El Thursday 23 October 2008 16:48:13 Pablo Gentilel wrote: > Hola a la lista: > > Por favor , necesito si me dan una mano con esto, tengo configurado un > postfix sobre debian etch , el cual anda al pelo desde hace un año mas o > menos, con spamassassin y postgrey, el saunto es que desde hace dos > dias se me empezo a llenar de logs, para lo cual lo que hacia era > borrarlos, pensando que la acumulacion de los mismos era que habia > cambiado la cantidad que se gurdan los mismo en /etc/logrotate, pero > paso que en realidad el servidor estaba enviando correos a lo pavote, y > una lista negra me mando un aviso a la cuenta abuse, y ahi me di cuenta > lo que pasaba. > Salian correos con un usuario en particular, si me fijo en el encabezado > dice que usa como useragent a squirrelmail user credondo. > Mi pregunta es: si no hay open relay, y en main.cf mydestination esta de > esta forma: mydestination = $mydomain, myhostname , localhost .. > la opcion mynetworks = 192.168.0.0 ,127.0.0.1 como se entiende que > salgan correos con dominio que no sean el propio? > Aqui les dejo parte del log de postfix y el mail de la lista negra que > me mando avisandome en ese orden. > La manera en que lo solucioné de momento es cambiando la contraseñan de > correo, asi no puede enviar correo ni con el webmail, ni autorizando con > sasl, ya que me olvide de decirles que el usuario está fuera de mi lan , > asi que le habia habilitado una cuenta con sasl2 > Desde ya muchas gracias > > > > > Mail de lista negra. > > his is an automated email abuse report from the folks at > junkemailfilter.com for an email message received from IP address > [201.251.7.126] on Wed, 22 Oct 2008 17:12:05 -0700. > The nature of this spam indicates possible fraud. Pay close attention to > both the from address ]"THE CASINO-WEB LOTTERY AWARD" <[EMAIL PROTECTED]>] > and the reply-to address []. > > We hope this information will help you in determining the source of the > problem and shut it down. The original message is attached in MIME > format with complete headers. For more information about this > standardized abuse report format [ARF] please visit > http://www.mipassoc.org/arf/ If you would prefer abuse reports in text > format let us know. > > If you have any questions or feedback about this abuse report or are > interested in learning about our spam filtering technology feel free to > contact us. If this is not spam please accept our apologies and let us > know so we can fix the problem. Pay close attention to the REASON listed. > Marc Perkel - Fearless Leader > Junk Email Filter dot com > http://www.junkemailfilter.com > > * Date: Wed, 22 Oct 2008 17:12:05 -0700 > * From: "THE CASINO-WEB LOTTERY AWARD" <[EMAIL PROTECTED]> > * Subject: Dear Lottery Winner, > * Host: mail.royalmercosur.com [201.251.7.126] > * Reason: 419scam Freemail - Reply-to does not match From - > [EMAIL PROTECTED] F="THE CASINO-WEB LOTTERY AWARD" > <[EMAIL PROTECTED]> - X=pascal H=mail.royalmercosur.com [201.251.7.126] > HELO=[mail.royalmercosur.com] [EMAIL PROTECTED] T=[acordov > > For more information about these abuse reports: > http://wiki.junkemailfilter.com/index.php/Spam_abuse > To test or be removed from our blacklist: > http://ipadmin.junkemailfilter.com/remove.php?ip=201.251.7.126 > > ======== Original Headers ======== > > Delivery-date: Wed, 22 Oct 2008 17:12:05 -0700 > Received: from mail.royalmercosur.com ([201.251.7.126]) > by pascal.junkemailfilter.com with esmtp (Exim 4.68) > id 1Ksno4-0007zw-JQ on interface=65.49.42.60 > for [EMAIL PROTECTED]; Wed, 22 Oct 2008 17:12:05 -0700 > Received: from localhost (localhost [127.0.0.1]) > by mail.royalmercosur.com (Postfix) with ESMTP id 09E9A8C304; > Wed, 22 Oct 2008 15:44:25 -0300 (ART) > X-Virus-Scanned: amavisd-new at royalmercosur.com > Received: from mail.royalmercosur.com ([127.0.0.1]) > by localhost (mail.royalmercosur.com [127.0.0.1]) (amavisd-new, port > 10024) > with ESMTP id 7+tKuGv-tLND; Wed, 22 Oct 2008 15:44:24 -0300 (ART) > Received: from mail.royalmercosur.com (localhost [127.0.0.1]) > by mail.royalmercosur.com (Postfix) with ESMTP id 123A58C2F6; > Wed, 22 Oct 2008 15:44:23 -0300 (ART) > Received: from 81.199.88.72 > (SquirrelMail authenticated user credondo) > by mail.royalmercosur.com with HTTP; > Wed, 22 Oct 2008 15:44:23 -0300 (ART) > Message-ID: <[EMAIL PROTECTED]> > Date: Wed, 22 Oct 2008 15:44:23 -0300 (ART) > Subject: Dear Lottery Winner, > From: "THE CASINO-WEB LOTTERY AWARD" <[EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED] > User-Agent: SquirrelMail/1.4.9a > MIME-Version: 1.0 > Content-Type: text/plain;charset=iso-8859-1 > X-Priority: 3 (Normal) > Importance: Normal > To: undisclosed-recipients:; > Content-Transfer-Encoding: quoted-printable > X-Sender-Domain: royalmercosur.com > X-Freemail-From: casino.com > X-Freemail-Reply-to: hotmail.com > X-Spamfilter-host: pascal.junkemailfilter.com - > http://www.junkemailfilter.com > X-Mail-from: [EMAIL PROTECTED] > X-From-name-part: the casino-web lottery award X-Spam-Class: > SPAM-HIGH-VERY - 419scam Freemail - Reply-to does not match From - > [EMAIL PROTECTED] F="THE CASINO-WEB LOTTERY AWARD" > <[EMAIL PROTECTED]> - X=pascal H=mail.royalmercosur.com [201.251.7.126] > HELO=[mail.royalmercosur.com] [EMAIL PROTECTED] > [EMAIL PROTECTED] S=[Dear Lottery Winner,] FN=[the > casino-web lottery award ] > X-Spamsave: Yes - 419scam Freemail - Reply-to does not match From - > [EMAIL PROTECTED] F="THE CASINO-WEB LOTTERY AWARD" > <[EMAIL PROTECTED]> - X=pascal H=mail.royalmercosur.com [201.251.7.126] > HELO=[mail.royalmercosur.com] [EMAIL PROTECTED] > [EMAIL PROTECTED] S=[Dear Lottery Winner,] FN=[the > casino-web lottery award ] > X-Sender-Host-Address: 201.251.7.126 > X-Sender-Host-Name: mail.royalmercosur.com > X-Original-helo: mail.royalmercosur.com > > ------------------------------------------------------------------------ > > Feedback-Type: abuse > User-Agent: JunkEmailFilter - Abuse Reporter/1.0 - Testing - Feedback > Appreciated > Version: 0.1 > Original-Mail-From: "THE CASINO-WEB LOTTERY AWARD" <[EMAIL PROTECTED]> > Original-Rcpt-To: undisclosed-recipients:; > Received-Date: Wed, 22 Oct 2008 17:12:05 -0700 > Source-IP: 201.251.7.126 > > > ------------------------------------------------------------------------ > > Asunto: > Dear Lottery Winner, > De: > "THE CASINO-WEB LOTTERY AWARD" <[EMAIL PROTECTED]> > Fecha: > Wed, 22 Oct 2008 15:44:23 -0300 (ART) > > Para: > undisclosed-recipients:; > > Delivery-date: > Wed, 22 Oct 2008 17:12:05 -0700 > Received: > from mail.royalmercosur.com ([201.251.7.126]) by > pascal.junkemailfilter.com with esmtp (Exim 4.68) id 1Ksno4-0007zw-JQ on > interface=65.49.42.60 for [EMAIL PROTECTED]; Wed, 22 Oct > 2008 17:12:05 -0700 > Received: > from localhost (localhost [127.0.0.1]) by mail.royalmercosur.com > (Postfix) with ESMTP id 09E9A8C304; Wed, 22 Oct 2008 15:44:25 -0300 (ART) > X-Virus-Scanned: > amavisd-new at royalmercosur.com > Received: > from mail.royalmercosur.com ([127.0.0.1]) by localhost > (mail.royalmercosur.com [127.0.0.1]) (amavisd-new, port 10024) with > ESMTP id 7+tKuGv-tLND; Wed, 22 Oct 2008 15:44:24 -0300 (ART) > Received: > from mail.royalmercosur.com (localhost [127.0.0.1]) by > mail.royalmercosur.com (Postfix) with ESMTP id 123A58C2F6; Wed, 22 Oct > 2008 15:44:23 -0300 (ART) > Received: > from 81.199.88.72 (SquirrelMail authenticated user credondo) by > mail.royalmercosur.com with HTTP; Wed, 22 Oct 2008 15:44:23 -0300 (ART) > Message-ID: > <[EMAIL PROTECTED]> > Responder a: > [EMAIL PROTECTED] > Agente de usuario:: > SquirrelMail/1.4.9a > MIME-Version: > 1.0 > Content-Type: > text/plain;charset=iso-8859-1 > X-Priority: > 3 (Normal) > Importance: > Normal > Content-Transfer-Encoding: > quoted-printable > X-Sender-Domain: > royalmercosur.com > X-Freemail-From: > casino.com > X-Freemail-Reply-to: > hotmail.com > X-Spamfilter-host: > pascal.junkemailfilter.com - http://www.junkemailfilter.com > X-Mail-from: > [EMAIL PROTECTED] > X-From-name-part: > the casino-web lottery award > X-Spam-Class: > SPAM-HIGH-VERY - 419scam Freemail - Reply-to does not match From - > [EMAIL PROTECTED] F="THE CASINO-WEB LOTTERY AWARD" > <[EMAIL PROTECTED]> - X=pascal H=mail.royalmercosur.com [201.251.7.126] > HELO=[mail.royalmercosur.com] [EMAIL PROTECTED] > [EMAIL PROTECTED] S=[Dear Lottery Winner,] FN=[the > casino-web lottery award ] > X-Spamsave: > Yes - 419scam Freemail - Reply-to does not match From - > [EMAIL PROTECTED] F="THE CASINO-WEB LOTTERY AWARD" > <[EMAIL PROTECTED]> - X=pascal H=mail.royalmercosur.com [201.251.7.126] > HELO=[mail.royalmercosur.com] [EMAIL PROTECTED] > [EMAIL PROTECTED] S=[Dear Lottery Winner,] FN=[the > casino-web lottery award ] > X-Sender-Host-Address: > 201.251.7.126 > X-Sender-Host-Name: > mail.royalmercosur.com > X-Original-helo: > mail.royalmercosur.com > > > from=<[EMAIL PROTECTED]>, size=2711, nrcpt=50 (queue active) > Oct 23 09:02:36 localhost postfix/qmgr[13699]: 324259209E: > from=<[EMAIL PROTECTED]>, size=2711, nrcpt=50 (queue active) > Oct 23 09:02:36 localhost postfix/smtp[13709]: connect to > cluster2.eu.messagelabs.com[195.245.231.83]: Connection refused (port 25) > Oct 23 09:02:36 localhost postfix/qmgr[13699]: 11FC62C6FD: from=<>, > size=8265, nrcpt=1 (queue active) > Oct 23 09:02:36 localhost postfix/smtp[13714]: connect to > cluster2.eu.messagelabs.com[195.245.231.67]: Connection refused (port 25) > Oct 23 09:02:36 localhost postfix/smtp[13708]: connect to > cluster2.eu.messagelabs.com[193.109.255.131]: Connection refused (port 25) > Oct 23 09:02:36 localhost postfix/qmgr[13699]: DB15DD186: from=<>, > size=5438, nrcpt=1 (queue active) > Oct 23 09:02:36 localhost postfix/smtp[13710]: connect to > cluster2.eu.messagelabs.com[195.245.230.179]: Connection refused (port 25) > Oct 23 09:02:36 localhost postfix/qmgr[13699]: 1D6398B789: from=<>, > size=4385, nrcpt=1 (queue active) > Oct 23 09:02:36 localhost postfix/qmgr[13699]: 60CF52D600: > from=<[EMAIL PROTECTED]>, size=2108, nrcpt=50 (queue active) > Oct 23 09:02:36 localhost postfix/qmgr[13699]: 194248D2A7: from=<>, > size=27838, nrcpt=1 (queue active) > Oct 23 09:02:36 localhost postfix/qmgr[13699]: 3835AC379: from=<>, > size=9172, nrcpt=1 (queue active) > Oct 23 09:02:36 localhost postfix/qmgr[13699]: 1597E8B342: from=<>, > size=14778, > > Esto se repite durante unas cuantas paginas, no mire mucho el correo, pero por lo que decis, no tendras infectada la maquina esa con algun virus o algo! ?
Saludos -- :: Cristian Menghi :: "Me gustaría cambiar el mundo, pero no me dan el código fuente" GPG-id (9EAE4FB2) http://www.menghi.biz
signature.asc
Description: This is a digitally signed message part.
