服务器 Gind.cn
  1. 服务器 Gind.cn
  3. Exim电子邮件被黑客攻击或Backscatter攻击
Intereting Posts
LVM上的RAID或RAID有什么更好的LVM? 不能够进入ubuntu 10.04 grub.cfg进入redhat 5.1 menu.lst文件运行2个linux os和1个窗口 Juniper NS防火墙之间的路由 如何将Windows 2003域控制器添加到Windows 2000林中? Linux(Ubuntu vs CentOS)LDAP客户端,用于389-ds – 密码策略 为什么路由CPU和内存密集? Nginx服务错误的根 我怎样才能确定为什么用户密码更改没有成功? 我应该在这个WiFinetworking的不同渠道? 从脚本中添加一个新的用户到Linux 获取(主要)页面错误的虚拟内存地址 调整基于django的网站部署使用Apache的wsgi更好的性能 可以在两台服务器之间build立OpenVPN? 如何? DNS不parsingIP 无法在CentOS上使用LEMP安装phpmyadmin

Exim电子邮件被黑客攻击或Backscatter攻击

今天早上,我已经为一个客户承担了一个Exim服务器,我从Hotmail启动了大约100次反弹,具体如下:

“未发送邮件返回给发件人”

谷歌search我遇到反向散射问题,但是我不知道为什么我的邮件服务器将显示电子邮件出队列,如果是这样? 我对pipe理员邮件服务器并不是很了不起, 

[root@vesta msglog]# exim -bp 71m 2.5K 1ZC6Ap-0005KE-Un <[email protected]> MariseYFaria@ D heliogalvao@ D paulakunath@ D eve_junkera@ D fabiobt@ D leidegis@ D jarbasbueno@ D heluquisa2004@ D guig.soares@ D fhr1980@ D sirnagovino@

邮件主题似乎是恶意网站的垃圾邮件负载。

标题如下: 

  [root@vesta msglog]# exim -Mvh 1ZC6Ap-0005KE-Un 1ZC6Ap-0005KE-Un-H exim 93 93 <[email protected]> 1436188263 0 -helo_name stevedomain.com -host_address 46.177.21.185.51075 -host_name ppp046177021185.access.hol.gr -host_auth dovecot_plain -interface_address 109.XXX69.587 -received_protocol esmtpa -body_linecount 41 -max_received_linelength 86 -auth_id [email protected] YY heliogalvao@ YY fabiobt@ NN eve_junkera@ YN guig.soares@ NN fhr1980@ YY paulakunath@ YY jarbasbueno@ NN heluquisa2004@ NN leidegis@ NN sirnagovino@ 11 MariseYFaria@ heliogalvao@ paulakunath@ eve_junkera@ fabiobt@ leidegis@ jarbasbueno@ heluquisa2004@ guig.soares@ fhr1980@ sirnagovino@ 226P Received: from ppp046177021185.access.hol.gr ([46.177.21.185] helo=stevedomain.com) by vesta.slidomain.co.uk with esmtpa (Exim 4.72) (envelope-from <[email protected]>) id 1ZC6Ap-0005KE-Un; Mon, 06 Jul 2015 14:11:04 +0100 063I Message-ID: <[email protected]> 044F From: "veribenassi" <[email protected]> 471T To: "Marise Yaine" <MariseYFaria@>, "Helinho" <heliogalvao@>, "Kunath" <paulakunath@>, "Evelyn" <eve_junkera@>, "Fabio Junqueira" <[email protected]>, "Gisleide" <leidegis@>, "Jarbas" <jarbasbueno@>, "iso 8859 1 B SGVs9A" <heluquisa2004@>, "Guilherme gmail" <guig.soares@>, "Fernando Henrique" <fhr1980@>, "Janaina Sirna Govino" <sirnagovino@> 055 Subject: =?ISO-8859-1?Q?6=2F26=2F2015_2=3A10=3A57_PM?= 038 Date: Thu, 26 Jun 2015 02:10:57 +0000 018 MIME-Version: 1.0 091 Content-Type: multipart/alternative; boundary="----=_NextPart_000_5B24_83A7AFF1.337DC5C4" 014 X-Priority: 3 026 X-MSMail-Priority: Normal 019 Importance: Normal 052 X-Mailer: Microsoft Windows Live Mail 16.4.3522.110 056 X-MIMEOLE: Produced By Microsoft MimeOLE V16.4.3522.110

所以我的问题是,我怎样才能确认我的邮件服务器发生了什么? 除了通常的蛮力ssh Fail2Ban阻止之外,我看不到任何条目。