这是攻击者如何进入我的服务器并生成大量垃圾邮件的数据包捕获,我无法通过任何方式阻止它。
220 mta1497.mail.ne1.yahoo.com ESMTP YSmtpProxy service ready
EHLO amsonere.co.uk
250-mta1497.mail.ne1.yahoo.com
250-8BITMIME
250-SIZE 41943040
250 PIPELINING
MAIL FROM:<[email protected]>
250 sender <[email protected]> ok
RCPT TO:<[email protected]>
250 recipient <[email protected]> ok
DATA
354 go ahead
Received: (qmail 3346 invoked from network); 7 May 2013 16:31:47 +0100
Received: from dsl-189-139-37-42-dyn.prod-infinitum.com.mx (HELO vdatbgpawos) (189.139.37.42)
by amsonere.co.uk with SMTP; 7 May 2013 16:31:46 +0100
From: "fegody zaneze" <[email protected]>
To: <[email protected]>, <[email protected]>, <[email protected]>, <[email protected]>, <[email protected]>
Date: Tue, 7 May 2013 17:27:50 -0700
Subject: SHOWE RINGt itsjo b
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-2
nop, qi
ruqifaz p http://metal-surface.fr/Knee-highs.html
.
250 ok dirdel
QUIT
221 mta1497.mail.ne1.yahoo.com
这是什么类型的攻击?它来自数百个 IP 地址。我无法阻止数千个 IP 地址。我在 Plesk 上使用 Qmail
以下是 /usr/loca/psa/var/log/maillog 中的日志
May 8 20:19:31 argon qmail-queue-handlers[28923]: Handlers Filter before-queue for qmail started ...
May 8 20:19:31 argon qmail-queue-handlers[28924]: Handlers Filter before-queue for qmail started ...
May 8 20:19:32 argon qmail-queue-handlers[28924]: [email protected]
May 8 20:19:32 argon qmail-queue-handlers[28924]: [email protected]
May 8 20:19:32 argon qmail-queue-handlers[28924]: [email protected]
May 8 20:19:32 argon qmail-queue-handlers[28924]: [email protected]
May 8 20:19:32 argon qmail-queue-handlers[28924]: [email protected]
May 8 20:19:32 argon qmail-queue-handlers[28924]: [email protected]
May 8 20:19:32 argon qmail-queue-handlers[28924]: [email protected]
May 8 20:19:32 argon qmail-queue-handlers[28924]: [email protected]
May 8 20:19:32 argon qmail-queue-handlers[28924]: hook_dir = '/var/qmail//handlers/before-queue'
May 8 20:19:32 argon qmail-queue-handlers[28924]: recipient[3] = '[email protected]'
May 8 20:19:32 argon qmail-queue-handlers[28924]: handlers dir = '/var/qmail//handlers/before-queue/recipient/[email protected]'
May 8 20:19:32 argon qmail-queue-handlers[28924]: recipient[4] = '[email protected]'
May 8 20:19:32 argon qmail-queue-handlers[28924]: handlers dir = '/var/qmail//handlers/before-queue/recipient/[email protected]'
May 8 20:19:32 argon qmail-queue-handlers[28924]: recipient[5] = '[email protected]'
May 8 20:19:32 argon qmail-queue-handlers[28924]: handlers dir = '/var/qmail//handlers/before-queue/recipient/[email protected]'
May 8 20:19:32 argon qmail-queue-handlers[28924]: recipient[6] = '[email protected]'
May 8 20:19:32 argon qmail-queue-handlers[28924]: handlers dir = '/var/qmail//handlers/before-queue/recipient/[email protected]'
May 8 20:19:32 argon qmail-queue-handlers[28924]: recipient[7] = '[email protected]'
May 8 20:19:32 argon qmail-queue-handlers[28924]: handlers dir = '/var/qmail//handlers/before-queue/recipient/[email protected]'
May 8 20:19:32 argon qmail-queue-handlers[28924]: recipient[8] = '[email protected]'
May 8 20:19:32 argon qmail-queue-handlers[28924]: handlers dir = '/var/qmail//handlers/before-queue/recipient/[email protected]'
May 8 20:19:32 argon qmail-queue-handlers[28924]: recipient[9] = '[email protected]'
May 8 20:19:32 argon qmail-queue-handlers[28924]: handlers dir = '/var/qmail//handlers/before-queue/recipient/[email protected]'
May 8 20:19:32 argon qmail-queue-handlers[28923]: [email protected]
May 8 20:19:32 argon qmail-queue-handlers[28923]: [email protected]
May 8 20:19:32 argon qmail-queue-handlers[28923]: [email protected]
May 8 20:19:32 argon qmail-queue-handlers[28923]: [email protected]
May 8 20:19:32 argon qmail-queue-handlers[28923]: [email protected]
May 8 20:19:32 argon qmail-queue-handlers[28923]: [email protected]
May 8 20:19:32 argon qmail-queue-handlers[28923]: [email protected]
May 8 20:19:32 argon qmail-queue-handlers[28923]: [email protected]
May 8 20:19:32 argon qmail-queue-handlers[28923]: [email protected]
May 8 20:19:32 argon qmail-queue-handlers[28923]: [email protected]
May 8 20:19:32 argon qmail-queue-handlers[28923]: hook_dir = '/var/qmail//handlers/before-queue'
May 8 20:19:32 argon qmail-queue-handlers[28923]: recipient[3] = '[email protected]'
May 8 20:19:32 argon qmail-queue-handlers[28923]: handlers dir = '/var/qmail//handlers/before-queue/recipient/[email protected]'
May 8 20:19:32 argon qmail-queue-handlers[28923]: recipient[4] = '[email protected]'
May 8 20:19:32 argon qmail-queue-handlers[28923]: handlers dir = '/var/qmail//handlers/before-queue/recipient/[email protected]'
May 8 20:19:32 argon qmail-queue-handlers[28923]: recipient[5] = '[email protected]'
May 8 20:19:32 argon qmail-queue-handlers[28923]: handlers dir = '/var/qmail//handlers/before-queue/recipient/[email protected]'
May 8 20:19:32 argon qmail-queue-handlers[28923]: recipient[6] = '[email protected]'
May 8 20:19:32 argon qmail-queue-handlers[28923]: handlers dir = '/var/qmail//handlers/before-queue/recipient/[email protected]'
May 8 20:19:32 argon qmail-queue-handlers[28923]: recipient[7] = '[email protected]'
May 8 20:19:32 argon qmail-queue-handlers[28923]: handlers dir = '/var/qmail//handlers/before-queue/recipient/[email protected]'
May 8 20:19:32 argon qmail-queue-handlers[28923]: recipient[8] = '[email protected]'
May 8 20:19:32 argon qmail-queue-handlers[28923]: handlers dir = '/var/qmail//handlers/before-queue/recipient/[email protected]'
May 8 20:19:32 argon qmail-queue-handlers[28923]: recipient[9] = '[email protected]'
May 8 20:19:32 argon qmail-queue-handlers[28923]: handlers dir = '/var/qmail//handlers/before-queue/recipient/[email protected]'
May 8 20:19:32 argon qmail-queue-handlers[28923]: recipient[10] = '[email protected]'
May 8 20:19:32 argon qmail-queue-handlers[28923]: handlers dir = '/var/qmail//handlers/before-queue/recipient/[email protected]'
May 8 20:19:32 argon qmail-queue-handlers[28923]: recipient[11] = '[email protected]'
May 8 20:19:32 argon qmail-queue-handlers[28923]: handlers dir = '/var/qmail//handlers/before-queue/recipient/[email protected]'
答案1
据我所知,这不是攻击者进入您的服务器,而是您的服务器将邮件发送到雅虎。
您要么是开放中继,要么是他们利用弱密码并向邮件注入 SMTP 身份验证。