ich hoffe mir kann einer weiterhelfen wie ich die Ursache finden kann.
In der Queue von Qmail finde ich solche Spam-Emails:
Code: Select all
X-Apparently-To: sophe_619@yahoo.com.tw via 203.188.201.34; Sun, 17 Jun 2007 04:05:25 +0800
X-Originating-IP: [217.160.75.28]
Return-Path: <fhk@s15172175.rootmaster.info>
Authentication-Results: mta159.mail.tp2.yahoo.com from=; domainkeys=neutral (no sig)
Received: from 217.160.75.28 (EHLO s15172175.rootmaster.info) (217.160.75.28)
by mta159.mail.tp2.yahoo.com with SMTP; Sun, 17 Jun 2007 04:05:25 +0800
Received: (qmail 695 invoked from network); 16 Jun 2007 22:05:22 +0200
Received: from 1.198.132.202.dynamic.ttn.net (HELO kuro.com.tw) (202.132.198.1)
by s15172175.rootmaster.info with (DES-CBC3-MD5 encrypted) SMTP; 16 Jun 2007 22:05:21 +0200
Message-ID: <20070619040136167010@kuro.com.tw>
Return-Path: <c320056@yahoo.com.tw>
Date: Tue, 19 Jun 2007 04:01:36 +0800
From: =?big5?B?p1akT6R1p0ClaaVIwci/+iylzrijpGykdadAq2+laaVIwcikar/6?= <>
To: <hcs1757@yahoo.com.tw>,
<sunkist3451@yahoo.com.tw>,
<chyuchun@yahoo.com.tw>,
<nono162675@yahoo.com.tw>,
<lion123650@yahoo.com.tw>,
<mavis826@yahoo.com.tw>,
<lanny_0605@yahoo.com.tw>,
<nokia58906234@yahoo.com.tw>,
<sophe_619@yahoo.com.tw>,
<jon80192000@yahoo.com.tw>,
<edc0011@yahoo.com.tw>
Subject: =?big5?B?pKO63sLFuvEswci/+r5prKGm26R2s8y56rvaISE=?=
X-mailer: JZgsaict 2
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_0EE7_0100282B.1FA0CCB0"
Content-Length: 3071
This is a multi-part message in MIME format.
------=_0EE7_0100282B.1FA0CCB0
Content-Type: text/plain;
charset="big5"
Content-Transfer-Encoding: base64
ZXhwZWN0aW5nIHRoZSBlbmVteSBpbiB0aGVpciByZWFyIGFuZC Bub3QgaW4g
ZnJvbnQsIHRoZSBmcmVuY2ggcmFuLCBzdHJhZ2dsaW5nIG91dC wgYW5kIGdl
dHRpbmcgc2VwYXJhdGVkIGFzIGZhciBhcyB0d2VudHktZm91ci Bob3Vyc6Gv
IG1hcmNoIGZyb20gb25lIGFub3RoZXIuIGluIGZyb250IG9mIG FsbCBmbGVk
IHRoZSBlbXBlcm9yLCB0aGVuIHQgIG5vIG9uZSByZXBsaWVkLi A=
------=_0EE7_0100282B.1FA0CCB0
Content-Type: text/html;
charset="big5"
Content-Transfer-Encoding: base64
PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE 1MIDQuMCBU
cmFuc2l0aW9uYWwvL0VOIj4NCjxIVE1MPjxIRUFEPg0KPE1FVE EgaHR0cC1l
cXVpdj1Db250ZW50LVR5cGUgY29udGVudD0idGV4dC9odG1sOy BjaGFyc2V0
PWJpZzUiPjwvSEVBRD4NCjxCT0RZPmV4cGVjdGluZyB0aGUgZW 5lbXkgaW4g
dGhlaXIgcmVhciBhbmQgbm90IGluIGZyb250LCB0aGUgZnJlbm NoIHJhbiwg
c3RyYWdnbGluZyBvdXQsIGFuZCBnZXR0aW5nIHNlcGFyYXRlZC BhcyBmYXIg
YXMgdHdlbnR5LWZvdXIgaG91cnOhryBtYXJjaCBmcm9tIG9uZS Bhbm90aGVy
LiBpbiBmcm9udCBvZiBhbGwgZmxlZCB0aGUgZW1wZXJvciwgdG hlbiB0Jm5i
c3A7PEEgDQpocmVmPSJodHRwOi8vd3d3Lmdvb2dsZS5jb20vdH JhbnNsYXRl
X2M/JTZjJTYxJTZlJTY3JTcwJTYxJTY5JTcyJTNEZW4lN0NlbiZhbX A7dT0l
NjglNzQlNzQlNzAlM0ElMkYlMkYmI3gwMDAwNmU7JiN4MDAwMD Y1OyYjeDAw
MDA3NzsmI3gwMDAwNzM7JiN4MDAwMDMxOyYjeDAwMDAzMDsmI3 gwMDAwMzA7
JiN4MDAwMDMwOyYjeDAwMDA2NzsmI3gwMDAwNmY7JiN4MDAwMD JlOyYjeDAw
MDA2NTsmI3gwMDAwN2E7JiN4MDAwMDY0OyYjeDAwMDA2ZTsmI3 gwMDAwMmU7
JiN4MDAwMDYzOyYjeDAwMDA2MzsmI3gwMDAwMmY7JiN4MDAwMD Y0OyYjeDAw
MDA2MTsmI3gwMDAwNzQ7JiN4MDAwMDYxOyYjeDAwMDAyZjsmI3 gwMDAwNmE7
JiN4MDAwMDc1OyYjeDAwMDA2MTsmI3gwMDAwNmU7JiN4MDAwMD Y3OyYjeDAw
MDAyZjs/JTc5JTYxJTZmJTZmJTJlJTYzJTZmJTZkJS9leHBlY3RpbmcgdG hl
IGVuZW15IGluIHRoZWlyIHJlYXIgYW5kIG5vdCBpbiBmcm9udC wgdGhlIGZy
ZW5jaCByYW4sIHN0cmFnZ2xpbmcgb3V0LCBhbmQgZ2V0dGluZy BzZXBhcmF0
ZWQgYXMgZmFyIGFzIHR3ZW50eS1mb3VyIGhvdXJzoa8gbWFyY2 ggZnJvbSBv
bmUgYW5vdGhlci4gaW4gZnJvbnQgb2YgYWxsIGZsZWQgdGhlIG VtcGVyb3Is
IHRoZW4gdG5vIG9uZSByZXBsaWVkLiIgDQp0YXJnZXQ9X2JsYW 5rIHJlbD1u
b2ZvbGxvdz48SU1HIA0Kc3JjPSJodHRwOi8vd3d3Lmdvb2dsZS 5jb20vdHJh
bnNsYXRlX2M/JTZjJTYxJTZlJTY3JTcwJTYxJTY5JTcyJTNEZW4lN0NlbiZh
bXA7dT0lNjglNzQlNzQlNzAlM0ElMkYlMkYmI3gwMDAwNmU7Ji N4MDAwMDY1
OyYjeDAwMDA3NzsmI3gwMDAwNzM7JiN4MDAwMDMxOyYjeDAwMD AzMDsmI3gw
MDAwMzA7JiN4MDAwMDMwOyYjeDAwMDA2NzsmI3gwMDAwNmY7Ji N4MDAwMDJl
OyYjeDAwMDA2NTsmI3gwMDAwN2E7JiN4MDAwMDY0OyYjeDAwMD A2ZTsmI3gw
MDAwMmU7JiN4MDAwMDYzOyYjeDAwMDA2MzsmI3gwMDAwMmY7Ji N4MDAwMDY0
OyYjeDAwMDA2MTsmI3gwMDAwNzQ7JiN4MDAwMDYxOyYjeDAwMD AyZjsmI3gw
MDAwNmE7JiN4MDAwMDc1OyYjeDAwMDA2MTsmI3gwMDAwNmU7Ji N4MDAwMDY3
OyYjeDAwMDAyZjsmI3gwMDAwNmE7JiN4MDAwMDc1OyYjeDAwMD A2MTsmI3gw
MDAwNmU7JiN4MDAwMDY3OyYjeDAwMDAyZTsmI3gwMDAwNjc7Ji N4MDAwMDY5
OyYjeDAwMDA2Njs/JTc5JTYxJTZmJTZmJTJlJTYzJTZmJTZkJS9leHBlY3Rp
bmcgdGhlIGVuZW15IGluIHRoZWlyIHJlYXIgYW5kIG5vdCBpbi Bmcm9udCwg
dGhlIGZyZW5jaCByYW4sIHN0cmFnZ2xpbmcgb3V0LCBhbmQgZ2 V0dGluZyBz
ZXBhcmF0ZWQgYXMgZmFyIGFzIHR3ZW50eS1mb3VyIGhvdXJzoa 8gbWFyY2gg
ZnJvbSBvbmUgYW5vdGhlci4gaW4gZnJvbnQgb2YgYWxsIGZsZW QgdGhlIGVt
cGVyb3IsIHRoZW4gdG5vIG9uZSByZXBsaWVkLiIgDQpib3JkZX I9MD48L0E+
IG5vIG9uZSByZXBsaWVkLiA8L0JPRFk+PC9IVE1MPg0K
In Plesk habe ich folgende Konfiguration für Relaying:
Code: Select all
Relaying: Autorisierung nötig:
aktiv für pop3 Sperrzeit 10min und SMTP
Folgende MAPS-Spamschutz sind konfiguriert
bl.spamcop.net;rhsbl.ahbl.org;dnsbl.ahbl.org;sbl.spamhaus.org
Code: Select all
<< 220 s15172175.rootmaster.info ESMTP
>> HELO 192.168.4.152
<< 250 s15172175.rootmaster.info
>> MAIL FROM:<spammer@192.168.4.152>
<< 250 ok
>> RCPT TO:<spammee@81.92.238.251>
<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
>> RSET
<< 250 flushed
>> MAIL FROM:<spammer@192.168.4.152>
<< 250 ok
>> RCPT TO:<"spammee@81.92.238.251">
<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
>> RSET
<< 250 flushed
>> MAIL FROM:<spammer@192.168.4.152>
<< 250 ok
>> RCPT TO:spammee@81.92.238.251
<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
>> RSET
<< 250 flushed
>> MAIL FROM:<spammer>
<< 250 ok
>> RCPT TO:<spammee@81.92.238.251>
<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
>> RSET
<< 250 flushed
>> MAIL FROM:<spammer@192.168.4.152>
<< 250 ok
>> RCPT TO:<spammee%81.92.238.251@217.160.75.28>
<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
>> RSET
<< 250 flushed
>> MAIL FROM:<spammer@192.168.4.152>
<< 250 ok
>> RCPT TO:<spammee@81.92.238.251@217.160.75.28>
<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
>> RSET
<< 250 flushed
>> MAIL FROM:<spammer@192.168.4.152>
<< 250 ok
>> RCPT TO:<81.92.238.251!spammee@217.160.75.28>
<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
>> RSET
<< 250 flushed
>> MAIL FROM:<spammer@192.168.4.152>
<< 250 ok
>> RCPT TO:<@217.160.75.28:spammee@81.92.238.251>
<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
>> RSET
<< 250 flushed
>> MAIL FROM:<spammer@192.168.4.152>
<< 250 ok
>> RCPT TO:<81.92.238.251!spammee>
<< 250 ok
WARNING!
Our tests indicate your mail server allows open relay.
Code: Select all
Jul 12 04:15:16 s15172175 qmail: 1184206516.070014 info msg 16806008: bytes 3107 from <lyhwaguswun@wagus.de> qp 9435 uid 2020
Jul 12 04:15:16 s15172175 qmail: 1184206516.075284 starting delivery 11029: msg 16806008 to local 275-uxcivtsh@ury.lu
Jul 12 04:15:16 s15172175 qmail: 1184206516.075366 status: local 1/10 remote 0/20
Jul 12 04:15:16 s15172175 qmail: 1184206516.092158 delivery 11029: failure: This_address_no_longer_accepts_mail./
Jul 12 04:15:16 s15172175 qmail: 1184206516.092231 status: local 0/10 remote 0/20
Jul 12 04:15:16 s15172175 qmail-queue[9438]: mail: all addreses are uncheckable - need to skip scanning (by deny mode)
Jul 12 04:15:16 s15172175 qmail-queue[9438]: scan: the message(drweb.tmp.QFW5vt) sent by to lyhwaguswun@wagus.de should be passed without checks, because contains uncheckable addresses
Jul 12 04:15:16 s15172175 qmail: 1184206516.168999 bounce msg 16806008 qp 9438
Jul 12 04:15:16 s15172175 qmail: 1184206516.169095 end msg 16806008
Jul 12 04:15:16 s15172175 qmail: 1184206516.170641 new msg 16818240
Jul 12 04:15:16 s15172175 qmail: 1184206516.170700 info msg 16818240: bytes 3657 from <> qp 9442 uid 2522
Jul 12 04:15:16 s15172175 qmail: 1184206516.174006 starting delivery 11030: msg 16818240 to remote lyhwaguswun@wagus.de
Jul 12 04:15:16 s15172175 qmail: 1184206516.174083 status: local 0/10 remote 1/20
Jul 12 04:15:30 s15172175 qmail-queue[9245]: scan: the message(drweb.tmp.49ufFb) sent by cooganh9p@hotmail.com to brever@mum.lu is passed
Jul 12 04:15:30 s15172175 qmail: 1184206530.238153 new msg 16806008
Jul 12 04:15:30 s15172175 qmail: 1184206530.238226 info msg 16806008: bytes 3327 from <cooganh9p@hotmail.com> qp 9531 uid 2020
Jul 12 04:15:30 s15172175 qmail: 1184206530.243111 starting delivery 11031: msg 16806008 to local 514-brever@mum.lu
Jul 12 04:15:30 s15172175 qmail: 1184206530.243187 status: local 1/10 remote 0/20
Jul 12 04:15:30 s15172175 qmail-queue[9534]: scan: the message(drweb.tmp.STiWhd) sent by cooganh9p@hotmail.com to info@brever.lu is passed
Jul 12 04:15:30 s15172175 qmail: 1184206530.341030 new msg 16818240
Jul 12 04:15:30 s15172175 qmail: 1184206530.341110 info msg 16818240: bytes 3429 from <cooganh9p@hotmail.com> qp 9535 uid 110
Jul 12 04:15:30 s15172175 qmail: 1184206530.345434 starting delivery 11032: msg 16818240 to local 602-info@brever.lu
Jul 12 04:15:30 s15172175 qmail: 1184206530.345498 status: local 2/10 remote 0/20
Jul 12 04:15:30 s15172175 qmail: 1184206530.345512 delivery 11031: success: did_0+1+1/qp_9534/
Jul 12 04:15:30 s15172175 qmail: 1184206530.345524 status: local 1/10 remote 0/20
Jul 12 04:15:30 s15172175 qmail: 1184206530.345536 end msg 16806008
Jul 12 04:15:52 s15172175 qmail-queue[9611]: scan: the message(drweb.tmp.JrkrBq) sent by vnbgidzuedu@rrhk.com to daniel@logomotif.lu is passed
Jul 12 04:15:52 s15172175 qmail: 1184206552.930911 new msg 16806008
Jul 12 04:15:52 s15172175 qmail: 1184206552.930986 info msg 16806008: bytes 2062 from <vnbgidzuedu@rrhk.com> qp 9613 uid 2020
Jul 12 04:15:52 s15172175 qmail: 1184206552.935847 starting delivery 11033: msg 16806008 to local 454-daniel@logomotif.lu
Jul 12 04:15:52 s15172175 qmail: 1184206552.935926 status: local 1/10 remote 0/20
Jul 12 04:15:53 s15172175 qmail-queue[9616]: scan: the message(drweb.tmp.UaucnY) sent by vnbgidzuedu@rrhk.com to info@logomotif.lu is passed
Jul 12 04:15:53 s15172175 qmail: 1184206553.020489 new msg 16818240
Jul 12 04:15:53 s15172175 qmail: 1184206553.020571 info msg 16818240: bytes 2170 from <vnbgidzuedu@rrhk.com> qp 9617 uid 110
Jul 12 04:15:53 s15172175 qmail: 1184206553.024835 starting delivery 11034: msg 16818240 to local 454-info@logomotif.lu
Jul 12 04:15:53 s15172175 qmail: 1184206553.024915 status: local 2/10 remote 0/20
Jul 12 04:15:53 s15172175 qmail: 1184206553.024929 delivery 11033: success: did_0+1+1/qp_9616/
Jul 12 04:15:53 s15172175 qmail: 1184206553.024941 status: local 1/10 remote 0/20
Jul 12 04:15:53 s15172175 qmail: 1184206553.024953 end msg 16806008
Jul 12 05:18:14 s15172175 qmail-queue[22140]: mail: all addreses are uncheckable - need to skip scanning (by deny mode)
Jul 12 05:18:14 s15172175 qmail-queue[22140]: scan: the message(drweb.tmp.fXCYi6) sent by fhk@s15172175.rootmaster.info to rcpts should be passed without checks, because contains uncheckable addresses
Jul 12 05:18:14 s15172175 qmail: 1184210294.595924 starting delivery 11422: msg 16818240 to remote worldwidean5@phentermine.com
Jul 12 05:18:14 s15172175 qmail: 1184210294.596002 status: local 0/10 remote 2/20
Jul 12 05:18:14 s15172175 qmail: 1184210294.596016 new msg 16809674
Jul 12 05:18:14 s15172175 qmail: 1184210294.596032 info msg 16809674: bytes 4169 from <fhk@s15172175.rootmaster.info> qp 22145 uid 2020
Jul 12 05:18:14 s15172175 qmail: 1184210294.643730 starting delivery 11423: msg 16809674 to remote dog.30102@yahoo.com.tw
Jul 12 05:18:14 s15172175 qmail: 1184210294.643787 status: local 0/10 remote 3/20
Jul 12 05:18:14 s15172175 qmail: 1184210294.643801 starting delivery 11424: msg 16809674 to remote ruby67yu@yahoo.com.tw
Jul 12 05:18:14 s15172175 qmail: 1184210294.643814 status: local 0/10 remote 4/20
Jul 12 05:18:14 s15172175 qmail: 1184210294.653999 starting delivery 11425: msg 16809674 to remote zoe_1206@yahoo.com.tw
Jul 12 05:18:14 s15172175 qmail: 1184210294.654288 status: local 0/10 remote 5/20
Jul 12 05:18:14 s15172175 qmail: 1184210294.689668 starting delivery 11426: msg 16809674 to remote allann_young@yahoo.com.tw
Jul 12 05:18:14 s15172175 qmail: 1184210294.689938 status: local 0/10 remote 6/20
Jul 12 05:18:14 s15172175 qmail: 1184210294.693342 starting delivery 11427: msg 16809674 to remote 0952648725@yahoo.com.tw
Jul 12 05:18:14 s15172175 qmail: 1184210294.693610 status: local 0/10 remote 7/20
Jul 12 05:18:14 s15172175 qmail: 1184210294.696884 starting delivery 11428: msg 16809674 to remote sputnik0528@yahoo.com.tw
Jul 12 05:18:14 s15172175 qmail: 1184210294.697083 status: local 0/10 remote 8/20
Jul 12 05:18:14 s15172175 qmail: 1184210294.700502 starting delivery 11429: msg 16809674 to remote mother350810@yahoo.com.tw
Jul 12 05:18:14 s15172175 qmail: 1184210294.700731 status: local 0/10 remote 9/20
Jul 12 05:18:14 s15172175 qmail: 1184210294.704187 starting delivery 11430: msg 16809674 to remote emote520@yahoo.com.tw
Jul 12 05:18:14 s15172175 qmail: 1184210294.704455 status: local 0/10 remote 10/20
Jul 12 05:18:14 s15172175 qmail: 1184210294.708652 starting delivery 11431: msg 16809674 to remote snake4125678@yahoo.com.tw
Jul 12 05:18:14 s15172175 qmail: 1184210294.708881 status: local 0/10 remote 11/20
Jul 12 05:18:14 s15172175 qmail: 1184210294.712249 starting delivery 11432: msg 16809674 to remote u605421@yahoo.com.tw
Jul 12 05:18:14 s15172175 qmail: 1184210294.712523 status: local 0/10 remote 12/20
Jul 12 05:18:14 s15172175 qmail: 1184210294.716321 starting delivery 11433: msg 16809674 to remote a0960559712@yahoo.com.tw
Jul 12 05:18:14 s15172175 qmail: 1184210294.716581 status: local 0/10 remote 13/20
Jul 12 05:18:50 s15172175 qmail-queue[22188]: mail: all addreses are uncheckable - need to skip scanning (by deny mode)
Jul 12 05:18:50 s15172175 qmail-queue[22188]: scan: the message(drweb.tmp.2Jrh4X) sent by boaz8@ILOVEJESUS.NET to eugene.moutschen@emolux.com should be passed without checks, because contains uncheckable addresses
Jul 12 05:18:50 s15172175 qmail: 1184210330.390377 new msg 16818250
Jul 12 05:18:50 s15172175 qmail: 1184210330.390463 info msg 16818250: bytes 15924 from <boaz8@ILOVEJESUS.NET> qp 22196 uid 2020
Jul 12 05:18:50 s15172175 qmail: 1184210330.395949 starting delivery 11434: msg 16818250 to local 46-eugene.moutschen@emolux.com
Jul 12 05:18:50 s15172175 qmail: 1184210330.396029 status: local 1/10 remote 2/20
Jul 12 05:18:50 s15172175 qmail-queue[22199]: mail: all addreses are uncheckable - need to skip scanning (by deny mode)
Jul 12 05:18:50 s15172175 qmail-queue[22199]: scan: the message(drweb.tmp.j5RtTf) sent by boaz8@ILOVEJESUS.NET to eugene.moutschen@edishare.lu should be passed without checks, because contains uncheckable addresses
Jul 12 05:18:50 s15172175 qmail: 1184210330.465011 new msg 16818256
Jul 12 05:18:50 s15172175 qmail: 1184210330.465091 info msg 16818256: bytes 16040 from <boaz8@ILOVEJESUS.NET> qp 22200 uid 110
Jul 12 05:18:50 s15172175 qmail: 1184210330.469314 starting delivery 11435: msg 16818256 to remote eugene.moutschen@edishare.lu
Jul 12 05:18:50 s15172175 qmail: 1184210330.469395 status: local 1/10 remote 3/20
Jul 12 05:18:50 s15172175 qmail: 1184210330.469409 delivery 11434: success: did_0+1+1/qp_22199/
Jul 12 05:18:50 s15172175 qmail: 1184210330.469420 status: local 0/10 remote 3/20
Jul 12 05:18:50 s15172175 qmail: 1184210330.469432 end msg 16818250
Jul 12 05:18:50 s15172175 qmail: 1184210330.804328 delivery 11435: success: 195.238.0.205_accepted_message./Remote_host_said:_250_2.6.0__<001b01c7c47d$9c99a6e0$069eff54@main1>_Queued_mail_for_delivery/
Jul 12 05:18:50 s15172175 qmail: 1184210330.804416 status: local 0/10 remote 2/20
Jul 12 05:18:50 s15172175 qmail: 1184210330.804431 end msg 16818256
Jul 12 05:19:17 s15172175 qmail: 1184210357.922081 new msg 16818250
Jul 12 05:19:17 s15172175 qmail: 1184210357.922145 info msg 16818250: bytes 2789 from <vpskinner@winning.com> qp 22295 uid 2020
Jul 12 05:19:17 s15172175 qmail: 1184210357.927732 starting delivery 11436: msg 16818250 to local 482-erich.rauw@somarco.com
Jul 12 05:19:17 s15172175 qmail: 1184210357.927807 status: local 1/10 remote 1/20
UID 110: popuser
Ich hoffe es kann mir einer von euch weiterhelfen wo ich das Problem finden kann oder wie ich weiter vorgehn könnte.