Sendmail, спамят неподетски
Добавлено: 2010-03-29 22:17:49
Стоит sendmail, открытый relay запрещен, но спам валит в сумашедших количествах, за 5 часов в почтовой очереди собралось порядка 25тыс писем на отправку, всю сеть hinet.net заблокировал через iptables, а спам продолжает валить.
Код: Выделить всё
[root@inet ~]# cat /var/log/maillog|grep o2TIwBD8029685
Mar 29 21:58:41 inet sendmail[29685]: o2TIwBD8029685: Too many recipients
Mar 29 21:58:42 inet sendmail[29685]: o2TIwBD8029685: Too many recipients
Mar 29 21:58:42 inet sendmail[29685]: o2TIwBD8029685: [192.168.0.2]: Possible SMTP RCPT flood, throttling.
Mar 29 21:58:43 inet sendmail[29685]: o2TIwBD8029685: Too many recipients
Mar 29 21:58:44 inet sendmail[29685]: o2TIwBD8029685: Too many recipients
Mar 29 21:58:46 inet sendmail[29685]: o2TIwBD8029685: Too many recipients
Mar 29 21:58:47 inet sendmail[29685]: o2TIwBD8029685: from=<mxqwsvxaz@ms37.hinet.net>, size=4747, class=0, nrcpts=25, msgid=<NMEOCLGTWJUQEJKRUHRCXG@ms35.hinet.net>, bodytype=8BITMIME, proto=SMTP, daemon=MTA, relay=[192.168.0.2]
[root@inet ~]#
Код: Выделить всё
[root@inet spam]# cat qfo2TBbYe7017161
V8
T1269862752
K1269870541
N1
P631842
I253/0/1415028
B8BITMIME
MDeferred: Connection timed out with ms6a.hinet.net.
F8bs
$_[192.168.0.2]
$rSMTP
$s195.184.201.26
${daemon_flags}
${if_addr}192.168.1.3
S<nbyuooxrteeh@yahoo.com.tw>
MDeferred: Connection timed out with ms6a.hinet.net.
rRFC822; winrex@ms6.hinet.net
RPFD:<winrex@ms6.hinet.net>
MDeferred: Connection reset by mx3.url.com.tw.
rRFC822; keico888@ms85.url.com.tw
RPFD:<keico888@ms85.url.com.tw>
MDeferred: Connection timed out with msa-mx12.hinet.net.
rRFC822; bmw.e6887@msa.hinet.net
RPFD:<bmw.e6887@msa.hinet.net>
MDeferred: 450 4.7.1 <kb258@pchome.com.tw>: Recipient address rejected: Policy Rejection- Please try later.
rRFC822; kb258@pchome.com.tw
RPFD:<kb258@pchome.com.tw>
MDeferred: 421 4.7.0 [TS01] Messages from 195.184.199.66 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html
rRFC822; cotton3420@yahoo.com
RPFD:<cotton3420@yahoo.com>
rRFC822; a234624@yahoo.com.tw
RPFD:<a234624@yahoo.com.tw>
rRFC822; armani5888@yahoo.com.tw
RPFD:<armani5888@yahoo.com.tw>
rRFC822; stfrankwang@yahoo.com.tw
RPFD:<stfrankwang@yahoo.com.tw>
rRFC822; cvb99900@yahoo.com.tw
RPFD:<cvb99900@yahoo.com.tw>
rRFC822; ckt6666@yahoo.com.tw
RPFD:<ckt6666@yahoo.com.tw>
rRFC822; goo540130@yahoo.com.tw
RPFD:<goo540130@yahoo.com.tw>
rRFC822; cgs0952@yahoo.com.tw
RPFD:<cgs0952@yahoo.com.tw>
rRFC822; crocodie109@yahoo.com.tw
RPFD:<crocodie109@yahoo.com.tw>
rRFC822; ak477878@yahoo.com.tw
RPFD:<ak477878@yahoo.com.tw>
rRFC822; oto858113@yahoo.com.tw
RPFD:<oto858113@yahoo.com.tw>
MDeferred: 421 4.7.0 [TS01] Messages from 195.184.199.66 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html
rRFC822; c7610@yahoo.com.tw
RPFD:<c7610@yahoo.com.tw>
H?P?Return-Path: <?g>
H??Received: from 195.184.201.26 ([192.168.0.2])
by inet.azocm.ua (8.13.8/8.13.8) with SMTP id o2TBbYe7017161;
Mon, 29 Mar 2010 14:39:12 +0300
H??Received: from aalckghc.yahoo.com.tw (aalckghc.yahoo.com.tw [67.16.152.80]) by with SMTP;
Mon, 29 Mar 2010 08:38:13 -0300
H??Message-ID: <nhauaxxxsansjnbnhwytxxe.39843574582959525034@yahoo.com.tw>
H??Date: Mon, 29 Mar 2010 17:33:13 +0600
H??From: "???i?i???????H?A??@ ???q?? ???e??DVD~???x??C??40??!" <vfuvxmfbhwfdm@yahoo.com.tw>
H??Reply-To: "?D????x?????!!?C??u?n40??!!?f??~???I??,?w?????O??!!" <vfuvxmfbhwfdm@yahoo.com.tw>
H??To: a234624@yahoo.com.tw
H??Subject: ?W?j??G?? ????[?~??????
H??Mime-Version: 1.0
H??Content-Type: multipart/alternative;
boundary="--NextPartz_am_nvf7_n_qz2nbpatemndr9j"
.
[root@inet spam]#
, никто и представить не мог, что спама может небыть вообще. Все сделал на OpenBSD, Exim, MySQL+PostfixAdmin, PF+spamd, ну и естесстно местные рецепты. Оставалось 5-10 писем (рекл.) на всех, но примудрив собственные черные и белые списки реклама стала большой редкостью.