Securisé mon serveur mail (freebsd)

Securisé mon serveur mail (freebsd) - Logiciels - Linux et OS Alternatifs

Marsh Posté le 12-12-2008 à 16:36:09    

Bonjour,
 
Je suis regulierement blacklisté des serveurs mail. En regardant les logs de mes mails j'in l'impression que des personnes arrivent à envoyer des emails depuis mon serveur...
 
voici un extrait :
 

Code :
  1. root@salahcorp /var/log# cat maillog | grep -v from=root | grep -v "from=<root" | grep -v "from=<operator"
  2. 496:538:580:Dec 12 15:53:17 salahcorp sm-mta[16198]: mBCErDbM016198: from=<salah@salahcorp.com>, size=505, class=0, nrcpts=1, msgid=<200812121453.mBCErDbM016198@salahcorp.com>, proto=SMTP, daemon=IPv4, relay=[220.81.17.65]
  3. 497:539:581:Dec 12 15:53:22 salahcorp sm-mta[16199]: mBCErDbM016198: to="|IFS=' ' && exec /usr/local/bin/procmail -f- || exit 75 salah", ctladdr=<salah@salahcorp.com> (1001/1001), delay=00:00:07, xdelay=00:00:05, mailer=prog, pri=30863, dsn=2.0.0, stat=Sent
  4. 498:540:582:Dec 12 15:55:01 salahcorp sendmail[16222]: mBCEt1Kw016222: from=operator, size=784, class=0, nrcpts=1, msgid=<200812121455.mBCEt1Kw016222@salahcorp.com>, relay=operator@localhost
  5. 500:542:584:Dec 12 15:55:01 salahcorp sendmail[16222]: mBCEt1Kw016222: to=operator, ctladdr=operator (2/5), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30784, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (mBCEt10m016248 Message accepted for delivery)
  6. 501:543:585:Dec 12 15:55:01 salahcorp sm-mta[16260]: mBCEt10m016248: to=root, ctladdr=<operator@salahcorp.com> (2/5), delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31330, relay=local, dsn=2.0.0, stat=Sent
  7. 502:544:586:Dec 12 16:04:23 salahcorp sm-mta[16387]: mBCF3urL016387: from=<teresab@freeproblem.com>, size=5752, class=0, nrcpts=1, msgid=<c768019dc1ea$f5da6784$8ead1854@freeproblem.com>, proto=ESMTP, daemon=IPv4, relay=[94.240.216.171]
  8. 503:545:587:Dec 12 16:04:29 salahcorp sm-mta[16388]: mBCF3urL016387: to="|IFS=' ' && exec /usr/local/bin/procmail -f- || exit 75 salah", ctladdr=<salah@salahcorp.com> (1001/1001), delay=00:00:19, xdelay=00:00:06, mailer=prog, pri=35971, dsn=2.0.0, stat=Sent
  9. 504:546:588:Dec 12 16:11:01 salahcorp sendmail[16533]: mBCFB1sq016533: from=operator, size=687, class=0, nrcpts=1, msgid=<200812121511.mBCFB1sq016533@salahcorp.com>, relay=operator@localhost
  10. 506:548:590:Dec 12 16:11:01 salahcorp sendmail[16533]: mBCFB1sq016533: to=operator, ctladdr=operator (2/5), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30687, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (mBCFB11g016547 Message accepted for delivery)
  11. 507:549:591:Dec 12 16:11:01 salahcorp sm-mta[16548]: mBCFB11g016547: to=root, ctladdr=<operator@salahcorp.com> (2/5), delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31233, relay=local, dsn=2.0.0, stat=Sent
  12. 508:551:594:Dec 12 16:11:01 salahcorp sendmail[16537]: mBCFB1JM016537: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30313, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (mBCFB1qJ016550 Message accepted for delivery)
  13. 509:552:595:Dec 12 16:11:01 salahcorp sm-mta[16551]: mBCFB1qJ016550: to=<root@salahcorp.com>, ctladdr=<root@salahcorp.com> (0/0), delay=00:00:00, xdelay=00:00:00, mailer=local, pri=30840, relay=local, dsn=2.0.0, stat=Sent
  14. 510:553:596:Dec 12 16:19:43 salahcorp imapd[16613]: Authenticated user=salah host=localhost [127.0.0.1] mech=PLAIN
  15. 511:554:597:Dec 12 16:19:44 salahcorp imapd[16614]: Login user=salah host=localhost [127.0.0.1]
  16. 512:555:598:Dec 12 16:19:46 salahcorp imapd[16614]: Moved 76250 bytes of new mail to /home/salah/mbox from /var/mail/salah host= localhost [127.0.0.1]
  17. 513:556:599:Dec 12 16:19:46 salahcorp imapd[16614]: Killed (lost mailbox lock) user=salah host=localhost [127.0.0.1]
  18. 514:557:600:Dec 12 16:20:08 salahcorp imapd[16613]: Logout user=salah host=localhost [127.0.0.1]
  19. 515:558:601:Dec 12 16:20:10 salahcorp imapd[16683]: Authenticated user=salah host=localhost [127.0.0.1] mech=PLAIN
  20. 516:559:602:Dec 12 16:20:13 salahcorp imapd[16683]: Logout user=salah host=localhost [127.0.0.1]
  21. 517:560:603:Dec 12 16:20:13 salahcorp imapd[16684]: Authenticated user=salah host=localhost [127.0.0.1] mech=PLAIN
  22. 518:561:604:Dec 12 16:20:16 salahcorp imapd[16684]: Logout user=salah host=localhost [127.0.0.1]
  23. 519:562:605:Dec 12 16:20:43 salahcorp sm-mta[16685]: mBCFKh5o016685: [93.86.130.208] did not issue MAIL/EXPN/VRFY/ETRN during connection to IPv4
  24. 520:563:606:Dec 12 16:22:01 salahcorp sendmail[16726]: mBCFM1FH016726: from=operator, size=624, class=0, nrcpts=1, msgid=<200812121522.mBCFM1FH016726@salahcorp.com>, relay=operator@localhost
  25. 522:566:610:Dec 12 16:22:01 salahcorp sendmail[16722]: mBCFM10o016722: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30313, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (mBCFM1sH016736 Message accepted for delivery)
  26. 523:567:611:Dec 12 16:22:01 salahcorp sendmail[16726]: mBCFM1FH016726: to=operator, ctladdr=operator (2/5), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30624, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (mBCFM1cA016735 Message accepted for delivery)
  27. 524:568:612:Dec 12 16:22:01 salahcorp sm-mta[16737]: mBCFM1sH016736: to=<root@salahcorp.com>, ctladdr=<root@salahcorp.com> (0/0), delay=00:00:00, xdelay=00:00:00, mailer=local, pri=30840, relay=local, dsn=2.0.0, stat=Sent
  28. 525:569:613:Dec 12 16:22:06 salahcorp sm-mta[16738]: mBCFM1cA016735: to=root, ctladdr=<operator@salahcorp.com> (2/5), delay=00:00:05, xdelay=00:00:05, mailer=local, pri=31170, relay=local, dsn=2.0.0, stat=Sent


Voici les références de mon système :

Code :
  1. 16:32 root@salahcorp /var/log# uname -a
  2. FreeBSD salahcorp.com 6.1-PRERELEASE FreeBSD 6.1-PRERELEASE #4: Fri Mar 24 09:55:13 CET 2006     salah@salahcorp.com:/usr/obj/usr/src/sys/SALAHCORP  i386
  4. ESMTP Sendmail 8.13.4/8.13.4;
  6. 16:33 root@salahcorp /var/log# spamassassin --version
  7. SpamAssassin version 3.2.5
  8.   running on Perl version 5.8.8
  9. 16:34 root@salahcorp /var/log#


 
Mon domaine : salahcorp.com
 
Merci pour votre aide....


Message édité par daboos94 le 21-12-2008 à 07:39:11
Reply

Marsh Posté le 12-12-2008 à 16:36:09   

Reply

Marsh Posté le 13-12-2008 à 10:24:39    

Je ne vois que des message à destination de ton domaine dans tes logs...


---------------
Ce n'est point ma façon de penser qui a fait mon malheur, c'est celle des autres.
Reply

Marsh Posté le 21-12-2008 à 07:37:42    

Bonjour,
 
Merci pour ton aide, mais dans les logs que j'ai fournis, je vois un email de "teresab@freeproblem.com", adresse inconnue au bataillon....
 

Code :
  1. 502:544:586:Dec 12 16:04:23 salahcorp sm-mta[16387]: mBCF3urL016387: from=<teresab@freeproblem.com>, size=5752, class=0, nrcpts=1, msgid=<c768019dc1ea$f5da6784$8ead1854@freeproblem.com>, proto=ESMTP, daemon=IPv4, relay=[94.240.216.171]
  2. 503:545:587:Dec 12 16:04:29 salahcorp sm-mta[16388]: mBCF3urL016387: to="|IFS=' ' && exec /usr/local/bin/procmail -f- || exit 75 salah", ctladdr=<salah@salahcorp.com> (1001/1001), delay=00:00:19, xdelay=00:00:06, mailer=prog, pri=35971, dsn=2.0.0, stat=Sent


 
Que cela signifie t'il ?
 
Merci
 

Reply

Marsh Posté le 21-12-2008 à 12:09:28    

Le destinataire est dans ton domaine :spamafote:


---------------
Ce n'est point ma façon de penser qui a fait mon malheur, c'est celle des autres.
Reply

Sujets relatifs:

Leave a Replay

Make sure you enter the(*)required information where indicate.HTML code is not allowed