[205.188.190.1] refused to talk to me: 554 5.7.1 : (RLY:B1) http://postmaster.info.aol.com/errors/554rlyb1.html)
May 17 15:05:18 vz146 postfix/qmgr[16500]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 17 15:05:18 vz146 postfix/qmgr[16500]: 1905860B1EA: to=<jbltaz@aol.com>, relay=none, delay=228864, delays=228864/0.02/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-01.mx.aol.com[64.12.90.1] refused to talk to me: 554 5.7.1 : (RLY:B1) http://postmaster.info.aol.com/errors/554rlyb1.html)
May 17 16:15:02 vz146 postfix/qmgr[16500]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 17 16:15:07 vz146 postfix/qmgr[16500]: 1905860B1EA: to=<jbltaz@aol.com>, relay=none, delay=233053, delays=233048/5/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[64.12.90.66] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)
May 17 17:25:17 vz146 postfix/qmgr[16500]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 17 17:25:17 vz146 postfix/qmgr[16500]: 1905860B1EA: to=<jbltaz@aol.com>, relay=none, delay=237263, delays=237263/0/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-02.mx.aol.com[64.12.90.65] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)
May 17 18:34:57 vz146 postfix/qmgr[16500]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 17 18:34:58 vz146 postfix/qmgr[16500]: 1905860B1EA: to=<jbltaz@aol.com>, relay=none, delay=241445, delays=241443/1.7/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-02.mx.aol.com[205.188.103.1] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)
May 17 22:36:07 vz146 postfix/qmgr[2136]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 17 22:36:07 vz146 postfix/qmgr[2136]: 1905860B1EA: to=<jbltaz@aol.com>, relay=none, delay=255914, delays=255914/0.04/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-03.mx.aol.com[64.12.90.97] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)
May 17 23:52:32 vz146 postfix/qmgr[2136]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 17 23:52:32 vz146 postfix/qmgr[2136]: 1905860B1EA: to=<jbltaz@aol.com>, relay=none, delay=260498, delays=260498/0.01/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[64.12.90.66] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)
May 18 01:12:10 vz146 postfix/qmgr[2136]: 1905860B1EA: from=<webmaster@hof-xxxde>, size=1986, nrcpt=1 (queue active)
May 18 01:12:10 vz146 postfix/qmgr[2136]: 1905860B1EA: to=<jbltaz@aol.com>, relay=none, delay=265276, delays=265276/0.04/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-03.mx.aol.com[64.12.90.33] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)
May 18 02:19:50 vz146 postfix/qmgr[2136]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 18 02:19:50 vz146 postfix/qmgr[2136]: 1905860B1EA: to=<jbltaz@aol.com>, relay=none, delay=269336, delays=269336/0.02/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-03.mx.aol.com[64.12.90.33] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)
vz146:~#




und 4.gz:


vz146:~# zgrep 1905860B1EA /var/log/mail.info.3.gz
May 16 04:00:56 vz146 postfix/qmgr[10369]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 16 04:02:19 vz146 postfix/qmgr[10369]: 1905860B1EA: to=<jbltaz@aol.com>, relay=none, delay=102685, delays=102603/82/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-03.mx.aol.com[64.12.137.169] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)
May 16 05:11:51 vz146 postfix/qmgr[10369]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 16 05:11:51 vz146 postfix/qmgr[10369]: 1905860B1EA: to=<jbltaz@aol.com>, relay=none, delay=106857, delays=106857/0.03/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-02.mx.aol.com[205.188.103.1] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)
May 16 06:20:57 vz146 postfix/qmgr[10369]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 16 06:21:09 vz146 postfix/qmgr[10369]: 1905860B1EA: to=<jbltaz@aol.com>, relay=none, delay=111016, delays=111004/12/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-03.mx.aol.com[64.12.90.33] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)
May 16 07:31:27 vz146 postfix/qmgr[10369]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 16 07:31:27 vz146 postfix/qmgr[10369]: 1905860B1EA: to=<jbltaz@aol.com>, relay=none, delay=115233, delays=115233/0/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-03.mx.aol.com[205.188.59.193] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)
May 16 08:40:58 vz146 postfix/qmgr[10369]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 16 08:41:05 vz146 postfix/qmgr[10369]: 1905860B1EA: to=<jbltaz@aol.com>, relay=none, delay=119412, delays=119405/6.9/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[64.12.90.34] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)
May 16 09:51:28 vz146 postfix/qmgr[10369]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 16 09:51:28 vz146 postfix/qmgr[10369]: 1905860B1EA: to=<jbltaz@aol.com>, relay=none, delay=123634, delays=123634/0.01/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-02.mx.aol.com[205.188.155.110] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)
May 16 11:01:33 vz146 postfix/qmgr[10369]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 16 11:01:33 vz146 postfix/qmgr[10369]: 1905860B1EA: to=<jbltaz@aol.com>, relay=none, delay=127839, delays=127839/0.02/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-02.mx.aol.com[205.188.155.110] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)
May 16 12:11:10 vz146 postfix/qmgr[10369]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 16 12:11:11 vz146 postfix/qmgr[10369]: 1905860B1EA: to=<jbltaz@aol.com>, relay=none, delay=132018, delays=132016/1.3/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[205.188.157.18] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)
May 16 13:21:49 vz146 postfix/qmgr[10369]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 16 13:21:49 vz146 postfix/qmgr[10369]: 1905860B1EA: to=<jbltaz@aol.com>, relay=none, delay=136255, delays=136255/0.02/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-03.mx.aol.com[64.12.90.33] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)
May 16 14:31:09 vz146 postfix/qmgr[10369]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 16 14:31:09 vz146 postfix/qmgr[10369]: 1905860B1EA: to=<jbltaz@aol.com>, relay=none, delay=140415, delays=140415/0/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-03.mx.aol.com[64.12.90.33] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)
May 16 15:41:26 vz146 postfix/qmgr[10369]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 16 15:41:26 vz146 postfix/qmgr[10369]: 1905860B1EA: to=<jbltaz@aol.com>, relay=none, delay=144633, delays=144633/0/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-03.mx.aol.com[64.12.90.97] refused to talk to me: 554 5.7.1 : (RLY:B1) http://postmaster.info.aol.com/errors/554rlyb1.html)
May 16 16:51:36 vz146 postfix/qmgr[10369]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 16 16:51:36 vz146 postfix/qmgr[10369]: 1905860B1EA: to=<jbltaz@aol.com>, relay=none, delay=148842, delays=148842/0.02/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-01.mx.aol.com[205.188.59.194] refused to talk to me: 554 5.7.1 : (RLY:B1) http://postmaster.info.aol.com/errors/554rlyb1.html)
May 16 18:01:09 vz146 postfix/qmgr[10369]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 16 18:01:09 vz146 postfix/qmgr[10369]: 1905860B1EA: to=<jbltaz@aol.com>, relay=none, delay=153015, delays=153015/0/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-01.mx.aol.com[64.12.90.98] refused to talk to me: 554 5.7.1 : (RLY:B1) http://postmaster.info.aol.com/errors/554rlyb1.html)
May 16 19:11:16 vz146 postfix/qmgr[16500]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 16 19:11:16 vz146 postfix/qmgr[16500]: 1905860B1EA: to=<jbltaz@aol.com>, relay=none, delay=157222, delays=157222/0.03/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-03.mx.aol.com[64.12.90.33] refused to talk to me: 554 5.7.1 : (RLY:B1) http://postmaster.info.aol.com/errors/554rlyb1.html)
May 16 20:20:42 vz146 postfix/qmgr[16500]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 16 20:20:42 vz146 postfix/qmgr[16500]: 1905860B1EA: to=<jbltaz@aol.com>, relay=none, delay=161388, delays=161388/0/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-03.mx.aol.com[64.12.137.169] refused to talk to me: 554 5.7.1 : (RLY:B1) http://postmaster.info.aol.com/errors/554rlyb1.html)
May 16 21:31:15 vz146 postfix/qmgr[16500]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 16 21:31:15 vz146 postfix/qmgr[16500]: 1905860B1EA: to=<jbltaz@aol.com>, relay=none, delay=165622, delays=165622/0/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[205.188.103.2] refused to talk to me: 554 5.7.1 : (RLY:B1) http://postmaster.info.aol.com/errors/554rlyb1.html)
May 16 22:39:53 vz146 postfix/qmgr[16500]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 16 22:40:14 vz146 postfix/qmgr[16500]: 1905860B1EA: to=<jbltaz@aol.com>, relay=none, delay=169760, delays=169740/21/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-03.mx.aol.com[205.188.190.2] refused to talk to me: 554 5.7.1 : (RLY:B1) http://postmaster.info.aol.com/errors/554rlyb1.html)
May 16 23:50:26 vz146 postfix/qmgr[16500]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 16 23:50:26 vz146 postfix/qmgr[16500]: 1905860B1EA: to=<jbltaz@aol.com>, relay=none, delay=173972, delays=173972/0/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[64.12.90.66] refused to talk to me: 554 5.7.1 : (RLY:B1) http://postmaster.info.aol.com/errors/554rlyb1.html)
May 17 01:05:39 vz146 postfix/qmgr[16500]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 17 01:05:39 vz146 postfix/qmgr[16500]: 1905860B1EA: to=<jbltaz@aol.com>, relay=none, delay=178486, delays=178486/0.04/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-02.mx.aol.com[205.188.103.1] refused to talk to me: 554 5.7.1 : (RLY:B1) http://postmaster.info.aol.com/errors/554rlyb1.html)
May 17 02:15:10 vz146 postfix/qmgr[16500]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 17 02:15:10 vz146 postfix/qmgr[16500]: 1905860B1EA: to=<jbltaz@aol.com>, relay=none, delay=182656, delays=182656/0.02/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-03.mx.aol.com[205.188.59.193] refused to talk to me: 554 5.7.1 : (RLY:B1) http://postmaster.info.aol.com/errors/554rlyb1.html)
vz146:~#

5.gz:


vz146:~# zgrep 1905860B1EA /var/log/mail.info.5.gz
May 14 23:30:54 vz146 postfix/pickup[30178]: 1905860B1EA: uid=2005 from=<webmaster@hof-xxx.de>
May 14 23:30:54 vz146 postfix/cleanup[29916]: 1905860B1EA: message-id=<20100514213054.1905860B1EA@vz146.worldserver.net>
May 14 23:30:54 vz146 postfix/qmgr[31274]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 14 23:32:52 vz146 postfix/smtp[25848]: 1905860B1EA: host mailin-04.mx.aol.com[64.12.90.66] said: 421 4.2.1 MSG=: (HVU:B2) http://postmaster.info.aol.com/errors/421hvub2.html (in reply to end of DATA command)
May 14 23:32:52 vz146 postfix/smtp[25848]: 1905860B1EA: to=<jbltaz@aol.com>, relay=mailin-04.mx.aol.com[205.188.146.194]:25, conn_use=2, delay=119, delays=0.01/117/0.79/0.53, dsn=4.2.1, status=deferred (host mailin-04.mx.aol.com[205.188.146.194] said: 421 4.2.1 MSG=: (HVU:B2) http://postmaster.info.aol.com/errors/421hvub2.html (in reply to end of DATA command))
May 14 23:38:23 vz146 postfix/qmgr[31274]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 14 23:40:36 vz146 postfix/smtp[30438]: 1905860B1EA: host mailin-04.mx.aol.com[64.12.90.66] said: 421 4.2.1 MSG=: (HVU:B2) http://postmaster.info.aol.com/errors/421hvub2.html (in reply to end of DATA command)
May 14 23:40:37 vz146 postfix/smtp[30438]: 1905860B1EA: to=<jbltaz@aol.com>, relay=mailin-03.mx.aol.com[64.12.90.33]:25, delay=583, delays=449/132/1.3/0.5, dsn=4.2.1, status=deferred (host mailin-03.mx.aol.com[64.12.90.33] said: 421 4.2.1 MSG=: (HVU:B2) http://postmaster.info.aol.com/errors/421hvub2.html (in reply to end of DATA command))
May 14 23:53:22 vz146 postfix/qmgr[31274]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 14 23:54:19 vz146 postfix/smtp[30598]: 1905860B1EA: host mailin-04.mx.aol.com[64.12.90.34] said: 421 4.2.1 MSG=: (HVU:B2) http://postmaster.info.aol.com/errors/421hvub2.html (in reply to end of DATA command)
May 14 23:54:19 vz146 postfix/smtp[30598]: 1905860B1EA: to=<jbltaz@aol.com>, relay=mailin-01.mx.aol.com[64.12.90.98]:25, delay=1406, delays=1349/55/1.3/0.52, dsn=4.2.1, status=deferred (host mailin-01.mx.aol.com[64.12.90.98] said: 421 4.2.1 MSG=: (HVU:B2) http://postmaster.info.aol.com/errors/421hvub2.html (in reply to end of DATA command))
May 15 00:18:23 vz146 postfix/qmgr[31274]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 15 00:19:32 vz146 postfix/smtp[21927]: 1905860B1EA: host mailin-03.mx.aol.com[64.12.90.97] said: 421 4.2.1 MSG=: (HVU:B2) http://postmaster.info.aol.com/errors/421hvub2.html (in reply to end of DATA command)
May 15 00:19:33 vz146 postfix/smtp[21927]: 1905860B1EA: to=<jbltaz@aol.com>, relay=mailin-02.mx.aol.com[205.188.103.1]:25, delay=2919, delays=2849/68/1.2/0.57, dsn=4.2.1, status=deferred (host mailin-02.mx.aol.com[205.188.103.1] said: 421 4.2.1 MSG=: (HVU:B2) http://postmaster.info.aol.com/errors/421hvub2.html (in reply to end of DATA command))
May 15 01:08:27 vz146 postfix/qmgr[31274]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 15 01:09:41 vz146 postfix/smtp[23223]: 1905860B1EA: host mailin-03.mx.aol.com[64.12.137.169] said: 421 4.2.1 MSG=: (HVU:B2) http://postmaster.info.aol.com/errors/421hvub2.html (in reply to end of DATA command)
May 15 01:09:42 vz146 postfix/smtp[23223]: 1905860B1EA: to=<jbltaz@aol.com>, relay=mailin-02.mx.aol.com[64.12.90.65]:25, delay=5929, delays=5853/74/1.2/0.53, dsn=4.2.1, status=deferred (host mailin-02.mx.aol.com[64.12.90.65] said: 421 4.2.1 MSG=: (HVU:B2) http://postmaster.info.aol.com/errors/421hvub2.html (in reply to end of DATA command))
May 15 02:18:22 vz146 postfix/qmgr[31274]: 1905860B1EA: from=<webmaster@hof-xxx.de>, size=1986, nrcpt=1 (queue active)
May 15 02:19:31 vz146 postfix/smtp[24742]: 1905860B1EA: host mailin-01.mx.aol.com[205.188.59.194] said: 421 4.2.1 MSG=: (HVU:B2) http://postmaster.info.aol.com/errors/421hvub2.html (in reply to end of DATA command)
May 15 02:19:32 vz146 postfix/smtp[24742]: 1905860B1EA: to=<jbltaz@aol.com>, relay=mailin-03.mx.aol.com[205.188.59.193]:25, delay=10119, delays=10048/68/1.4/0.55, dsn=4.2.1, status=deferred (host mailin-03.mx.aol.com[205.188.59.193] said: 421 4.2.1 MSG=: (HVU:B2) http://postmaster.info.aol.com/errors/421hvub2.html (in reply to end of DATA command))
vz146:~#





vz146:~# zgrep 1905860B1EA /var/log/mail.info.6.gz
vz146:~# zgrep 1905860B1EA /var/log/mail.info.7.gz
gzip: /var/log/mail.info.7.gz: No such file or directory
vz146:~#
05-21-2010 12:15 AM
Find all posts by this user
joximu Offline
helper
*****
Moderators

Posts: 7,024
Joined: Jan 2007
Reputation: 92
Post: #26
RE: Server versendet SPAM?!
was fail2ban macht -> goolge mal

also - ich glauibee in der mail.5.gz ist was drin:

zgrep 1905860B1EA /var/log/mail.info.5.gz
May 14 23:30:54 vz146 postfix/pickup[30178]: 1905860B1EA: uid=2005 from=<webmaster@hof-xxx.de>

nun brauchen wir die Zeilen vor dieser...

zgrep "[30178]" /var/log/mail.info.5.gz


/J
05-21-2010 12:17 AM
Visit this user's website Find all posts by this user
izo Offline
Junior Member
*

Posts: 45
Joined: Nov 2009
Reputation: 0
Post: #27
RE: Server versendet SPAM?!
(05-21-2010 12:14 AM)xxo Wrote:  Schaust du dir die Laufzeiten mal an, dein Server ist ganrnicht mehr aktuell aktiv. Das war er (delay=273571) vor 3,16 Tagen. Was du hast, ist der zu versendende Müll, den AOL nicht will. Mach erstmal die postfix queue leer. Tipp: such nach postfix queue leeren.
Dann suchst du, im log vom 17. nach erfolgten, passenden logins.
Tipp: grep "pop3d: LOGIN,"
Login Failed kannst du getrost ignorieren.

Und bitte bemühe die Suchmaschine, dabei kannst du nämlich auch noch was lernen. Es bringt dir nix, einfach stumpf copy&paste zu machen.



vz146:~# postsuper -d ALL
postsuper: Deleted: 28317 messages


Das waren erstmal ne menge...
05-21-2010 12:30 AM
Find all posts by this user
joximu Offline
helper
*****
Moderators

Posts: 7,024
Joined: Jan 2007
Reputation: 92
Post: #28
RE: Server versendet SPAM?!
naja, hoffen wir, dass da nicht auch welche dabei waren, die nicht vom Spammer waren...

und nun gilt es herauszufinden, wie der Mül auf den Server kam....

/J
05-21-2010 12:34 AM
Visit this user's website Find all posts by this user
joximu Offline
helper
*****
Moderators

Posts: 7,024
Joined: Jan 2007
Reputation: 92
Post: #29
RE: Server versendet SPAM?!
also - fürs Protokoll:
auf dem Server sind alte Joomla Installationen, die wurden missbraucht, um PHP-skripte in den images Ordner hochzuladen - und dann wiederum wurden damit Spam versendet.

ich schliesse hier, da es mit ispcp nichts zu tun hat.

Das aktuell-halten von PHP Applikationen gehört zum Job eines Webmasters.

/Joxi
close
(This post was last modified: 05-21-2010 07:43 AM by joximu.)
05-21-2010 07:43 AM
Visit this user's website Find all posts by this user
Thread Closed 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)