Спам с идущий через локалхост. Exim
Добавлено: 2014-11-12 19:02:02
Добрый день!
Сегодня пришло такое печальное письмо:
"Dear Network Administrator,
you receive this report, because you are responsible for the
aforementioned network block, and we have received complaints
about Unsolicited Commercial Email (UCE) from one or more of the IP addresses within.
*** See below, if you feel, that your are NOT responsible for the reported netblock ***
Please inspect the dialin customer computer or housing server and stop it from
sending unsolicited email to our customers by
- configuring its daemons in a way, that eMails are not beeing detected as UCE,
- stopping its connection to the internet,
- disabling its possibility to send email or
- removing security holes, hacked services, spambot software or misused daemons.
The report below is formatted in Abuse Reporting Format (ARF) format and contains this
text, the feedback-report and the original email header and will help you to identify,
wich of your customers caused the problem. For more information about ARF please see
http://tools.ietf.org/id/draft-shafrano ... ort-06.txt
Please note that we strip all lines off the header, that will expose the receivers
email address. The complete unsolicited email cannot be provided, because many
network administrators will then block this report.
Please note that due to the automated nature of the UCE and our response to it,
we canot read a direct reply. If you want action to be taken to correct this
report, it is your duty to react in the manner outlined above.
An escalation of this action, including contacting the responsible IP
registry, will occur if this email returns an error, (including "mailbox
full"), or if we receive more reports of UCE from this network block.
The listed IPs are now blocked by our realtime blacklist under http://www.dnsbl.de/
and can easily be removed under http://www.dnsbl.de by any real person.
"
По логам вижу кучу писем от локалхоста!
2014-11-11 10:52:24 1Xo5JQ-000Lqz-0K <= no-reply@nieblacklisted.net H=(wallstreetads.org) [127.0.0.1]:36675 I=[127.0.0.1]:25 P=esmtp S=2755 id=4d97d6c9e73495a650fe6ced5ce3bf1e@www.anforderndiskret1.eu T="achim, RTL2 sagt" from <no-reply@nieblacklisted.net> for achim@gsg1.de
2014-11-11 10:52:24 1Xo5JQ-000Lqz-0K => achim@gsg1.de F=<no-reply@nieblacklisted.net> R=dnslookup T=remote_smtp S=2825 H=mx01.kundenserver.de [212.227.15.150] X=TLSv1:DHE-RSA-AES256-SHA:256 C="250 Requested mail action okay, completed: id=0M3Smu-1Y5cEK2jPE-00r0wg"
2014-11-11 10:52:24 1Xo5JQ-000Lqz-0K Completed
2014-11-11 10:52:24 1Xo5JQ-000Lr4-QU <= no-reply@nieblacklisted.net H=(wallstreetads.org) [127.0.0.1]:58469 I=[127.0.0.1]:25 P=esmtp S=2915 id=1da9f1ede67ea49a550e5095b09f8355@www.anforderndiskret1.eu T="anton sailer, Playboy Schweiz empfiehlt" from <no-reply@nieblacklisted.net> for anton.sailer@gmx.de
2014-11-11 10:52:25 1Xo5JQ-000Lr4-QU => anton.sailer@gmx.de F=<no-reply@nieblacklisted.net> R=dnslookup T=remote_smtp S=2986 H=mx00.emig.gmx.net [213.165.67.114] X=TLSv1:DHE-RSA-AES256-SHA:256 C="250 Requested mail action okay, completed: id=0MQ5nH-1Xsk141cpf-005GA9"
2014-11-11 10:52:25 1Xo5JQ-000Lr4-QU Completed
2014-11-11 10:52:26 SMTP connection from (wallstreetads.org) [127.0.0.1]:40091 I=[127.0.0.1]:25 closed by QUIT
2014-11-11 10:52:26 1Xo5JS-000LrC-N1 <= no-reply@nieblacklisted.net H=(wallstreetads.org) [127.0.0.1]:40091 I=[127.0.0.1]:25 P=esmtp S=3154 id=05af8751394cb53dd682946c83744799@www.anforderndiskret1.eu T="christian dier, N24 empfiehlt" from <no-reply@nieblacklisted.net> for christian.dier@yahoo.de
2014-11-11 10:52:28 1Xo5JS-000LrC-N1 => christian.dier@yahoo.de F=<no-reply@nieblacklisted.net> R=dnslookup T=remote_smtp S=3228 H=mx-eu.mail.am0.yahoodns.net [188.125.69.79] X=TLSv1:RC4-SHA:128 C="250 ok dirdel"
2014-11-11 10:52:28 1Xo5JS-000LrC-N1 Completed
Может кто подскажет откуда ноги растут?
Сегодня пришло такое печальное письмо:
"Dear Network Administrator,
you receive this report, because you are responsible for the
aforementioned network block, and we have received complaints
about Unsolicited Commercial Email (UCE) from one or more of the IP addresses within.
*** See below, if you feel, that your are NOT responsible for the reported netblock ***
Please inspect the dialin customer computer or housing server and stop it from
sending unsolicited email to our customers by
- configuring its daemons in a way, that eMails are not beeing detected as UCE,
- stopping its connection to the internet,
- disabling its possibility to send email or
- removing security holes, hacked services, spambot software or misused daemons.
The report below is formatted in Abuse Reporting Format (ARF) format and contains this
text, the feedback-report and the original email header and will help you to identify,
wich of your customers caused the problem. For more information about ARF please see
http://tools.ietf.org/id/draft-shafrano ... ort-06.txt
Please note that we strip all lines off the header, that will expose the receivers
email address. The complete unsolicited email cannot be provided, because many
network administrators will then block this report.
Please note that due to the automated nature of the UCE and our response to it,
we canot read a direct reply. If you want action to be taken to correct this
report, it is your duty to react in the manner outlined above.
An escalation of this action, including contacting the responsible IP
registry, will occur if this email returns an error, (including "mailbox
full"), or if we receive more reports of UCE from this network block.
The listed IPs are now blocked by our realtime blacklist under http://www.dnsbl.de/
and can easily be removed under http://www.dnsbl.de by any real person.
"
По логам вижу кучу писем от локалхоста!
2014-11-11 10:52:24 1Xo5JQ-000Lqz-0K <= no-reply@nieblacklisted.net H=(wallstreetads.org) [127.0.0.1]:36675 I=[127.0.0.1]:25 P=esmtp S=2755 id=4d97d6c9e73495a650fe6ced5ce3bf1e@www.anforderndiskret1.eu T="achim, RTL2 sagt" from <no-reply@nieblacklisted.net> for achim@gsg1.de
2014-11-11 10:52:24 1Xo5JQ-000Lqz-0K => achim@gsg1.de F=<no-reply@nieblacklisted.net> R=dnslookup T=remote_smtp S=2825 H=mx01.kundenserver.de [212.227.15.150] X=TLSv1:DHE-RSA-AES256-SHA:256 C="250 Requested mail action okay, completed: id=0M3Smu-1Y5cEK2jPE-00r0wg"
2014-11-11 10:52:24 1Xo5JQ-000Lqz-0K Completed
2014-11-11 10:52:24 1Xo5JQ-000Lr4-QU <= no-reply@nieblacklisted.net H=(wallstreetads.org) [127.0.0.1]:58469 I=[127.0.0.1]:25 P=esmtp S=2915 id=1da9f1ede67ea49a550e5095b09f8355@www.anforderndiskret1.eu T="anton sailer, Playboy Schweiz empfiehlt" from <no-reply@nieblacklisted.net> for anton.sailer@gmx.de
2014-11-11 10:52:25 1Xo5JQ-000Lr4-QU => anton.sailer@gmx.de F=<no-reply@nieblacklisted.net> R=dnslookup T=remote_smtp S=2986 H=mx00.emig.gmx.net [213.165.67.114] X=TLSv1:DHE-RSA-AES256-SHA:256 C="250 Requested mail action okay, completed: id=0MQ5nH-1Xsk141cpf-005GA9"
2014-11-11 10:52:25 1Xo5JQ-000Lr4-QU Completed
2014-11-11 10:52:26 SMTP connection from (wallstreetads.org) [127.0.0.1]:40091 I=[127.0.0.1]:25 closed by QUIT
2014-11-11 10:52:26 1Xo5JS-000LrC-N1 <= no-reply@nieblacklisted.net H=(wallstreetads.org) [127.0.0.1]:40091 I=[127.0.0.1]:25 P=esmtp S=3154 id=05af8751394cb53dd682946c83744799@www.anforderndiskret1.eu T="christian dier, N24 empfiehlt" from <no-reply@nieblacklisted.net> for christian.dier@yahoo.de
2014-11-11 10:52:28 1Xo5JS-000LrC-N1 => christian.dier@yahoo.de F=<no-reply@nieblacklisted.net> R=dnslookup T=remote_smtp S=3228 H=mx-eu.mail.am0.yahoodns.net [188.125.69.79] X=TLSv1:RC4-SHA:128 C="250 ok dirdel"
2014-11-11 10:52:28 1Xo5JS-000LrC-N1 Completed
Может кто подскажет откуда ноги растут?