Bitte um Hilfe bei Relay-Lückenfindung

[Anonymous]

Hallo,

eigentlich kann man über meinen Suse mit Plesk nur mittels SMTP-Auth Mails verschicken, zumindest dachte ich das.

Aus dem Maillog weiss ich, dass Mails verschickt werden die nicht verschickt werden sollten:

Jun 11 15:28:45 p12345678 qmail: 1181568525.829302 info msg 20992393: bytes 8536 from <#@[]> qp 27483 uid 2522
Jun 11 15:28:45 p12345678 qmail: 1181568525.837374 starting delivery 557: msg 20992393 to remote postmaster@p12345678.pureserver.info
Jun 11 15:28:45 p12345678 qmail: 1181568525.837646 status: local 0/10 remote 3/20
Jun 11 15:28:45 p12345678 qmail: 1181568525.844307 delivery 557: failure: Sorry._Although_I'm_listed_as_a_best-preference_MX_or_A_for_that_host,/it_isn't_in_my_control/locals_file,_so_I_don't_treat_it_as_local._(#5.4.6)/
Jun 11 15:28:45 p12345678 qmail: 1181568525.844900 status: local 0/10 remote 2/20
Jun 11 15:28:45 p12345678 qmail: 1181568525.845087 triple bounce: discarding bounce/20992393
Jun 11 15:28:45 p12345678 qmail: 1181568525.845174 end msg 20992393
Jun 11 15:28:47 p12345678 qmail: 1181568527.845707 warning: trouble opening remote/8/20992407; will try again later
Jun 11 15:28:47 p12345678 qmail: 1181568527.845803 starting delivery 558: msg 20992406 to remote huwei12345@sohu.com
Jun 11 15:28:47 p12345678 qmail: 1181568527.845816 status: local 0/10 remote 3/20
Jun 11 15:28:47 p12345678 qmail: 1181568527.854318 delivery 558: deferral: Sorry,_I_wasn't_able_to_establish_an_SMTP_connection._(#4.4.1)/
Jun 11 15:28:47 p12345678 qmail: 1181568527.854411 status: local 0/10 remote 2/20
Jun 11 15:28:49 p12345678 qmail: 1181568529.854244 warning: trouble opening remote/8/20992545; will try again later
Jun 11 15:28:54 p12345678 qmail: 1181568534.860265 warning: trouble opening remote/13/20980498; will try again later
Jun 11 15:28:57 p12345678 qmail: 1181568537.246475 starting delivery 559: msg 20992523 to remote antonic_7@sohu.com
Jun 11 15:28:57 p12345678 qmail: 1181568537.246640 status: local 0/10 remote 3/20
Jun 11 15:28:57 p12345678 qmail: 1181568537.246653 new msg 20992561
Jun 11 15:28:57 p12345678 qmail: 1181568537.246665 info msg 20992561: bytes 8147 from <> qp 27482 uid 2020
Jun 11 15:28:57 p12345678 qmail: 1181568537.263972 starting delivery 560: msg 20992561 to remote wema990308@tom.com
Jun 11 15:28:57 p12345678 qmail: 1181568537.264066 status: local 0/10 remote 4/20
Jun 11 15:28:57 p12345678 qmail: 1181568537.346810 delivery 559: deferral: Sorry,_I_wasn't_able_to_establish_an_SMTP_connection._(#4.4.1)/
Jun 11 15:28:57 p12345678 qmail: 1181568537.346905 status: local 0/10 remote 3/20
Jun 11 15:29:01 p12345678 qmail: 1181568541.346275 starting delivery 561: msg 20992395 to remote huxiaobao19840421@yahoo.com.cn
Jun 11 15:29:01 p12345678 qmail: 1181568541.346388 status: local 0/10 remote 4/20
Jun 11 15:29:02 p12345678 qmail: 1181568542.064288 delivery 561: deferral: Connected_to_202.43.216.28_but_greeting_failed./Remote_host_said:_421_Message_from_(82.165.28.150)_temporarily_deferred_-_4.16.50._Please_refer_to_http://help.yahoo.com/help/us/mail/defer/defer-06.html/
Jun 11 15:29:02 p12345678 qmail: 1181568542.064390 status: local 0/10 remote 3/20
Jun 11 15:29:03 p12345678 qmail: 1181568543.778844 delivery 560: success: 202.108.255.210_accepted_message./Remote_host_said:_250_ok:__Message_647790445_accepted/
Jun 11 15:29:03 p12345678 qmail: 1181568543.778951 status: local 0/10 remote 2/20
Jun 11 15:29:03 p12345678 qmail: 1181568543.778964 end msg 20992561
Jun 11 15:29:06 p12345678 qmail: 1181568546.139737 delivery 551: deferral: Sorry,_I_wasn't_able_to_establish_an_SMTP_connection._(#4.4.1)/
Jun 11 15:29:06 p12345678 qmail: 1181568546.139840 status: local 0/10 remote 1/20
Jun 11 15:29:09 p12345678 qmail: 1181568549.138835 starting delivery 562: msg 20992408 to remote huwei57281818@yahoo.com.cn
Jun 11 15:29:09 p12345678 qmail: 1181568549.138935 status: local 0/10 remote 2/20
Jun 11 15:29:09 p12345678 qmail: 1181568549.667411 new msg 20992388
Jun 11 15:29:09 p12345678 qmail: 1181568549.667583 info msg 20992388: bytes 8141 from <> qp 27511 uid 2020
Jun 11 15:29:09 p12345678 qmail: 1181568549.675588 starting delivery 563: msg 20992388 to remote wenboby@etang.com
Jun 11 15:29:09 p12345678 qmail: 1181568549.675676 status: local 0/10 remote 3/20
Jun 11 15:29:09 p12345678 qmail: 1181568549.866014 delivery 562: deferral: Connected_to_202.43.216.28_but_greeting_failed./Remote_host_said:_421_Message_from_(82.165.28.150)_temporarily_deferred_-_4.16.50._Please_refer_to_http://help.yahoo.com/help/us/mail/defer/defer-06.html/
Jun 11 15:29:09 p12345678 qmail: 1181568549.866119 status: local 0/10 remote 2/20
Jun 11 15:29:14 p12345678 qmail: 1181568554.281053 delivery 563: success: 61.152.250.191_accepted_message./Remote_host_said:_250_Ok:_queued_as_D4E1602DC/
Jun 11 15:29:14 p12345678 qmail: 1181568554.281163 status: local 0/10 remote 1/20
Jun 11 15:29:14 p12345678 qmail: 1181568554.281176 end msg 20992388
Jun 11 15:29:15 p12345678 qmail: 1181568555.141445 new msg 20992561
Jun 11 15:29:15 p12345678 qmail: 1181568555.141609 info msg 20992561: bytes 8161 from <> qp 27519 uid 2020
Jun 11 15:29:15 p12345678 qmail: 1181568555.150827 starting delivery 564: msg 20992561 to remote wendian112233@sohu.com
Jun 11 15:29:15 p12345678 qmail: 1181568555.150915 status: local 0/10 remote 2/20
Jun 11 15:29:15 p12345678 qmail: 1181568555.156865 delivery 564: deferral: Sorry,_I_wasn't_able_to_establish_an_SMTP_connection._(#4.4.1)/
Jun 11 15:29:15 p12345678 qmail: 1181568555.156956 status: local 0/10 remote 1/20

Wenn ich mir die access_log von Apache anschaue sehe ich nichts was darauf hindeutet, dass ständig ein PHP/CGI-Script aufgerufen wird.
Mir fehlt leider gerade der Ansatz, wo ich suchen soll. In den Mails, wenn ich sie mir mit qmHandle ansehe, stehen auch immer andere IP-Adressen:

--------------
MESSAGE NUMBER 20992532
--------------
Received: (qmail 26413 invoked from network); 11 Jun 2007 15:18:37 +0200
Received: from dsl-200-95-33-110.prod-infinitum.com.mx (HELO WANGDONGVPS) (200.95.33.110)
by p12345678.pureserver.info with SMTP; 11 Jun 2007 15:18:37 +0200
From: "Sxzcq" <>
To: "jarod6119" <jarod6119@sohu.com>
Subject: =?GB2312?B?W9fbus/By73iz9azodCnwsq1xLj31tbL8Mqno6hMb3Nzo6ldMDAyMQ==?=
Date: Mon, 11 Jun 2007 21:18:16 +0800
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: base64
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106

--------------
MESSAGE NUMBER 20992555
--------------
Received: (qmail 27128 invoked from network); 11 Jun 2007 15:25:54 +0200
Received: from unknown (HELO VPS222) (201.90.65.5)
by p12345678.pureserver.info with SMTP; 11 Jun 2007 15:25:54 +0200
From: "Giyeo" <>
To: "zmd1999" <zmd1999@sohu.com>
Subject: =?GB2312?B?0L0gs+og1b0gwtQgsLggwP0g0+sgt9YgzvY1ODE=?=
Date: Mon, 11 Jun 2007 21:25:55 +0800
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: base64
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106

Nen Tipp nach was ich suchen kann?

Grüße!

[ekle]

http://www.abuse.net/relay.html

^^ damit kansch prüfen, ob du ein offenes mail relay hast.

wenn dem so ist, brauchst du nicht in den Apache logs suchen, sondern musst deinen Mailserver so konfigurieren, dass er halt keine offenes relay mehr ist.