daboos94 | Bonjour,
Je suis regulierement blacklisté des serveurs mail. En regardant les logs de mes mails j'in l'impression que des personnes arrivent à envoyer des emails depuis mon serveur...
voici un extrait :
Code :
- root@salahcorp /var/log# cat maillog | grep -v from=root | grep -v "from=<root" | grep -v "from=<operator"
- 496:538:580:Dec 12 15:53:17 salahcorp sm-mta[16198]: mBCErDbM016198: from=<salah@salahcorp.com>, size=505, class=0, nrcpts=1, msgid=<200812121453.mBCErDbM016198@salahcorp.com>, proto=SMTP, daemon=IPv4, relay=[220.81.17.65]
- 497:539:581:Dec 12 15:53:22 salahcorp sm-mta[16199]: mBCErDbM016198: to="|IFS=' ' && exec /usr/local/bin/procmail -f- || exit 75 salah", ctladdr=<salah@salahcorp.com> (1001/1001), delay=00:00:07, xdelay=00:00:05, mailer=prog, pri=30863, dsn=2.0.0, stat=Sent
- 498:540:582:Dec 12 15:55:01 salahcorp sendmail[16222]: mBCEt1Kw016222: from=operator, size=784, class=0, nrcpts=1, msgid=<200812121455.mBCEt1Kw016222@salahcorp.com>, relay=operator@localhost
- 500:542:584:Dec 12 15:55:01 salahcorp sendmail[16222]: mBCEt1Kw016222: to=operator, ctladdr=operator (2/5), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30784, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (mBCEt10m016248 Message accepted for delivery)
- 501:543:585:Dec 12 15:55:01 salahcorp sm-mta[16260]: mBCEt10m016248: to=root, ctladdr=<operator@salahcorp.com> (2/5), delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31330, relay=local, dsn=2.0.0, stat=Sent
- 502:544:586:Dec 12 16:04:23 salahcorp sm-mta[16387]: mBCF3urL016387: from=<teresab@freeproblem.com>, size=5752, class=0, nrcpts=1, msgid=<c768019dc1ea$f5da6784$8ead1854@freeproblem.com>, proto=ESMTP, daemon=IPv4, relay=[94.240.216.171]
- 503:545:587:Dec 12 16:04:29 salahcorp sm-mta[16388]: mBCF3urL016387: to="|IFS=' ' && exec /usr/local/bin/procmail -f- || exit 75 salah", ctladdr=<salah@salahcorp.com> (1001/1001), delay=00:00:19, xdelay=00:00:06, mailer=prog, pri=35971, dsn=2.0.0, stat=Sent
- 504:546:588:Dec 12 16:11:01 salahcorp sendmail[16533]: mBCFB1sq016533: from=operator, size=687, class=0, nrcpts=1, msgid=<200812121511.mBCFB1sq016533@salahcorp.com>, relay=operator@localhost
- 506:548:590:Dec 12 16:11:01 salahcorp sendmail[16533]: mBCFB1sq016533: to=operator, ctladdr=operator (2/5), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30687, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (mBCFB11g016547 Message accepted for delivery)
- 507:549:591:Dec 12 16:11:01 salahcorp sm-mta[16548]: mBCFB11g016547: to=root, ctladdr=<operator@salahcorp.com> (2/5), delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31233, relay=local, dsn=2.0.0, stat=Sent
- 508:551:594:Dec 12 16:11:01 salahcorp sendmail[16537]: mBCFB1JM016537: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30313, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (mBCFB1qJ016550 Message accepted for delivery)
- 509:552:595:Dec 12 16:11:01 salahcorp sm-mta[16551]: mBCFB1qJ016550: to=<root@salahcorp.com>, ctladdr=<root@salahcorp.com> (0/0), delay=00:00:00, xdelay=00:00:00, mailer=local, pri=30840, relay=local, dsn=2.0.0, stat=Sent
- 510:553:596:Dec 12 16:19:43 salahcorp imapd[16613]: Authenticated user=salah host=localhost [127.0.0.1] mech=PLAIN
- 511:554:597:Dec 12 16:19:44 salahcorp imapd[16614]: Login user=salah host=localhost [127.0.0.1]
- 512:555:598:Dec 12 16:19:46 salahcorp imapd[16614]: Moved 76250 bytes of new mail to /home/salah/mbox from /var/mail/salah host= localhost [127.0.0.1]
- 513:556:599:Dec 12 16:19:46 salahcorp imapd[16614]: Killed (lost mailbox lock) user=salah host=localhost [127.0.0.1]
- 514:557:600:Dec 12 16:20:08 salahcorp imapd[16613]: Logout user=salah host=localhost [127.0.0.1]
- 515:558:601:Dec 12 16:20:10 salahcorp imapd[16683]: Authenticated user=salah host=localhost [127.0.0.1] mech=PLAIN
- 516:559:602:Dec 12 16:20:13 salahcorp imapd[16683]: Logout user=salah host=localhost [127.0.0.1]
- 517:560:603:Dec 12 16:20:13 salahcorp imapd[16684]: Authenticated user=salah host=localhost [127.0.0.1] mech=PLAIN
- 518:561:604:Dec 12 16:20:16 salahcorp imapd[16684]: Logout user=salah host=localhost [127.0.0.1]
- 519:562:605:Dec 12 16:20:43 salahcorp sm-mta[16685]: mBCFKh5o016685: [93.86.130.208] did not issue MAIL/EXPN/VRFY/ETRN during connection to IPv4
- 520:563:606:Dec 12 16:22:01 salahcorp sendmail[16726]: mBCFM1FH016726: from=operator, size=624, class=0, nrcpts=1, msgid=<200812121522.mBCFM1FH016726@salahcorp.com>, relay=operator@localhost
- 522:566:610:Dec 12 16:22:01 salahcorp sendmail[16722]: mBCFM10o016722: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30313, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (mBCFM1sH016736 Message accepted for delivery)
- 523:567:611:Dec 12 16:22:01 salahcorp sendmail[16726]: mBCFM1FH016726: to=operator, ctladdr=operator (2/5), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30624, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (mBCFM1cA016735 Message accepted for delivery)
- 524:568:612:Dec 12 16:22:01 salahcorp sm-mta[16737]: mBCFM1sH016736: to=<root@salahcorp.com>, ctladdr=<root@salahcorp.com> (0/0), delay=00:00:00, xdelay=00:00:00, mailer=local, pri=30840, relay=local, dsn=2.0.0, stat=Sent
- 525:569:613:Dec 12 16:22:06 salahcorp sm-mta[16738]: mBCFM1cA016735: to=root, ctladdr=<operator@salahcorp.com> (2/5), delay=00:00:05, xdelay=00:00:05, mailer=local, pri=31170, relay=local, dsn=2.0.0, stat=Sent
|
Voici les références de mon système :
Code :
- 16:32 root@salahcorp /var/log# uname -a
- FreeBSD salahcorp.com 6.1-PRERELEASE FreeBSD 6.1-PRERELEASE #4: Fri Mar 24 09:55:13 CET 2006 salah@salahcorp.com:/usr/obj/usr/src/sys/SALAHCORP i386
- ESMTP Sendmail 8.13.4/8.13.4;
- 16:33 root@salahcorp /var/log# spamassassin --version
- SpamAssassin version 3.2.5
- running on Perl version 5.8.8
- 16:34 root@salahcorp /var/log#
|
Mon domaine : salahcorp.com
Merci pour votre aide....
Message édité par daboos94 le 21-12-2008 à 07:39:11
|
