View Single Post
Old 09-10-2019, 11:36   #5
lorenzomartini
Junior Member
 
Iscritto dal: Apr 2018
Messaggi: 5
Quote:
Originariamente inviato da Kaya Guarda i messaggi
Cosa dicono i log lato server?
ti sei messo in ascolto sulla porta smtp del server per vedere cosa passa?
Non che banalmente ti hanno bucato il server e quindi stanno spammando al mondo e il tuo server in sofferenza?
Ho cancellato il contenuto del file /var/log/mail.info e ho tolto tutti i miei client che si connettevano a quella casella: dopo nemmeno 5 minuti questo il contenuto dello stesso file:

Codice:
Oct  9 11:18:46 srv postfix/anvil[17625]: statistics: max connection rate 1/60s for (smtp:141.98.10.55) at Oct  9 11:11:57
Oct  9 11:18:46 srv postfix/anvil[17625]: statistics: max connection count 1 for (smtp:141.98.10.55) at Oct  9 11:11:57
Oct  9 11:18:46 srv postfix/anvil[17625]: statistics: max cache size 3 at Oct  9 11:12:56
Oct  9 11:19:13 srv postfix/smtpd[18361]: warning: hostname olop1.polo.manaus.br does not resolve to address 45.125.65.82: Name or service not known
Oct  9 11:19:13 srv postfix/smtpd[18361]: connect from unknown[45.125.65.82]
Oct  9 11:19:13 srv postfix/smtpd[18361]: lost connection after AUTH from unknown[45.125.65.82]
Oct  9 11:19:13 srv postfix/smtpd[18361]: disconnect from unknown[45.125.65.82] ehlo=1 auth=0/1 commands=1/2
Oct  9 11:19:28 srv postfix/smtpd[18361]: connect from mail179-15.suw41.mandrillapp.com[198.2.179.15]
Oct  9 11:19:29 srv postfix/smtpd[18361]: NOQUEUE: filter: RCPT from mail179-15.suw41.mandrillapp.com[198.2.179.15]: <bounce-md_30850198.5d9d9368.v1-ddee655727ae4dc1863bb3f8b40fa553@mandrillapp.com>: Sender address triggers FILTER amavis:[127.0.0.1]:10026; from=<bounce-md_30850198.5d9d9368.v1-ddee655727ae4dc1863bb3f8b40fa553@mandrillapp.com> to=<postmaster@srv.mrtsolutions.it> proto=ESMTP helo=<mail179-15.suw41.mandrillapp.com>
Oct  9 11:19:29 srv postfix/smtpd[18361]: NOQUEUE: filter: RCPT from mail179-15.suw41.mandrillapp.com[198.2.179.15]: <bounce-md_30850198.5d9d9368.v1-ddee655727ae4dc1863bb3f8b40fa553@mandrillapp.com>: Sender address triggers FILTER amavis:[127.0.0.1]:10024; from=<bounce-md_30850198.5d9d9368.v1-ddee655727ae4dc1863bb3f8b40fa553@mandrillapp.com> to=<postmaster@srv.mrtsolutions.it> proto=ESMTP helo=<mail179-15.suw41.mandrillapp.com>
Oct  9 11:19:29 srv postfix/smtpd[18361]: NOQUEUE: reject: RCPT from mail179-15.suw41.mandrillapp.com[198.2.179.15]: 454 4.7.1 <postmaster@srv.mrtsolutions.it>: Relay access denied; from=<bounce-md_30850198.5d9d9368.v1-ddee655727ae4dc1863bb3f8b40fa553@mandrillapp.com> to=<postmaster@srv.mrtsolutions.it> proto=ESMTP helo=<mail179-15.suw41.mandrillapp.com>
Oct  9 11:19:30 srv postfix/smtpd[18361]: NOQUEUE: filter: RCPT from mail179-15.suw41.mandrillapp.com[198.2.179.15]: <bounce-md_30850198.5d9cd30c.v1-94a7fa37735041a88de29092fa103f5e@mandrillapp.com>: Sender address triggers FILTER amavis:[127.0.0.1]:10026; from=<bounce-md_30850198.5d9cd30c.v1-94a7fa37735041a88de29092fa103f5e@mandrillapp.com> to=<postmaster@srv.mrtsolutions.it> proto=ESMTP helo=<mail179-15.suw41.mandrillapp.com>
Oct  9 11:19:30 srv postfix/smtpd[18361]: NOQUEUE: filter: RCPT from mail179-15.suw41.mandrillapp.com[198.2.179.15]: <bounce-md_30850198.5d9cd30c.v1-94a7fa37735041a88de29092fa103f5e@mandrillapp.com>: Sender address triggers FILTER amavis:[127.0.0.1]:10024; from=<bounce-md_30850198.5d9cd30c.v1-94a7fa37735041a88de29092fa103f5e@mandrillapp.com> to=<postmaster@srv.mrtsolutions.it> proto=ESMTP helo=<mail179-15.suw41.mandrillapp.com>
Oct  9 11:19:30 srv postfix/smtpd[18361]: NOQUEUE: reject: RCPT from mail179-15.suw41.mandrillapp.com[198.2.179.15]: 454 4.7.1 <postmaster@srv.mrtsolutions.it>: Relay access denied; from=<bounce-md_30850198.5d9cd30c.v1-94a7fa37735041a88de29092fa103f5e@mandrillapp.com> to=<postmaster@srv.mrtsolutions.it> proto=ESMTP helo=<mail179-15.suw41.mandrillapp.com>
Oct  9 11:19:30 srv postfix/smtpd[18361]: disconnect from mail179-15.suw41.mandrillapp.com[198.2.179.15] ehlo=2 starttls=1 mail=2 rcpt=0/2 rset=1 quit=1 commands=7/9
Oct  9 11:19:45 srv postfix/smtpd[18361]: warning: hostname s.lz1.zl.sampa.br does not resolve to address 185.36.81.232: Name or service not known
Oct  9 11:19:45 srv postfix/smtpd[18361]: connect from unknown[185.36.81.232]
Oct  9 11:19:46 srv postfix/smtpd[18361]: lost connection after AUTH from unknown[185.36.81.232]
Oct  9 11:19:46 srv postfix/smtpd[18361]: disconnect from unknown[185.36.81.232] ehlo=1 auth=0/1 commands=1/2
Oct  9 11:20:02 srv postfix/smtpd[18361]: connect from localhost.localdomain[127.0.0.1]
Oct  9 11:20:02 srv postfix/smtpd[18361]: lost connection after CONNECT from localhost.localdomain[127.0.0.1]
Oct  9 11:20:02 srv postfix/smtpd[18361]: disconnect from localhost.localdomain[127.0.0.1] commands=0/0
Oct  9 11:20:02 srv dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<718mynaUzKgAAAAAAAAAAAAAAAAAAAAB>
Oct  9 11:20:02 srv dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<O2EmynaUYIYAAAAAAAAAAAAAAAAAAAAB>
Oct  9 11:23:22 srv postfix/anvil[18363]: statistics: max connection rate 1/60s for (smtp:45.125.65.82) at Oct  9 11:19:13
Oct  9 11:23:22 srv postfix/anvil[18363]: statistics: max connection count 1 for (smtp:45.125.65.82) at Oct  9 11:19:13
Oct  9 11:23:22 srv postfix/anvil[18363]: statistics: max message rate 2/60s for (smtp:198.2.179.15) at Oct  9 11:19:29
Oct  9 11:23:22 srv postfix/anvil[18363]: statistics: max cache size 3 at Oct  9 11:19:45
Oct  9 11:23:58 srv postfix/smtpd[18514]: connect from unknown[141.98.10.61]
Oct  9 11:23:58 srv postfix/smtpd[18514]: lost connection after AUTH from unknown[141.98.10.61]
Oct  9 11:23:58 srv postfix/smtpd[18514]: disconnect from unknown[141.98.10.61] ehlo=1 auth=0/1 commands=1/2
Oct  9 11:24:02 srv postfix/pickup[17614]: 2842B827D0: uid=0 from=<root>
Oct  9 11:24:02 srv postfix/cleanup[18536]: 2842B827D0: message-id=<20191009092402.2842B827D0@srv.mrtsolutions.it>
Oct  9 11:24:02 srv postfix/qmgr[17615]: 2842B827D0: from=<root@srv.mrtsolutions.it>, size=635, nrcpt=1 (queue active)
Oct  9 11:24:02 srv postfix/smtpd[18545]: connect from localhost.localdomain[127.0.0.1]
Oct  9 11:24:02 srv postfix/smtpd[18545]: 7EE99827CF: client=localhost.localdomain[127.0.0.1]
Oct  9 11:24:02 srv postfix/cleanup[18536]: 7EE99827CF: message-id=<20191009092402.2842B827D0@srv.mrtsolutions.it>
Oct  9 11:24:02 srv postfix/qmgr[17615]: 7EE99827CF: from=<root@srv.mrtsolutions.it>, size=1366, nrcpt=1 (queue active)
Oct  9 11:24:02 srv postfix/smtpd[18545]: disconnect from localhost.localdomain[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Oct  9 11:24:02 srv amavis[1277]: (01277-08) Passed CLEAN {RelayedInternal}, LOCAL [127.0.0.1] <root@srv.mrtsolutions.it> -> <postmaster@srv.mrtsolutions.it>, Message-ID: <20191009092402.2842B827D0@srv.mrtsolutions.it>, mail_id: yuGdFpYK5EG5, Hits: 1.048, size: 635, queued_as: 7EE99827CF, 318 ms
Oct  9 11:24:02 srv postfix/smtp[18542]: 2842B827D0: to=<postmaster@srv.mrtsolutions.it>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.42, delays=0.06/0.02/0.01/0.33, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 7EE99827CF)
Oct  9 11:24:02 srv postfix/qmgr[17615]: 2842B827D0: removed
Oct  9 11:24:02 srv dovecot: lda(postmaster@srv.mrtsolutions.it): sieve: msgid=<20191009092402.2842B827D0@srv.mrtsolutions.it>: stored mail into mailbox 'INBOX'
Oct  9 11:24:02 srv postfix/pipe[18546]: 7EE99827CF: to=<postmaster@srv.mrtsolutions.it>, relay=dovecot, delay=0.25, delays=0.01/0.02/0/0.22, dsn=2.0.0, status=sent (delivered via dovecot service)
Oct  9 11:24:02 srv postfix/qmgr[17615]: 7EE99827CF: removed
Oct  9 11:24:22 srv postfix/smtpd[18514]: warning: hostname cata4.atacado.sampa.br does not resolve to address 185.36.81.16: Name or service not known
Oct  9 11:24:22 srv postfix/smtpd[18514]: connect from unknown[185.36.81.16]
Oct  9 11:24:22 srv postfix/smtpd[18514]: lost connection after AUTH from unknown[185.36.81.16]
Oct  9 11:24:22 srv postfix/smtpd[18514]: disconnect from unknown[185.36.81.16] ehlo=1 auth=0/1 commands=1/2
Oct  9 11:25:01 srv postfix/smtpd[18514]: connect from localhost.localdomain[127.0.0.1]
Oct  9 11:25:01 srv postfix/smtpd[18514]: lost connection after CONNECT from localhost.localdomain[127.0.0.1]
Oct  9 11:25:01 srv postfix/smtpd[18514]: disconnect from localhost.localdomain[127.0.0.1] commands=0/0
Oct  9 11:25:01 srv dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<wJEE3HaU7KgAAAAAAAAAAAAAAAAAAAAB>
Oct  9 11:25:01 srv dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<hbQE3HaUgIYAAAAAAAAAAAAAAAAAAAAB>
Oct  9 11:25:36 srv postfix/smtpd[18514]: connect from unknown[45.125.65.34]
Oct  9 11:25:36 srv postfix/smtpd[18514]: lost connection after AUTH from unknown[45.125.65.34]
Oct  9 11:25:36 srv postfix/smtpd[18514]: disconnect from unknown[45.125.65.34] ehlo=1 auth=0/1 commands=1/2
lorenzomartini  offline   Rispondi citando il messaggio o parte di esso