SPAM über meinen Server??

[david04]

Postfix/1und1 root

Hallo!

In der var/log/mail steht u.a. folgendes:

Code: Select all

Jun 16 21:07:08 p15132943 postfix/qmgr[1568]: 91B5311DEEF: from=<qrtyhbnbk@hotmail.com>, size=852, nrcpt=1 (queue active)
Jun 16 21:07:08 p15132943 postfix/qmgr[1568]: 9170E11AA73: from=<baby2@33333.3utilities.com>, size=4648, nrcpt=1 (queue active)
Jun 16 21:07:08 p15132943 postfix/smtp[2447]: 910B2124B58: to=<fanstai@ms15.hinet.net>, relay=ms15a.hinet.net[168.95.5.15], delay=21416, statu
s=sent (250 DAA22054 Message accepted for delivery)
Jun 16 21:07:08 p15132943 postfix/qmgr[1568]: 91816125161: from=<3f9bt.lcte7@yahoo.com>, size=5072, nrcpt=1 (queue active)
Jun 16 21:07:08 p15132943 postfix/smtp[2583]: 910B2124B58: to=<besmed@ms17.hinet.net>, relay=ms17a.hinet.net[168.95.5.17], delay=21416, status
=sent (250 DAA13813 Message accepted for delivery)
Jun 16 21:07:08 p15132943 postfix/qmgr[1568]: 9124F125173: from=<6rvx6.g2kxe@yahoo.com>, size=1352, nrcpt=1 (queue active)
Jun 16 21:07:08 p15132943 postfix/smtp[2536]: 910FF124E8F: to=<kyoko12@pchome.com.tw>, relay=mx.pchome.com.tw[211.20.188.150], delay=21005, st
atus=sent (250 Ok: queued as 7C08E496EC)
Jun 16 21:07:08 p15132943 postfix/smtp[1571]: connect to mx3.mail2000.com.tw[210.200.181.194]: server refused mail service (port 25)
Jun 16 21:07:08 p15132943 postfix/qmgr[1568]: 91C9F11CFD7: from=<baby2@33333.3utilities.com>, size=4635, nrcpt=1 (queue active)
Jun 16 21:07:09 p15132943 postfix/smtp[2599]: 9137B11F38C: to=<bowerslm@aol.com>, relay=mailin-03.mx.aol.com[64.12.137.152], delay=24496, stat
us=sent (250 OK)
Jun 16 21:07:09 p15132943 postfix/qmgr[1568]: 91C7411BC5B: from=<m2eer.c7si0@yahoo.com>, size=1370, nrcpt=1 (queue active)
Jun 16 21:07:09 p15132943 postfix/smtp[2586]: DB0A611EA0D: to=<neo001@hotmail.com>, relay=mx1.hotmail.com[65.54.254.129], delay=24101, status=
sent (250  <20030616122528.DB0A611EA0D@p15132943.pureserver.info> Queued mail for delivery)
Jun 16 21:07:09 p15132943 postfix/smtp[2435]: 910B2124B58: to=<eduardo@ms9.hinet.net>, relay=ms9a.hinet.net[168.95.5.9], delay=21417, status=s
ent (250 DAA18820 Message accepted for delivery)
Jun 16 21:07:09 p15132943 postfix/qmgr[1568]: 91B4B11BED8: from=<baby2@33333.3utilities.com>, size=4631, nrcpt=1 (queue active)
Jun 16 21:07:09 p15132943 postfix/qmgr[1568]: 918FB119D8B: from=<66ra0.qc1o1@hotmail.com>, size=7629, nrcpt=10 (queue active)
Jun 16 21:07:09 p15132943 postfix/qmgr[1568]: 918FB119D8B: to=<liandy@ms27.hinet.net>, relay=none, delay=28685, status=deferred (connect to ms
27a.hinet.net[168.95.5.27]: server refused mail service)
Jun 16 21:07:09 p15132943 postfix/smtp[1571]: connect to mx2.mail2000.com.tw[210.200.181.193]: server refused mail service (port 25)
Jun 16 21:07:09 p15132943 postfix/smtp[1571]: 6EF0D11BA54: to=<dlf99@mail2000.com.tw>, relay=none, delay=31372, status=deferred (connect to mx
2.mail2000.com.tw[210.200.181.193]: server refused mail service)
Jun 16 21:07:09 p15132943 postfix/smtp[2470]: 9176E124E89: to=<p05y50@ms36.hinet.net>, relay=ms36a.hinet.net[168.95.5.36], delay=21013, status
=sent (250 DAA19195 Message accepted for delivery)

versucht da jemand über meinen server zu senden? was muss ich einstellen (newbie), damit sowas nicht passiert??

Grüße
DAviD

[sid]

:!: :!: :!: :!: :!:

SCHALTE ERSTMAL GANZ SCHNELL POSTFIX AB:

RCPOSTFIX STOP

du wirst mit sicherheit bald richtig aeger mit 1&1 bekommen ...

ich kenne deine konfig jetzt nicht, aber du wirst nach strich und faden (UND DAS KOSTET AUCH NOCH TRAFFIK) missbraucht!!!!!!!!!

sid.

[david04]

postfix gestoppt

was brauchst du aus welcher konfiguration??

[alrad]

Da 1&1 Root-Server von Haus aus keine Open-Relays sind, ergibt sich die Frage: Was hast du an der Postfix-Konfiguration geändert.

Gruß
Albert

[david04]

ich hatte das "relay access denied" problem, weil bat! keine mails mehr senden wollte und einige nicht angekommen sind. geändert hab ich nichts (ausser einigen anleitungen hier ausm forum).

mailman hab ich installiert (geht aber nicht) und ich bekomm es nicht deinstalliert (+python)

[kase]

ich hatte das "relay access denied" problem

Und als du das behoben hast, hast du deinen Mail-Server für die Welt des Internets freigegeben.

Kenne leider postfix nicht, benutz Exim, kann dir deshalb keine weiteren Tipps geben. Interessant wäre sicherlich, was GENAU du geändert hast.

[adjustman]

da hilft nur postconf zeigen

[david04]

http://www.treasurechest.de/main.cf

hier die main.cf

[kase]

Kenn mich wie gesagt mit Postfix nicht aus, aber ich glaube, hier hast du ein kommentarzeichen vergessen zu entfernen...

#relayhost = $mydomain

Aber warte erstma, was Postfix Kenner sagen.

[kahler]

Dir fehlt eine Reject Rule in smtpd_recipient_restrictions würde ich sagen.
Einfach am Ende der Zeile ein , reject_unauth_destination anfügen und dann sollte es funktionieren...

...Dann mittels http://www.ordb.org/ kontrollieren, ob es funktioniert hat. Sonst Postfix wieder abstellen und nochmal melden.

[david04]

jetzt kommt das:

Code: Select all

Jun 17 07:54:05 p15132943 postfix/qmgr[8427]: C60C811B604: from=<>, size=3912, nrcpt=1 (queue active)
Jun 17 07:54:05 p15132943 postfix/qmgr[8427]: 51B88119954: from=<>, size=4868, nrcpt=1 (queue active)
Jun 17 07:54:05 p15132943 postfix/qmgr[8427]: C6B0911ADB4: from=<>, size=3293, nrcpt=1 (queue active)
Jun 17 07:54:05 p15132943 postfix/qmgr[8427]: 51A3611C7D3: from=<lkoko.zsw7p@yahoo.com>, size=2142, nrcpt=1 (queue active)
Jun 17 07:54:05 p15132943 postfix/qmgr[8427]: C6336118AAF: from=<>, size=8284, nrcpt=1 (queue active)
Jun 17 07:54:05 p15132943 postfix/qmgr[8427]: 515DA1183B9: from=<>, size=4609, nrcpt=1 (queue active)
Jun 17 07:54:05 p15132943 postfix/qmgr[8427]: C60B311C7E0: from=<>, size=3160, nrcpt=1 (queue active)
Jun 17 07:54:05 p15132943 postfix/qmgr[8427]: 518D5118EE0: from=<houselj@yahoo.co.jp>, size=2918, nrcpt=1 (queue active)
Jun 17 07:54:05 p15132943 postfix/qmgr[8427]: C6F1211CE05: from=<>, size=3304, nrcpt=1 (queue active)
Jun 17 07:54:05 p15132943 postfix/qmgr[8427]: 517B611ABF8: from=<>, size=4943, nrcpt=1 (queue active)
Jun 17 07:54:05 p15132943 postfix/qmgr[8427]: C60D111CA47: from=<>, size=9643, nrcpt=1 (queue active)
Jun 17 07:54:05 p15132943 postfix/qmgr[8427]: 51DEF11A80D: from=<steven@anc5.sytes.net>, size=1670, nrcpt=8 (queue active)
Jun 17 07:54:05 p15132943 postfix/qmgr[8427]: C687B11BE96: from=<>, size=13214, nrcpt=1 (queue active)
Jun 17 07:54:05 p15132943 postfix/qmgr[8427]: 5117511814D: from=<lamcrystal@imailbox.com>, size=1392, nrcpt=1 (queue active)
Jun 17 07:54:05 p15132943 postfix/qmgr[8427]: C67F011CCA2: from=<>, size=4887, nrcpt=1 (queue active)
Jun 17 07:54:05 p15132943 postfix/qmgr[8427]: 516F9118253: from=<>, size=4812, nrcpt=1 (queue active)
Jun 17 07:54:05 p15132943 postfix/qmgr[8427]: C601C118C4B: from=<>, size=3300, nrcpt=1 (queue active)
Jun 17 07:54:05 p15132943 postfix/qmgr[8427]: 5166C11B35F: from=<cat@anc5.sytes.net>, size=1661, nrcpt=3 (queue active)
Jun 17 07:54:05 p15132943 postfix/qmgr[8427]: C6A1C11CF5C: from=<>, size=5460, nrcpt=1 (queue active)
Jun 17 07:54:05 p15132943 postfix/qmgr[8427]: 51B431188DF: from=<janet@217.160.210.161>, size=4024, nrcpt=6 (queue active)
Jun 17 07:54:05 p15132943 postfix/qmgr[8427]: C652711D626: from=<>, size=3041, nrcpt=1 (queue active)
Jun 17 07:54:05 p15132943 postfix/qmgr[8427]: 515FB11ACB2: from=<anni@anc5.sytes.net>, size=1660, nrcpt=10 (queue active)
Jun 17 07:54:05 p15132943 postfix/qmgr[8427]: C666811B831: from=<>, size=3669, nrcpt=1 (queue active)
Jun 17 07:54:05 p15132943 postfix/qmgr[8427]: 51D1311B0B1: from=<victor@anc5.sytes.net>, size=1662, nrcpt=4 (queue active)
Jun 17 07:54:05 p15132943 postfix/qmgr[8427]: C631211BD0A: from=<>, size=3113, nrcpt=1 (queue active)
Jun 17 07:54:05 p15132943 postfix/qmgr[8427]: 516B0118AAC: from=<janet@217.160.210.161>, size=4058, nrcpt=6 (queue active)
Jun 17 07:54:05 p15132943 postfix/qmgr[8427]: C94A511B04A: from=<>, size=6452, nrcpt=1 (queue active)
Jun 17 07:54:05 p15132943 postfix/qmgr[8427]: 513351185A1: from=<>, size=3134, nrcpt=1 (queue active)
Jun 17 07:54:05 p15132943 postfix/qmgr[8427]: C9C8511D088: from=<>, size=3016, nrcpt=1 (queue active)
Jun 17 07:54:05 p15132943 postfix/qmgr[8427]: 517601185B4: from=<>, size=4751, nrcpt=1 (queue active)
Jun 17 07:54:05 p15132943 postfix/qmgr[8427]: C9199118E62: from=<>, size=11077, nrcpt=1 (queue active)
Jun 17 07:54:05 p15132943 postfix/qmgr[8427]: 5174C11838F: from=<>, size=4667, nrcpt=1 (queue active)
Jun 17 07:54:05 p15132943 postfix/qmgr[8427]: C939F119D39: from=<>, size=3688, nrcpt=1 (queue active)
Jun 17 07:54:05 p15132943 postfix/qmgr[8427]: 51430118796: from=<janet@217.160.210.161>, size=4057, nrcpt=6 (queue active)
Jun 17 07:54:05 p15132943 postfix/qmgr[8427]: C976211C3D4: from=<>, size=3922, nrcpt=1 (queue active)
Jun 17 07:54:05 p15132943 postfix/qmgr[8427]: 515E411B95F: from=<9nd91.a0jn1@yahoo.com>, size=1337, nrcpt=1 (queue active)
Jun 17 07:54:05 p15132943 postfix/qmgr[8427]: C9F06118F68: from=<>, size=3031, nrcpt=1 (queue active)

[david04]

Code: Select all

Jun 17 08:28:38 p15132943 postfix/qmgr[8750]: 4A8D7119E3F: to=<eka@ms16.hinet.net>, relay=none, delay=76092, status=deferred (
connect to ms16a.hinet.net[168.95.5.16]: Connection refused)
Jun 17 08:28:38 p15132943 postfix/qmgr[8750]: 4A8D7119E3F: to=<henrysoo@ms49.hinet.net>, relay=none, delay=76092, status=defer
red (connect to ms49a.hinet.net[168.95.5.49]: server refused mail service)
Jun 17 08:28:38 p15132943 postfix/smtp[8817]: A97E911D059: to=<wbv8m.xpvf3@yahoo.com>, relay=mx2.mail.yahoo.com[64.156.215.5],
 delay=41624, status=bounced (host mx2.mail.yahoo.com[64.156.215.5] said: 554 delivery error: dd This user doesn't have a yaho
o.com account (wbv8m.xpvf3@yahoo.com) [0] - mta151.mail.scd.yahoo.com)
Jun 17 08:28:38 p15132943 postfix/smtp[8773]: 7292E119941: to=<abe.goto@yahoo.com.tw>, relay=mx1.mail.tw.yahoo.com[202.1.238.2
48], delay=87892, status=deferred (host mx1.mail.tw.yahoo.com[202.1.238.248] said: 421 VS5-MF Excessive unknown recipients - p
ossible Open Relay http://help.yahoo.com/help/us/mail/spam/spam-18.html (#4.4.5))
Jun 17 08:28:38 p15132943 postfix/smtp[8773]: 7292E119941: to=<oupondre@yahoo.com.tw>, relay=mx1.mail.tw.yahoo.com[202.1.238.2
48], delay=87892, status=deferred (host mx1.mail.tw.yahoo.com[202.1.238.248] said: 421 VS5-MF Excessive unknown recipients - p
ossible Open Relay http://help.yahoo.com/help/us/mail/spam/spam-18.html (#4.4.5))
Jun 17 08:28:38 p15132943 postfix/smtp[8773]: 7292E119941: to=<abe.goto@yahoo.com.tw>, relay=mx1.mail.tw.yahoo.com[202.1.238.2
48], delay=87892, status=deferred (lost connection with mx1.mail.tw.yahoo.com[202.1.238.248] while sending RCPT TO)
Jun 17 08:28:38 p15132943 postfix/smtp[8773]: 7292E119941: to=<oupondre@yahoo.com.tw>, relay=mx1.mail.tw.yahoo.com[202.1.238.2
48], delay=87892, status=deferred (lost connection with mx1.mail.tw.yahoo.com[202.1.238.248] while sending RCPT TO)
Jun 17 08:28:38 p15132943 postfix/qmgr[8750]: 4A5F611DC41: from=<>, size=4547, nrcpt=1 (queue active)
Jun 17 08:28:39 p15132943 postfix/qmgr[8750]: C6B95119BDB: from=<ty4m3.kgq4x@yahoo.com>, size=5038, nrcpt=3 (queue active)
Jun 17 08:28:39 p15132943 postfix/qmgr[8750]: C6B95119BDB: to=<950l@yam.com>, relay=none, delay=86021, status=deferred (connec
t to mx3.yam.com[211.72.254.214]: read timeout)
Jun 17 08:28:39 p15132943 postfix/smtp[8787]: A9F3311BF8A: to=<3c7gz.ud2yd@yahoo.com>, relay=mx2.mail.yahoo.com[64.156.215.5],
 delay=40732, status=bounced (host mx2.mail.yahoo.com[64.156.215.5] said: 554 delivery error: dd This user doesn't have a yaho
o.com account (3c7gz.ud2yd@yahoo.com) [0] - mta102.mail.scd.yahoo.com)

ich hab den Vorschlag von Kahler befolgt, geändert hat sich nichts?!?

Postfix wieder gestoppt!!!