There's a lot of irrelevant information here. The DENIED messages in the
smtp log are normal, and a good thing. They have absolutely nothing to
do with your problem.
Can we please start a new thread for this? Let's back up a bit.
I'd like to see the results from:
# qmHandle -l | head -n20
--
-Eric 'shubes'
Rafael Andrade wrote:
See more information... the problem continues :(
Jun 23 08:10:41 net spamdyke[29090]: DENIED_OTHER from: (unknown) to:
anonym...@metalservice.ind.br origin_ip: 64.20.61.10 origin_rdns:
ip10.njs0.srv.infoex.com auth: (unknown)
Jun 23 08:10:45 net spamdyke[29179]: DENIED_RDNS_MISSING from: (unknown)
to: anonym...@metalservice.ind.br origin_ip: 200.20.171.117 origin_rdns:
(unknown) auth: (unknown)
Jun 23 08:11:14 net spamdyke[29237]: DENIED_RDNS_MISSING from: (unknown)
to: anonym...@metalservice.ind.br origin_ip: 189.2.134.108 origin_rdns:
(unknown) auth: (unknown)
Jun 23 08:11:30 net spamdyke[29269]: DENIED_RDNS_RESOLVE from: (unknown)
to: anonym...@metalservice.ind.br origin_ip: 200.182.224.2 origin_rdns:
kmcdcsrv.kmcasa.com.br auth: (unknown)
Jun 23 08:11:31 net spamdyke[29263]: DENIED_RDNS_RESOLVE from: (unknown)
to: anonym...@metalservice.ind.br origin_ip: 68.93.216.4 origin_rdns:
68-93-216-4.ded.swbell.net auth: (unknown)
Jun 23 08:11:39 net spamdyke[29293]: DENIED_RDNS_MISSING from: (unknown)
to: anonym...@metalservice.ind.br origin_ip: 200.20.171.117 origin_rdns:
(unknown) auth: (unknown)
Jun 23 08:11:39 net spamdyke[29295]: DENIED_RDNS_MISSING from: (unknown)
to: anonym...@metalservice.ind.br origin_ip: 200.20.171.117 origin_rdns:
(unknown) auth: (unknown)
Jun 23 08:11:48 net spamdyke[29314]: DENIED_RDNS_MISSING from: (unknown)
to: anonym...@metalservice.ind.br origin_ip: 200.228.168.2 origin_rdns:
(unknown) auth: (unknown)
Jun 23 08:11:56 net spamdyke[29333]: DENIED_RDNS_MISSING from: (unknown)
to: anonym...@metalservice.ind.br origin_ip: 200.228.168.2 origin_rdns:
(unknown) auth: (unknown)
Jun 23 08:12:02 net spamdyke[29301]: DENIED_OTHER from: (unknown) to:
anonym...@metalservice.ind.br origin_ip: 64.20.61.10 origin_rdns:
ip10.njs0.srv.infoex.com auth: (unknown)
Jun 23 08:25:52 net spamdyke[31546]: DENIED_OTHER from: (unknown) to:
anonym...@metalservice.ind.br origin_ip: 64.20.61.10 origin_rdns:
ip10.njs0.srv.infoex.com auth: (unknown)
Jun 23 08:25:55 net spamdyke[31598]: DENIED_RDNS_MISSING from: (unknown)
to: anonym...@metalservice.ind.br origin_ip: 200.228.168.2 origin_rdns:
(unknown) auth: (unknown)
Jun 23 08:25:56 net spamdyke[31600]: DENIED_RDNS_RESOLVE from: (unknown)
to: anonym...@metalservice.ind.br origin_ip: 168.243.205.138
origin_rdns: ip-cust-sv14138.telefonica-ca.net auth: (unknown)
Jun 23 08:26:31 net spamdyke[31670]: DENIED_RDNS_RESOLVE from: (unknown)
to: anonym...@metalservice.ind.br origin_ip: 200.182.224.2 origin_rdns:
kmcdcsrv.kmcasa.com.br auth: (unknown)
Jun 23 08:26:42 net spamdyke[31688]: DENIED_RDNS_MISSING from: (unknown)
to: anonym...@metalservice.ind.br origin_ip: 200.20.171.117 origin_rdns:
(unknown) auth: (unknown)
Jun 23 08:27:17 net spamdyke[31726]: DENIED_OTHER from: (unknown) to:
anonym...@metalservice.ind.br origin_ip: 64.20.61.10 origin_rdns:
ip10.njs0.srv.infoex.com auth: (unknown)
Jun 23 08:27:32 net spamdyke[31792]: DENIED_RDNS_MISSING from:
comprascomp...@metalservice.ind.br to:
comprascomp...@metalservice.ind.br origin_ip: 112.197.96.115
origin_rdns: (unknown) auth: (unknown)
Jun 23 08:27:42 net spamdyke[31814]: DENIED_RDNS_RESOLVE from: (unknown)
to: anonym...@metalservice.ind.br origin_ip: 216.86.220.107 origin_rdns:
216-86-220-107.mminternet.com auth: (unknown)
Jun 23 08:27:43 net spamdyke[31824]: DENIED_RDNS_MISSING from: (unknown)
to: anonym...@metalservice.ind.br origin_ip: 200.228.168.2 origin_rdns:
(unknown) auth: (unknown)
Jun 23 08:28:09 net spamdyke[31875]: DENIED_RDNS_MISSING from: (unknown)
to: anonym...@metalservice.ind.br origin_ip: 200.228.168.2 origin_rdns:
(unknown) auth: (unknown)
Jun 23 08:28:16 net spamdyke[31893]: DENIED_RDNS_MISSING from: (unknown)
to: anonym...@metalservice.ind.br origin_ip: 200.203.100.7 origin_rdns:
(unknown) auth: (unknown)
Jun 23 08:28:42 net spamdyke[31907]: DENIED_OTHER from: (unknown) to:
anonym...@metalservice.ind.br origin_ip: 64.20.61.10 origin_rdns:
ip10.njs0.srv.infoex.com auth: (unknown)
Jun 23 08:29:28 net spamdyke[32021]: DENIED_OTHER from: (unknown) to:
anonym...@metalservice.ind.br origin_ip: 66.7.201.228 origin_rdns:
uranio.alanet.com.br auth: (unknown)
Jun 23 08:29:30 net spamdyke[32030]: DENIED_RDNS_RESOLVE from: (unknown)
to: anonym...@metalservice.ind.br origin_ip: 67.143.28.226 origin_rdns:
host671430022628.direcway.com auth: (unknown)
Jun 23 08:29:35 net spamdyke[32045]: DENIED_RDNS_MISSING from: (unknown)
to: anonym...@metalservice.ind.br origin_ip: 200.14.68.55 origin_rdns:
(unknown) auth: (unknown)
Jun 23 08:29:43 net spamdyke[32071]: DENIED_RDNS_MISSING from: (unknown)
to: anonym...@metalservice.ind.br origin_ip: 200.228.168.2 origin_rdns:
(unknown) auth: (unknown)
Jun 23 08:29:51 net spamdyke[32086]: DENIED_RDNS_MISSING from: (unknown)
to: anonym...@metalservice.ind.br origin_ip: 218.247.148.13 origin_rdns:
(unknown) auth: (unknown)
Jun 23 08:29:59 net spamdyke[32092]: ALLOWED from:
boun...@mx2.dtdlistas.com.br to: comp...@metalservice.ind.br origin_ip:
200.203.122.148 origin_rdns: dtd-mailmkt02.datadrome.net auth: (unknown)
Jun 23 08:30:05 net spamdyke[32081]: DENIED_OTHER from: (unknown) to:
anonym...@metalservice.ind.br origin_ip: 64.20.61.10 origin_rdns:
ip10.njs0.srv.infoex.com auth: (unknown)
Jun 23 08:30:12 net spamdyke[32219]: DENIED_RDNS_MISSING from: (unknown)
to: anonym...@metalservice.ind.br origin_ip: 200.228.168.2 origin_rdns:
(unknown) auth: (unknown)
23 Jun 2010 15:58:59 GMT #3085016 1787 <anonym...@metalservice.ind.br>
remote paolozano...@terra.com.br
23 Jun 2010 15:58:09 GMT #3082670 1798 <anonym...@metalservice.ind.br>
remote paodebatatae...@paodebatataecia.com.br
23 Jun 2010 16:00:31 GMT #3089386 1790 <anonym...@metalservice.ind.br>
remote papi...@camaraaracatuba.com.br
23 Jun 2010 15:55:09 GMT #3068594 1783 <anonym...@metalservice.ind.br>
remote pantt...@terra.com.br
23 Jun 2010 15:58:09 GMT #3079979 1786 <anonym...@metalservice.ind.br>
remote paoevi...@paoevinho.com.br
23 Jun 2010 15:56:39 GMT #3077127 1783 <anonym...@metalservice.ind.br>
remote paollam...@bol.com.br
23 Jun 2010 15:54:53 GMT #3066754 1794 <anonym...@metalservice.ind.br>
remote panificadorasavi...@terra.com.br
23 Jun 2010 15:57:54 GMT #3074712 1780 <anonym...@metalservice.ind.br>
remote paola_fagun...@msn.com
23 Jun 2010 15:58:54 GMT #3083797 1783 <anonym...@metalservice.ind.br>
remote paoli...@terra.com.br
23 Jun 2010 15:55:57 GMT #3074298 1784 <anonym...@metalservice.ind.br>
remote pantarom...@yahoo.com.br
23 Jun 2010 16:00:28 GMT #3089225 1795 <anonym...@metalservice.ind.br>
remote papelariaempresar...@click21.com.br
23 Jun 2010 15:54:50 GMT #3068962 1789 <anonym...@metalservice.ind.br>
remote paneladopag...@terra.com.br
23 Jun 2010 15:54:52 GMT #3069192 1785 <anonym...@metalservice.ind.br>
remote panhoca...@terra.com.br
23 Jun 2010 15:55:59 GMT #3070641 1782 <anonym...@metalservice.ind.br>
remote pantra...@yahoo.com.br
23 Jun 2010 15:58:43 GMT #3084050 3196 <#...@[]>
remote postmas...@net
23 Jun 2010 15:57:46 GMT #3081106 1795 <anonym...@metalservice.ind.br>
remote paola-bra...@lausurpadora.zzn.com
23 Jun 2010 15:55:47 GMT #3073884 1781 <anonym...@metalservice.ind.br>
remote panfleta...@yahoo.com
23 Jun 2010 15:58:14 GMT #3083015 1794 <anonym...@metalservice.ind.br>
remote paoladiver...@paoladiverona.com.br
23 Jun 2010 15:55:59 GMT #3072021 1784 <anonym...@metalservice.ind.br>
remote pantonioarm...@yahoo.com
23 Jun 2010 15:58:44 GMT #3076667 1788 <anonym...@metalservice.ind.br>
[r...@net ~]# netstat -an | grep -i CONE | grep -i :25 [r...@net ~]#
[r...@net ~]# cat /var/log/maillog | grep -i pantonioarm...@yahoo.com
[r...@net ~]#
[r...@net ~]# cat /var/log/qmail/smtp/* | grep -i pantonioarm...@yahoo.com
[r...@net ~]#
[r...@net smtp]# cat /var/log/qmail/send/*| grep -i
pantonioarm...@yahoo.com
[r...@net smtp]#
[r...@net smtp]# cat /var/log/maildrop/maildrop.log | grep -i
pantonioarm...@yahoo.com
[r...@net smtp]#
[r...@net smtp]# qmail-remove -d -i anonymous; qmailctl restart
remove remote/0/3068821
remove info/0/3068821
3074157: yes
remove mess/0/3074157
remove remote/0/3074157
remove info/0/3074157
3087566: yes
remove mess/0/3087566
remove remote/0/3087566
remove info/0/3087566
3070040: yes
remove mess/0/3070040
remove remote/0/3070040
remove info/0/3070040
3067119: yes
remove mess/0/3067119
remove remote/0/3067119
remove info/0/3067119
... ... ...
[r...@net smtp]# qmailctl queue
messages in queue: 0
messages in queue but not yet preprocessed: 0
:(
Roundcube is offline.
Apache is online.
[r...@net smtp]# netstat -natup
Conexões Internet Ativas (servidores e estabelecidas)
Proto Recv-Q Send-Q Local Address Foreign
Address State PID/Program name tcp 0 0
0.0.0.0:993 0.0.0.0:* OUÇA
6006/tcpserver tcp 0 0 0.0.0.0:995
0.0.0.0:* OUÇA 6017/tcpserver tcp
0 0 0.0.0.0:3306 0.0.0.0:*
OUÇA 2746/mysqld tcp 0 0
0.0.0.0:587 0.0.0.0:* OUÇA
6027/tcpserver tcp 0 0 0.0.0.0:110
0.0.0.0:* OUÇA 6079/tcpserver tcp
0 0 127.0.0.1:783 0.0.0.0:*
OUÇA 6043/perl tcp 0 0
0.0.0.0:143 0.0.0.0:* OUÇA
6044/tcpserver tcp 0 0 0.0.0.0:8080
0.0.0.0:* OUÇA 434/dansguardian tcp
0 0 10.1.1.254:53 0.0.0.0:*
OUÇA 2351/named tcp 0 0
189.72.77.72:53 0.0.0.0:* OUÇA
2351/named tcp 0 0 192.168.1.254:53
0.0.0.0:* OUÇA 2351/named tcp
0 0 127.0.0.1:53 0.0.0.0:*
OUÇA 2351/named tcp 0 0
0.0.0.0:3128 0.0.0.0:* OUÇA
2853/(squid) tcp 0 0 0.0.0.0:25
0.0.0.0:* OUÇA 32137/tcpserver tcp
0 0 127.0.0.1:953 0.0.0.0:*
OUÇA 2351/named tcp 0 0
192.168.1.254:143 192.168.1.19:3303
ESTABELECIDA4296/imapd tcp 0 0
10.1.1.254:35149 201.7.179.129:80
ESTABELECIDA2853/(squid) tcp 0 0
192.168.1.254:143 192.168.1.19:1527
ESTABELECIDA26595/imapd tcp 0 0
10.1.1.254:45890 64.191.223.40:25
ESTABELECIDA30160/qmail-remote tcp 0 0
10.1.1.254:33281 200.221.29.129:25
ESTABELECIDA4956/qmail-remote tcp 0 0
10.1.1.254:35630 200.221.29.128:25
ESTABELECIDA20308/qmail-remote tcp 0 0
192.168.1.254:143 192.168.1.19:1728
ESTABELECIDA7342/imapd tcp 0 0
10.1.1.254:45388 64.233.163.104:80
ESTABELECIDA2853/(squid) tcp 0 0
10.1.1.254:49792 64.233.163.100:80
ESTABELECIDA2853/(squid) tcp 0 0
10.1.1.254:59123 200.45.191.213:25
ESTABELECIDA1002/qmail-remote tcp 0 0
10.1.1.254:57461 200.221.29.128:25
ESTABELECIDA18712/qmail-remote tcp 0 0
10.1.1.254:38397 216.163.188.57:25
ESTABELECIDA28458/qmail-remote tcp 1 0
10.1.1.254:25 200.245.165.130:41076
ESPERANDO_FECHAR24306/spamdyke tcp 0 0
10.1.1.254:39883 216.163.188.57:25
ESTABELECIDA26999/qmail-remote tcp 0 0
192.168.1.254:143 192.168.1.223:1917
ESTABELECIDA7160/imapd tcp 0 0
192.168.1.254:143 192.168.1.32:49539
ESTABELECIDA14456/imapd tcp 0 0
10.1.1.254:40088 216.163.188.57:25
ESTABELECIDA28668/qmail-remote tcp 0 0
192.168.1.254:143 192.168.1.4:1178
ESTABELECIDA30600/imapd tcp 0 0
192.168.1.254:8080 192.168.1.21:1172 TIME_WAIT
- tcp 0 0 192.168.1.254:8080
192.168.1.21:1173 TIME_WAIT - tcp
0 0 192.168.1.254:8080 192.168.1.21:1174
TIME_WAIT - tcp 0 0
192.168.1.254:143 192.168.1.4:1177
ESTABELECIDA30591/imapd tcp 0 0
192.168.1.254:8080 192.168.1.21:1175 TIME_WAIT
- tcp 0 0 192.168.1.254:143
192.168.1.4:1182 ESTABELECIDA30631/imapd tcp
0 0 192.168.1.254:8080 192.168.1.21:1168
TIME_WAIT - tcp 0 0
192.168.1.254:8080 192.168.1.21:1169 TIME_WAIT
- tcp 0 0 192.168.1.254:8080
192.168.1.21:1170 TIME_WAIT - tcp
0 0 192.168.1.254:8080 192.168.1.21:1171
TIME_WAIT - tcp 0 0
192.168.1.254:8080 192.168.1.21:1180 TIME_WAIT
- tcp 0 0 192.168.1.254:8080
192.168.1.21:1181 TIME_WAIT - tcp
0 0 192.168.1.254:8080 192.168.1.21:1176
TIME_WAIT - tcp 0 0
192.168.1.254:8080 192.168.1.21:1177 TIME_WAIT
- tcp 0 0 10.1.1.254:57816
64.233.163.104:80 ESTABELECIDA2853/(squid) tcp
0 0 192.168.1.254:8080 192.168.1.21:1178
TIME_WAIT - tcp 0 0
10.1.1.254:43937 216.163.188.60:25
ESTABELECIDA28347/qmail-remote tcp 0 0
192.168.1.254:8080 192.168.1.21:1179 TIME_WAIT
- tcp 0 0 192.168.1.254:8080
192.168.1.21:1156 TIME_WAIT - tcp
0 0 192.168.1.254:8080 192.168.1.21:1157
TIME_WAIT - tcp 0 0
192.168.1.254:8080 192.168.1.21:1158 TIME_WAIT
- tcp 0 0 192.168.1.254:8080
192.168.1.21:1159 TIME_WAIT - tcp
0 0 192.168.1.254:8080 192.168.1.21:1152
TIME_WAIT - tcp 0 0
192.168.1.254:8080 192.168.1.21:1154 TIME_WAIT
- tcp 0 0 192.168.1.254:8080
192.168.1.21:1155 TIME_WAIT - tcp
0 0 192.168.1.254:8080 192.168.1.21:1164
TIME_WAIT - tcp 0 0
192.168.1.254:8080 192.168.1.21:1165 TIME_WAIT
- tcp 0 0 192.168.1.254:8080
192.168.1.21:1166 TIME_WAIT - tcp
0 0 192.168.1.254:8080 192.168.1.21:1167
TIME_WAIT - tcp 0 0
10.1.1.254:51510 200.255.154.55:25
ESTABELECIDA14543/qmail-remote tcp 0 0
10.1.1.254:51552 200.255.154.55:25
ESTABELECIDA15231/qmail-remote tcp 0 0
192.168.1.254:8080 192.168.1.21:1160 TIME_WAIT
- tcp 0 0 192.168.1.254:8080
192.168.1.21:1161 TIME_WAIT - tcp
0 0 192.168.1.254:8080 192.168.1.21:1162
TIME_WAIT - tcp 0 0
192.168.1.254:8080 192.168.1.21:1163 TIME_WAIT
- tcp 0 0 127.0.0.1:3128
127.0.0.1:47756 TIME_WAIT - tcp
0 0 127.0.0.1:3128 127.0.0.1:47757
TIME_WAIT - tcp 0 0
10.1.1.254:35274 72.14.204.100:80
ESTABELECIDA2853/(squid) tcp 0 0
127.0.0.1:3128 127.0.0.1:47758 TIME_WAIT
- tcp 0 0 127.0.0.1:3128
127.0.0.1:47759 TIME_WAIT - tcp
0 0 10.1.1.254:52956 200.155.86.46:80
TIME_WAIT - tcp 0 0
10.1.1.254:41830 94.228.133.166:25
ESTABELECIDA9891/qmail-remote tcp 1 7
10.1.1.254:35311 189.76.157.60:25 FECHANDO
- tcp 1 7 10.1.1.254:35307
189.76.157.60:25 FECHANDO - tcp
0 0 10.1.1.254:46523 201.7.178.45:80
ESTABELECIDA2853/(squid) tcp 1 7
10.1.1.254:55065 189.28.16.184:25 FECHANDO
- tcp 1 7 10.1.1.254:55042
189.28.16.184:25 FECHANDO - tcp
1 7 10.1.1.254:55170 189.28.16.184:25
FECHANDO - tcp 0 0
127.0.0.1:3128 127.0.0.1:47753 TIME_WAIT
- tcp 1 7 10.1.1.254:55008
189.28.16.184:25 FECHANDO - tcp
0 0 127.0.0.1:3128 127.0.0.1:47754
TIME_WAIT - tcp 1 7
10.1.1.254:54704 189.28.16.184:25 FECHANDO
- tcp 0 0 127.0.0.1:3128
127.0.0.1:47755 TIME_WAIT - tcp
1 7 10.1.1.254:36155 189.76.157.60:25
FECHANDO - tcp 1 7
10.1.1.254:36156 189.76.157.60:25 FECHANDO
- tcp 0 0 10.1.1.254:42958
94.228.133.166:25 ESTABELECIDA27479/qmail-remote tcp
1 7 10.1.1.254:36188 189.76.157.60:25
FECHANDO - tcp 0 0
10.1.1.254:42961 38.113.116.194:25
ESTABELECIDA28678/qmail-remote tcp 0 0
192.168.1.254:8080 192.168.1.21:1148 TIME_WAIT
- tcp 0 0 10.1.1.254:43041
38.113.116.194:25 ESTABELECIDA29364/qmail-remote tcp
0 0 192.168.1.254:8080 192.168.1.21:1149
TIME_WAIT - tcp 0 0
192.168.1.254:8080 192.168.1.21:1150 TIME_WAIT
- tcp 0 0 192.168.1.254:8080
192.168.1.21:1145 TIME_WAIT - tcp
0 0 192.168.1.254:8080 192.168.1.21:1146
TIME_WAIT - tcp 0 0
10.1.1.254:46094 38.113.116.216:25
ESTABELECIDA10206/qmail-remote tcp 0 0
192.168.1.254:8080 192.168.1.21:1147 TIME_WAIT
- tcp 0 0 127.0.0.1:3128
127.0.0.1:47772 TIME_WAIT - tcp
0 0 10.1.1.254:42545 201.7.178.45:80
ESTABELECIDA2853/(squid) tcp 0 0
127.0.0.1:3128 127.0.0.1:47773 TIME_WAIT
- tcp 0 0 127.0.0.1:3128
127.0.0.1:47774 TIME_WAIT - tcp
0 0 127.0.0.1:3128 127.0.0.1:47775
TIME_WAIT - tcp 0 0
127.0.0.1:3128 127.0.0.1:47768 TIME_WAIT
- tcp 0 0 127.0.0.1:3128
127.0.0.1:47769 TIME_WAIT - tcp
0 0 127.0.0.1:3128 127.0.0.1:47770
TIME_WAIT - tcp 0 0
127.0.0.1:3128 127.0.0.1:47771 TIME_WAIT
- tcp 0 0 127.0.0.1:3128
127.0.0.1:47764 TIME_WAIT - tcp
0 0 127.0.0.1:3128 127.0.0.1:47765
TIME_WAIT - tcp 0 0
127.0.0.1:3128 127.0.0.1:47766 TIME_WAIT
- tcp 0 0 10.1.1.254:55199
200.155.86.46:80 TIME_WAIT - tcp
0 0 127.0.0.1:3128 127.0.0.1:47767
TIME_WAIT - tcp 0 0
127.0.0.1:3128 127.0.0.1:47760 TIME_WAIT
- tcp 0 0 127.0.0.1:3128
127.0.0.1:47761 TIME_WAIT - tcp
0 0 10.1.1.254:42777 38.113.116.216:25
ESTABELECIDA10201/qmail-remote tcp 0 0
10.1.1.254:42757 38.113.116.216:25
ESTABELECIDA9605/qmail-remote tcp 0 0
127.0.0.1:3128 127.0.0.1:47762 TIME_WAIT
- tcp 0 0 127.0.0.1:3128
127.0.0.1:47763 TIME_WAIT - tcp
0 0 10.1.1.254:42308 38.113.116.216:25
ESTABELECIDA19985/qmail-remote tcp 0 0
127.0.0.1:3128 127.0.0.1:47788 TIME_WAIT
- tcp 0 0 127.0.0.1:3128
127.0.0.1:47789 TIME_WAIT - tcp
0 0 127.0.0.1:3128 127.0.0.1:47790
TIME_WAIT - tcp 0 0
127.0.0.1:3128 127.0.0.1:47791 TIME_WAIT
- tcp 0 0 127.0.0.1:3128
127.0.0.1:47784 TIME_WAIT - tcp
0 0 127.0.0.1:3128 127.0.0.1:47785
TIME_WAIT - tcp 0 0
127.0.0.1:3128 127.0.0.1:47786 TIME_WAIT
- tcp 0 0 127.0.0.1:3128
127.0.0.1:47787 TIME_WAIT - tcp
0 0 127.0.0.1:3128 127.0.0.1:47780
TIME_WAIT - tcp 0 0
127.0.0.1:3128 127.0.0.1:47781 TIME_WAIT
- tcp 0 0 10.1.1.254:40048
201.7.178.45:80 ESTABELECIDA2853/(squid) tcp
0 0 127.0.0.1:3128 127.0.0.1:47782
TIME_WAIT - tcp 0 0
127.0.0.1:3128 127.0.0.1:47783 TIME_WAIT
- tcp 0 0 127.0.0.1:3128
127.0.0.1:47776 TIME_WAIT - tcp
0 0 10.1.1.254:25 200.245.165.130:41088
ESTABELECIDA24309/spamdyke tcp 0 0
127.0.0.1:3128 127.0.0.1:47777 TIME_WAIT
- tcp 0 0 192.168.1.254:143
192.168.1.233:49338 ESTABELECIDA26758/imapd tcp
0 0 127.0.0.1:3128 127.0.0.1:47778
TIME_WAIT - tcp 0 0
10.1.1.254:36352 38.113.116.194:25
ESTABELECIDA10855/qmail-remote tcp 0 0
127.0.0.1:3128 127.0.0.1:47779 TIME_WAIT
- tcp 0 0 192.168.1.254:8080
192.168.1.19:3650 TIME_WAIT - tcp
0 0 127.0.0.1:3128 127.0.0.1:47804
TIME_WAIT - tcp 0 0
192.168.1.254:8080 192.168.1.19:3651 TIME_WAIT
- tcp 0 0 127.0.0.1:3128
127.0.0.1:47805 TIME_WAIT - tcp
0 0 10.1.1.254:34717 201.7.178.45:80
ESTABELECIDA2853/(squid) tcp 0 0
192.168.1.254:8080 192.168.1.19:3648 TIME_WAIT
- tcp 0 0 127.0.0.1:3128
127.0.0.1:47806 TIME_WAIT - tcp
0 0 192.168.1.254:8080 192.168.1.19:3649
TIME_WAIT - tcp 0 0
127.0.0.1:3128 127.0.0.1:47807 TIME_WAIT
- tcp 0 0 192.168.1.254:8080
192.168.1.19:3654 TIME_WAIT - tcp
0 0 127.0.0.1:3128 127.0.0.1:47800
TIME_WAIT - tcp 0 0
10.1.1.254:25 200.55.189.18:44242 TIME_WAIT
- tcp 0 0 192.168.1.254:8080
192.168.1.19:3655 TIME_WAIT - tcp
0 0 127.0.0.1:3128 127.0.0.1:47801
TIME_WAIT - tcp 0 0
192.168.1.254:8080 192.168.1.19:3652 TIME_WAIT
- tcp 0 0 127.0.0.1:3128
127.0.0.1:47802 TIME_WAIT - tcp
0 0 10.1.1.254:32792 201.7.178.45:80
ESTABELECIDA2853/(squid) tcp 1 0
10.1.1.254:25 68.93.216.4:22985
ESPERANDO_FECHAR7299/spamdyke tcp 0 0
192.168.1.254:8080 192.168.1.19:3653 TIME_WAIT
- tcp 0 0 127.0.0.1:3128
127.0.0.1:47803 TIME_WAIT - tcp
0 0 192.168.1.254:8080 192.168.1.19:3658
TIME_WAIT - tcp 0 0
127.0.0.1:3128 127.0.0.1:47796 TIME_WAIT
- tcp 0 0 127.0.0.1:3128
127.0.0.1:47797 TIME_WAIT - tcp
0 0 192.168.1.254:8080 192.168.1.19:3656
TIME_WAIT - tcp 0 0
127.0.0.1:3128 127.0.0.1:47798 TIME_WAIT
- tcp 0 0 127.0.0.1:3128
127.0.0.1:47799 TIME_WAIT - tcp
0 0 127.0.0.1:3128 127.0.0.1:47792
TIME_WAIT - tcp 0 0
127.0.0.1:3128 127.0.0.1:47793 TIME_WAIT
- tcp 0 0 127.0.0.1:3128
127.0.0.1:47794 TIME_WAIT - tcp
1 7 10.1.1.254:60703 189.28.16.185:25
FECHANDO - tcp 0 0
127.0.0.1:3128 127.0.0.1:47795 TIME_WAIT
- tcp 1 7 10.1.1.254:60774
189.28.16.185:25 FECHANDO - tcp
1 7 10.1.1.254:60775 189.28.16.185:25
FECHANDO - tcp 1 7
10.1.1.254:60785 189.28.16.185:25 FECHANDO
- tcp 1 7 10.1.1.254:60790
189.28.16.185:25 FECHANDO - tcp
1 7 10.1.1.254:60815 189.28.16.185:25
FECHANDO - tcp 1 7
10.1.1.254:60853 189.28.16.185:25 FECHANDO
- tcp 0 0 127.0.0.1:3128
127.0.0.1:47820 TIME_WAIT - tcp
0 0 192.168.1.254:8080 192.168.1.19:3634
TIME_WAIT - tcp 0 0
127.0.0.1:3128 127.0.0.1:47821 TIME_WAIT
- tcp 0 0 192.168.1.254:8080
192.168.1.19:3635 TIME_WAIT - tcp
0 0 127.0.0.1:3128 127.0.0.1:47822
TIME_WAIT - tcp 0 0
192.168.1.254:8080 192.168.1.19:3632 TIME_WAIT
- tcp 0 0 127.0.0.1:3128
127.0.0.1:47823 TIME_WAIT - tcp
0 0 192.168.1.254:8080 192.168.1.19:3633
TIME_WAIT - tcp 0 0
127.0.0.1:3128 127.0.0.1:47816 TIME_WAIT
- tcp 0 0 192.168.1.254:8080
192.168.1.19:3638 TIME_WAIT - tcp
0 0 127.0.0.1:3128 127.0.0.1:47817
TIME_WAIT - tcp 0 0
192.168.1.254:8080 192.168.1.19:3639 TIME_WAIT
- tcp 0 0 127.0.0.1:3128
127.0.0.1:47818 TIME_WAIT - tcp
0 0 192.168.1.254:8080 192.168.1.19:3636
TIME_WAIT - tcp 0 0
127.0.0.1:3128 127.0.0.1:47819 TIME_WAIT
- tcp 0 0 192.168.1.254:8080
192.168.1.19:3637 TIME_WAIT - tcp
0 0 127.0.0.1:3128 127.0.0.1:47812
TIME_WAIT - tcp 0 0
192.168.1.254:8080 192.168.1.19:3642 TIME_WAIT
- tcp 0 0 127.0.0.1:3128
127.0.0.1:47813 TIME_WAIT - tcp
0 0 192.168.1.254:8080 192.168.1.19:3643
TIME_WAIT - tcp 1 0
10.1.1.254:25 68.93.216.4:26550
ESPERANDO_FECHAR912/spamdyke tcp 0 0
127.0.0.1:3128 127.0.0.1:47814 TIME_WAIT
- tcp 0 0 192.168.1.254:8080
192.168.1.19:3640 TIME_WAIT - tcp
0 0 10.1.1.254:50086 72.14.204.100:80
ESTABELECIDA2853/(squid) tcp 0 0
127.0.0.1:3128 127.0.0.1:47815 TIME_WAIT
- tcp 0 0 192.168.1.254:8080
192.168.1.19:3641 TIME_WAIT - tcp
0 0 127.0.0.1:3128 127.0.0.1:47808
TIME_WAIT - tcp 0 0
192.168.1.254:8080 192.168.1.19:3646 TIME_WAIT
- tcp 0 0 127.0.0.1:3128
127.0.0.1:47809 TIME_WAIT - tcp
0 0 192.168.1.254:8080 192.168.1.19:3647
TIME_WAIT - tcp 0 0
127.0.0.1:3128 127.0.0.1:47810 TIME_WAIT
- tcp 0 0 192.168.1.254:8080
192.168.1.19:3644 TIME_WAIT - tcp
0 0 127.0.0.1:3128 127.0.0.1:47811
TIME_WAIT - tcp 0 0
192.168.1.254:8080 192.168.1.19:3645 TIME_WAIT
- tcp 0 0 192.168.1.254:8080
192.168.1.19:3618 TIME_WAIT - tcp
0 0 127.0.0.1:3128 127.0.0.1:47836
TIME_WAIT - tcp 0 0
127.0.0.1:3128 127.0.0.1:47837 TIME_WAIT
- tcp 0 0 192.168.1.254:143
192.168.1.234:1221 ESTABELECIDA30003/imapd tcp
0 0 192.168.1.254:8080 192.168.1.19:3616
TIME_WAIT - tcp 0 0
127.0.0.1:3128 127.0.0.1:47838 TIME_WAIT
- tcp 0 0 192.168.1.254:8080
192.168.1.19:3617 TIME_WAIT - tcp
0 0 127.0.0.1:3128 127.0.0.1:47839
TIME_WAIT - tcp 0 0
10.1.1.254:57226 201.55.232.52:25
ESTABELECIDA8751/qmail-remote tcp 0 0
10.1.1.254:57271 201.55.232.52:25
ESTABELECIDA9796/qmail-remote tcp 0 0
192.168.1.254:8080 192.168.1.19:3622 TIME_WAIT
- tcp 0 0 127.0.0.1:3128
127.0.0.1:47832 TIME_WAIT - tcp
0 0 10.1.1.254:49661 66.196.94.104:25
ESTABELECIDA15284/qmail-remote tcp 0 0
10.1.1.254:49657 66.196.94.104:25
ESTABELECIDA15261/qmail-remote tcp 0 0
192.168.1.254:8080 192.168.1.19:3623 TIME_WAIT
- tcp 0 0 127.0.0.1:3128
127.0.0.1:47833 TIME_WAIT - tcp
0 0 192.168.1.254:8080 192.168.1.19:3620
TIME_WAIT - tcp 0 0
127.0.0.1:3128 127.0.0.1:47834 TIME_WAIT
- tcp 0 0 192.168.1.254:8080
192.168.1.19:3621 TIME_WAIT - tcp
0 0 127.0.0.1:3128 127.0.0.1:47835
TIME_WAIT - tcp 0 0
10.1.1.254:49665 66.196.94.104:25
ESTABELECIDA15305/qmail-remote tcp 0 0
192.168.1.254:8080 192.168.1.19:3626 TIME_WAIT
- tcp 0 0 127.0.0.1:3128
127.0.0.1:47828 TIME_WAIT - tcp
0 0 192.168.1.254:8080 192.168.1.19:3627
TIME_WAIT - tcp 0 0
192.168.1.254:8080 192.168.1.19:3624 TIME_WAIT
- tcp 0 0 127.0.0.1:3128
127.0.0.1:47830 TIME_WAIT - tcp
1 7 10.1.1.254:39833 200.216.14.112:25
FECHANDO - tcp 0 0
192.168.1.254:8080 192.168.1.19:3625 TIME_WAIT
- tcp 0 0 127.0.0.1:3128
127.0.0.1:47831 TIME_WAIT - tcp
0 0 192.168.1.254:8080 192.168.1.19:3630
TIME_WAIT - tcp 0 0
127.0.0.1:3128 127.0.0.1:47824 TIME_WAIT
- tcp 0 0 192.168.1.254:8080
192.168.1.19:3631 TIME_WAIT - tcp
0 0 127.0.0.1:3128 127.0.0.1:47825
TIME_WAIT - tcp 1 69
10.1.1.254:25 200.234.222.14:42265 FECHANDO
- tcp 0 0 192.168.1.254:8080
192.168.1.19:3628 TIME_WAIT - tcp
0 0 192.168.1.254:143 192.168.1.234:1226
ESTABELECIDA30022/imapd tcp 0 0
127.0.0.1:3128 127.0.0.1:47826 TIME_WAIT
- tcp 0 0 10.1.1.254:25
200.228.168.2:57966 TIME_WAIT - tcp
0 0 192.168.1.254:8080 192.168.1.19:3629
TIME_WAIT - tcp 0 0
127.0.0.1:3128 127.0.0.1:47827 TIME_WAIT
- tcp 0 0 10.1.1.254:35199
201.7.178.114:80 ESTABELECIDA2853/(squid) tcp
0 0 127.0.0.1:3128 127.0.0.1:47852
TIME_WAIT - tcp 0 0
192.168.1.254:8080 192.168.1.19:3602 TIME_WAIT
- tcp 0 0 127.0.0.1:3128
127.0.0.1:47853 TIME_WAIT - tcp
0 0 192.168.1.254:8080 192.168.1.19:3603
TIME_WAIT - tcp 0 0
127.0.0.1:3128 127.0.0.1:47854 TIME_WAIT
- tcp 0 0 192.168.1.254:8080
192.168.1.19:3600 TIME_WAIT - tcp
0 0 127.0.0.1:3128 127.0.0.1:47855
TIME_WAIT - tcp 0 0
192.168.1.254:8080 192.168.1.19:3601 TIME_WAIT
- tcp 0 0 10.1.1.254:54715
201.7.178.45:80 ESTABELECIDA2853/(squid) tcp
0 0 127.0.0.1:3128 127.0.0.1:47848
TIME_WAIT - tcp 0 0
192.168.1.254:8080 192.168.1.19:3606 TIME_WAIT
- tcp 0 0 127.0.0.1:3128
127.0.0.1:47849 TIME_WAIT - tcp
0 0 192.168.1.254:8080 192.168.1.19:3607
TIME_WAIT - tcp 0 0
127.0.0.1:3128 127.0.0.1:47850 TIME_WAIT
- tcp 0 0 192.168.1.254:8080
192.168.1.19:3604 TIME_WAIT - tcp
0 0 127.0.0.1:3128 127.0.0.1:47851
TIME_WAIT - tcp 0 0
192.168.1.254:8080 192.168.1.19:3605 TIME_WAIT
- tcp 0 0 127.0.0.1:3128
127.0.0.1:47844 TIME_WAIT - tcp
0 0 192.168.1.254:8080 192.168.1.19:3610
TIME_WAIT - tcp 0 0
127.0.0.1:3128 127.0.0.1:47845 TIME_WAIT
- tcp 0 0 192.168.1.254:8080
192.168.1.19:3611 TIME_WAIT - tcp
0 0 127.0.0.1:3128 127.0.0.1:47846
TIME_WAIT - tcp 0 0
192.168.1.254:8080 192.168.1.19:3608 TIME_WAIT
- tcp 0 0 127.0.0.1:3128
127.0.0.1:47847 TIME_WAIT - tcp
0 0 192.168.1.254:8080 192.168.1.19:3609
TIME_WAIT - tcp 0 0
127.0.0.1:3128 127.0.0.1:47840 TIME_WAIT
- tcp 0 0 192.168.1.254:8080
192.168.1.19:3614 TIME_WAIT - tcp
0 0 127.0.0.1:3128 127.0.0.1:47841
TIME_WAIT - tcp 0 0
192.168.1.254:8080 192.168.1.19:3615 TIME_WAIT
- tcp 0 0 127.0.0.1:3128
127.0.0.1:47842 TIME_WAIT - tcp
0 0 192.168.1.254:8080 192.168.1.19:3612
TIME_WAIT - tcp 0 0
127.0.0.1:3128 127.0.0.1:47843 TIME_WAIT
- tcp 0 0 192.168.1.254:8080
192.168.1.19:3613 TIME_WAIT - tcp
0 0 192.168.1.254:8080 192.168.1.19:3591
TIME_WAIT - tcp 0 1
10.1.1.254:49166 201.7.178.45:80 ÚLTIMO_ACK
- tcp 0 0 192.168.1.254:8080
192.168.1.19:3594 TIME_WAIT - tcp
0 0 192.168.1.254:8080 192.168.1.19:3595
TIME_WAIT - tcp 0 0
192.168.1.254:8080 192.168.1.19:3592 TIME_WAIT
- tcp 0 0 192.168.1.254:8080
192.168.1.19:3593 TIME_WAIT - tcp
0 0 192.168.1.254:8080 192.168.1.19:3598
TIME_WAIT - tcp 0 0
127.0.0.1:3128 127.0.0.1:47856 TIME_WAIT
- tcp 0 0 192.168.1.254:8080
192.168.1.19:3599 TIME_WAIT - tcp
0 0 127.0.0.1:3128 127.0.0.1:47857
TIME_WAIT - tcp 0 0
192.168.1.254:8080 192.168.1.19:3596 TIME_WAIT
- tcp 0 0 192.168.1.254:8080
192.168.1.19:3597 TIME_WAIT - tcp
0 0 :::80 :::*
OUÇA 2813/httpd tcp 0 0
:::55000 :::* OUÇA
2567/sshd tcp 0 12168 ::ffff:10.1.1.254:55000
::ffff:200.102.32.162:49625 ESTABELECIDA27084/sshd: rafa [p
udp 0 0 0.0.0.0:32768
0.0.0.0:* 2351/named udp
0 0 0.0.0.0:32778
0.0.0.0:* 2853/(squid) udp
0 0 0.0.0.0:32781
0.0.0.0:* 2896/avahi-daemon: udp
0 0 0.0.0.0:48271
0.0.0.0:* 3240/spamdyke udp
0 0 0.0.0.0:40986
0.0.0.0:* 10629/spamdyke udp
0 0 0.0.0.0:51486
0.0.0.0:* - udp
0 0 0.0.0.0:49830
0.0.0.0:* 24306/spamdyke udp
0 0 0.0.0.0:49832
0.0.0.0:* 24309/spamdyke udp
0 0 192.168.1.254:49834 192.168.1.254:53
ESTABELECIDA- udp 0 0
192.168.1.254:49835 192.168.1.254:53
ESTABELECIDA- udp 0 0
10.1.1.254:53 0.0.0.0:*
2351/named udp 0 0 189.72.77.72:53
0.0.0.0:* 2351/named udp
0 0 192.168.1.254:53
0.0.0.0:* 2351/named udp
0 0 127.0.0.1:53
0.0.0.0:* 2351/named udp
0 0 0.0.0.0:3130
0.0.0.0:* 2853/(squid) udp
0 0 0.0.0.0:10172
0.0.0.0:* 2351/named udp
0 0 0.0.0.0:67
0.0.0.0:* 2104/dhcpd udp
0 0 0.0.0.0:42188
0.0.0.0:* 30561/spamdyke udp
0 0 0.0.0.0:42830
0.0.0.0:* 8952/spamdyke udp
0 0 0.0.0.0:40659
0.0.0.0:* 7299/spamdyke udp
0 0 0.0.0.0:40664
0.0.0.0:* 7352/spamdyke udp
0 0 0.0.0.0:41306
0.0.0.0:* 15664/spamdyke udp
0 0 0.0.0.0:41309
0.0.0.0:* 15692/spamdyke udp
0 0 0.0.0.0:5353
0.0.0.0:* 2896/avahi-daemon: udp
0 0 0.0.0.0:48123
0.0.0.0:* 912/spamdyke udp
0 0 :::32769
:::* 2351/named udp
0 0 :::32782
:::* 2896/avahi-daemon: udp
0 0 :::5353
:::* 2896/avahi-daemon:
Eric Shubert escreveu:
You need to track a message back to the smtp log, and see which user
account was used to submit it. Then change that password.
If you're having trouble with that, show us some of the queue again,
and we'll go from there.
Rafael Andrade wrote:
The problem continues :(
The queue is full of messages again
Rafael Andrade escreveu:
Now my new tcp.smtp and qmailctl cdb done.
192.168.1.:allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="120",CHKUSER_WRONGRCPTLIMIT="10",DKVERIFY="DEGIJKfh",QMAILQUEUE
="/var/qmail/bin/simscan",DKQUEUE="",DKSIGN="/var/qmail/control/domainkeys/%/private",NOP0FCHECK="1"
189.72.77.72:allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="120",CHKUSER_WRONGRCPTLIMIT="10",DKVERIFY="DEGIJKfh",QMAILQUE
UE="/var/qmail/bin/simscan",DKQUEUE="",DKSIGN="/var/qmail/control/domainkeys/%/private",NOP0FCHECK="1"
:allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/simscan",DKSIG
N="/var/qmail/control/domainkeys/%/private",NOP0FCHECK="1"
I disable my roundcube ( yes, is up-to-date, and now disabled my
users dont use webmail, but to access webmail page need htpasswd in
apache ).
Thanks so much Eric
Eric Shubert escreveu:
Your 192.168.1. subnet is an open relay. I'd shut that down, at
least for the time being. What's coming from there?
What's in your smtp log that corresponds to the messages in the
queue? That should give an indication of where they're coming from.
Roundcube had some security issues at one point some time ago. Is
your roundcube up to date?
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and
installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates, and
packages.
To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and
installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
