hMailServer中文论坛 QQ群:80049760 搭建专业企业级邮件服务器 联系Q3824517

hmail,黑客是怎么注入发邮件的?

hMailServer的综合讨论。包括安装、使用、webmail等问题。

版主: jimmy, Hsia

版面规则
hMailServer中文论坛 已经开通QQ群:80049760
回复
dan_zz9
Level 1
Level 1
帖子: 1
注册: 2017年12月26日, 17:43

hmail,黑客是怎么注入发邮件的?

帖子 dan_zz9 » 2017年12月26日, 17:50

好象打开了数据库还是什么同步功能,就可以从25端口发送大量垃圾邮件。下面这个本地info帐号,我并未建立,也能绕过本地SMTP认证发送,如下日志: 高手帮看看

"TCPIP" 1872 "2017-12-26 06:30:30.192" "TCP - 107.173.219.18 connected to 10.3.21.5:25."
"DEBUG" 1872 "2017-12-26 06:30:30.192" "TCP connection started for session 38696"
"SMTPD" 1872 38696 "2017-12-26 06:30:30.192" "107.173.219.18" "SENT: 220 mail.zenicom.com.cn ESMTP"
"SMTPD" 1056 38696 "2017-12-26 06:30:30.552" "107.173.219.18" "RECEIVED: HELO User"
"SMTPD" 1056 38696 "2017-12-26 06:30:30.552" "107.173.219.18" "SENT: 250 Hello."
"SMTPD" 5968 38696 "2017-12-26 06:30:30.927" "107.173.219.18" "RECEIVED: RSET"
"SMTPD" 5968 38696 "2017-12-26 06:30:30.927" "107.173.219.18" "SENT: 250 OK"
"SMTPD" 5656 38696 "2017-12-26 06:30:33.598" "107.173.219.18" "RECEIVED: MAIL FROM:<info@zacom.com.cn>"
"TCPIP" 5656 "2017-12-26 06:30:33.614" "DNS lookup: 18.219.173.107.zen.spamhaus.org, 1 addresses found: 127.0.0.4, Match: True"
"TCPIP" 5656 "2017-12-26 06:30:33.614" "DNS lookup: 18.219.173.107.bl.spamcop.net, 0 addresses found: (none), Match: False"
"DEBUG" 5656 "2017-12-26 06:30:33.614" "Spam test: SpamTestDNSBlackLists, Score: 3"
"DEBUG" 5656 "2017-12-26 06:30:35.880" "Spam test: SpamTestHeloHost, Score: 2"
"DEBUG" 5656 "2017-12-26 06:30:36.051" "Spam test: SpamTestMXRecords, Score: 0"
"DEBUG" 5656 "2017-12-26 06:30:36.051" "Total spam score: 5"
"SMTPD" 5656 38696 "2017-12-26 06:30:36.051" "107.173.219.18" "SENT: 250 OK"
"SMTPD" 1056 38696 "2017-12-26 06:30:36.911" "107.173.219.18" "RECEIVED: RCPT TO:<pan76409@gmail.com>"
"SMTPD" 1056 38696 "2017-12-26 06:30:36.911" "107.173.219.18" "SENT: 250 OK"
"SMTPD" 5940 38696 "2017-12-26 06:30:37.270" "107.173.219.18" "RECEIVED: RCPT TO:<peterpan510@rocketmail.com>"
"SMTPD" 5940 38696 "2017-12-26 06:30:37.270" "107.173.219.18" "SENT: 250 OK"
"SMTPD" 6124 38696 "2017-12-26 06:30:37.645" "107.173.219.18" "RECEIVED: RCPT TO:<peterpanpeterpanpeterpan71@hotmail.com>"
"SMTPD" 6124 38696 "2017-12-26 06:30:37.645" "107.173.219.18" "SENT: 250 OK"
"SMTPD" 3468 38696 "2017-12-26 06:30:40.145" "107.173.219.18" "RECEIVED: DATA"
"SMTPD" 3468 38696 "2017-12-26 06:30:40.145" "107.173.219.18" "SENT: 354 OK, send."
"DEBUG" 6124 "2017-12-26 06:30:45.270" "Adding task AsynchronousTask to work queue Asynchronous task queue"
"DEBUG" 3320 "2017-12-26 06:30:45.286" "Executing task AsynchronousTask in work queue Asynchronous task queue"
"DEBUG" 3320 "2017-12-26 06:30:45.286" "SURBL: Execute"
"DEBUG" 3320 "2017-12-26 06:30:45.286" "SURBL: Match not found"
"DEBUG" 3320 "2017-12-26 06:30:45.286" "Spam test: SpamTestSURBL, Score: 0"
"DEBUG" 3320 "2017-12-26 06:30:45.286" "Total spam score: 0"
"DEBUG" 3320 "2017-12-26 06:30:45.286" "Saving message: {DFD50D58-0192-4F96-9416-7B85E4CF7360}.eml"
"DEBUG" 3320 "2017-12-26 06:30:45.286" "Requesting SMTPDeliveryManager to start message delivery"
"SMTPD" 3320 38696 "2017-12-26 06:30:45.286" "107.173.219.18" "SENT: 250 Queued (5.248 seconds)"
"DEBUG" 5588 "2017-12-26 06:30:45.286" "Adding task DeliveryTask to work queue SMTP delivery queue"
"DEBUG" 1628 "2017-12-26 06:30:45.286" "Executing task DeliveryTask in work queue SMTP delivery queue"
"DEBUG" 1628 "2017-12-26 06:30:45.286" "Delivering message..."
"APPLICATION" 1628 "2017-12-26 06:30:45.286" "SMTPDeliverer - Message 131207: Delivering message from info@zenicom.com.cn to pan76409@gmail.com, peterpan510@rocketmail.com, peterpanpeterpanpeterpan71@hotmail.com. File: d:\hMailServer\Data\{DFD50D58-0192-4F96-9416-7B85E4CF7360}.eml"
"DEBUG" 1628 "2017-12-26 06:30:45.286" "Applying rules"
"DEBUG" 1628 "2017-12-26 06:30:45.286" "Copying mail contents"
"DEBUG" 1628 "2017-12-26 06:30:45.286" "Saving message: {C29A5EA1-AEAE-4D1F-9817-31F2B6AB8623}.eml"
"DEBUG" 1628 "2017-12-26 06:30:45.286" "Requesting SMTPDeliveryManager to start message delivery"
"DEBUG" 1628 "2017-12-26 06:30:45.286" "Performing local delivery"
"DEBUG" 1628 "2017-12-26 06:30:45.286" "Local delivery completed"
"TCPIP" 1628 "2017-12-26 06:30:45.286" "DNS MX lookup: hotmail.com"
"DEBUG" 5588 "2017-12-26 06:30:45.286" "Adding task DeliveryTask to work queue SMTP delivery queue"
"DEBUG" 5492 "2017-12-26 06:30:45.286" "Executing task DeliveryTask in work queue SMTP delivery queue"
"DEBUG" 5492 "2017-12-26 06:30:45.286" "Delivering message..."
"APPLICATION" 5492 "2017-12-26 06:30:45.286" "SMTPDeliverer - Message 131208: Delivering message from info@zenicom.com.cn to Backup@zenicom.com.cn. File: d:\hMailServer\Data\{C29A5EA1-AEAE-4D1F-9817-31F2B6AB8623}.eml"
"DEBUG" 5492 "2017-12-26 06:30:45.286" "Applying rules"
"DEBUG" 5492 "2017-12-26 06:30:45.286" "Performing local delivery"
"DEBUG" 5492 "2017-12-26 06:30:45.286" "Applying rules"
"DEBUG" 5492 "2017-12-26 06:30:45.301" "Saving message: {C29A5EA1-AEAE-4D1F-9817-31F2B6AB8623}.eml"
"DEBUG" 5492 "2017-12-26 06:30:45.301" "AWStats::LogDeliverySuccess"
"DEBUG" 5492 "2017-12-26 06:30:45.301" "Local delivery completed"
"APPLICATION" 5492 "2017-12-26 06:30:45.301" "SMTPDeliverer - Message 131208: Message delivery thread completed."
"TCPIP" 1628 "2017-12-26 06:30:45.411" "DNS - MX Result: 2 IP addresses were found."
"DEBUG" 1628 "2017-12-26 06:30:45.411" "Starting external delivery process. Server: hotmail-com.olc.protection.outlook.com (104.47.2.33), Port: 25, Security: 2, User name: "
"DEBUG" 1628 "2017-12-26 06:30:45.411" "Creating session 38698"
"TCPIP" 1628 "2017-12-26 06:30:45.411" "Connecting to 104.47.2.33:25..."
"DEBUG" 5656 "2017-12-26 06:30:45.629" "TCP connection started for session 38698"
"SMTPD" 6124 38696 "2017-12-26 06:30:45.661" "107.173.219.18" "RECEIVED: QUIT"
"SMTPD" 6124 38696 "2017-12-26 06:30:45.661" "107.173.219.18" "SENT: 221 goodbye"

回复