Spam über eigenen Server

kamikaze
Posts: 20
Joined: 2006-06-26 14:43

Spam über eigenen Server

Post by kamikaze »

Hallo zusammen,

ich hoffe mir kann einer weiterhelfen wie ich die Ursache finden kann.
In der Queue von Qmail finde ich solche Spam-Emails:

Code: Select all

X-Apparently-To: sophe_619@yahoo.com.tw via 203.188.201.34; Sun, 17 Jun 2007 04:05:25 +0800
X-Originating-IP: [217.160.75.28]
Return-Path: <fhk@s15172175.rootmaster.info>
Authentication-Results: mta159.mail.tp2.yahoo.com from=; domainkeys=neutral (no sig)
Received: from 217.160.75.28 (EHLO s15172175.rootmaster.info) (217.160.75.28)
by mta159.mail.tp2.yahoo.com with SMTP; Sun, 17 Jun 2007 04:05:25 +0800
Received: (qmail 695 invoked from network); 16 Jun 2007 22:05:22 +0200
Received: from 1.198.132.202.dynamic.ttn.net (HELO kuro.com.tw) (202.132.198.1)
by s15172175.rootmaster.info with (DES-CBC3-MD5 encrypted) SMTP; 16 Jun 2007 22:05:21 +0200
Message-ID: <20070619040136167010@kuro.com.tw>
Return-Path: <c320056@yahoo.com.tw>
Date: Tue, 19 Jun 2007 04:01:36 +0800
From: =?big5?B?p1akT6R1p0ClaaVIwci/+iylzrijpGykdadAq2+laaVIwcikar/6?= <>
To: <hcs1757@yahoo.com.tw>,
<sunkist3451@yahoo.com.tw>,
<chyuchun@yahoo.com.tw>,
<nono162675@yahoo.com.tw>,
<lion123650@yahoo.com.tw>,
<mavis826@yahoo.com.tw>,
<lanny_0605@yahoo.com.tw>,
<nokia58906234@yahoo.com.tw>,
<sophe_619@yahoo.com.tw>,
<jon80192000@yahoo.com.tw>,
<edc0011@yahoo.com.tw>
Subject: =?big5?B?pKO63sLFuvEswci/+r5prKGm26R2s8y56rvaISE=?=
X-mailer: JZgsaict 2
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_0EE7_0100282B.1FA0CCB0"
Content-Length: 3071


This is a multi-part message in MIME format.

------=_0EE7_0100282B.1FA0CCB0
Content-Type: text/plain;
charset="big5"
Content-Transfer-Encoding: base64

ZXhwZWN0aW5nIHRoZSBlbmVteSBpbiB0aGVpciByZWFyIGFuZC Bub3QgaW4g
ZnJvbnQsIHRoZSBmcmVuY2ggcmFuLCBzdHJhZ2dsaW5nIG91dC wgYW5kIGdl
dHRpbmcgc2VwYXJhdGVkIGFzIGZhciBhcyB0d2VudHktZm91ci Bob3Vyc6Gv
IG1hcmNoIGZyb20gb25lIGFub3RoZXIuIGluIGZyb250IG9mIG FsbCBmbGVk
IHRoZSBlbXBlcm9yLCB0aGVuIHQgIG5vIG9uZSByZXBsaWVkLi A=

------=_0EE7_0100282B.1FA0CCB0
Content-Type: text/html;
charset="big5"
Content-Transfer-Encoding: base64

PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE 1MIDQuMCBU
cmFuc2l0aW9uYWwvL0VOIj4NCjxIVE1MPjxIRUFEPg0KPE1FVE EgaHR0cC1l
cXVpdj1Db250ZW50LVR5cGUgY29udGVudD0idGV4dC9odG1sOy BjaGFyc2V0
PWJpZzUiPjwvSEVBRD4NCjxCT0RZPmV4cGVjdGluZyB0aGUgZW 5lbXkgaW4g
dGhlaXIgcmVhciBhbmQgbm90IGluIGZyb250LCB0aGUgZnJlbm NoIHJhbiwg
c3RyYWdnbGluZyBvdXQsIGFuZCBnZXR0aW5nIHNlcGFyYXRlZC BhcyBmYXIg
YXMgdHdlbnR5LWZvdXIgaG91cnOhryBtYXJjaCBmcm9tIG9uZS Bhbm90aGVy
LiBpbiBmcm9udCBvZiBhbGwgZmxlZCB0aGUgZW1wZXJvciwgdG hlbiB0Jm5i
c3A7PEEgDQpocmVmPSJodHRwOi8vd3d3Lmdvb2dsZS5jb20vdH JhbnNsYXRl
X2M/JTZjJTYxJTZlJTY3JTcwJTYxJTY5JTcyJTNEZW4lN0NlbiZhbX A7dT0l
NjglNzQlNzQlNzAlM0ElMkYlMkYmI3gwMDAwNmU7JiN4MDAwMD Y1OyYjeDAw
MDA3NzsmI3gwMDAwNzM7JiN4MDAwMDMxOyYjeDAwMDAzMDsmI3 gwMDAwMzA7
JiN4MDAwMDMwOyYjeDAwMDA2NzsmI3gwMDAwNmY7JiN4MDAwMD JlOyYjeDAw
MDA2NTsmI3gwMDAwN2E7JiN4MDAwMDY0OyYjeDAwMDA2ZTsmI3 gwMDAwMmU7
JiN4MDAwMDYzOyYjeDAwMDA2MzsmI3gwMDAwMmY7JiN4MDAwMD Y0OyYjeDAw
MDA2MTsmI3gwMDAwNzQ7JiN4MDAwMDYxOyYjeDAwMDAyZjsmI3 gwMDAwNmE7
JiN4MDAwMDc1OyYjeDAwMDA2MTsmI3gwMDAwNmU7JiN4MDAwMD Y3OyYjeDAw
MDAyZjs/JTc5JTYxJTZmJTZmJTJlJTYzJTZmJTZkJS9leHBlY3RpbmcgdG hl
IGVuZW15IGluIHRoZWlyIHJlYXIgYW5kIG5vdCBpbiBmcm9udC wgdGhlIGZy
ZW5jaCByYW4sIHN0cmFnZ2xpbmcgb3V0LCBhbmQgZ2V0dGluZy BzZXBhcmF0
ZWQgYXMgZmFyIGFzIHR3ZW50eS1mb3VyIGhvdXJzoa8gbWFyY2 ggZnJvbSBv
bmUgYW5vdGhlci4gaW4gZnJvbnQgb2YgYWxsIGZsZWQgdGhlIG VtcGVyb3Is
IHRoZW4gdG5vIG9uZSByZXBsaWVkLiIgDQp0YXJnZXQ9X2JsYW 5rIHJlbD1u
b2ZvbGxvdz48SU1HIA0Kc3JjPSJodHRwOi8vd3d3Lmdvb2dsZS 5jb20vdHJh
bnNsYXRlX2M/JTZjJTYxJTZlJTY3JTcwJTYxJTY5JTcyJTNEZW4lN0NlbiZh
bXA7dT0lNjglNzQlNzQlNzAlM0ElMkYlMkYmI3gwMDAwNmU7Ji N4MDAwMDY1
OyYjeDAwMDA3NzsmI3gwMDAwNzM7JiN4MDAwMDMxOyYjeDAwMD AzMDsmI3gw
MDAwMzA7JiN4MDAwMDMwOyYjeDAwMDA2NzsmI3gwMDAwNmY7Ji N4MDAwMDJl
OyYjeDAwMDA2NTsmI3gwMDAwN2E7JiN4MDAwMDY0OyYjeDAwMD A2ZTsmI3gw
MDAwMmU7JiN4MDAwMDYzOyYjeDAwMDA2MzsmI3gwMDAwMmY7Ji N4MDAwMDY0
OyYjeDAwMDA2MTsmI3gwMDAwNzQ7JiN4MDAwMDYxOyYjeDAwMD AyZjsmI3gw
MDAwNmE7JiN4MDAwMDc1OyYjeDAwMDA2MTsmI3gwMDAwNmU7Ji N4MDAwMDY3
OyYjeDAwMDAyZjsmI3gwMDAwNmE7JiN4MDAwMDc1OyYjeDAwMD A2MTsmI3gw
MDAwNmU7JiN4MDAwMDY3OyYjeDAwMDAyZTsmI3gwMDAwNjc7Ji N4MDAwMDY5
OyYjeDAwMDA2Njs/JTc5JTYxJTZmJTZmJTJlJTYzJTZmJTZkJS9leHBlY3Rp
bmcgdGhlIGVuZW15IGluIHRoZWlyIHJlYXIgYW5kIG5vdCBpbi Bmcm9udCwg
dGhlIGZyZW5jaCByYW4sIHN0cmFnZ2xpbmcgb3V0LCBhbmQgZ2 V0dGluZyBz
ZXBhcmF0ZWQgYXMgZmFyIGFzIHR3ZW50eS1mb3VyIGhvdXJzoa 8gbWFyY2gg
ZnJvbSBvbmUgYW5vdGhlci4gaW4gZnJvbnQgb2YgYWxsIGZsZW QgdGhlIGVt
cGVyb3IsIHRoZW4gdG5vIG9uZSByZXBsaWVkLiIgDQpib3JkZX I9MD48L0E+
IG5vIG9uZSByZXBsaWVkLiA8L0JPRFk+PC9IVE1MPg0K
Wenn ich den Webdienst deaktiviere über die Plesk Administration werden diese Emails weiter in meiner Queue gefüllt.
In Plesk habe ich folgende Konfiguration für Relaying:

Code: Select all

Relaying: Autorisierung nötig:
aktiv für pop3 Sperrzeit 10min und SMTP

Folgende MAPS-Spamschutz sind konfiguriert
bl.spamcop.net;rhsbl.ahbl.org;dnsbl.ahbl.org;sbl.spamhaus.org
über DNSGoodies habe ich folgendes Resultat erzielt:

Code: Select all

<< 220 s15172175.rootmaster.info ESMTP
>> HELO 192.168.4.152
<< 250 s15172175.rootmaster.info

>> MAIL FROM:<spammer@192.168.4.152>
<< 250 ok
>> RCPT TO:<spammee@81.92.238.251>
<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
>> RSET
<< 250 flushed

>> MAIL FROM:<spammer@192.168.4.152>
<< 250 ok
>> RCPT TO:<"spammee@81.92.238.251">
<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
>> RSET
<< 250 flushed

>> MAIL FROM:<spammer@192.168.4.152>
<< 250 ok
>> RCPT TO:spammee@81.92.238.251
<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
>> RSET
<< 250 flushed

>> MAIL FROM:<spammer>
<< 250 ok
>> RCPT TO:<spammee@81.92.238.251>
<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
>> RSET
<< 250 flushed

>> MAIL FROM:<spammer@192.168.4.152>
<< 250 ok
>> RCPT TO:<spammee%81.92.238.251@217.160.75.28>
<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
>> RSET
<< 250 flushed

>> MAIL FROM:<spammer@192.168.4.152>
<< 250 ok
>> RCPT TO:<spammee@81.92.238.251@217.160.75.28>
<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
>> RSET
<< 250 flushed

>> MAIL FROM:<spammer@192.168.4.152>
<< 250 ok
>> RCPT TO:<81.92.238.251!spammee@217.160.75.28>
<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
>> RSET
<< 250 flushed

>> MAIL FROM:<spammer@192.168.4.152>
<< 250 ok
>> RCPT TO:<@217.160.75.28:spammee@81.92.238.251>
<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
>> RSET
<< 250 flushed

>> MAIL FROM:<spammer@192.168.4.152>
<< 250 ok
>> RCPT TO:<81.92.238.251!spammee>
<< 250 ok


WARNING!
Our tests indicate your mail server allows open relay. 
Beispiele aus meiner Maillog:

Code: Select all

Jul 12 04:15:16 s15172175 qmail: 1184206516.070014 info msg 16806008: bytes 3107 from <lyhwaguswun@wagus.de> qp 9435 uid 2020
Jul 12 04:15:16 s15172175 qmail: 1184206516.075284 starting delivery 11029: msg 16806008 to local 275-uxcivtsh@ury.lu
Jul 12 04:15:16 s15172175 qmail: 1184206516.075366 status: local 1/10 remote 0/20
Jul 12 04:15:16 s15172175 qmail: 1184206516.092158 delivery 11029: failure: This_address_no_longer_accepts_mail./
Jul 12 04:15:16 s15172175 qmail: 1184206516.092231 status: local 0/10 remote 0/20
Jul 12 04:15:16 s15172175 qmail-queue[9438]: mail: all addreses are uncheckable - need to skip scanning (by deny mode)
Jul 12 04:15:16 s15172175 qmail-queue[9438]: scan: the message(drweb.tmp.QFW5vt) sent by  to lyhwaguswun@wagus.de should be passed without checks, because contains uncheckable addresses
Jul 12 04:15:16 s15172175 qmail: 1184206516.168999 bounce msg 16806008 qp 9438
Jul 12 04:15:16 s15172175 qmail: 1184206516.169095 end msg 16806008
Jul 12 04:15:16 s15172175 qmail: 1184206516.170641 new msg 16818240
Jul 12 04:15:16 s15172175 qmail: 1184206516.170700 info msg 16818240: bytes 3657 from <> qp 9442 uid 2522
Jul 12 04:15:16 s15172175 qmail: 1184206516.174006 starting delivery 11030: msg 16818240 to remote lyhwaguswun@wagus.de
Jul 12 04:15:16 s15172175 qmail: 1184206516.174083 status: local 0/10 remote 1/20
Jul 12 04:15:30 s15172175 qmail-queue[9245]: scan: the message(drweb.tmp.49ufFb) sent by cooganh9p@hotmail.com to brever@mum.lu is passed
Jul 12 04:15:30 s15172175 qmail: 1184206530.238153 new msg 16806008
Jul 12 04:15:30 s15172175 qmail: 1184206530.238226 info msg 16806008: bytes 3327 from <cooganh9p@hotmail.com> qp 9531 uid 2020
Jul 12 04:15:30 s15172175 qmail: 1184206530.243111 starting delivery 11031: msg 16806008 to local 514-brever@mum.lu
Jul 12 04:15:30 s15172175 qmail: 1184206530.243187 status: local 1/10 remote 0/20
Jul 12 04:15:30 s15172175 qmail-queue[9534]: scan: the message(drweb.tmp.STiWhd) sent by cooganh9p@hotmail.com to info@brever.lu is passed
Jul 12 04:15:30 s15172175 qmail: 1184206530.341030 new msg 16818240
Jul 12 04:15:30 s15172175 qmail: 1184206530.341110 info msg 16818240: bytes 3429 from <cooganh9p@hotmail.com> qp 9535 uid 110
Jul 12 04:15:30 s15172175 qmail: 1184206530.345434 starting delivery 11032: msg 16818240 to local 602-info@brever.lu
Jul 12 04:15:30 s15172175 qmail: 1184206530.345498 status: local 2/10 remote 0/20
Jul 12 04:15:30 s15172175 qmail: 1184206530.345512 delivery 11031: success: did_0+1+1/qp_9534/
Jul 12 04:15:30 s15172175 qmail: 1184206530.345524 status: local 1/10 remote 0/20
Jul 12 04:15:30 s15172175 qmail: 1184206530.345536 end msg 16806008
Jul 12 04:15:52 s15172175 qmail-queue[9611]: scan: the message(drweb.tmp.JrkrBq) sent by vnbgidzuedu@rrhk.com to daniel@logomotif.lu is passed
Jul 12 04:15:52 s15172175 qmail: 1184206552.930911 new msg 16806008
Jul 12 04:15:52 s15172175 qmail: 1184206552.930986 info msg 16806008: bytes 2062 from <vnbgidzuedu@rrhk.com> qp 9613 uid 2020
Jul 12 04:15:52 s15172175 qmail: 1184206552.935847 starting delivery 11033: msg 16806008 to local 454-daniel@logomotif.lu
Jul 12 04:15:52 s15172175 qmail: 1184206552.935926 status: local 1/10 remote 0/20
Jul 12 04:15:53 s15172175 qmail-queue[9616]: scan: the message(drweb.tmp.UaucnY) sent by vnbgidzuedu@rrhk.com to info@logomotif.lu is passed
Jul 12 04:15:53 s15172175 qmail: 1184206553.020489 new msg 16818240
Jul 12 04:15:53 s15172175 qmail: 1184206553.020571 info msg 16818240: bytes 2170 from <vnbgidzuedu@rrhk.com> qp 9617 uid 110
Jul 12 04:15:53 s15172175 qmail: 1184206553.024835 starting delivery 11034: msg 16818240 to local 454-info@logomotif.lu
Jul 12 04:15:53 s15172175 qmail: 1184206553.024915 status: local 2/10 remote 0/20
Jul 12 04:15:53 s15172175 qmail: 1184206553.024929 delivery 11033: success: did_0+1+1/qp_9616/
Jul 12 04:15:53 s15172175 qmail: 1184206553.024941 status: local 1/10 remote 0/20
Jul 12 04:15:53 s15172175 qmail: 1184206553.024953 end msg 16806008
Jul 12 05:18:14 s15172175 qmail-queue[22140]: mail: all addreses are uncheckable - need to skip scanning (by deny mode)
Jul 12 05:18:14 s15172175 qmail-queue[22140]: scan: the message(drweb.tmp.fXCYi6) sent by fhk@s15172175.rootmaster.info to rcpts should be passed without checks, because contains uncheckable addresses
Jul 12 05:18:14 s15172175 qmail: 1184210294.595924 starting delivery 11422: msg 16818240 to remote worldwidean5@phentermine.com
Jul 12 05:18:14 s15172175 qmail: 1184210294.596002 status: local 0/10 remote 2/20
Jul 12 05:18:14 s15172175 qmail: 1184210294.596016 new msg 16809674
Jul 12 05:18:14 s15172175 qmail: 1184210294.596032 info msg 16809674: bytes 4169 from <fhk@s15172175.rootmaster.info> qp 22145 uid 2020
Jul 12 05:18:14 s15172175 qmail: 1184210294.643730 starting delivery 11423: msg 16809674 to remote dog.30102@yahoo.com.tw
Jul 12 05:18:14 s15172175 qmail: 1184210294.643787 status: local 0/10 remote 3/20
Jul 12 05:18:14 s15172175 qmail: 1184210294.643801 starting delivery 11424: msg 16809674 to remote ruby67yu@yahoo.com.tw
Jul 12 05:18:14 s15172175 qmail: 1184210294.643814 status: local 0/10 remote 4/20
Jul 12 05:18:14 s15172175 qmail: 1184210294.653999 starting delivery 11425: msg 16809674 to remote zoe_1206@yahoo.com.tw
Jul 12 05:18:14 s15172175 qmail: 1184210294.654288 status: local 0/10 remote 5/20
Jul 12 05:18:14 s15172175 qmail: 1184210294.689668 starting delivery 11426: msg 16809674 to remote allann_young@yahoo.com.tw
Jul 12 05:18:14 s15172175 qmail: 1184210294.689938 status: local 0/10 remote 6/20
Jul 12 05:18:14 s15172175 qmail: 1184210294.693342 starting delivery 11427: msg 16809674 to remote 0952648725@yahoo.com.tw
Jul 12 05:18:14 s15172175 qmail: 1184210294.693610 status: local 0/10 remote 7/20
Jul 12 05:18:14 s15172175 qmail: 1184210294.696884 starting delivery 11428: msg 16809674 to remote sputnik0528@yahoo.com.tw
Jul 12 05:18:14 s15172175 qmail: 1184210294.697083 status: local 0/10 remote 8/20
Jul 12 05:18:14 s15172175 qmail: 1184210294.700502 starting delivery 11429: msg 16809674 to remote mother350810@yahoo.com.tw
Jul 12 05:18:14 s15172175 qmail: 1184210294.700731 status: local 0/10 remote 9/20
Jul 12 05:18:14 s15172175 qmail: 1184210294.704187 starting delivery 11430: msg 16809674 to remote emote520@yahoo.com.tw
Jul 12 05:18:14 s15172175 qmail: 1184210294.704455 status: local 0/10 remote 10/20
Jul 12 05:18:14 s15172175 qmail: 1184210294.708652 starting delivery 11431: msg 16809674 to remote snake4125678@yahoo.com.tw
Jul 12 05:18:14 s15172175 qmail: 1184210294.708881 status: local 0/10 remote 11/20
Jul 12 05:18:14 s15172175 qmail: 1184210294.712249 starting delivery 11432: msg 16809674 to remote u605421@yahoo.com.tw
Jul 12 05:18:14 s15172175 qmail: 1184210294.712523 status: local 0/10 remote 12/20
Jul 12 05:18:14 s15172175 qmail: 1184210294.716321 starting delivery 11433: msg 16809674 to remote a0960559712@yahoo.com.tw
Jul 12 05:18:14 s15172175 qmail: 1184210294.716581 status: local 0/10 remote 13/20
Jul 12 05:18:50 s15172175 qmail-queue[22188]: mail: all addreses are uncheckable - need to skip scanning (by deny mode)
Jul 12 05:18:50 s15172175 qmail-queue[22188]: scan: the message(drweb.tmp.2Jrh4X) sent by boaz8@ILOVEJESUS.NET to eugene.moutschen@emolux.com should be passed without checks, because contains uncheckable addresses
Jul 12 05:18:50 s15172175 qmail: 1184210330.390377 new msg 16818250
Jul 12 05:18:50 s15172175 qmail: 1184210330.390463 info msg 16818250: bytes 15924 from <boaz8@ILOVEJESUS.NET> qp 22196 uid 2020
Jul 12 05:18:50 s15172175 qmail: 1184210330.395949 starting delivery 11434: msg 16818250 to local 46-eugene.moutschen@emolux.com
Jul 12 05:18:50 s15172175 qmail: 1184210330.396029 status: local 1/10 remote 2/20
Jul 12 05:18:50 s15172175 qmail-queue[22199]: mail: all addreses are uncheckable - need to skip scanning (by deny mode)
Jul 12 05:18:50 s15172175 qmail-queue[22199]: scan: the message(drweb.tmp.j5RtTf) sent by boaz8@ILOVEJESUS.NET to eugene.moutschen@edishare.lu should be passed without checks, because contains uncheckable addresses
Jul 12 05:18:50 s15172175 qmail: 1184210330.465011 new msg 16818256
Jul 12 05:18:50 s15172175 qmail: 1184210330.465091 info msg 16818256: bytes 16040 from <boaz8@ILOVEJESUS.NET> qp 22200 uid 110
Jul 12 05:18:50 s15172175 qmail: 1184210330.469314 starting delivery 11435: msg 16818256 to remote eugene.moutschen@edishare.lu
Jul 12 05:18:50 s15172175 qmail: 1184210330.469395 status: local 1/10 remote 3/20
Jul 12 05:18:50 s15172175 qmail: 1184210330.469409 delivery 11434: success: did_0+1+1/qp_22199/
Jul 12 05:18:50 s15172175 qmail: 1184210330.469420 status: local 0/10 remote 3/20
Jul 12 05:18:50 s15172175 qmail: 1184210330.469432 end msg 16818250
Jul 12 05:18:50 s15172175 qmail: 1184210330.804328 delivery 11435: success: 195.238.0.205_accepted_message./Remote_host_said:_250_2.6.0__<001b01c7c47d$9c99a6e0$069eff54@main1>_Queued_mail_for_delivery/
Jul 12 05:18:50 s15172175 qmail: 1184210330.804416 status: local 0/10 remote 2/20
Jul 12 05:18:50 s15172175 qmail: 1184210330.804431 end msg 16818256
Jul 12 05:19:17 s15172175 qmail: 1184210357.922081 new msg 16818250
Jul 12 05:19:17 s15172175 qmail: 1184210357.922145 info msg 16818250: bytes 2789 from <vpskinner@winning.com> qp 22295 uid 2020
Jul 12 05:19:17 s15172175 qmail: 1184210357.927732 starting delivery 11436: msg 16818250 to local 482-erich.rauw@somarco.com
Jul 12 05:19:17 s15172175 qmail: 1184210357.927807 status: local 1/10 remote 1/20
UID 2020: qmaild
UID 110: popuser

Ich hoffe es kann mir einer von euch weiterhelfen wo ich das Problem finden kann oder wie ich weiter vorgehn könnte.
Top

aubergine
RSAC
Posts: 475
Joined: 2005-09-10 17:52
Location: Frankfurt am Main

Re: Spam über eigenen Server

Post by aubergine »

Falls das hier: s15172175.rootmaster.info dein Server ist betreibst du ein offenes Relay.

Daher kann jeder bei dir Mails einliefern, welche anschließend von deinem Server versendet werden.

Am besten du postest hier alle Konfigurationen oder lässt dir von einem IT Unternehmen oder dem Schlund Support helfen, falls du völlig blank in dem Themengebiet bist.
Top

sesselmi
Posts: 4
Joined: 2007-01-14 01:18

Re: Spam über eigenen Server

Post by sesselmi »

Aber laut PLESK hat er doch SMTP-Auth aktiviert?

Code: Select all

Relaying: Autorisierung nötig: 
aktiv für pop3 Sperrzeit 10min und SMTP


Mach mal folgenden Test:

http://www.antispam-ufrj.pads.ufrj.br/test-relay.html

Gruß
Top

bitbetrieb
Posts: 41
Joined: 2002-11-13 12:37

Re: Spam über eigenen Server

Post by bitbetrieb »

sieht es nicht eher so aus, als ob über ein kompromittiertes Formular-Skript zusätzliche Empfänger in den E-Mail-Header geschrieben wurden?

Gruß
Helmut Weber
Top