[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: proxsmtpd : drôle de message dans les logs

Steve wrote:

Bonjour,

Ce matin en essayant d'envoyer des messages (depuis mutt) j'ai eu un
message me disant que je ne pouvais plus envoyer de message, qu'il
fallait que je contacte un certain numéro et ça se terminait par un [IP]
blaklisted... bizarre. Je suis donc allé voir les logs et voici une
partie du fichier /var/log/mail.info :

May 30 12:28:42 monk proxsmtpd: 1007FB: accepted connection from:
219.84.61.19
May 30 12:28:47 monk proxsmtpd: 1007FC: accepted connection from:
219.84.11.178
May 30 12:28:48 monk proxsmtpd: 1007FD: accepted connection from:
219.84.61.19
May 30 12:28:57 monk proxsmtpd: 1007FE: accepted connection from:
219.84.235.116
May 30 12:28:59 monk proxsmtpd: 1007FF: accepted connection from:
219.84.61.51
May 30 12:29:09 monk proxsmtpd: 100800: accepted connection from:
219.84.9.198
May 30 12:29:39 monk proxsmtpd: 100801: accepted connection from:
219.84.177.89
May 30 12:29:59 monk proxsmtpd: 100802: accepted connection from:
219.84.177.187
May 30 12:30:35 monk proxsmtpd: 100803: accepted connection from:
219.84.232.17
May 30 12:30:42 monk proxsmtpd: 100804: accepted connection from:
219.84.235.253
May 30 12:31:44 monk proxsmtpd: 100805: accepted connection from:
219.84.235.205
May 30 12:32:06 monk proxsmtpd: 100806: accepted connection from:
219.84.232.86
May 30 12:32:17 monk proxsmtpd: 100807: accepted connection from:
219.84.177.32
May 30 12:33:09 monk proxsmtpd: 100808: accepted connection from:
219.84.232.174
May 30 12:33:40 monk proxsmtpd: 100809: accepted connection from:
219.84.232.86
May 30 12:33:40 monk proxsmtpd: 10080A: accepted connection from:
219.84.62.34
May 30 12:34:13 monk proxsmtpd: 10080B: accepted connection from:
219.84.232.148
May 30 12:34:24 monk proxsmtpd: 10080C: accepted connection from:
219.84.232.219
May 30 12:34:24 monk proxsmtpd: 10080D: accepted connection from:
219.84.62.34
May 30 12:34:27 monk proxsmtpd: 10080E: accepted connection from:
219.84.232.148
May 30 12:34:45 monk proxsmtpd: 10080F: accepted connection from:
219.84.179.159
May 30 12:34:59 monk proxsmtpd: 100810: accepted connection from:
219.84.232.219
May 30 12:35:21 monk proxsmtpd: 100811: accepted connection from:
219.84.233.78
May 30 12:36:38 monk proxsmtpd: 100812: accepted connection from:
219.84.177.55
May 30 12:36:39 monk proxsmtpd: 100813: accepted connection from:
219.84.233.103
May 30 12:36:45 monk proxsmtpd: 100814: accepted connection from:
219.84.8.64
May 30 12:37:01 monk proxsmtpd: 100815: accepted connection from:
219.84.233.78
May 30 12:37:19 monk proxsmtpd: 100816: accepted connection from:
219.84.233.147
May 30 12:37:27 monk proxsmtpd: 100817: accepted connection from:
219.84.233.147
May 30 12:37:40 monk proxsmtpd: 100818: accepted connection from:
219.84.178.119
May 30 12:37:54 monk proxsmtpd: 100819: accepted connection from:
219.84.8.64
May 30 12:40:09 monk proxsmtpd: 10081A: accepted connection from:
219.84.62.152
May 30 12:40:11 monk proxsmtpd: 10081B: accepted connection from:
219.84.234.51
May 30 12:40:47 monk proxsmtpd: 10081C: accepted connection from:
219.84.234.37
May 30 12:40:47 monk proxsmtpd: 10081D: accepted connection from:
219.84.234.108
May 30 12:41:27 monk proxsmtpd: 10081E: accepted connection from:
219.84.234.108
May 30 12:41:31 monk proxsmtpd: 10081F: accepted connection from:
219.84.234.51
May 30 12:42:00 monk proxsmtpd: 100820: accepted connection from:
219.84.60.172
May 30 12:42:14 monk proxsmtpd: 100821: accepted connection from:
219.84.234.51
May 30 12:42:24 monk proxsmtpd: 100822: accepted connection from:
219.84.176.7
May 30 12:42:27 monk proxsmtpd: 100823: accepted connection from:
219.84.176.7
May 30 12:42:42 monk proxsmtpd: 100824: accepted connection from:
219.84.11.31
May 30 12:43:05 monk proxsmtpd: 100825: accepted connection from:
219.84.176.7
May 30 12:43:14 monk proxsmtpd: 100826: accepted connection from:
219.84.60.172
May 30 12:43:22 monk proxsmtpd: 100827: accepted connection from:
219.84.62.152
May 30 12:44:24 monk proxsmtpd: 100828: accepted connection from:
219.84.62.152
May 30 12:45:36 monk proxsmtpd: 100829: accepted connection from:
219.84.9.68
May 30 12:45:53 monk proxsmtpd: 10082A: accepted connection from:
219.84.176.7
May 30 12:46:10 monk proxsmtpd: 10082B: accepted connection from:
219.84.178.10
May 30 12:46:20 monk proxsmtpd: 10082C: accepted connection from:
219.84.11.31
May 30 12:46:43 monk proxsmtpd: 10082D: accepted connection from:
219.84.179.189
May 30 12:46:48 monk proxsmtpd: 10082E: accepted connection from:
219.84.232.119
May 30 12:47:57 monk proxsmtpd: 10082F: accepted connection from:
219.84.176.7
May 30 12:49:10 monk proxsmtpd: 100830: accepted connection from:
219.84.233.116
May 30 12:49:46 monk proxsmtpd: 100831: accepted connection from:
219.84.176.7
May 30 12:49:56 monk proxsmtpd: 100832: accepted connection from:
219.84.233.116


En remontant dans le temps je vois pleins de lignes comme ça. Est-ce que
ça veut dire que des gens utilisent ma connexion pour envoyer des mails
difficile à dire. des IPs de Taiwan, c'est pas vraiment rassurant, mais on ne sait pas ce que ton proxsmtpd en a fait. Il faut vérifier que tu n'es pas un "open proxy".
Il sert à quoi le proxsmtpd pour toi? pourquoi ne pas installer un vrai MTA (au hasard, postfix :). 
et que par conséquent je suis blacklisté ?
faut montrer le message qui te disait ça. ou à défaut, dire quelle IP est blacklistée d'après le message. En tout cas, 83.77.239.94 est principalement listée comme dynamique sur SORBS: 
   http://www.robtex.com/rbl/83.77.239.94.html
et rien de plus.
une IP de ton ISP (195.186.18.67 [mail23.bluewin.ch]) est listée chez spamcannibal.org, mais c'est pas vraiment une liste très utilisée. en gros, on peut l'ignorer et la terre continuera à tourner. 


 Tout cela n'est pas très
clair pour moi, alors quelques explications seraient les bienvenues.

Merci d'avance,
Steve
Reply to: