ich hoffe dass ich in diesem Forum weiterkomme :) Ich suche seit vielleicht einem halben Jahr nach der Spam-Quelle auf meinem (virtuellen) Server (Ubuntu 8.04.4 LTS).
Bemerkt habe ich mein Problem, als es mit folgenden Mails losging:
Schließlich hat mein Hoster mich dazu aufgefordert, das Spamproblem in den Griff zu bekommen, da sonst mein Server abgeschaltet werden müsste. Seit 4 Wochen suche ich nun intensiv nach dem Problem.I tried to deliver a bounce message to this address, but the bounce bounced!
Was ich bisher gemacht habe: Zunächst habe ich sämtliche Passwörter ausgetauscht.
Danach unter anderem einen Mailwrapper http://kb.parallels.com/en/1711/?show_at=de erstellt, der alle PHP-Mailer-Funktionen loggen sollte. In diesem Log erschien unter den geloggten Mails jedoch nie Spam. Scheint also nicht der Grund zu sein.
Laut http://www.mailradar.com/openrelay/ ist Open Relay auf meiner IP geschlossen.
Zudem fehlte etwa eine Woche die Datei /var/qmail/bin/sendmail. In dieser Zeit gab es keine Probleme mit Spam. Natürlich konnte ich auch keine eigenen Mails verschicken.
http://multirbl.valli.org/ sieht meinen Server derzeit auf 9 Blacklists.
Zunächst einmal ein Beispiel einer Bounce-Mail, wie ich sie immer wieder bekomme:
Code: Select all
Hi. This is the qmail-send program at lvpsxx-xxx-xx-xxx.dedicated.hosteurope.de.
I tried to deliver a bounce message to this address, but the bounce bounced!
<levitro.med@geekinventions.com>:
Sorry, I couldn't find a mail exchanger or IP address. (#5.4.4)
--- Below this line is the original bounce.
Return-Path: <>
Received: (qmail 16107 invoked for bounce); 5 Jan 2013 14:32:45 +0100
Date: 5 Jan 2013 14:32:45 +0100
From: MAILER-DAEMON@lvpsxx-xxx-xx-xxx.dedicated.hosteurope.de
To: levitro.med@geekinventions.com
Subject: failure notice
Hi. This is the qmail-send program at lvpsxx-xxx-xx-xxx.dedicated.hosteurope.de.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.
<michel.pucolhn@wanadoo.com>:
Sorry. Although I'm listed as a best-preference MX or A for that host,
it isn't in my control/locals file, so I don't treat it as local. (#5.4.6)
--- Below this line is a copy of the message.
Return-Path: <levitro.med@geekinventions.com>
Received: (qmail 16103 invoked from network); 5 Jan 2013 14:32:45 +0100
Received: from localhost (HELO server.meinedomain.com) (127.0.0.1)
by localhost with SMTP; 5 Jan 2013 14:32:45 +0100
Date: Sat, 5 Jan 2013 14:32:45 +0100
To: michel.pucolhn@wanadoo.com
From: "Levitro Med" <levitro.med@geekinventions.com>
Subject: Personal 73% OFF, ready land once
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="UTF-8"Code: Select all
Email from xx.xxx.xx.xxx / Wed, 12 Dec 2012 12:53:13 +0000
http://www.spamcop.net/w3m?i=z589024697 ... 6e303c9fcz
[ Offending message ]
Return-Path: <viogra.online4@logopak.com>
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on
alpha.netlink-dns.com
X-Spam-Level: **********
X-Spam-Status: Yes, score=11.0 required=5.0 tests=BAYES_99,
RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,URIBL_BLACK,
URIBL_JP_SURBL,URIBL_WS_SURBL autolearn=no version=3.2.5
X-Spam-Report:
* 2.0 URIBL_BLACK Contains an URL listed in the URIBL blacklist
* [URIs: medicdegre.ru]
* 1.5 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist
* [URIs: medicdegre.ru]
* 1.5 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
* [URIs: medicdegre.ru]
* 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
* [score: 1.0000]
* 1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
* above 50%
* [cf: 100]
* 0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
* 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
* [cf: 100]
X-Original-To: catch@spamtrap.cc
Delivered-To: web1p1@alpha.netlink-dns.com
Received: from server.meinedomain.com (server.meinedomain.com [xx.xxx.xx.xxx])
by alpha.netlink-dns.com (Postfix) with ESMTP id AB85291D
for <catch@spamtrap.cc>; Wed, 12 Dec 2012 12:53:13 +0000 (GMT)
Date: Wed, 12 Dec 2012 13:53:13 +0100
To: catch@spamtrap.cc
From: "Viogra Online" <viogra.online4@logopak.com>
Subject: *****SPAM***** Discount 69% OFF, bishop aedituus tuffs
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="UTF-8"
Message-Id: <20121212125313.AB85291D@alpha.netlink-dns.com>
X-Spam-Prev-Subject: Discount 69% OFF, bishop aedituus tuffsCode: Select all
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx /var/qmail/bin/relaylock[8070]: /var/qmail/bin/relaylock: mail from 127.0.0.1:33703 (localhost)
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail-queue-handlers[8072]: Handlers Filter before-queue for qmail started ...
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail-queue-handlers[8072]: from=levitra-soft.med64@tebl.com
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail-queue-handlers[8072]: to=quintell416@verizonmail.com
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx spf filter[8074]: Starting spf filter...
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail: 1358189315.444378 new msg 14486707
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail: 1358189315.444444 info msg 14486707: bytes 1285 from <levitra-soft.med64@tebl.com> qp 8075 uid 2020
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail-remote-handlers[8076]: Handlers Filter before-remote for qmail started ...
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail: 1358189315.740341 starting delivery 39: msg 14486707 to remote quintell416@verizonmail.com
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail: 1358189315.740408 status: local 0/10 remote 1/20
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail-remote-handlers[8076]: from=levitra-soft.med64@tebl.com
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail-remote-handlers[8076]: to=quintell416@verizonmail.com
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail-queue-handlers[8077]: Handlers Filter before-queue for qmail started ...
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail: 1358189315.750451 delivery 39: failure: Sorry._Although_I'm_listed_as_a_best-preference_MX_or_A_for_that_host,/it_isn't_in_my_control/locals_file,_so_I_don't_treat_it_as_local._(#5.4.6)/
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail: 1358189315.750507 status: local 0/10 remote 0/20
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail-queue-handlers[8077]: from=
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail-queue-handlers[8077]: to=levitra-soft.med64@tebl.com
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail-queue-handlers[8077]: Unable to get sender domain by sender mailname
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail-queue-handlers[8077]: Unable to get sender domain by sender mailname
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx spf filter[8079]: Starting spf filter...
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail: 1358189315.766871 bounce msg 14486707 qp 8077
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail: 1358189315.766930 end msg 14486707
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail: 1358189315.767310 new msg 14486887
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail: 1358189315.767385 info msg 14486887: bytes 2002 from <> qp 8080 uid 2522
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail-remote-handlers[8081]: Handlers Filter before-remote for qmail started ...
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail: 1358189315.774797 starting delivery 40: msg 14486887 to remote levitra-soft.med64@tebl.com
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail: 1358189315.774857 status: local 0/10 remote 1/20
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail-remote-handlers[8081]: from=postmaster@lvpsxx-xxx-xx-xxx.dedicated.hosteurope.de
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail-remote-handlers[8081]: to=levitra-soft.med64@tebl.com
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail-remote-handlers[8081]: Unable to get sender domain by sender mailname
Jan 14 19:48:37 lvpsxx-xxx-xx-xxx qmail: 1358189317.068215 delivery 40: success: 217.33.37.242_accepted_message./Remote_host_said:_250_2.0.0_r0EJ436s027434_Message_accepted_for_delivery/
Jan 14 19:48:37 lvpsxx-xxx-xx-xxx qmail: 1358189317.068381 status: local 0/10 remote 0/20
Jan 14 19:48:37 lvpsxx-xxx-xx-xxx qmail: 1358189317.068453 end msg 14486887Code: Select all
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx /var/qmail/bin/relaylock[8070]: /var/qmail/bin/relaylock: mail from 127.0.0.1:33703 (localhost)
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail-queue-handlers[8072]: Handlers Filter before-queue for qmail started ...
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail-queue-handlers[8072]: from=levitra-soft.med64@tebl.com
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail-queue-handlers[8072]: to=quintell416@verizonmail.com
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail-queue-handlers[8072]: handlers_stderr: SKIP
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail-queue-handlers[8072]: SKIP during call 'check-quota' handler
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx spf filter[8074]: Starting spf filter...
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail-queue-handlers[8072]: handlers_stderr: SKIP
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail-queue-handlers[8072]: SKIP during call 'spf' handler
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail: 1358189315.444378 new msg 14486707
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail: 1358189315.444444 info msg 14486707: bytes 1285 from <levitra-soft.med64@tebl.com> qp 8075 uid 2020
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail-queue-handlers[8072]: starter: submitter[8075] exited normally
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail-remote-handlers[8076]: Handlers Filter before-remote for qmail started ...
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail: 1358189315.740341 starting delivery 39: msg 14486707 to remote quintell416@verizonmail.com
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail: 1358189315.740408 status: local 0/10 remote 1/20
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail-remote-handlers[8076]: from=levitra-soft.med64@tebl.com
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail-remote-handlers[8076]: to=quintell416@verizonmail.com
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail-queue-handlers[8077]: Handlers Filter before-queue for qmail started ...
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail: 1358189315.750451 delivery 39: failure: Sorry._Although_I'm_listed_as_a_best-preference_MX_or_A_for_that_host,/it_isn't_in_my_control/locals_file,_so_I_don't_treat_it_as_local._(#5.4.6)/
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail: 1358189315.750507 status: local 0/10 remote 0/20
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail-queue-handlers[8077]: from=
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail-queue-handlers[8077]: to=levitra-soft.med64@tebl.com
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail-queue-handlers[8077]: Unable to get sender domain by sender mailname
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail-queue-handlers[8077]: Unable to get sender domain by sender mailname
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail-queue-handlers[8077]: handlers_stderr: SKIP
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail-queue-handlers[8077]: SKIP during call 'check-quota' handler
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx spf filter[8079]: Starting spf filter...
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail-queue-handlers[8077]: handlers_stderr: SKIP
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail-queue-handlers[8077]: SKIP during call 'spf' handler
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail-queue-handlers[8077]: starter: submitter[8080] exited normally
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail: 1358189315.766871 bounce msg 14486707 qp 8077
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail: 1358189315.766930 end msg 14486707
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail: 1358189315.767310 new msg 14486887
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail: 1358189315.767385 info msg 14486887: bytes 2002 from <> qp 8080 uid 2522
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail-remote-handlers[8081]: Handlers Filter before-remote for qmail started ...
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail: 1358189315.774797 starting delivery 40: msg 14486887 to remote levitra-soft.med64@tebl.com
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail: 1358189315.774857 status: local 0/10 remote 1/20
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail-remote-handlers[8081]: from=postmaster@lvpsxx-xxx-xx-xxx.dedicated.hosteurope.de
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail-remote-handlers[8081]: to=levitra-soft.med64@tebl.com
Jan 14 19:48:35 lvpsxx-xxx-xx-xxx qmail-remote-handlers[8081]: Unable to get sender domain by sender mailname
Jan 14 19:48:37 lvpsxx-xxx-xx-xxx qmail: 1358189317.068215 delivery 40: success: 217.33.37.242_accepted_message./Remote_host_said:_250_2.0.0_r0EJ436s027434_Message_accepted_for_delivery/
Jan 14 19:48:37 lvpsxx-xxx-xx-xxx qmail: 1358189317.068381 status: local 0/10 remote 0/20
Jan 14 19:48:37 lvpsxx-xxx-xx-xxx qmail: 1358189317.068453 end msg 14486887Wie kann ich herausfinden, wo der Fehler liegt, oder wie kann ich ihn zumindest eingrenzen?
Ich bin für jede Hilfe dankbar!
Viele Grüße
Martin
