Hallo zusammen,
am Anfang dachte ich, ein Skript würde Mails verschicken. Dann aber habe ich mal den Apache-Dienst gestoppt. Nachdem aber unvermindert weiter Mails in die Queue geschoben werden, vermute ich fast, dass ein Mail-Zugang kompromittiert wurde. Die Mail-Queue enthält immer eine bestimmte Absender-Domain, die es nicht gibt:
--
91EA22C4 77209 Fri Oct 18 14:01:04 member@westpack.au
(delivery temporarily suspended: host extmail.bigpond.com[61.9.189.122] refused to talk to me: 554 nschwcmgw03p BigPond Inbound Connection refused. IB113)
christine.allen81@bigpond.com
9E6B9103 77180 Fri Oct 18 14:00:58 member@westpack.au
(connect to cluster8.us.messagelabs.com[216.82.249.147]:25: Connection refused)
jaslie.wu@grays.com.au
99CB14E8 77185 Fri Oct 18 14:00:59 member@westpack.au
(delivery temporarily suspended: host extmail.bigpond.com[61.9.189.122] refused to talk to me: 554 nschwcmgw03p BigPond Inbound Connection refused. IB113)
bronsellers@bigpond.com
7DA8E63 77175 Fri Oct 18 14:00:45 member@westpack.au
(delivery temporarily suspended: host extmail.bigpond.com[61.9.189.122] refused to talk to me: 554 nschwcmgw03p BigPond Inbound Connection refused. IB113)
matt.hurn@bigpond.com
53D2C128 77184 Fri Oct 18 14:00:44 member@westpack.au
(host filter1.ais-2.mailguard.com.au[67.228.18.83] said: 450 4.1.8 <member@westpack.au>: Sender address rejected: Domain not found (in reply to RCPT TO command))
moreinfo@ais.vic.edu.au
4B346D33 77224 Fri Oct 18 14:00:55 member@westpack.au
(host edumg02.edumail.vic.gov.au[203.12.63.21] refused to talk to me: 450 4.3.2 try again later)
the.grange.p12@edumail.vic.gov.au
4F66D148F 77198 Fri Oct 18 14:01:10 member@westpack.au
(host extmail.bigpond.com[61.9.189.122] refused to talk to me: 554 nschwcmgw03p BigPond Inbound Connection refused. IB113)
blester@franciscans.org.au
C1D141539 77170 Fri Oct 18 14:01:07 member@westpack.au
(host smtpin.mx.webtv.net[209.240.204.26] said: 450 <member@westpack.au>: Sender address rejected: Domain not found (in reply to RCPT TO command))
ldhensley@webtv.com
--
Wie finde ich heraus, welcher Benutzer betroffen ist? In den Log-Files finde ich nämlich leider keinen entsprechenden Hinweis!
Viele Grüße
Hahni
am Anfang dachte ich, ein Skript würde Mails verschicken. Dann aber habe ich mal den Apache-Dienst gestoppt. Nachdem aber unvermindert weiter Mails in die Queue geschoben werden, vermute ich fast, dass ein Mail-Zugang kompromittiert wurde. Die Mail-Queue enthält immer eine bestimmte Absender-Domain, die es nicht gibt:
--
91EA22C4 77209 Fri Oct 18 14:01:04 member@westpack.au
(delivery temporarily suspended: host extmail.bigpond.com[61.9.189.122] refused to talk to me: 554 nschwcmgw03p BigPond Inbound Connection refused. IB113)
christine.allen81@bigpond.com
9E6B9103 77180 Fri Oct 18 14:00:58 member@westpack.au
(connect to cluster8.us.messagelabs.com[216.82.249.147]:25: Connection refused)
jaslie.wu@grays.com.au
99CB14E8 77185 Fri Oct 18 14:00:59 member@westpack.au
(delivery temporarily suspended: host extmail.bigpond.com[61.9.189.122] refused to talk to me: 554 nschwcmgw03p BigPond Inbound Connection refused. IB113)
bronsellers@bigpond.com
7DA8E63 77175 Fri Oct 18 14:00:45 member@westpack.au
(delivery temporarily suspended: host extmail.bigpond.com[61.9.189.122] refused to talk to me: 554 nschwcmgw03p BigPond Inbound Connection refused. IB113)
matt.hurn@bigpond.com
53D2C128 77184 Fri Oct 18 14:00:44 member@westpack.au
(host filter1.ais-2.mailguard.com.au[67.228.18.83] said: 450 4.1.8 <member@westpack.au>: Sender address rejected: Domain not found (in reply to RCPT TO command))
moreinfo@ais.vic.edu.au
4B346D33 77224 Fri Oct 18 14:00:55 member@westpack.au
(host edumg02.edumail.vic.gov.au[203.12.63.21] refused to talk to me: 450 4.3.2 try again later)
the.grange.p12@edumail.vic.gov.au
4F66D148F 77198 Fri Oct 18 14:01:10 member@westpack.au
(host extmail.bigpond.com[61.9.189.122] refused to talk to me: 554 nschwcmgw03p BigPond Inbound Connection refused. IB113)
blester@franciscans.org.au
C1D141539 77170 Fri Oct 18 14:01:07 member@westpack.au
(host smtpin.mx.webtv.net[209.240.204.26] said: 450 <member@westpack.au>: Sender address rejected: Domain not found (in reply to RCPT TO command))
ldhensley@webtv.com
--
Wie finde ich heraus, welcher Benutzer betroffen ist? In den Log-Files finde ich nämlich leider keinen entsprechenden Hinweis!
Viele Grüße
Hahni