ich bekomme in der letzten Zeit häufiger Emails an eine Email-Adresse meines rooties. Hier mal ein Auszug.
arutha@geänderte-domain.de ist mein eigene Adresse, die Domain habe ich verändert.
Das komische daran ist nur, ich habe dort niemals eine Email, erst recht nicht eine mit solchem Inhalt, hingeschickt... Ich habe mal qmail fett hervor gehoben. Das benutze ich nicht, sondern Postfix (1&1-Rootie in Standardkonfiguration)This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
digichaos@01019freenet.de
mailbox is full
------ This is a copy of the message, including all the headers. ------
Return-path: <arutha@geänderte-domain.de>
Received: from [194.97.55.148] (helo=mx5.freenet.de)
by mbox59.freenet.de with asmtp (ID exim) (Exim 4.31 #5)
id 1BRybZ-00068l-Aw
for digichaos@01019freenet.de; Sun, 23 May 2004 21:25:53 +0200
Received: from port-212-202-5-250.reverse.qsc.de ([212.202.5.250] helo=arutha.de)
by mx5.freenet.de with smtp (Exim 4.33 #3)
id 1BRybW-0006Lf-FQ; Sun, 23 May 2004 21:25:53 +0200
From: arutha@geänderte-domain.de
To: many-mailers@freenet.de
Date: Sun, 23 May 2004 19:00:53 UTC
Subject: Hier für dich^^
Importance: Normal
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
Message-ID: <76980bd2d24790.c6cfd.qmail@geänderte-domain.de>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=c0fab7.4be84e853f6b2d6c6b3"
Content-Transfer-Encoding: 7bit
Delivered-To: digichaos@freenet.de
Envelope-to: digichaos@freenet.de
X-Warning: Malware found (Worm.Sober.G).
This is a multi-part message in MIME format.
--=c0fab7.4be84e853f6b2d6c6b3
Hey alles klar? Hier sind die Tools die du haben wolltest!
Viel Spaß damit ;)
Cu!
+-+-+ X-Attachment_Scanner: NO VIRUS
+-+-+ FREENET- AntiVirus Service
+-+-+ http://www.freenet.de
--=c0fab7.4be84e853f6b2d6c6b3
Content-Type: application/octet-stream; name=Tools9967.zip
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Tools9967.zip"
In meinen Logfiles finde ich folgendes:
Code: Select all
May 23 21:25:53 p12345678 postfix/smtpd[28573]: connect from mout1.freenet.de[194.97.50.132]
May 23 21:25:53 p12345678 postfix/smtpd[28571]: D6996C0010A: client=mout2.freenet.de[194.97.50.155]
May 23 21:25:53 p12345678 postfix/smtpd[28573]: setting up TLS connection from mout1.freenet.de[194.97.50.132]
May 23 21:25:53 p12345678 postfix/smtpd[28575]: connect from mout2.freenet.de[194.97.50.155]
May 23 21:25:53 p12345678 postfix/cleanup[28574]: D6996C0010A: message-id=<E1BRybZ-00068q-G6@mbox59.freenet.de>
May 23 21:25:53 p12345678 postfix/smtpd[28575]: setting up TLS connection from mout2.freenet.de[194.97.50.155]
May 23 21:25:53 p12345678 postfix/smtpd[28573]: TLS connection established from mout1.freenet.de[194.97.50.132]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
May 23 21:25:54 p12345678 postfix/qmgr[28292]: D6996C0010A: from=<>, size=71110, nrcpt=1 (queue active)
May 23 21:25:54 p12345678 postfix/smtpd[28573]: 01C13C02712: client=mout1.freenet.de[194.97.50.132]
May 23 21:25:54 p12345678 postfix/cleanup[28574]: 01C13C02712: message-id=<E1BRybZ-0005G3-GE@mbox65.freenet.de>
May 23 21:25:54 p12345678 postfix/smtpd[28575]: TLS connection established from mout2.freenet.de[194.97.50.155]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
May 23 21:25:54 p12345678 postfix/qmgr[28292]: 01C13C02712: from=<>, size=71100, nrcpt=1 (queue active)
May 23 21:25:54 p12345678 postfix/smtpd[28575]: 18A33C02713: client=mout2.freenet.de[194.97.50.155]
May 23 21:25:54 p12345678 spamd[764]: connection from localhost.localdomain [127.0.0.1] at port 34337
May 23 21:25:54 p12345678 postfix/cleanup[28577]: 18A33C02713: message-id=<E1BRybZ-00066z-LG@mbox61.freenet.de>
May 23 21:25:54 p12345678 postfix/qmgr[28292]: 18A33C02713: from=<>, size=71095, nrcpt=1 (queue active)
May 23 21:25:54 p12345678 spamd[28584]: processing message <E1BRybZ-00068q-G6@mbox59.freenet.de> for web2p1:104.
May 23 21:25:54 p12345678 spamd[764]: connection from localhost.localdomain [127.0.0.1] at port 34338
May 23 21:25:54 p12345678 spamd[28588]: processing message <E1BRybZ-0005G3-GE@mbox65.freenet.de> for web2p1:104.
May 23 21:25:54 p12345678 postfix/smtpd[28571]: disconnect from mout2.freenet.de[194.97.50.155]
May 23 21:25:55 p12345678 postfix/smtpd[28573]: disconnect from mout1.freenet.de[194.97.50.132]
May 23 21:25:57 p12345678 spamd[28584]: clean message (1.7/5.0) for web2p1:104 in 3.1 seconds, 70305 bytes.
May 23 21:25:57 p12345678 postfix/local[28578]: D6996C0010A: to=<web2p1@p12345678.pureserver.info>, orig_to=<arutha@geänderte-domain.de>, relay=local, delay=4, status=sent ("|/usr/bin/procmail")
May 23 21:25:57 p12345678 spamd[764]: connection from localhost.localdomain [127.0.0.1] at port 34341
May 23 21:25:57 p12345678 spamd[28593]: processing message <E1BRybZ-00066z-LG@mbox61.freenet.de> for web2p1:104.
May 23 21:25:57 p12345678 spamd[28588]: clean message (1.7/5.0) for web2p1:104 in 3.7 seconds, 70295 bytes.
May 23 21:25:57 p12345678 postfix/local[28580]: 01C13C02712: to=<web2p1@p12345678.pureserver.info>, orig_to=<arutha@geänderte-domain.de>, relay=local, delay=3, status=sent ("|/usr/bin/procmail")
May 23 21:25:59 p12345678 spamd[28593]: clean message (1.7/5.0) for web2p1:104 in 1.9 seconds, 70290 bytes.
May 23 21:25:59 p12345678 postfix/local[28578]: 18A33C02713: to=<web2p1@p12345678.pureserver.info>, orig_to=<arutha@geänderte-domain.de>, relay=local, delay=5, status=sent ("|/usr/bin/procmail")
May 23 21:26:22 p12345678 postfix/smtpd[28575]: disconnect from mout2.freenet.de[194.97.50.155]