Mailserver sicher?

kenny1980
Posts: 37
Joined: 2005-05-24 22:04

Mailserver sicher?

Post by kenny1980 »

Hallo,
nachdem ich die letzten Tage meines erachtens alle Lücken geschlossen habe bin ich noch immer über meinen grossen Taffic verwundert. Heute liegt dieser innerhalb von 11 Stunden bei 17.82MB Upload und 3243.45MB Download.

Allerdings muss ich sagen, das ich und niemand anders an dem Server etwas geuppt hat.
Bei keiner Domain ist bei der Webstatistik heute ein solches DL Aufkommen zu verzeichnen.

Meine Maillog sieht folgendermaßen aus:

Code: Select all

Oct 28 11:42:17 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:2193 (not defined)
Oct 28 11:42:22 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:2778 (not defined)
Oct 28 11:42:23 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:2945 (not defined)
Oct 28 11:42:33 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.44:4201 (not defined)
Oct 28 11:42:34 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:4454 (not defined)
Oct 28 11:42:35 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:4566 (not defined)
Oct 28 11:42:35 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:4610 (not defined)
Oct 28 11:42:53 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.44:2357 (not defined)
Oct 28 11:42:59 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:3211 (not defined)
Oct 28 11:43:00 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:3332 (not defined)
Oct 28 11:43:02 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:3749 (not defined)
Oct 28 11:43:10 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.44:4261 (not defined)
Oct 28 11:43:12 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:1196 (not defined)
Oct 28 11:43:12 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:1210 (not defined)
Oct 28 11:43:13 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:1280 (not defined)
Oct 28 11:43:28 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.44:2428 (not defined)
Oct 28 11:43:33 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.44:2956 (not defined)
Oct 28 11:43:38 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:3884 (not defined)
Oct 28 11:43:38 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:3921 (not defined)
Oct 28 11:43:42 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:4628 (not defined)
Oct 28 11:43:43 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.44:4242 (not defined)
Oct 28 11:43:51 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:1706 (not defined)
Oct 28 11:43:52 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:1807 (not defined)
Oct 28 11:43:54 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:1976 (not defined)
Oct 28 11:43:55 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 213.165.64.20:48695 (mail.gmx.net)
Oct 28 11:44:02 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.44:2377 (not defined)
Oct 28 11:44:16 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:4420 (not defined)
Oct 28 11:44:18 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:4624 (not defined)
Oct 28 11:44:20 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.44:4298 (not defined)
Oct 28 11:44:23 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:1466 (not defined)
Oct 28 11:44:32 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:2260 (not defined)
Oct 28 11:44:34 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:2435 (not defined)
Oct 28 11:44:40 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:3010 (not defined)
Oct 28 11:44:40 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.44:2536 (not defined)
Oct 28 11:44:57 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:1181 (not defined)
Oct 28 11:44:58 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.44:4694 (not defined)
Oct 28 11:45:00 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:1529 (not defined)
Oct 28 11:45:04 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 217.44.113.12:60957 (host217-44-113-12.range217-44.btcentralplus.com)
Oct 28 11:45:07 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:2305 (not defined)
Oct 28 11:45:10 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:2608 (not defined)
Oct 28 11:45:15 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:3075 (not defined)
Oct 28 11:45:18 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.44:2723 (not defined)
Oct 28 11:45:24 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.44:3416 (not defined)
Oct 28 11:45:25 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:4201 (not defined)
Oct 28 11:45:35 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:1396 (not defined)
Oct 28 11:45:35 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.44:4750 (not defined)
Oct 28 11:45:40 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:1901 (not defined)
Oct 28 11:45:51 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:2942 (not defined)
Oct 28 11:45:54 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:3256 (not defined)
Oct 28 11:45:55 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.44:2744 (not defined)
Oct 28 11:46:00 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:3977 (not defined)
Oct 28 11:46:11 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:1191 (not defined)
Oct 28 11:46:15 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.44:1104 (not defined)
Oct 28 11:46:16 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:1765 (not defined)
Oct 28 11:46:19 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:2031 (not defined)
Oct 28 11:46:29 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:3056 (not defined)
Oct 28 11:46:31 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:3310 (not defined)
Oct 28 11:46:34 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.44:2877 (not defined)
Oct 28 11:46:39 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:4267 (not defined)
Oct 28 11:46:50 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.44:4811 (not defined)
Oct 28 11:46:52 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:1692 (not defined)
Oct 28 11:46:56 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:2294 (not defined)
Oct 28 11:46:56 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:2316 (not defined)
Oct 28 11:47:07 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:3589 (not defined)
Oct 28 11:47:09 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.44:2794 (not defined)
Oct 28 11:47:12 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:4125 (not defined)
Oct 28 11:47:20 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:1139 (not defined)
Oct 28 11:47:26 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.44:4878 (not defined)
Oct 28 11:47:34 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:2606 (not defined)
Oct 28 11:47:34 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:2647 (not defined)
Oct 28 11:47:37 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:3002 (not defined)
Oct 28 11:47:45 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.44:2623 (not defined)
Oct 28 11:47:45 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.44:2624 (not defined)
Oct 28 11:47:49 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:4593 (not defined)
Oct 28 11:47:51 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 87.3.83.129:3685 (host129-83-dynamic.3-87-r.retail.telecomitalia.it)
Oct 28 11:47:55 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:1281 (not defined)
Oct 28 11:48:00 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:1809 (not defined)
Oct 28 11:48:04 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.44:4876 (not defined)
Oct 28 11:48:15 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:3447 (not defined)
Oct 28 11:48:18 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:3751 (not defined)
Oct 28 11:48:19 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:3944 (not defined)
Oct 28 11:48:23 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.44:3032 (not defined)
Oct 28 11:48:30 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:1248 (not defined)
Oct 28 11:48:35 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:1804 (not defined)
Oct 28 11:48:41 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.44:1259 (not defined)
Oct 28 11:48:43 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:2706 (not defined)
Oct 28 11:48:53 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:3856 (not defined)
Oct 28 11:48:59 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:4669 (not defined)
Oct 28 11:48:59 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:4757 (not defined)
Oct 28 11:49:00 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.44:3168 (not defined)
Oct 28 11:49:06 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:1611 (not defined)
Oct 28 11:49:10 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 212.26.82.8:46610 (relay.kau.edu.sa)
Oct 28 11:49:10 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:2025 (not defined)
Oct 28 11:49:17 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.44:1256 (not defined)
Oct 28 11:49:25 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:3450 (not defined)
Oct 28 11:49:30 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:4263 (not defined)
Oct 28 11:49:35 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:1128 (not defined)
Oct 28 11:49:36 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.44:3098 (not defined)
Oct 28 11:49:36 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:1175 (not defined)
Oct 28 11:49:41 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:1681 (not defined)
Oct 28 11:49:46 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:2242 (not defined)
Oct 28 11:49:51 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.44:4826 (not defined)
Oct 28 11:49:58 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 87.223.252.44:3266 (44.252.223.87.dynamic.jazztel.es)
Oct 28 11:50:02 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:3780 (not defined)
Oct 28 11:50:06 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:4294 (not defined)
Oct 28 11:50:09 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.44:2691 (not defined)
Oct 28 11:50:13 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:1472 (not defined)
Oct 28 11:50:17 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:1856 (not defined)
Oct 28 11:50:17 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:1877 (not defined)
Oct 28 11:50:26 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.44:4662 (not defined)
Oct 28 11:50:27 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:2842 (not defined)
Oct 28 11:50:28 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.44:4928 (not defined)
Oct 28 11:50:43 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:4837 (not defined)
Oct 28 11:50:43 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.44:2431 (not defined)
Oct 28 11:50:45 [Meine Adresse] relaylock: /var/qmail/bin/relaylock: mail from 205.209.136.46:1131 (not defined)



Also für mich sieht es so aus, als alle Versuche geblockt werden. Aber wie kommt dann der grosse DL-Traffic zustande?



Mfg
Kenny
Top

timeless2
Posts: 416
Joined: 2005-03-04 14:45
Location: Paris

Re: Mailserver sicher?

Post by timeless2 »

Weißt du, dass der Traffic über die Mailports gelaufen ist? Ein automatisches Backup lief auch nicht? Ungewöhnliche Dateien im /tmp-Verzeichnis, auf Rootkits gechecked, ...?
Top