View Single Post
  #5  
Old 18th May 2007, 08:14
tristanlee85 tristanlee85 is offline
Senior Member
 
Join Date: Apr 2006
Posts: 199
Thanks: 3
Thanked 2 Times in 2 Posts
Default

I was able to find this log. This is was caused me to reach my outbound limit. I did a trace of the IP which lead to Italy and it looks like the user is trying to login as "brandon", but was unsuccessful. Postfix is even show that the host is unknown and it's disconnecting, but then all of a sudden after disconnecting it starts sending a ton of e-mails. There are way more than what I've listed, but you get the idea.

Any ideas on how this is possible from an outside host using my server?

Code:
May 17 16:34:19 server postfix/smtpd[2316]: warning: 62.97.56.142: hostname host-56-142.pool.intred.it verification failed: Name or service not known
May 17 16:34:19 server postfix/smtpd[2316]: connect from unknown[62.97.56.142]
May 17 16:34:20 server postfix/smtpd[2316]: 9CB4E49008A: client=unknown[62.97.56.142], sasl_method=LOGIN, sasl_username=brandon
May 17 16:34:28 server postfix/cleanup[2320]: 9CB4E49008A: message-id=<20070517203420.9CB4E49008A@server.vasceria.com>
May 17 16:34:29 server postfix/qmgr[24088]: 9CB4E49008A: from=<aw-member@ebay.com>, size=15883, nrcpt=50 (queue active)
May 17 16:34:29 server postfix/smtpd[2316]: disconnect from unknown[62.97.56.142]
May 17 16:34:31 server postfix/smtpd[2316]: warning: 62.97.56.142: hostname host-56-142.pool.intred.it verification failed: Name or service not known
May 17 16:34:31 server postfix/smtpd[2316]: connect from unknown[62.97.56.142]
May 17 16:34:32 server postfix/smtpd[2316]: BE85F490092: client=unknown[62.97.56.142], sasl_method=LOGIN, sasl_username=brandon
May 17 16:34:40 server postfix/cleanup[2320]: BE85F490092: message-id=<20070517203432.BE85F490092@server.vasceria.com>
May 17 16:34:41 server postfix/qmgr[24088]: BE85F490092: from=<aw-member@ebay.com>, size=15883, nrcpt=50 (queue active)
May 17 16:34:41 server postfix/smtpd[2316]: disconnect from unknown[62.97.56.142]
May 17 16:34:43 server postfix/smtpd[2316]: warning: 62.97.56.142: hostname host-56-142.pool.intred.it verification failed: Name or service not known
May 17 16:34:43 server postfix/smtpd[2316]: connect from unknown[62.97.56.142]
May 17 16:34:45 server postfix/smtpd[2316]: 021E7490094: client=unknown[62.97.56.142], sasl_method=LOGIN, sasl_username=brandon
May 17 16:34:52 server postfix/cleanup[2320]: 021E7490094: message-id=<20070517203445.021E7490094@server.vasceria.com>
May 17 16:34:53 server postfix/qmgr[24088]: 021E7490094: from=<aw-member@ebay.com>, size=15883, nrcpt=50 (queue active)
May 17 16:34:53 server postfix/smtpd[2316]: disconnect from unknown[62.97.56.142]
May 17 16:34:54 server postfix/smtpd[2316]: warning: 62.97.56.142: hostname host-56-142.pool.intred.it verification failed: Name or service not known
May 17 16:34:54 server postfix/smtpd[2316]: connect from unknown[62.97.56.142]
May 17 16:34:56 server postfix/smtpd[2316]: 6D07B490095: client=unknown[62.97.56.142], sasl_method=LOGIN, sasl_username=brandon
May 17 16:35:04 server postfix/cleanup[2320]: 6D07B490095: message-id=<20070517203456.6D07B490095@server.vasceria.com>
May 17 16:35:05 server postfix/qmgr[24088]: 6D07B490095: from=<aw-member@ebay.com>, size=15883, nrcpt=50 (queue active)
May 17 16:35:05 server postfix/smtpd[2316]: disconnect from unknown[62.97.56.142]
May 17 16:35:05 server postfix/smtp[2348]: 021E7490094: to=<aa361@163.com>, relay=smtp-server.columbus.rr.com[65.24.7.60], delay=21, status=sent (250 2.0.0 l4HKM4f0000173 Message accepted for delivery)
May 17 16:35:05 server postfix/smtp[2348]: 021E7490094: to=<aa19194@a.cni.org>, relay=smtp-server.columbus.rr.com[65.24.7.60], delay=21, status=sent (250 2.0.0 l4HKM4f0000173 Message accepted for delivery)
May 17 16:35:05 server postfix/smtp[2348]: 021E7490094: to=<aaameetings@aaanet.org>, relay=smtp-server.columbus.rr.com[65.24.7.60], delay=21, status=sent (250 2.0.0 l4HKM4f0000173 Message accepted for delivery)
May 17 16:35:05 server postfix/smtp[2348]: 021E7490094: to=<aa5693@acc.msmc.edu>, relay=smtp-server.columbus.rr.com[65.24.7.60], delay=21, status=sent (250 2.0.0 l4HKM4f0000173 Message accepted for delivery)
May 17 16:35:05 server postfix/smtp[2348]: 021E7490094: to=<aaarlington@actadv.com>, relay=smtp-server.columbus.rr.com[65.24.7.60], delay=21, status=sent (250 2.0.0 l4HKM4f0000173 Message accepted for delivery)
May 17 16:35:05 server postfix/smtp[2348]: 021E7490094: to=<aa4hq@arrl.net>, relay=smtp-server.columbus.rr.com[65.24.7.60], delay=21, status=sent (250 2.0.0 l4HKM4f0000173 Message accepted for delivery)
May 17 16:35:05 server postfix/smtp[2348]: 021E7490094: to=<aa1gw@arrl.org>, relay=smtp-server.columbus.rr.com[65.24.7.60], delay=21, status=sent (250 2.0.0 l4HKM4f0000173 Message accepted for delivery)
May 17 16:35:05 server postfix/smtp[2348]: 021E7490094: to=<aaamail@bdcom.com>, relay=smtp-server.columbus.rr.com[65.24.7.60], delay=21, status=sent (250 2.0.0 l4HKM4f0000173 Message accepted for delivery)
May 17 16:35:05 server postfix/smtp[2348]: 021E7490094: to=<aaam@bellsouth.net>, relay=smtp-server.columbus.rr.com[65.24.7.60], delay=21, status=sent (250 2.0.0 l4HKM4f0000173 Message accepted for delivery)
May 17 16:35:05 server postfix/smtp[2348]: 021E7490094: to=<aaappliance@bluebonnet.net>, relay=smtp-server.columbus.rr.com[65.24.7.60], delay=21, status=sent (250 2.0.0 l4HKM4f0000173 Message accepted for delivery)
May 17 16:35:05 server postfix/smtp[2348]: 021E7490094: to=<aaappraisals@cfu.net>, relay=smtp-server.columbus.rr.com[65.24.7.60], delay=21, status=sent (250 2.0.0 l4HKM4f0000173 Message accepted for delivery)
May 17 16:35:05 server postfix/smtp[2348]: 021E7490094: to=<aaapke@chilton.com>, relay=smtp-server.columbus.rr.com[65.24.7.60], delay=21, status=sent (250 2.0.0 l4HKM4f0000173 Message accepted for delivery)
May 17 16:35:05 server postfix/smtp[2348]: 021E7490094: to=<aa223aay@chollian.com>, relay=smtp-server.columbus.rr.com[65.24.7.60], delay=21, status=sent (250 2.0.0 l4HKM4f0000173 Message accepted for delivery)
May 17 16:35:05 server postfix/smtp[2348]: 021E7490094: to=<aa622@cleveland.freenet.edu>, relay=smtp-server.columbus.rr.com[65.24.7.60], delay=21, status=sent (250 2.0.0 l4HKM4f0000173 Message accepted for delivery)
May 17 16:35:05 server postfix/smtp[2348]: 021E7490094: to=<aa726@cleveland.freenet.edu>, relay=smtp-server.columbus.rr.com[65.24.7.60], delay=21, status=sent (250 2.0.0 l4HKM4f0000173 Message accepted for delivery)
May 17 16:35:05 server postfix/smtp[2348]: 021E7490094: to=<aa69@cornell.edu>, relay=smtp-server.columbus.rr.com[65.24.7.60], delay=21, status=sent (250 2.0.0 l4HKM4f0000173 Message accepted for delivery)
May 17 16:35:05 server postfix/smtp[2348]: 021E7490094: to=<aaarne@cox.net>, relay=smtp-server.columbus.rr.com[65.24.7.60], delay=21, status=sent (250 2.0.0 l4HKM4f0000173 Message accepted for delivery)
May 17 16:35:05 server postfix/smtp[2348]: 021E7490094: to=<aaaquiltsup@d-web.com>, relay=smtp-server.columbus.rr.com[65.24.7.60], delay=21, status=sent (250 2.0.0 l4HKM4f0000173 Message accepted for delivery)
Reply With Quote