SMTP relay?

Czechtony czechtony na strojvimp.cz
Pondělí Leden 7 14:52:02 CET 2008 

Modre odpoledne :-)
Diky za nakopnuti.
Gateway nedelam, nat jsem pro jistotu zrusil.
Vscan je amavisd-new, jede tak nevim.

Odchozi maily jsou opravdu notifikace spamu,
ale nemuzu je zastavit.

V amavisd-conf mam:

# Notify virus sender?
$warnvirussender = 0;   # (defaults to false (undef))

# Notify spam sender?
$warnspamsender = 0;    # (defaults to false (undef))

CzT

--
Dalibor Straka napsal(a):
> Bodre podoledne,
>
> On Mon, Jan 07, 2008 at 08:57:07AM +0100, Czechtony wrote:
>   
>> Zdravim,
>> adresa jednoho z mych serveru se dostala na spamhaus :-(
>> Zkousel jsem relay test z abuse a podle nej jsem v pohode,
>> bohuzel se mi ve fronte zridka objevuje posta jako tato:
>>
>>     
> 1. delate nekomu smtp gatewa?y -> dohledat zlobivce
> 2. dela stroj nekomu nat? -> treba pres nej posilaji spamy
>
>   
>> Jan  7 08:15:05 gate postfix/smtpd[5882]: connect from 
>> 136-124-223-201.adsl.terra.cl[201.223.124.136]
>> Jan  7 08:15:07 gate postfix/smtpd[5882]: D87DBC1F7: 
>> client=136-124-223-201.adsl.terra.cl[201.223.124.136]
>> Jan  7 08:15:12 gate postfix/cleanup[5890]: D87DBC1F7: 
>> message-id=<4d49701c850fd$05a05240$0201a8c
>> 0 na francisc4l24p3>
>> Jan  7 08:15:12 gate postfix/qmgr[2600]: D87DBC1F7: 
>> from=<AngelinetridiagonalGoldman na engadgethd.c
>> om>, size=3164, nrcpt=2 (queue active)
>> Jan  7 08:15:12 gate amavis[6433]: (XX97PKKv) AM.CL 
>> /var/spool/amavis/amavis-XX97PKKv: <Angelinet
>> ridiagonalGoldman na engadgethd.com> -> 
>> <gtczechtony na strojvimp.cz>,<halada na strojvimp.cz>
>> Jan  7 08:15:12 gate amavis[6433]: (XX97PKKv) Checking: 
>> <AngelinetridiagonalGoldman na engadgethd.co
>> m> -> <gtczechtony na strojvimp.cz>,<halada na strojvimp.cz>
>> Jan  7 08:15:12 gate amavis[6433]: (XX97PKKv) spam_scan: hits=7.407 
>> tests=DATE_IN_PAST_06_12,FORG
>> ED_MUA_OUTLOOK,HTML_40_50,HTML_FONT_FACE_ODD,HTML_MESSAGE,NO_STRINGS,OFFERS_ETC
>> Jan  7 08:15:12 gate amavis[6433]: (XX97PKKv) SEND via SMTP: 
>> [127.0.0.1:10025] <Angelinetridiagon
>> alGoldman na engadgethd.com> -> <bordel na strojvimp.cz>
>> Jan  7 08:15:12 gate postfix/smtpd[6865]: connect from 
>> localhost.localdomain[127.0.0.1]
>> Jan  7 08:15:12 gate postfix/smtpd[6865]: B03BAD691: 
>> client=localhost.localdomain[127.0.0.1]
>> Jan  7 08:15:12 gate postfix/cleanup[5889]: B03BAD691: 
>> message-id=<4d49701c850fd$05a05240$0201a8c
>> 0 na francisc4l24p3>
>> Jan  7 08:15:12 gate postfix/qmgr[2600]: B03BAD691: 
>> from=<AngelinetridiagonalGoldman na engadgethd.c
>> om>, size=3765, nrcpt=1 (queue active)
>> Jan  7 08:15:12 gate postfix/smtpd[6865]: disconnect from 
>> localhost.localdomain[127.0.0.1]
>> Jan  7 08:15:12 gate amavis[6433]: (XX97PKKv) SPAM, 
>> <AngelinetridiagonalGoldman na engadgethd.com> -
>>  > <gtczechtony na strojvimp.cz>,<halada na strojvimp.cz>, Yes, hits=7.4 
>> tag1=2.9 tag2=3.7 kill=3.7 test
>> s=DATE_IN_PAST_06_12, FORGED_MUA_OUTLOOK, HTML_40_50, 
>> HTML_FONT_FACE_ODD, HTML_MESSAGE, NO_STRING
>> S, OFFERS_ETC, quarantine 
>> spam-138173aefcfa1854fc2957fc88b32882-20080107-081512-XX97PKKv (bordel@
>> strojvimp.cz)
>> Jan  7 08:15:12 gate amavis[6433]: (XX97PKKv) Not-Delivered, 
>> <AngelinetridiagonalGoldman na engadget
>> hd.com> -> <gtczechtony na strojvimp.cz>,<halada na strojvimp.cz>, quarantine 
>> spam-138173aefcfa1854fc29
>> 57fc88b32882-20080107-081512-XX97PKKv, Message-ID: 
>> <4d49701c850fd$05a05240$0201a8c0 na francisc4l24p
>> 3>, Hits: 7.407
>>
>>     
> Vyse uvedeny log je uplne mimo, protoze se pripojil nejaky zombik 
> 136-124-223-201.adsl.terra.cl[201.223.124.136], poslal spam, amavis ho
> zahodil a znovu.... Posilal ho na spravnou domenu strojvimp.cz, takze
> mu neni co vytknout. Zejmena ne open relay.
>
>   
>> Jan  7 08:15:12 gate postfix/pipe[5978]: D87DBC1F7: 
>> to=<gtczechtony na strojvimp.cz>, relay=vscan, d
>> elay=5, status=bounced (service unavailable)
>>
>>     
> Tady nejak nefunguje vscan
>
>   
>> Jan  7 08:15:13 gate postfix/cleanup[5891]: 06C96D691: 
>> message-id=<20080107071513.06C96D691 na vimpe
>> rk006.ceskynet.cz>
>> Jan  7 08:15:13 gate postfix/qmgr[2600]: 06C96D691: from=<>, size=4969, 
>> nrcpt=1 (queue active)
>> Jan  7 08:15:13 gate postfix/smtpd[5882]: disconnect from 
>> 136-124-223-201.adsl.terra.cl[201.223.1
>> 24.136]
>> Jan  7 08:15:13 gate postfix/smtp[6886]: connect to 
>> mail.weblogsinc.com[206.252.131.157]: Connect
>> ion refused (port 25)
>> Jan  7 08:15:13 gate postfix/smtp[6886]: 06C96D691: 
>> to=<AngelinetridiagonalGoldman na engadgethd.com
>>  >, relay=none, delay=0, status=deferred (connect to 
>> mail.weblogsinc.com[206.252.131.157]: Connect
>> ion refused)
>>     
>
> Tady se mi zda, ze se server snazi dorucit zpravu o zahozeni spamu,
> from=<> to <AngelinetridiagonalGoldman na engadgethd.com>. Pokud se
> nepletu, klepnete se klacikem pres prstiky ;-).
>
> -- Dalibor Straka
> _______________________________________________
> Linux mailing list
> Linux na linux.cz
> http://www.linux.cz/mailman/listinfo/linux
>

Další informace o konferenci Linux