1
系統安全討論版 / 它!這個狗東西一直踹我
« 於: 2014-10-27 16:25 »
這是這2天Mail log 的一小小段
ct 27 16:05:13 localhost postfix/smtpd[4469]: connect from ca207.calcit.fastwebserver.de[146.0.42.76]
Oct 27 16:05:19 localhost postfix/smtpd[4469]: warning: ca207.calcit.fastwebserver.de[146.0.42.76]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Oct 27 16:05:19 localhost postfix/smtpd[4469]: lost connection after AUTH from ca207.calcit.fastwebserver.de[146.0.42.76]
Oct 27 16:05:19 localhost postfix/smtpd[4469]: disconnect from ca207.calcit.fastwebserver.de[146.0.42.76]
Oct 27 16:06:24 localhost postfix/smtpd[4469]: connect from ca207.calcit.fastwebserver.de[146.0.42.76]
Oct 27 16:06:29 localhost postfix/smtpd[4469]: warning: ca207.calcit.fastwebserver.de[146.0.42.76]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Oct 27 16:06:29 localhost postfix/smtpd[4469]: lost connection after AUTH from ca207.calcit.fastwebserver.de[146.0.42.76]
Oct 27 16:06:29 localhost postfix/smtpd[4469]: disconnect from ca207.calcit.fastwebserver.de[146.0.42.76]
Oct 27 16:06:57 localhost postfix/smtpd[4469]: connect from ca207.calcit.fastwebserver.de[146.0.42.76]
Oct 27 16:07:20 localhost postfix/smtpd[4469]: warning: ca207.calcit.fastwebserver.de[146.0.42.76]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
我不曉得對方在做啥麼???,底下是secure的片段
Fail2ban也擋不了,是不是因爲不是連續的,一分鍾踹一下,有人說不用理這個訊息,是對還是不對
Oct 27 16:11:32 localhost auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=info@hinet.net rhost=146.0.42.76
Oct 27 16:13:08 localhost auth: pam_unix(dovecot:auth): check pass; user unknown
Oct 27 16:13:08 localhost auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=info@hinet.net rhost=146.0.42.76
Oct 27 16:15:07 localhost auth: pam_unix(dovecot:auth): check pass; user unknown
Oct 27 16:15:07 localhost auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=info@hinet.net rhost=146.0.42.76
Oct 27 16:17:53 localhost auth: pam_unix(dovecot:auth): check pass; user unknown
這也不是的的網址跟USER帳號,對方幹麻還要一直踹我的MailServer,
maillog有時還會接着蹦出下面訊息?這是在釣魚嗎??
Oct 27 16:08:30 localhost postfix/qmgr[4604]: 2B92E2238E3: from=<sb@seo.uk.net>, size=621, nrcpt=1 (queue active)
Oct 27 16:08:30 localhost postfix/qmgr[4604]: 91D5D22395B: from=<sb@seo.uk.net>, size=623, nrcpt=1 (queue active)
Oct 27 16:08:30 localhost postfix/smtp[4606]: 2B92E2238E3: host smtp.europe.secureserver.net[188.121.52.56] refused to talk to me: 554 n1plibsmtp01-02.prod.ams1.secureserver.net bizsmtp RBL Reject -Please submit an unblock request <http://unblock.secureserver.net/?ip=59.126.238.72> <http://x.co/rblbounce>
Oct 27 16:08:30 localhost postfix/smtp[4607]: 91D5D22395B: host smtp.europe.secureserver.net[188.121.52.56] refused to talk to me: 554 n1plibsmtp01-03.prod.ams1.secureserver.net bizsmtp RBL Reject -Please submit an unblock request <http://unblock.secureserver.net/?ip=59.126.238.72> <http://x.co/rblbounce>
Oct 27 16:08:31 localhost postfix/smtp[4606]: 2B92E2238E3: to=<sb@seo.uk.net>, relay=mailstore1.europe.secureserver.net[188.121.52.56]:25, delay=56074, delays=56073/0.01/1.4/0, dsn=4.0.0, status=deferred (host mailstore1.europe.secureserver.net[188.121.52.56] refused to talk to me: 554 n1plibsmtp01-01.prod.ams1.secureserver.net bizsmtp RBL Reject -Please submit an unblock request <http://unblock.secureserver.net/?ip=59.126.238.72> <http://x.co/rblbounce>)
Oct 27 16:08:31 localhost postfix/smtp[4607]: 91D5D22395B: to=<sb@seo.uk.net>, relay=mailstore1.europe.secureserver.net[188.121.52.56]:25, delay=55870, delays=55868/0.01/1.4/0, dsn=4.0.0, status=deferred (host mailstore1.europe.secureserver.net[188.121.52.56] refused to talk to me: 554 n1plibsmtp01-03.prod.ams1.secureserver.net bizsmtp RBL Reject -Please submit an unblock request <http://unblock.secureserver.net/?ip=59.126.238.72> <http://x.co/rblbounce>)
ct 27 16:05:13 localhost postfix/smtpd[4469]: connect from ca207.calcit.fastwebserver.de[146.0.42.76]
Oct 27 16:05:19 localhost postfix/smtpd[4469]: warning: ca207.calcit.fastwebserver.de[146.0.42.76]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Oct 27 16:05:19 localhost postfix/smtpd[4469]: lost connection after AUTH from ca207.calcit.fastwebserver.de[146.0.42.76]
Oct 27 16:05:19 localhost postfix/smtpd[4469]: disconnect from ca207.calcit.fastwebserver.de[146.0.42.76]
Oct 27 16:06:24 localhost postfix/smtpd[4469]: connect from ca207.calcit.fastwebserver.de[146.0.42.76]
Oct 27 16:06:29 localhost postfix/smtpd[4469]: warning: ca207.calcit.fastwebserver.de[146.0.42.76]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Oct 27 16:06:29 localhost postfix/smtpd[4469]: lost connection after AUTH from ca207.calcit.fastwebserver.de[146.0.42.76]
Oct 27 16:06:29 localhost postfix/smtpd[4469]: disconnect from ca207.calcit.fastwebserver.de[146.0.42.76]
Oct 27 16:06:57 localhost postfix/smtpd[4469]: connect from ca207.calcit.fastwebserver.de[146.0.42.76]
Oct 27 16:07:20 localhost postfix/smtpd[4469]: warning: ca207.calcit.fastwebserver.de[146.0.42.76]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
我不曉得對方在做啥麼???,底下是secure的片段
Fail2ban也擋不了,是不是因爲不是連續的,一分鍾踹一下,有人說不用理這個訊息,是對還是不對
Oct 27 16:11:32 localhost auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=info@hinet.net rhost=146.0.42.76
Oct 27 16:13:08 localhost auth: pam_unix(dovecot:auth): check pass; user unknown
Oct 27 16:13:08 localhost auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=info@hinet.net rhost=146.0.42.76
Oct 27 16:15:07 localhost auth: pam_unix(dovecot:auth): check pass; user unknown
Oct 27 16:15:07 localhost auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=info@hinet.net rhost=146.0.42.76
Oct 27 16:17:53 localhost auth: pam_unix(dovecot:auth): check pass; user unknown
這也不是的的網址跟USER帳號,對方幹麻還要一直踹我的MailServer,
maillog有時還會接着蹦出下面訊息?這是在釣魚嗎??
Oct 27 16:08:30 localhost postfix/qmgr[4604]: 2B92E2238E3: from=<sb@seo.uk.net>, size=621, nrcpt=1 (queue active)
Oct 27 16:08:30 localhost postfix/qmgr[4604]: 91D5D22395B: from=<sb@seo.uk.net>, size=623, nrcpt=1 (queue active)
Oct 27 16:08:30 localhost postfix/smtp[4606]: 2B92E2238E3: host smtp.europe.secureserver.net[188.121.52.56] refused to talk to me: 554 n1plibsmtp01-02.prod.ams1.secureserver.net bizsmtp RBL Reject -Please submit an unblock request <http://unblock.secureserver.net/?ip=59.126.238.72> <http://x.co/rblbounce>
Oct 27 16:08:30 localhost postfix/smtp[4607]: 91D5D22395B: host smtp.europe.secureserver.net[188.121.52.56] refused to talk to me: 554 n1plibsmtp01-03.prod.ams1.secureserver.net bizsmtp RBL Reject -Please submit an unblock request <http://unblock.secureserver.net/?ip=59.126.238.72> <http://x.co/rblbounce>
Oct 27 16:08:31 localhost postfix/smtp[4606]: 2B92E2238E3: to=<sb@seo.uk.net>, relay=mailstore1.europe.secureserver.net[188.121.52.56]:25, delay=56074, delays=56073/0.01/1.4/0, dsn=4.0.0, status=deferred (host mailstore1.europe.secureserver.net[188.121.52.56] refused to talk to me: 554 n1plibsmtp01-01.prod.ams1.secureserver.net bizsmtp RBL Reject -Please submit an unblock request <http://unblock.secureserver.net/?ip=59.126.238.72> <http://x.co/rblbounce>)
Oct 27 16:08:31 localhost postfix/smtp[4607]: 91D5D22395B: to=<sb@seo.uk.net>, relay=mailstore1.europe.secureserver.net[188.121.52.56]:25, delay=55870, delays=55868/0.01/1.4/0, dsn=4.0.0, status=deferred (host mailstore1.europe.secureserver.net[188.121.52.56] refused to talk to me: 554 n1plibsmtp01-03.prod.ams1.secureserver.net bizsmtp RBL Reject -Please submit an unblock request <http://unblock.secureserver.net/?ip=59.126.238.72> <http://x.co/rblbounce>)