xinetd.log weist viele Einträge auf

tekknotrip

New Member
Guten Morgen,

bin mir nicht sicher ob mein VServer (qmail-Xinetd) n Wurm gefangen hat.

08/11/10@09:53:15: START: smtp from=117.2.10.232
08/11/10@09:53:23: EXIT: smtp status=0 duration=8(sec)
08/11/10@09:53:36: START: smtp from=58.221.28.228
08/11/10@09:53:36: EXIT: smtp status=0 duration=0(sec)
08/11/10@09:53:40: START: smtp from=77.246.104.232
08/11/10@09:53:46: START: smtp from=92.112.23.243
08/11/10@09:53:46: EXIT: smtp status=0 duration=0(sec)
08/11/10@09:54:01: START: smtp from=72.95.215.28
08/11/10@09:54:01: EXIT: smtp status=0 duration=21(sec)
08/11/10@09:54:06: EXIT: smtp status=0 duration=5(sec)
08/11/10@09:54:25: START: smtp from=217.6.229.2
08/11/10@09:54:28: EXIT: smtp status=0 duration=3(sec)
08/11/10@09:54:29: START: smtp from=92.112.23.243
08/11/10@09:54:29: EXIT: smtp status=0 duration=0(sec)
08/11/10@09:54:35: START: smtp from=93.84.4.134
08/11/10@09:54:39: EXIT: smtp status=1 duration=4(sec)
08/11/10@09:54:56: START: smtp from=92.112.23.243
08/11/10@09:54:57: EXIT: smtp status=0 duration=1(sec)
08/11/10@09:55:07: START: smtp from=213.218.0.130
08/11/10@09:55:08: START: smtp from=85.141.52.227
08/11/10@09:55:09: EXIT: smtp status=0 duration=1(sec)
08/11/10@09:55:11: EXIT: smtp status=0 duration=4(sec)
08/11/10@09:55:20: START: smtp from=85.141.52.227
08/11/10@09:55:21: EXIT: smtp status=0 duration=1(sec)
08/11/10@09:55:37: START: smtp from=85.141.52.227
08/11/10@09:55:38: EXIT: smtp status=0 duration=1(sec)
08/11/10@09:55:39: START: smtp from=217.17.173.246
08/11/10@09:55:41: START: smtp from=77.51.84.235
08/11/10@09:55:41: EXIT: smtp status=0 duration=0(sec)
08/11/10@09:55:54: START: smtps from=80.152.6.225
08/11/10@09:55:56: EXIT: smtps status=0 duration=2(sec)
08/11/10@09:55:57: START: smtp from=77.51.84.235
08/11/10@09:55:57: EXIT: smtp status=0 duration=0(sec)
08/11/10@09:56:01: START: smtp from=91.78.21.240
08/11/10@09:56:02: EXIT: smtp status=0 duration=1(sec)
08/11/10@09:56:05: EXIT: smtp status=0 duration=26(sec)

Ich weis nun leider nicht, wie diese Einträge zu bewerten sind, denn lauschen und anfragen heisst ja noch nicht versenden. Deshalb der Blick in die Mail.info

Nov 10 09:53:16 h1399471 relaylock: /var/qmail/bin/relaylock: mail from 117.2.10.232:1550 (not defined)
Nov 10 09:54:02 h1399471 relaylock: /var/qmail/bin/relaylock: mail from 72.95.215.28:3929 (static-72-95-215-28.pitbpa.fios.verizon.net)
Nov 10 09:54:25 h1399471 relaylock: /var/qmail/bin/relaylock: mail from 217.6.229.2:38059 (mail.myeasyworldofbusiness.com)
Nov 10 09:54:36 h1399471 relaylock: /var/qmail/bin/relaylock: mail from 93.84.4.134:1340 (adsl.93.84.4.134.grodno.by)
Nov 10 09:55:08 h1399471 relaylock: /var/qmail/bin/relaylock: mail from 213.218.0.130:33231 (s-smtp01.toplink.de)
Nov 10 09:55:22 h1399471 pop3d-ssl: LOGOUT, ip=[127.0.0.1]
Nov 10 09:55:22 h1399471 pop3d: LOGOUT, ip=[127.0.0.1]
Nov 10 09:55:22 h1399471 imapd: 1226307322.711466 LOGOUT, ip=[127.0.0.1], rcvd=12, sent=308, maildir=/srv/www/vhosts/xxxxxxx.de
Nov 10 09:55:22 h1399471 imapd-ssl: 1226307322.715517 LOGOUT, ip=[127.0.0.1], rcvd=12, sent=310, maildir=/srv/www/vhosts/xxxxxxxx.de
Nov 10 09:55:55 h1399471 relaylock: /var/qmail/bin/relaylock: mail from 80.152.6.225:31817 (not defined)
Nov 10 09:55:55 h1399471 qmail-queue[7499]: mail: all addreses are uncheckable - need to skip scanning (by deny mode)
Nov 10 09:55:55 h1399471 qmail-queue[7499]: scan: the message(drweb.tmp.QWDtxc)
Nov 10 09:55:56 h1399471 qmail: 1226307356.018504 new msg 7831576
Nov 10 09:55:56 h1399471 qmail: 1226307356.018758 info msg 7831576: bytes 611 from <[email protected]> qp 7501 uid 2020
Nov 10 09:55:56 h1399471 qmail: 1226307356.089656 starting delivery 1034: msg 7831576 to local 26-
Nov 10 09:55:56 h1399471 qmail: 1226307356.089978 status: local 1/10 remote 0/20
Nov 10 09:55:56 h1399471 qmail: 1226307356.874304 delivery 1034: success: did_1+0+1/
Nov 10 09:55:56 h1399471 qmail: 1226307356.874375 status: local 0/10 remote 0/20
Nov 10 09:55:56 h1399471 qmail: 1226307356.874412 end msg 7831576
Nov 10 09:56:59 h1399471 relaylock: /var/qmail/bin/relaylock: mail from 117.2.10.52:15004 (not defined)

Der größte Teil aller Einträge ist mit RELAYLOCK gekennzeichtet.

SMTP darf nur bei vollständigen [email protected] & Passwd Mails annehmen.
Qmail ist konfiguriert mit sbl-xbl.spamhaus.org;combined.njabl.org;bl.spamcop.net;multi.surbl.org;safe.dnsbl.sorbs.net
Bounces sind aus


Ist ein Verdacht begründet?

Gruß,
micha
 
Back
Top