On Wed, Mar 31, 2010 at 03:41:58PM +0800, Nyoman [D] wrote: > kalau dilihat dari lognya sepertinya sih hasil karya trojan :) > > Coba lakukan langkah ini: > > find /var/spool/postfix -name 4BEF625C980 <-- sesuaikan dengan lokasi > spool postfix anda > > Setelah ketemu filenya ada di mana, pake postcat untuk membaca isi > emailnya, dari sana nanti kita bisa tahu dari IP berapa email itu > dikirim > > Contoh: > r...@proxy:~ # mailq > -Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient------- > 47CB564915 10387 Mon Mar 29 12:28:54 [email protected] > (connect to domaintujuan.com[208.xx.yy.zz]: Connection > refused) > > r...@proxy:~ # find /var/spool/postfix/ -name 47CB564915 > /var/spool/postfix/deferred/4/47CB564915 > /var/spool/postfix/defer/4/47CB564915 > > r...@proxy:~ # postcat /var/spool/postfix/deferred/4/47CB564915
Rasanya bukan gitu deh kalau pakai postcat. Apa bukan begini postcat -q QUEUE_FILE # mailq -Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient------- 0056837493C* 1217 Wed Mar 31 17:15:12 [email protected] [email protected] -- 1 Kbytes in 1 Request. r...@pkusrv2:/SRC/misc# postcat -q 0056837493C *** ENVELOPE RECORDS active/0056837493C *** message_size: 1217 303 1 0 message_arrival_time: Wed Mar 31 17:15:12 2010 named_attribute: rewrite_context=local sender: [email protected] named_attribute: client_name=localhost named_attribute: client_address=127.0.0.1 named_attribute: message_origin=localhost[127.0.0.1] named_attribute: helo_name=webmail.blah.com named_attribute: protocol_name=ESMTP original_recipient: [email protected] recipient: [email protected] *** MESSAGE CONTENTS active/0056837493C *** Received: from mail.blah.com (localhost [127.0.0.1]) by mail.blah.com (Postfix) with ESMTP id 0056837493C for <[email protected]>; Wed, 31 Mar 2010 17:15:12 +0700 (WIT) DomainKey-Signature: a=rsa-sha1; b=e2BPiZBd4TtsJErUdzQzYKijeY9Z9mT/Uffv0/hkrI2lG6gRT5qBNia3waGYQ90Mqu5EXSy+QSavQCj+WoGB3+KgJmhpObgx7NQzMN7/eoZc4f0bFQmDpmrYNlTZkCWx4//Ir7aIay1urHpEO8X17L5HQawElvXCUu+qCEx+gBs=; c=nofws; d=blah.com; q=dns; s=public Received: from webmail.blah.com (localhost [127.0.0.1]) by mail.blah.com (Postfix) with ESMTP id CF9C5374937 for <[email protected]>; Wed, 31 Mar 2010 17:15:12 +0700 (WIT) Received: from 172.16.2.62 by webmail.blah.com with HTTP; Wed, 31 Mar 2010 17:15:12 +0700 (WIT) Message-ID: <[email protected]> Date: Wed, 31 Mar 2010 17:15:12 +0700 (WIT) Subject: tes email From: "Arief Yudhawarman" <[email protected]> To: [email protected] User-Agent: SquirrelMail/1.4.13 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 X-Priority: 3 (Normal) Importance: Normal Content-Transfer-Encoding: quoted-printable Terimakasih banyak sebelumnya. --- Salam, Arief Yudhawarman *** HEADER EXTRACTED active/0056837493C *** *** MESSAGE FILE END active/0056837493C *** -- Arief Yudhawarman http://awarmanf.wordpress.com -- FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab Unsubscribe: kirim email ke [email protected] Arsip dan info milis selengkapnya di http://linux.or.id/milis
