Hallo zusammen,
Open-Relay scheidet aus. Ebenso ein Rootkit. Trotzdem wird über einen Kundenserver Spam verschickt - beispielsweise "targobank.de". Es muss ein berechtigter Mail-Benutzer sein, dessen Konto ausgespäht wurde. Doch in den Logs konnte ich das wie rausfinden? Auffälligkeiten stelle ich nämlich in der "mail.info" keine fest
--
[FONT="]Betreff: [clean-mx-spam-94381488] abuse report about x.x.x.x - Fri,
07
Feb 2014 12:11:07 +0100[/FONT]
[FONT="]Hello Abuse-Team,[/FONT]
[FONT="]your Server with the IP: x.x.x.x has attacked one of our server on
the
service:
"postfix" on Time: Fri, 07 Feb 2014 12:11:07 +0100 The IP was
automatically
blocked for more than 10 minutes. To block an IP, it needs
3 failed Logins, one match for "invalid user" or a 5xx-Error-Code (eg.
Blacklist)![/FONT]
[FONT="]Please check the machine behind the IP x.x.x.x (server)
and fix the problem.[/FONT]
[FONT="]real-time data for this day available at:[/FONT]
[FONT="]http://support.clean-mx.de/clean-mx/publog?ip=x.x.x.x
[/FONT]
[FONT="]
You can parse this Mail with X-ARF-Tools (1. attachment = Details, 2.
attachment = Logs).
You found more Information about X-Arf under
http://www.x-arf.org/specification.html[/FONT]
[FONT="]If you have a special x-arf email contact, please drop us a note.[/FONT]
[FONT="]In the attachment of this mail you can find the original protocols of our
systems.[/FONT]
--
Viele Grüße
Hahni
Open-Relay scheidet aus. Ebenso ein Rootkit. Trotzdem wird über einen Kundenserver Spam verschickt - beispielsweise "targobank.de". Es muss ein berechtigter Mail-Benutzer sein, dessen Konto ausgespäht wurde. Doch in den Logs konnte ich das wie rausfinden? Auffälligkeiten stelle ich nämlich in der "mail.info" keine fest
--
[FONT="]Betreff: [clean-mx-spam-94381488] abuse report about x.x.x.x - Fri,
07
Feb 2014 12:11:07 +0100[/FONT]
[FONT="]Hello Abuse-Team,[/FONT]
[FONT="]your Server with the IP: x.x.x.x has attacked one of our server on
the
service:
"postfix" on Time: Fri, 07 Feb 2014 12:11:07 +0100 The IP was
automatically
blocked for more than 10 minutes. To block an IP, it needs
3 failed Logins, one match for "invalid user" or a 5xx-Error-Code (eg.
Blacklist)![/FONT]
[FONT="]Please check the machine behind the IP x.x.x.x (server)
and fix the problem.[/FONT]
[FONT="]real-time data for this day available at:[/FONT]
[FONT="]http://support.clean-mx.de/clean-mx/publog?ip=x.x.x.x
[/FONT]
[FONT="]
You can parse this Mail with X-ARF-Tools (1. attachment = Details, 2.
attachment = Logs).
You found more Information about X-Arf under
http://www.x-arf.org/specification.html[/FONT]
[FONT="]If you have a special x-arf email contact, please drop us a note.[/FONT]
[FONT="]In the attachment of this mail you can find the original protocols of our
systems.[/FONT]
--
Viele Grüße
Hahni