从昨天晚些时候开始,特定用户的电子邮件队列已经增加到超过45,000。对于用户未发送的消息,电子邮件都是不可传递的 - 至少是故意的。
以下是mail.log文件的片段..许多来自地址的用户都是不存在的,域名是正确的,但不是用户。
任何想法是什么以及如何阻止它?
P.S。我用" mydomain.co.uk"替换了我的真实域名。此域中唯一的实时用户是名为" mike"。
的用户Jun 22 19:28:05 server1 postfix / smtpd [5305]:6843DFB270:client = 81.61.129.17.dyn.user.ono.com [81.61.129.17],sasl_method = LOGIN,sasl_username = mike@mydomain.co .UK Jun 22 19:28:05 server1 postfix / cleanup [5499]:3B2B5FB269:message-id = Jun 22 19:28:05 server1 postfix / qmgr [4391]:3B2B5FB269:from =,size = 715,nrcpt = 1(queue active) Jun 22 19:28:05 server1 postfix / smtpd [5159]:ABF72FB271:client = unknown [37.218.171.206],sasl_method = LOGIN,sasl_username = mike@mydomain.co.uk Jun 22 19:28:05 server1 postfix / cleanup [5594]:B1DECFB26C:message-id = Jun 22 19:28:05 server1 postfix / qmgr [4391]:B1DECFB26C:from =,size = 680,nrcpt = 1(queue active) Jun 22 19:28:05 server1 postfix / smtpd [5474]:ED465FB272:client = unknown [181.112.50.130],sasl_method = LOGIN,sasl_username = mike@mydomain.co.uk Jun 22 19:28:06 server1 postfix / smtpd [5057]:189E4FB273:client = unknown [27.75.56.22],sasl_method = LOGIN,sasl_username = mike@mydomain.co.uk Jun 22 19:28:06 server1 postfix / cleanup [5645]:0C65CFB267:message-id = Jun 22 19:28:06 server1 postfix / qmgr [4391]:0C65CFB267:from =,size = 690,nrcpt = 1(queue active) Jun 22 19:28:06 server1 postfix / cleanup [5515]:127F5FB26E:message-id = Jun 22 19:28:06 server1 postfix / qmgr [4391]:127F5FB26E:from =,size = 697,nrcpt = 1(queue active) Jun 22 19:28:06 server1 postfix / cleanup [5644]:6843DFB270:message-id =< 8REPFY1T-UQLX-NXWH-JAL6-GBV9JM53NE4P@mydomain.co.uk> Jun 22 19:28:06 server1 postfix / qmgr [4391]:6843DFB270:from =,size = 703,nrcpt = 1(queue active) Jun 22 19:28:06 server1 postfix / cleanup [5598]:E73C2FB25F:message-id = Jun 22 19:28:06 server1 postfix / cleanup [5607]:BEDB4FB26D:message-id = Jun 22 19:28:06 server1 postfix / qmgr [4391]:BEDB4FB26D:from =,size = 674,nrcpt = 1(队列激活) Jun 22 19:28:06 server1 postfix / qmgr [4391]:E73C2FB25F:from =,size = 690,nrcpt = 1(queue active) Jun 22 19:28:06 server1 postfix / smtpd [5052]:95065FB274:client = unknown [94.99.25.28],sasl_method = LOGIN,sasl_username = mike@mydomain.co.uk Jun 22 19:28:06 server1 postfix / cleanup [5646]:9858BFB26B:message-id = Jun 22 19:28:06 server1 postfix / cleanup [5643]:37753FB26F:message-id = Jun 22 19:28:06 server1 postfix / qmgr [4391]:37753FB26F:from =,size = 827,nrcpt = 1(queue active) Jun 22 19:28:06 server1 postfix / qmgr [4391]:9858BFB26B:from =,size = 692,nrcpt = 1(queue active) Jun 22 19:28:06 server1 postfix / smtpd [5357]:A9E14FB275:client = unknown [181.211.189.214],sasl_method = LOGIN,sasl_username = mike@mydomain.co.uk Jun 22 19:28:06 server1 postfix / smtpd [5305]:C5767FB276:client = 81.61.129.17.dyn.user.ono.com [81.61.129.17],sasl_method = LOGIN,sasl_username = mike@mydomain.co.uk Jun 22 19:28:06 server1 postfix / cleanup [5593]:69984FB26A:message-id = Jun 22 19:28:06 server1 postfix / qmgr [4391]:69984FB26A:from =,size = 715,nrcpt = 1(queue active) Jun 22 19:28:07 server1 postfix / smtpd [5208]:17F14FB277:client = unknown [190.233.125.58],sasl_method = LOGIN,sasl_username = mike@mydomain.co.uk Jun 22 19:28:07 server1 postfix / cleanup [5641]:ED465FB272:message-id = Jun 22 19:28:07 server1 postfix / qmgr [4391]:ED465FB272:from =,size = 715,nrcpt = 1(队列激活) Jun 22 19:28:07 server1 postfix / cleanup [5613]:ABF72FB271:message-id = Jun 22 19:28:07 server1 postfix / qmgr [4391]:ABF72FB271:from =,size = 706,nrcpt = 1(queue active) Jun 22 19:28:07 server1 postfix / smtpd [5304]:85087FB278:client = unknown [37.150.230.145],sasl_method = LOGIN,sasl_username = mike@mydomain.co.uk Jun 22 19:28:07 server1 postfix / cleanup [5515]:C5767FB276:message-id = Jun 22 19:28:07 server1 postfix / qmgr [4391]:C5767FB276:from =,size = 701,nrcpt = 1(队列激活) Jun 22 19:28:07 server1 postfix / smtpd [5494]:9DBA9FB279:client = unknown [14.167.36.85],sasl_method = LOGIN,sasl_username = mike@mydomain.co.uk
答案 0 :(得分:1)
您的电子邮件帐户的登录信息已被截获。 当我查看IP地址(我看了4)时,他们来自秘鲁,厄瓜多尔,沙特阿拉伯和中国。
更改密码并重新启动sasl