POSTFIX - SPAM / nie SPAM

Wed, 04 May 2011 03:22:57 -0700 

W /var/spool/postfix/active pojawiają się pliki o podobnej treści:

CO          24118            4740              50               0     
24118T#1304368774 
727828A#create_time=1304368774A#rewrite_context=remoteA#sasl_method=LOGINA#sasl_username=pppS#pay...@service.neta
 
log_client_address=209.40.234.68A#log_client_port=2049A)log_message_origin=unknown[209.40.234.68]A#log_helo_name=UserA#log_protocol_name=ESMTPA#client_name=unknownA6reverse_client_name=209-40-234-68.browndognetworks.comA#client_address=209.40.234.68A#client_port=2049A#helo_name=UserA#client_address_type=2A'dsn_dsn_orig_rcpt=rfc822;nuttyrm...@aol.como#nuttyrm...@aol.comr#nuttyrmike@aol.comA2dsn_orig_rcpt=rfc822;nuttytart2...@btopenworld.como#nuttytart2...@btopenworld.comd#nuttytart2...@btopenworld.coma)dsn_orig_rcpt=rfc822;nuttytrac...@aol.como#nuttytrac...@aol.comr#nuttytrac...@aol.coma+dsn_orig_rcpt=rfc822;nu...@worldnet.att.como#nu...@worldnet.att.comr#nu...@worldnet.att.coma(dsn_orig_rcpt=rfc822;nuttz9...@yahoo.como#nuttz9...@yahoo.comd#nuttz9...@yahoo.coma,dsn_orig_rcpt=rfc822;nutuongcuo...@yahoo.como#nutuongcuo...@yahoo.comd#nutuongcuo...@yahoo.coma"dsn_orig_rcpt=rfc822;nu...@aol.como
nu...@aol.comr
nu...@aol.coma'dsn_orig_rcpt=rfc822;nuyorek...@aol.como#nuyorek...@aol.comr#nuyorek...@aol.coma(dsn_dsn_orig_rcpt=rfc822;nuyorica...@aol.como#nuyorica...@aol.comr#nuyorica...@aol.coma+dsn_orig_rcpt=rfc822;nuyoricanch...@aol.como#nuyoricanch...@aol.comr#nuyoricanch...@aol.coma+dsn_orig_rcpt=rfc822;nuyoricanta...@aol.como#nuyoricanta...@aol.comr#nuyoricanta...@aol.coma)dsn_orig_rcpt=rfc822;nuy...@bellsouth.neto#nuy...@bellsouth.netr#nuy...@bellsouth.neta&dsn_orig_rcpt=rfc822;nuyork...@aol.como#nuyork...@aol.comr#nuyork...@aol.coma/dsn_orig_rcpt=rfc822;nuyoulifest...@hotmail.como#nuyoulifest...@hotmail.comd#nuyoulifest...@hotmail.coma'dsn_dsn_orig_rcpt=rfc822;nuy...@hotmail.como#nuy...@hotmail.comd#nuy...@hotmail.coma)dsn_orig_rcpt=rfc822;nuytt...@hotmail.como#nuytt...@hotmail.comd#nuytt...@hotmail.coma#dsn_orig_rcpt=rfc822;nuy...@aol.como#nuy...@aol.comr#nuy...@aol.coma%dsn_orig_rcpt=rfc822;nuz...@webtv.neto#nuz...@webtv.netd#nuz...@webtv.neta,dsn_orig_rcpt=rfc822;nuza_nucita@hotmail.c
omO#omO#omO#nuza_nuc...@hotmail.comd#nuza_nuc...@hotmail.coma)dsn_orig_rcpt=rfc822;nuzak...@hotmail.como#nuzak...@hotmail.comd#nuzak...@hotmail.coma*dsn_orig_rcpt=rfc822;nuzb...@bellsouth.neto#nuzb...@bellsouth.netr#nuzb...@bellsouth.neta#dsn_orig_rcpt=rfc822;nuz...@aol.como#nuz...@aol.comr#nuz...@aol.coma.dsn_orig_rcpt=rfc822;nuzhatkama...@hotmail.como#nuzhatkama...@hotmail.comd#nuzhatkama...@hotmail.coma)dsn_orig_rcpt=rfc822;nuzirat...@yahoo.como#nuzirat...@yahoo.comd#nuzirat...@yahoo.coma(dsn_orig_rcpt=rfc822;nuzt...@prodigy.como#nuzt...@prodigy.comr#nuzt...@prodigy.coma*dsn_orig_rcpt=rfc822;nv_displ...@yahoo.como#nv_displ...@yahoo.comd#nv_displ...@yahoo.coma(dsn_orig_rcpt=rfc822;nv_sur...@yahoo.como#nv_sur...@yahoo.comd#nv_sur...@yahoo.coma'dsn_orig_rcpt=rfc822;nv0...@hotmail.como#nv0...@hotmail.comd#nv0...@hotmail.coma!dsn_orig_rcpt=rfc822;n...@gate.neto

Co to może być ?
Szczególnie zastanawia mnie
"ewrite_context=remoteA#sasl_method=LOGINA#sasl_username=pppS#pay...@service.net"
Sprawdzałem i serwer nie jest open-relay
Czy jakiś spammer wykorzystuje jakieś konto do rozsyłania spamu ?
Jeśli tak, jak sprawdzić które ?
W /var/log/mailog sa wpisy :

May  4 10:44:22 nms postfix/smtp[1940]: D6B9BF301: to=<nu...@worldnet.att.com>, 
relay=cluster7.us.messagelabs.com[216.82.241.195]:25, delay=129887, 
delays=136025/36/0/399, dsn=5.0.0, status=bounced (host 
cluster7.us.messagelabs.com[216.82.241.195] said: 553-Message filtered. Please 
see the FAQs section on spam 553-at http://www.messagelabs.com/support/ for 
more 553 information. (#5.7.1) (in reply to end of DATA command))
May  4 10:44:22 nms postfix/cleanup[3869]: 9114EF746: 
message-id=<20110504084422.9114ef...@nms.infolan.net.pl>
May  4 10:44:22 nms postfix/bounce[3863]: D6B9BF301: sender non-delivery 
notification: 9114EF746
May  4 10:44:22 nms postfix/qmgr[9112]: 9114EF746: from=<>, size=26292, nrcpt=1 
(queue active)
May  4 10:44:23 nms postfix/smtp[1957]: 9114EF746: host 
smtp.secureserver.net[216.69.186.201] refused to talk to me: 
554-m1pismtp01-020.prod.mesa1.secureserver.net 554 Your access to this mail 
system has been rejected due to spam or virus content. If you believe that this 
failure is in error, please submit an unblock request at  
http://unblock.secureserver.net
May  4 10:44:24 nms postfix/smtp[1957]: 9114EF746: to=<pay...@service.net>, 
relay=mailstore1.secureserver.net[216.69.186.201]:25, delay=2.3, 
delays=0.27/0.03/2/0, dsn=4.0.0, status=deferred (host 
mailstore1.secureserver.net[216.69.186.201] refused to talk to me: 
554-m1pismtp01-015.prod.mesa1.secureserver.net 554 Your access to this mail 
system has been rejected due to spam or virus content. If you believe that this 
failure is in error, please submit an unblock request at  
http://unblock.secureserver.net)
[...]
envirocost.com[216.8.179.27]:25: Connection timed out)
May  4 12:29:17 nms postfix/smtp[1944]: connect to yahoo.cm[68.180.206.184]:25: 
Connection timed out
May  4 12:29:17 nms postfix/smtp[1944]: E5B3824E: to=<hotka...@yahoo.cm>, 
relay=none, delay=132487, delays=132336/91/60/0, dsn=4.4.1, status=deferred 
(connect to yahoo.cm[68.180.206.184]:25: Connection timed out)
May  4 12:29:18 nms postfix/smtp[1950]: connect to addre.com[82.98.86.164]:25: 
Connection timed out
May  4 12:29:18 nms postfix/smtp[1950]: 3D78BE553: 
to=<agoldwaer_2...@addre.com>, relay=none, delay=332566, 
delays=332421/115/30/0, dsn=4.4.1, status=deferred (connect to 
addre.com[82.98.86.164]:25: Connection timed out)
May  4 12:29:18 nms postfix/smtp[1991]: connect to 
mail-atl01.intellisync.com[64.74.112.136]:25: Connection timed out
May  4 12:29:18 nms postfix/smtp[1991]: E014245F: to=<r...@pumatech.com>, 
relay=none, delay=60513, delays=60361/91/60/0, dsn=4.4.1, status=deferred 
(connect to mail-atl01.intellisync.com[64.74.112.136]:25: Connection timed out)
May  4 12:29:20 nms postfix/smtp[1978]: connect to 
sbcglobal.com[144.160.134.61]:25: Connection timed out
May  4 12:29:21 nms postfix/smtp[1958]: 31026E8C7: to=<on...@plantnet.com>, 
relay=none, delay=330333, delays=330185/118/30/0, dsn=4.4.3, status=deferred 
(Host or domain name not found. Name service error for name=plantnet.com 
type=MX: Host not found, try again)

Z góry dziękuję za pomoc
Krzysztof

_______________________________________________
pld-users-pl mailing list
pld-users-pl@lists.pld-linux.org
http://lists.pld-linux.org/mailman/listinfo/pld-users-pl

Odpowiedź listem elektroniczym