Sendmail hängt dank Spam

D

da2001

Registered User
Moin Moin,

irgendwie kommen bei meinem Server keine Mails mehr an. Rausschicken geht auch nicht, weil der Server die Verbindung verweitert. in der mail.err steht kein Fehler drin, aber wenn ich die Prozesse aufliste, stehen interessante informationen dort.

Wie z.B.

Sendmail: Queue control
running queue /var/spool/clientmqueue
rejecting connections on daemon MTA: 15 children, max 15
sendmail ./133FnfiS00.... sophos.k12.ms.us: user open

und dann geht weiter.. viele offene User und 2 davon steht hinter :DATA


Ich nehme mal an, dass gerade 15 Server mit Spam senden und deshalb kein Zugang mehr möglich ist.. Stimmt das?

Wenn ja, wie verhindere ich das?

Danke für eure Hilfe!..

Gruss
Björn
 
Last edited by a moderator:
Hallo!
Hier wären Auszüge aus den Original Logfiles hilfreich. So ohne Zusammenhand kann man das schwerlich beurteilen.

mfG
Thorsten
 
Danke Thorsten!..

Über hilfe würd ich mich freuen :)

Mail-error log
Code: 
Apr  3 18:19:24 oslo062 sendmail[4982]: l33GHtiS004962: lilly.com.s8a1.psmtp.com.: SMTP DATA-2 protocol error: 571 Message Refused
Apr  3 18:19:24 oslo062 sendmail[4960]: l33GHdiS004944: inktip.com.s5a1.psmtp.com.: SMTP DATA-2 protocol error: 571 Message Refused
Apr  3 18:20:41 oslo062 sendmail[4995]: l33GICiS004988: nw.org.com.s8a1.psmtp.com.: SMTP DATA-2 protocol error: 571 Message Refused
Apr  3 18:20:48 oslo062 sendmail[5008]: l33GISiS005005: gsk.com.mail5.psmtp.com.: SMTP DATA-2 protocol error: 571 Message Refused
Apr  3 18:21:03 oslo062 sendmail[4995]: l33GICiS004988: tucsoncitizen.com.s8a1.psmtp.com.: SMTP DATA-2 protocol error: 571 Message Refused
Apr  3 18:23:15 oslo062 sendmail[4782]: l33GFOiS004779: wideopenwest.com.s7a1.psmtp.com.: SMTP DATA-2 protocol error: 571 Message Refused
Apr  3 18:25:47 oslo062 sendmail[4941]: l33GGoiS004907: netlojix.com.netlojix.mail1.psmtp.com.: SMTP DATA-2 protocol error: 571 Message Refused
Apr  3 18:32:17 oslo062 sendmail[5849]: l33GV5iS005843: electronicoffice.com.s7a1.psmtp.com.: SMTP DATA-2 protocol error: 571 Message Refused
Apr  3 18:32:26 oslo062 sendmail[5849]: l33GV5iS005843: hickorytech.net.s6a1.psmtp.com.: SMTP DATA-2 protocol error: 571 Message Refused
Apr  3 18:36:29 oslo062 sendmail[6164]: l33GZUiS006158: horizoncable.com.mail1.psmtp.com.: SMTP DATA-2 protocol error: 571 Message Refused
Apr  3 18:37:02 oslo062 sendmail[6253]: l33GZwiS006226: ptms.asij.ac.jp.: SMTP DATA-2 protocol error: 500 Mail appears to be unsolicited -- send error reports to postmaster@asij.ac.jp
Apr  3 18:42:18 oslo062 sendmail[6513]: l33GffiS006510: koleimports.com.mail5.psmtp.com.: SMTP DATA-2 protocol error: 571 Message Refused
Apr  3 18:42:56 oslo062 sendmail[6513]: l33GffiS006510: wideopenwest.com.s7a1.psmtp.com.: SMTP DATA-2 protocol error: 571 Message Refused
Apr  3 18:50:40 oslo062 sendmail[6915]: l33GlciS006883: imt.net.mail1.psmtp.com.: SMTP DATA-2 protocol error: 571 Message Refused
Apr  3 19:16:39 oslo062 sendmail[8705]: l33HG9iS008687: g2a.net.dwave.mail5.psmtp.com.: SMTP DATA-2 protocol error: 571 Message Refused
Apr  3 19:18:08 oslo062 sendmail[8823]: l33HHuiS008811: apci.com.s8a1.psmtp.com.: SMTP DATA-2 protocol error: 571 Message Refused
Apr  3 19:19:20 oslo062 sendmail[8774]: l33HGmiS008758: maysvilleky.net.mail1.psmtp.com.: SMTP DATA-2 protocol error: 571 Message Refused
Apr  3 19:21:21 oslo062 sendmail[8774]: l33HGmiS008758: netlojix.com.netlojix.mail1.psmtp.com.: SMTP DATA-2 protocol error: 571 Message Refused
Apr  3 19:21:50 oslo062 sendmail[8961]: l33HJNiS008948: grnco.net.s6a1.psmtp.com.: SMTP DATA-2 protocol error: 571 Message Refused
Apr  3 19:21:57 oslo062 sendmail[9059]: l33HKmiS009039: gctel.com.s6a1.psmtp.com.: SMTP DATA-2 protocol error: 571 Message Refused
Apr  3 19:24:04 oslo062 sendmail[8754]: l33HGdiS008743: hialoha.net.s6a1.psmtp.com.: SMTP DATA-2 protocol error: 571 Message Refused
Apr  3 19:25:21 oslo062 sendmail[9281]: l33HNeiS009260: newmexico.com.cybermesa.mail1.psmtp.com.: SMTP DATA-2 protocol error: 571 Message Refused
Apr  3 19:26:30 oslo062 sendmail[9340]: l33HOEiS009316: milliman.com.s7a1.psmtp.com.: SMTP DATA-2 protocol error: 571 Message Refused
Apr  3 19:28:22 oslo062 sendmail[9135]: l33HKxiS009061: tfmcomm.com.s8a1.psmtp.com.: SMTP DATA-2 protocol error: 571 Message Refused
Apr  3 19:39:15 oslo062 sendmail[9953]: l33HX4iS009934: woodwardwest.com.s6a1.psmtp.com.: SMTP DATA-2 protocol error: 571 Message Refused
Apr  3 19:45:32 oslo062 sendmail[11007]: l33Hi1iS010996: hajoca.com.mail9.psmtp.com.: SMTP DATA-2 protocol error: 571 Message Refused
Apr  3 19:52:07 oslo062 sendmail[11589]: l33HodiS011571: goeaston.net.mail1.psmtp.com.: SMTP DATA-2 protocol error: 571 Message Refused
Apr  3 19:54:24 oslo062 sendmail[11797]: l33HreiS011786: cybermesa.com.cybermesa.mail1.psmtp.com.: SMTP DATA-2 protocol error: 571 Message Refused
Apr  3 19:55:27 oslo062 sendmail[11894]: l33HsUiS011875: proxy.buffnet.net.: SMTP DATA-2 protocol error: 500 Mail appears to be unsolicited -- send error reports to steveh@buffnet.net - if you attached an executable file or a ZIP file - rename it and tell the person you are sending it to to rename it back to the original when they save it.
Apr  3 19:55:39 oslo062 sendmail[11744]: l33Hr4iS011727: escm.com.mail5.psmtp.com.: SMTP DATA-2 protocol error: 571 Message Refused
Apr  3 19:59:16 oslo062 sendmail[12250]: l33Hx8iS012244: SYSERR(root): Cannot exec /usr/bin/uux: No such file or directory
Apr  3 20:02:26 oslo062 sendmail[12323]: l33HxHiS012252: my1.visuallink.com.: SMTP DATA-2 protocol error: 571 Message Refused
Apr  3 20:02:54 oslo062 sendmail[11894]: l33HsUiS011875: wine.com.s8a1.psmtp.com.: SMTP DATA-2 protocol error: 571 Message Refused
Apr  3 20:10:03 oslo062 sendmail[12565]: l33I1IiS012465: shorelineperio.com.s7a1.psmtp.com.: SMTP DATA-2 protocol error: 571 Message Refused
Apr  3 20:13:16 oslo062 sendmail[12757]: l33I4aiS012749: wideopenwest.com.s7a1.psmtp.com.: SMTP DATA-2 protocol error: 571 Message Refused
Apr  3 20:25:45 oslo062 sendmail[14278]: l33IO1iS014270: tias.com.mail1.psmtp.com.: SMTP DATA-2 protocol error: 571 Message Refused
Apr  3 20:28:40 oslo062 sendmail[14575]: l33IRuiS014554: proxy.buffnet.net.: SMTP DATA-2 protocol error: 500 Mail appears to be unsolicited -- send error reports to steveh@buffnet.net - if you attached an executable file or a ZIP file - rename it and tell the person you are sending it to to rename it back to the original when they save it.
Apr  3 20:36:44 oslo062 sendmail[14776]: l33IUGiS014768: fleishman.com.s8a1.psmtp.com.: SMTP DATA-2 protocol error: 571 Message Refused
Apr  3 20:37:30 oslo062 sendmail[14294]: l33IO9iS014280: harringtonera.com.s6a1.psmtp.com.: SMTP DATA-2 protocol error: 571 Message Refused
Apr  3 20:37:46 oslo062 sendmail[14294]: l33IO9iS014280: lrn.com.mail5.psmtp.com.: SMTP DATA-2 protocol error: 571 Message Refused
Apr  3 22:31:35 oslo062 sendmail[18073]: l33HpCiS011615: speedguide.net.: SMTP DATA-2 protocol error: 500 Mail appears to be unsolicited (spam) -- please forward errors to postmaster@speedguide.net
Apr  4 16:03:11 oslo062 sendmail[11940]: l34E30FA011940: SYSERR(root): collect: I/O error on connection from pop7-1917.catv.wtnet.de, from=<info@kelch-werbeagentur.de>
Apr  4 21:54:51 oslo062 sendmail[10673]: l33IOKiS014295: SYSERR(root): 127.0.0.1. config error: mail loops back to me (MX problem?)
Apr  5 02:07:08 oslo062 sendmail[24726]: l33GUbiS005783: SYSERR(root): 127.0.0.1. config error: mail loops back to me (MX problem?)
 
Ich würde mal darauf tippen, daß Dein Server als Spamschleuder mißbraucht wird.
Mehr erfahren wir aber aus dem mail.log. (Erstmal nur Ausschnitte, die zeitlich Deckungsgleich zum geposteten mail.err sind.)

huschi.
 
hilft dir das weiter?

Code: 
Apr  3 16:03:08 oslo062 sendmail[18785]: l32CECiS032253: to=<ccplus@wwd.net>, delay=1+01:48:56, xdelay=00:00:00, mailer=esmtp, pri=5103721, relay=wwd.net., dsn=4.0.0, stat=Deferred: Connection refused by wwd.net.
Apr  3 16:03:15 oslo062 sendmail[25524]: l33E3FiR025524: from=<SRS0=MZLv=JG=ebay.de=endofitem@srs.kundenserver.de>, size=23536, class=0, nrcpts=1, msgid=<155846986.1175608985416.JavaMail.SYSTEM@sr-v3eoa017>, proto=ESMTP, daemon=MTA, relay=moutng.kundenserver.de [212.227.126.171]
Apr  3 16:03:16 oslo062 sendmail[25525]: l33E3FiR025524: to=web3p11, delay=00:00:01, xdelay=00:00:00, mailer=local, pri=233762, dsn=2.0.0, stat=Sent
Apr  3 16:03:16 oslo062 sendmail[25525]: l33E3FiR025524: to=web3p10, delay=00:00:01, xdelay=00:00:00, mailer=local, pri=233762, dsn=2.0.0, stat=Sent
Apr  3 16:03:16 oslo062 sendmail[25525]: l33E3FiR025524: to=web3p5, delay=00:00:01, xdelay=00:00:00, mailer=local, pri=233762, dsn=2.0.0, stat=Sent
Apr  3 16:03:16 oslo062 sendmail[25525]: l33E3FiR025524: to=web3p9, delay=00:00:01, xdelay=00:00:00, mailer=local, pri=233762, dsn=2.0.0, stat=Sent
Apr  3 16:03:16 oslo062 sendmail[25525]: l33E3FiR025524: to=web3p8, delay=00:00:01, xdelay=00:00:00, mailer=local, pri=233762, dsn=2.0.0, stat=Sent
Apr  3 16:03:16 oslo062 sendmail[25525]: l33E3FiR025524: to=web3p3, delay=00:00:01, xdelay=00:00:00, mailer=local, pri=233762, dsn=2.0.0, stat=Sent
Apr  3 16:03:17 oslo062 sendmail[25525]: l33E3FiR025524: to=web3p2, delay=00:00:02, xdelay=00:00:01, mailer=local, pri=233762, dsn=2.0.0, stat=Sent
Apr  3 16:03:18 oslo062 sendmail[25533]: l33E3HiR025533: from=<a_r_p@nokia.com>, size=15214, class=0, nrcpts=1, msgid=<905641022.22937592653125@thebat.net>, proto=ESMTP, daemon=MTA, relay=mout-xforward.kundenserver.de [212.227.15.35]
Apr  3 16:03:18 oslo062 sendmail[25535]: l33E3HiR025533: to=web3p11, delay=00:00:01, xdelay=00:00:00, mailer=local, pri=225450, dsn=2.0.0, stat=Sent
Apr  3 16:03:18 oslo062 sendmail[25535]: l33E3HiR025533: to=web3p10, delay=00:00:01, xdelay=00:00:00, mailer=local, pri=225450, dsn=2.0.0, stat=Sent
Apr  3 16:03:18 oslo062 sendmail[25535]: l33E3HiR025533: to=web3p5, delay=00:00:01, xdelay=00:00:00, mailer=local, pri=225450, dsn=2.0.0, stat=Sent
Apr  3 16:03:18 oslo062 sendmail[25535]: l33E3HiR025533: to=web3p9, delay=00:00:01, xdelay=00:00:00, mailer=local, pri=225450, dsn=2.0.0, stat=Sent
Apr  3 16:03:18 oslo062 sendmail[25535]: l33E3HiR025533: to=web3p8, delay=00:00:01, xdelay=00:00:00, mailer=local, pri=225450, dsn=2.0.0, stat=Sent
Apr  3 16:03:19 oslo062 sendmail[25535]: l33E3HiR025533: to=web3p3, delay=00:00:02, xdelay=00:00:01, mailer=local, pri=225450, dsn=2.0.0, stat=Sent
Apr  3 16:03:19 oslo062 sendmail[25535]: l33E3HiR025533: to=web3p2, delay=00:00:02, xdelay=00:00:00, mailer=local, pri=225450, dsn=2.0.0, stat=Sent
Apr  3 16:03:25 oslo062 sendmail[24674]: l32CNbiS000090: to=<sales@cedarhillspc.com>, delay=1+01:39:47, xdelay=00:12:36, mailer=esmtp, pri=4473721, relay=cedarhillspc.com. [64.20.49.210], dsn=4.0.0, stat=Deferred: Connection timed out with cedarhillspc.com.
Apr  3 16:03:29 oslo062 popper[25547]: Stats: web13p1 0 0 0 0 pop8-1936.catv.wtnet.de 84.46.111.151 [pop_updt.c:296]
Apr  3 16:03:30 oslo062 popper[25548]: Stats: web13p1 0 0 0 0 pop8-1936.catv.wtnet.de 84.46.111.151 [pop_updt.c:296]
Apr  3 16:03:48 oslo062 sendmail[22751]: l32CohiS001610: to=<ddownard@forseon.com>, delay=1+01:13:04, xdelay=00:03:09, mailer=esmtp, pri=5103721, relay=resalehost.networksolutions.com. [205.178.189.128], dsn=4.0.0, stat=Deferred: Connection timed out with resalehost.networksolutions.com.
Apr  3 16:03:50 oslo062 sendmail[22751]: l32CowiS001620: to=<gkitzmil@kusd.kusd.edu>, delay=1+01:12:51, xdelay=00:00:00, mailer=esmtp, pri=5103721, relay=kusd.kusd.edu. [192.25.139.202], dsn=4.0.0, stat=Deferred: Connection refused by kusd.kusd.edu.
Apr  3 16:03:50 oslo062 sendmail[12514]: l32CZIiS000741: to=<merc@carolina.net>, delay=1+01:28:29, xdelay=00:00:54, mailer=esmtp, pri=5553721, relay=gallium.carolina.net. [64.79.48.32], dsn=4.2.0, stat=Deferred: 450 <merc@carolina.net>: Recipient address rejected: undeliverable address: host 64.79.48....4.79.48.19] said: 550 5.1.1 <merc@carolina.net> is not a valid mailbox (in reply to RCPT TO command)
Apr  3 16:03:51 oslo062 sendmail[12514]: l32ChViS001177: to=<eshilling@home.com>, delay=1+01:20:19, xdelay=00:00:01, mailer=esmtp, pri=5553721, relay=home.com. [206.207.85.33], dsn=4.0.0, stat=Deferred: Connection refused by home.com.

Code: 
Apr  3 21:54:07 oslo062 sendmail[18073]: l33HGmiS008758: to=<bromlec@cc.wwu.edu>, delay=02:37:19, xdelay=00:03:09, mailer=esmtp, pri=1683751, relay=titanb.cc.wwu.edu. [140.160.240.21], dsn=4.0.0, stat=Deferred: Connection timed out with titanb.cc.wwu.edu.
Apr  3 21:54:14 oslo062 sendmail[20676]: l33HGdiS008743: to=<billyhoffman@clank.com>, delay=02:37:35, xdelay=00:03:09, mailer=esmtp, pri=1683751, relay=clank.com. [216.8.177.28], dsn=4.0.0, stat=Deferred: Connection timed out with clank.com.
Apr  3 21:54:16 oslo062 sendmail[7045]: l33GZwiS006226: to=<tc@pruaz.com>, delay=03:18:18, xdelay=00:03:09, mailer=esmtp, pri=1773751, relay=mailgateway.netaspects.com. [65.74.162.252], dsn=4.0.0, stat=Deferred: Connection timed out with mailgateway.netaspects.com.
Apr  3 21:54:16 oslo062 sendmail[20676]: l33HGdiS008743: to=<billy@yahoo.com>,<billy_folk@yahoo.com>,<billydroze@yahoo.com>,<billygjunior2003@yahoo.com>, delay=02:37:37, xdelay=00:00:02, mailer=esmtp, pri=1683751, relay=f.mx.mail.yahoo.com. [68.142.202.247], dsn=2.0.0, stat=Sent (ok dirdel 3/1)
Apr  3 21:54:16 oslo062 sendmail[7045]: l33GZwiS006226: to=<tbyrdphd@cs.com>, delay=03:18:18, xdelay=00:00:00, mailer=esmtp, pri=1773751, relay=mailin-03.mx.aol.com. [64.12.138.120], dsn=5.1.1, stat=User unknown
Apr  3 21:54:17 oslo062 sendmail[7045]: l33GZwiS006226: to=<tc527@aol.com>,<tcarmosino9@aol.com>, delay=03:18:19, xdelay=00:00:01, mailer=esmtp, pri=1773751, relay=mailin-02.mx.aol.com., dsn=4.0.0, stat=Deferred: Bad file descriptor
Apr  3 21:54:17 oslo062 sendmail[7045]: l33GZwiS006226: to=<tc_charlie@sbcgobal.net>, delay=03:18:19, xdelay=00:00:00, mailer=esmtp, pri=1773751, relay=sbcgobal.net., dsn=4.0.0, stat=Deferred: Connection refused by sbcgobal.net.
Apr  3 21:54:17 oslo062 sendmail[7045]: l33GZwiS006226: to=<tbull@webtv.com>, delay=03:18:19, xdelay=00:00:00, mailer=esmtp, pri=1773751, relay=smtpin.mx.webtv.net., dsn=4.0.0, stat=Deferred: Connection timed out with smtpin.mx.webtv.net.
Apr  3 21:54:17 oslo062 sendmail[7045]: l33GZwiS006226: to=<tcarr@theitgroup.com>, delay=03:18:19, xdelay=00:00:00, mailer=esmtp, pri=1773751, relay=theitgroup.com., dsn=4.0.0, stat=Deferred: Connection timed out with theitgroup.com.
Apr  3 21:54:17 oslo062 sendmail[7045]: l33GZwiS006226: l33GomkA007045: DSN: User unknown
Apr  3 21:54:19 oslo062 sendmail[7045]: l33GomkA007045: to=<notice@arizonafederal.org>, delay=00:00:02, xdelay=00:00:01, mailer=esmtp, pri=35083, relay=mail.arizonafederal.org. [64.140.179.115], dsn=2.0.0, stat=Sent (Message received OK)
Apr  3 21:54:19 oslo062 sendmail[7045]: l33GZwiS006226: to=Postmaster, delay=03:18:21, mailer=local, pri=1773751, dsn=5.1.1, stat=User unknown
Apr  3 21:54:19 oslo062 sendmail[7045]: l33GZwiS006226: l33GomkB007045: postmaster notify: User unknown
Apr  3 21:54:20 oslo062 sendmail[7045]: l33GomkB007045: to=MAILER-DAEMON, delay=00:00:01, mailer=local, pri=0, dsn=5.1.1, stat=User unknown
Apr  3 21:54:20 oslo062 sendmail[7045]: l33GomkB007045: to=postmaster, delay=00:00:01, mailer=local, pri=0, dsn=5.1.1, stat=User unknown
Apr  3 21:54:20 oslo062 sendmail[7045]: l33GomkB007045: l33GomkC007045: return to sender: User unknown
Apr  3 21:54:20 oslo062 sendmail[7045]: l33GomkC007045: to=MAILER-DAEMON, delay=00:00:00, mailer=local, pri=0, dsn=5.1.1, stat=User unknown
Apr  3 21:54:21 oslo062 sendmail[7045]: l33GomkB007045: Saved message in /var/log/dead.letter
Apr  3 21:54:22 oslo062 sendmail[7045]: l33GffiS006510: to=<emailjulia@eathlink.net>, delay=03:12:40, xdelay=00:00:00, mailer=esmtp, pri=2043751, relay=eathlink.net., dsn=4.0.0, stat=Deferred: Connection refused by eathlink.net.
Apr  3 21:54:22 oslo062 sendmail[7045]: l33GffiS006510: to=<elueh@aol.com>, delay=03:12:40, xdelay=00:00:00, mailer=esmtp, pri=2043751, relay=mailin-03.mx.aol.com. [64.12.138.120], dsn=5.1.1, stat=User unknown
Apr  3 21:54:23 oslo062 sendmail[7045]: l33GffiS006510: to=<emailman56@aol.com>, delay=03:12:41, xdelay=00:00:01, mailer=esmtp, pri=2043751, relay=mailin-02.mx.aol.com., dsn=4.0.0, stat=Deferred: Bad file descriptor
Apr  3 21:54:23 oslo062 sendmail[7045]: l33GffiS006510: l33GomkD007045: DSN: User unknown
Apr  3 21:54:24 oslo062 sendmail[7045]: l33GomkD007045: to=<notice@arizonafederal.org>, delay=00:00:01, xdelay=00:00:01, mailer=esmtp, pri=35083, relay=mail.arizonafederal.org. [64.140.179.115], dsn=2.0.0, stat=Sent (Message received OK)
Apr  3 21:54:24 oslo062 sendmail[7045]: l33GffiS006510: to=Postmaster, delay=03:12:42, mailer=local, pri=2043751, dsn=5.1.1, stat=User unknown
Apr  3 21:54:24 oslo062 sendmail[7045]: l33GffiS006510: l33GomkE007045: postmaster notify: User unknown
Apr  3 21:54:24 oslo062 sendmail[7045]: l33GomkE007045: to=MAILER-DAEMON, delay=00:00:00, mailer=local, pri=0, dsn=5.1.1, stat=User unknown
Apr  3 21:54:24 oslo062 sendmail[7045]: l33GomkE007045: to=postmaster, delay=00:00:00, mailer=local, pri=0, dsn=5.1.1, stat=User unknown
Apr  3 21:54:24 oslo062 sendmail[7045]: l33GomkE007045: l33GomkF007045: return to sender: User unknown
Apr  3 21:54:25 oslo062 sendmail[7045]: l33GomkF007045: to=MAILER-DAEMON, delay=00:00:01, mailer=local, pri=0, dsn=5.1.1, stat=User unknown
Apr  3 21:54:25 oslo062 sendmail[7045]: l33GomkE007045: Saved message in /var/log/dead.letter
Apr  3 21:54:37 oslo062 sendmail[20676]: l33HGdiS008743: to=<billwatkins@jam.rr.com>, delay=02:37:58, xdelay=00:00:21, mailer=esmtp, pri=1683751, relay=clmboh-02.mgw.rr.com. [65.24.7.66], dsn=2.0.0, stat=Sent (ok:  Message 1358141948 accepted)
Apr  3 21:54:38 oslo062 sendmail[20676]: l33HGdiS008743: to=<billust@aol.com>, delay=02:37:59, xdelay=00:00:01, mailer=esmtp, pri=1683751, relay=mailin-03.mx.aol.com. [64.12.138.120], dsn=5.1.1, stat=User unknown
Apr  3 21:54:38 oslo062 sendmail[20676]: l33HGdiS008743: to=<billycarodine@aol.com>, delay=02:37:59, xdelay=00:00:01, mailer=esmtp, pri=1683751, relay=mailin-03.mx.aol.com. [64.12.138.120], dsn=5.1.1, stat=User unknown
Apr  3 21:54:39 oslo062 sendmail[20676]: l33HGdiS008743: to=<billt42@aol.com>,<billy20772@aol.com>,<billyblconstruct@aol.com>,<billykarl@aol.com>,<billylamarwv@aol.com>,<billytbear@aol.com>, delay=02:38:00, xdelay=00:00:02, mailer=esmtp, pri=1683751, relay=mailin-03.mx.aol.com. [64.12.138.120], dsn=4.0.0, stat=Deferred: 421-:  (DYN:T1)  http://postmaster.info.aol.com/errors/421dynt1.html
Apr  3 21:54:41 oslo062 sendmail[20676]: l33HGdiS008743: to=<billye@nexband.com>, delay=02:38:02, xdelay=00:00:02, mailer=esmtp, pri=1683751, relay=mx.nexband.com. [206.156.254.119], dsn=2.0.0, stat=Sent (l33JsWTa025141 Message accepted for delivery)
Apr  3 21:54:48 oslo062 sendmail[20676]: l33HGdiS008743: to=<billy_bons@online.nsk.su>, delay=02:38:09, xdelay=00:00:07, mailer=esmtp, pri=1683751, relay=mx1.risp.ru. [212.164.0.149], dsn=2.0.0, stat=Sent (OK QID 465E5AD8)
Apr  3 21:54:49 oslo062 popper[21035]: Stats: web13p1 0 0 0 0 pop8-1936.catv.wtnet.de 84.46.111.151 [pop_updt.c:296]
Apr  3 21:54:50 oslo062 popper[21039]: Stats: web13p1 0 0 0 0 pop8-1936.catv.wtnet.de 84.46.111.151 [pop_updt.c:296]
Apr  3 21:54:51 oslo062 sendmail[21038]: l33JsoiR021038: from=<TTVJZander@aol.com>, size=2079, class=0, nrcpts=1, msgid=<c02.1271283c.33440af4@aol.com>, proto=ESMTP, daemon=MTA, relay=imo-m26.mx.aol.com [64.12.137.7]
Apr  3 21:54:52 oslo062 sendmail[20676]: l33HGdiS008743: to=<billy@gatewayglobal-la.com>, delay=02:38:13, xdelay=00:00:04, mailer=esmtp, pri=1683751, relay=postoffice.omnis.com. [216.239.128.25], dsn=2.0.0, stat=Sent (Ok: queued as 43DC62391EA)
Apr  3 21:54:52 oslo062 sendmail[5178]: l33ESmiS027207: to=<doramaarmusic@mns.com>, delay=05:26:04, xdelay=00:03:09, mailer=esmtp, pri=1953751, relay=mns.com. [67.99.176.30], dsn=4.0.0, stat=Deferred: Connection timed out with mns.com.
Apr  3 21:54:52 oslo062 sendmail[20676]: l33HGdiS008743: to=<billy.harvey@thrillseeker.net>, delay=02:38:13, xdelay=00:00:00, mailer=esmtp, pri=1683751, relay=thrillseeker.net. [66.199.187.182], dsn=4.0.0, stat=Deferred: thrillseeker.net.: No route to host
Apr  3 21:54:52 oslo062 sendmail[20676]: l33HGdiS008743: l33JomiS020676: DSN: User unknown
Apr  3 21:54:53 oslo062 sendmail[21041]: l33JsoiR021038: to=web10p11, delay=00:00:03, xdelay=00:00:00, mailer=local, pri=212301, dsn=2.0.0, stat=Sent
Apr  3 21:54:53 oslo062 sendmail[5178]: l33ETdiS027246: to=<goldcanyoncandles@worldnet.att.net>, delay=05:25:14, xdelay=00:00:00, mailer=esmtp, pri=1953751, relay=gateway1.worldnet.att.net., dsn=4.0.0, stat=Deferred
Apr  3 21:54:53 oslo062 sendmail[21041]: l33JsoiR021038: to=web10p10, delay=00:00:03, xdelay=00:00:00, mailer=local, pri=212301, dsn=2.0.0, stat=Sent
Apr  3 21:54:54 oslo062 sendmail[21041]: l33JsoiR021038: to=web10p5, delay=00:00:04, xdelay=00:00:01, mailer=local, pri=212301, dsn=2.0.0, stat=Sent
Apr  3 21:54:54 oslo062 sendmail[21041]: l33JsoiR021038: to=web10p9, delay=00:00:04, xdelay=00:00:00, mailer=local, pri=212301, dsn=2.0.0, stat=Sent
Apr  3 21:54:54 oslo062 sendmail[21041]: l33JsoiR021038: to=web10p8, delay=00:00:04, xdelay=00:00:00, mailer=local, pri=212301, dsn=2.0.0, stat=Sent
Apr  3 21:54:54 oslo062 sendmail[21041]: l33JsoiR021038: to=web10p3, delay=00:00:04, xdelay=00:00:00, mailer=local, pri=212301, dsn=2.0.0, stat=Sent
Apr  3 21:54:55 oslo062 sendmail[21041]: l33JsoiR021038: to=web10p2, delay=00:00:05, xdelay=00:00:01, mailer=local, pri=212301, dsn=2.0.0, stat=Sent
Apr  3 21:54:55 oslo062 sendmail[20676]: l33JomiS020676: to=<notice@arizonafederal.org>, delay=00:00:03, xdelay=00:00:02, mailer=esmtp, pri=35083, relay=mail.arizonafederal.org. [64.140.179.115], dsn=2.0.0, stat=Sent (Message received OK)
Apr  3 21:54:55 oslo062 sendmail[20676]: l33HGdiS008743: to=Postmaster, delay=02:38:16, mailer=local, pri=1683751, dsn=5.1.1, stat=User unknown
Apr  3 21:54:55 oslo062 sendmail[20676]: l33HGdiS008743: l33JomiT020676: postmaster notify: User unknown
Apr  3 21:54:56 oslo062 sendmail[20676]: l33JomiT020676: to=MAILER-DAEMON, delay=00:00:01, mailer=local, pri=0, dsn=5.1.1, stat=User unknown
Apr  3 21:54:56 oslo062 sendmail[20676]: l33JomiT020676: to=postmaster, delay=00:00:01, mailer=local, pri=0, dsn=5.1.1, stat=User unknown
Apr  3 21:54:56 oslo062 sendmail[20676]: l33JomiT020676: l33JomiU020676: return to sender: User unknown
Apr  3 21:54:56 oslo062 sendmail[20676]: l33JomiU020676: to=MAILER-DAEMON, delay=00:00:00, mailer=local, pri=0, dsn=5.1.1, stat=User unknown
Apr  3 21:54:57 oslo062 sendmail[20676]: l33JomiT020676: Saved message in /var/log/dead.letter
 
Hallo,

unabhängig von den Logfiles, hast Du schon den Mailserver ausgeschaltet? Ansonsten versendet Dein Server weiterhin fleißig. Guck mal auf Deinen Traffic, ist der außergewöhnlich hoch?

Von wegen Logfiles: Zeitliche Deckung erreichst Du mit einem

Code: 
grep "Apr  3 16:03" /var/log/mail.err

grep "Apr  3 16:03" /var/log/mail.log

Grüße
Sinepp
 
Warum versendet er Spam.. normal fordert der smtp doch auth. ? Oder was ist passiert? hilfe hilfe :(

Gerade gelesen.. wohl fehlerhaftes PHP Script..
 
Last edited by a moderator:
Wie wäre es, wenn du jetzt mal - wie Huschi schon geschrieben hat - den Mailserver stoppst? Der läuft nämlich immer noch (und versendet wohl auch weiter SPAM)...

220 oslo062.server4you.de ESMTP Sendmail 8.12.10/8.12.10/SuSE Linux 0.7; Thu, 5 Apr 2007 12:07:26 +0200


Mfg

Stefan Schuster
 
Schalte nachher gerne den SMTP aus, aber z.zt. wird der Mailserver noch verwendet. Und da rollen im Büro sonst köpfe :)

Für Tipps wäre ich dankbar, vielleicht kann ich somit den fehler schnell finden, um die Spamflut zu stoppen. Danke!
 
Finde leider keinen Zusammenhang zwischen geöffneten Scripten und Mails..

gibt es sonst keine anderen Tricks oder hilfen? Oder jmd. der mir gegen kleines Geld helfen kann?
 
da2001 said:
Schalte nachher gerne den SMTP aus, aber z.zt. wird der Mailserver noch verwendet.
Click to expand...
Es scheint so, als ob man auch in der Werbebranche in die Osterferien gegangen ist... :(
Macht sich bei Kunden immer besonders gut, wenn die erkenne, daß ihre Mails als Spam markiert werden weil die IP bei Sorbs gelistet ist. :)

Suche einfach nach dem Anfang der Spamwelle und durchforsche die access_log's zu dem Zeitpunkt nach auffälligen POST-Requests.

Untersuche die Mailqueue (eben z.B. mit Webmin) nach den Spammails und schau sie Dir genau an. (Nun wiederhole ich mich schon wieder...)

huschi.
 
Zumindest ist er kein Relay...
Code: 
[B]Relay test result[/B]

  All tests performed, no relays accepted by remote host.
 
Was bei unsicheren PHP Skripten soviel heißt wie: "
Seine Kopfverletzung war nicht tödlich...
Woran ist er denn dann gestorben, Jon?
Ich glaube es lag an den 270 Kugeln in seiner Brust.
Achso."

Oder so ähnlich. Und ansonsten: Frohe Ostern!

Grüße
Sinepp
 
You must log in or register to reply here.
Back
Top