ISPConfig 3 - Spamversand

hahni

Active Member
Hallo zusammen,

Open-Relay scheidet aus. Ebenso ein Rootkit. Trotzdem wird über einen Kundenserver Spam verschickt - beispielsweise "targobank.de". Es muss ein berechtigter Mail-Benutzer sein, dessen Konto ausgespäht wurde. Doch in den Logs konnte ich das wie rausfinden? Auffälligkeiten stelle ich nämlich in der "mail.info" keine fest :(

--
[FONT=&quot]Betreff: [clean-mx-spam-94381488] abuse report about x.x.x.x - Fri,
07
Feb 2014 12:11:07 +0100[/FONT]
[FONT=&quot]Hello Abuse-Team,[/FONT]
[FONT=&quot]your Server with the IP: x.x.x.x has attacked one of our server on
the
service:
"postfix" on Time: Fri, 07 Feb 2014 12:11:07 +0100 The IP was
automatically
blocked for more than 10 minutes. To block an IP, it needs
3 failed Logins, one match for "invalid user" or a 5xx-Error-Code (eg.
Blacklist)![/FONT]
[FONT=&quot]Please check the machine behind the IP x.x.x.x (server)
and fix the problem.[/FONT]
[FONT=&quot]real-time data for this day available at:[/FONT]
[FONT=&quot]http://support.clean-mx.de/clean-mx/publog?ip=x.x.x.x
[/FONT]
[FONT=&quot]
You can parse this Mail with X-ARF-Tools (1. attachment = Details, 2.
attachment = Logs).
You found more Information about X-Arf under
http://www.x-arf.org/specification.html[/FONT]
[FONT=&quot]If you have a special x-arf email contact, please drop us a note.[/FONT]
[FONT=&quot]In the attachment of this mail you can find the original protocols of our
systems.[/FONT]
--

Viele Grüße

Hahni
 

Werbung

Top