English | Vietnamese
 

banner

[Rule] Rules  [Home] Main Forum  [Portal] Portal  
[Members] Member Listing  [Statistics] Statistics  [Search] Search  [Reading Room] Reading Room 
[Register] Register   [Login] Loginhttp  | https  ]
 
Forum Index Thảo luận mạng và thiết bị mạng VPS làm host bị đưa vào blacklist do spam mail  XML
  [Question]   VPS làm host bị đưa vào blacklist do spam mail 14/05/2013 09:21:55 (+0700) | #1 | 275693
conanduck
Member
[Minus]    0    [Plus]
Joined: 02/01/2009 18:21:05
Messages: 31
Offline
[Profile] [PM]
Cty mình sử dụng VPS để làm host
Hiện tại đang bị chặn mail vì spam quá nhiều, bên quản trị của pa gửi cho mình như sau:


Dear Sir or Madam,

we realized, that one of your servers or clients is constantly trying to harvest email addresses from our mailserver by trying to deliver email to any possible email address.

It is likely, that the server, you are responsible for, is beeing misused or hacked or that the dialin computer from your customer is infiltrated and misused for email harvesting.

Or your services are replying to spam you receive and the faked sender address belongs to us. Your systems should then check our SPF-records to proof, that this spam was not originating from our mailservers and prevent socalled backscattering.

Please stop the following IP from scanning our server or prevent your systems from backscattering.

--- excerpt from our logfiles ---

Timestamps are: German localtime, GMT+1 MET



Jan 24 09:47:27 powerweb sendmail[14055]: STARTTLS=server, relay=mx8605.superdata.vn [112.213.86.5] (may be forged), version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256 Jan 24 10:08:04 powerweb sendmail[15012]: STARTTLS=server, relay=mx8605.superdata.vn [112.213.86.5] (may be forged), version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256 Jan 24 10:31:49 powerweb sendmail[15831]: STARTTLS=server, relay=mx8605.superdata.vn [112.213.86.5] (may be forged), version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256 Jan 24 10:43:27 powerweb sendmail[16263]: STARTTLS=server, relay=mx8605.superdata.vn [112.213.86.5] (may be forged), version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256 Jan 24 10:54:51 powerweb sendmail[16639]: STARTTLS=server, relay=mx8605.superdata.vn [112.213.86.5] (may be forged), version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256 Jan 24 11:07:53 powerweb sendmail[17310]: STARTTLS=server, relay=mx8605.superdata.vn [112.213.86.5] (may be forged), version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256 Jan 24 13:15:58 powerweb sendmail[22751]: STARTTLS=server, relay=mx8605.superdata.vn [112.213.86.5] (may be forged), version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256 Jan 24 15:08:33 powerweb sendmail[28102]: STARTTLS=server, relay=mx8605.superdata.vn [112.213.86.5] (may be forged), version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256 Jan 24 15:09:07 powerweb sendmail[28178]: STARTTLS=server, relay=mx8605.superdata.vn [112.213.86.5] (may be forged), version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256 Jan 24 15:10:23 powerweb sendmail[28319]: STARTTLS=server, relay=mx8605.superdata.vn [112.213.86.5] (may be forged), version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256 Jan 24 15:15:59 powerweb sendmail[28761]: STARTTLS=server, relay=mx8605.superdata.vn [112.213.86.5] (may be forged), version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256 Jan 24 15:27:35 powerweb sendmail[29523]: STARTTLS=server, relay=mx8605.superdata.vn [112.213.86.5] (may be forged), version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256 Jan 24 15:27:40 powerweb sendmail[29522]: STARTTLS=server, relay=mx8605.superdata.vn [112.213.86.5] (may be forged), version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256 Jan 24 15:37:27 powerweb sendmail[29937]: STARTTLS=server, relay=mx8605.superdata.vn [112.213.86.5] (may be forged), version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256
 

Mình cũng ko phải chuyên it, vì biết tí máy móc nên làm quản trị mạng luôn. Mình down code về quét virus thì ko thấy có.
Xin mọi người bắt bệnh và giúp cách giải quyết. Xin cảm ơn.
[Up] [Print Copy]
  [Question]   VPS làm host bị đưa vào blacklist do spam mail 21/05/2013 09:11:19 (+0700) | #2 | 275857
[Avatar]
 quanta
Moderator
Joined: 28/07/2006 14:44:21
Messages: 7265
Location: $ locate `whoami`
Offline
[Profile] [PM]
Bạn chạy `tcpdump` với host là 112.213.86.5, port 25 xem ứng dụng nào đang gửi mail ra ngoài.
Let's build on a great foundation!
[Up] [Print Copy]
[digg] [delicious] [google] [yahoo] [technorati] [reddit] [stumbleupon]
Go to: 
 Users currently in here 
1 Anonymous

Powered by JForum - Extended by HVAOnline
 hvaonline.net  |  hvaforum.net  |  hvazone.net  |  hvanews.net  |  vnhacker.org
1999 - 2013 © v2012|0504|218|