[Postfixbuch-users] Blacklisted uceprotect.net & apews.org. Woher kam die eMail?

cscholz at 2nibbles4u.de cscholz at 2nibbles4u.de
Di Jun 26 21:53:41 CEST 2007


Mir ist gerade zufällig aufgefallen, dass unser Firmenmailserver seit heute
auf den Blacklisten von uceprotect.net & apews.org steht.

 

Das Blacklisting auf uceprotect.net kann ich in den Logfiles nachvollziehen…

 

(/var/log/mail)

Jun 26 14:10:47 mailhost postfix/smtp[6993]: 401E04E81E4:
to=<roland at zirndorf.de>, relay=cacs2.uceprotect.com[208.66.2.22]:25,
delay=1.9, delays=0.01/0/1.2/0.6, dsn=5.0.0, status=undeliver
able-but-not-cached (host cacs2.uceprotect.com[208.66.2.22] said: 550
UCEPROTECT-Policy Server decided: 550 (V4.0-RULE-0005) Sender Verify is
abusive. Your System is part of a DDOS against the City of Zirnd    orf.
Enjoy your intranet for a week now. (in reply to RCPT TO command))

Jun 26 14:11:18 mailhost postfix/smtp[6997]: 40E484E81E4:
to=<roland at zirndorf.de>, relay=unimatrix.admins.ws[194.95.224.137]:25,
delay=31, delays=0.01/0/30/0.18, dsn=5.0.0, status=undelive
rable-but-not-cached (host unimatrix.admins.ws[194.95.224.137] said: 550
UCEPROTECT-Policy Server decided: 550 (V4.0-RULE-0005) Sender Verify is
abusive. Your System is part of a DDOS against the City of Zi    rndorf.
Enjoy your intranet for a week now. (in reply to RCPT TO command))

 

 

Was ich allerdings garnicht verstehen ist, woher diese eMail kommt die das
Problem anscheinen verursacht.

 

(/var/log/mail)

Jun 26 14:10:44 mailhost postfix/smtpd[5428]: connect from
adsl-entr-1-c19-p031.vtx.ch[212.147.19.31]

Jun 26 14:10:45 mailhost postfix/cleanup[7048]: 401E04E81E4:
message-id=<20070626121045.401E04E81E4 at mail.unseredomain.tld>

Jun 26 14:10:45 mailhost postfix/qmgr[30897]: 401E04E81E4:
from=<postmaster at unseredomain.tld>, size=272, nrcpt=1 (queue active)

Jun 26 14:10:47 mailhost postfix/smtp[6993]: 401E04E81E4:
to=<roland at zirndorf.de>, relay=cacs2.uceprotect.com[208.66.2.22]:25,
delay=1.9, delays=0.01/0/1.2/0.6, dsn=5.0.0, status=undeliver

able-but-not-cached (host cacs2.uceprotect.com[208.66.2.22] said: 550
UCEPROTECT-Policy Server decided: 550 (V4.0-RULE-0005) Sender Verify is
abusive. Your System is part of a DDOS against th

e City of Zirndorf. Enjoy your intranet for a week now. (in reply to RCPT TO
command))

Jun 26 14:10:47 mailhost postfix/qmgr[30897]: 401E04E81E4: removed

 

 

Wie man sieht wurden mehrere Verbindungen an die eine Adresse des Kunden
aufgebaut. Diese sehen sich alle relativ ähnlich.

 

Jun 26 07:34:19 mailhost postfix/smtpd[15739]: NOQUEUE: reject: RCPT from
unknown[80.146.160.42]: 450 4.7.1 <email at kunde.de>: Recipient address
rejected: Greylisted, see
http://isg.ee.ethz.ch/tools/postgrey/help/kunde.de.html;
from=<euresti at pasd.com> to=<email at kunde.de> proto=ESMTP
helo=<[80.146.160.42]>

Jun 26 07:34:51 mailhost postfix/smtpd[15739]: NOQUEUE: reject: RCPT from
unknown[80.146.160.42]: 450 4.7.1 <email at kunde.de>: Recipient address
rejected: Greylisted, see
http://isg.ee.ethz.ch/tools/postgrey/help/kunde.de.html;
from=<lala at gregoryscanlon.com> to=<email at kunde.de> proto=ESMTP
helo=<[80.146.160.42]>

Jun 26 07:35:28 mailhost postfix/smtpd[16536]: NOQUEUE: reject: RCPT from
unknown[80.146.160.42]: 450 4.7.1 <email at kunde.de>: Recipient address
rejected: Greylisted, see
http://isg.ee.ethz.ch/tools/postgrey/help/kunde.de.html;
from=<jkcoalition at hrliability.com> to=<email at kunde.de> proto=ESMTP
helo=<[80.146.160.42]>

Jun 26 07:36:03 mailhost postfix/smtpd[16536]: NOQUEUE: reject: RCPT from
unknown[80.146.160.42]: 450 4.7.1 <email at kunde.de>: Recipient address
rejected: Greylisted, see
http://isg.ee.ethz.ch/tools/postgrey/help/kunde.de.html;
from=<lam at janisl.com> to=<email at kunde.de> proto=ESMTP helo=<[80.146.160.42]>

Jun 26 14:01:50 mailhost postfix/smtpd[5428]: NOQUEUE: reject: RCPT from
unknown[89.204.13.120]: 450 4.7.1 <email at kunde.de>: Recipient address
rejected: Greylisted, see
http://isg.ee.ethz.ch/tools/postgrey/help/kunde.de.html;
from=<euodevr at rhodey-son.com> to=<email at kunde.de> proto=ESMTP
helo=<[89.204.13.120]>

Jun 26 14:07:21 mailhost postfix/smtpd[6994]: NOQUEUE: reject: RCPT from
adsl-entr-1-c19-p031.vtx.ch[212.147.19.31]: 450 4.7.1 <email at kunde.de>:
Recipient address rejected: Greylisted, see
http://isg.ee.ethz.ch/tools/postgrey/help/kunde.de.html;
from=<numuhadoqa at wemo.net> to=<email at kunde.de> proto=ESMTP
helo=<adsl-entr-1-c19-p031.vtx.ch>

Jun 26 14:07:50 mailhost postfix/smtpd[5428]: NOQUEUE: reject: RCPT from
adsl-entr-1-c19-p031.vtx.ch[212.147.19.31]: 450 4.7.1 <email at kunde.de>:
Recipient address rejected: Greylisted, see
http://isg.ee.ethz.ch/tools/postgrey/help/kunde.de.html;
from=<dickey at kiselis.com> to=<email at kunde.de> proto=ESMTP
helo=<adsl-entr-1-c19-p031.vtx.ch>

Jun 26 14:08:20 mailhost postfix/smtpd[6994]: NOQUEUE: reject: RCPT from
adsl-entr-1-c19-p031.vtx.ch[212.147.19.31]: 450 4.7.1 <email at kunde.de>:
Recipient address rejected: Greylisted, see
http://isg.ee.ethz.ch/tools/postgrey/help/kunde.de.html;
from=<rwirkus at direct.ca> to=<email at kunde.de> proto=ESMTP
helo=<adsl-entr-1-c19-p031.vtx.ch>

Jun 26 14:08:47 mailhost postfix/smtpd[5428]: NOQUEUE: reject: RCPT from
adsl-entr-1-c19-p031.vtx.ch[212.147.19.31]: 450 4.7.1 <email at kunde.de>:
Recipient address rejected: Greylisted, see
http://isg.ee.ethz.ch/tools/postgrey/help/kunde.de.html;
from=<nicoladimattia at tiscalinet.it> to=<email at kunde.de> proto=ESMTP
helo=<adsl-entr-1-c19-p031.vtx.ch>

Jun 26 14:09:20 mailhost postfix/smtpd[6994]: NOQUEUE: reject: RCPT from
adsl-entr-1-c19-p031.vtx.ch[212.147.19.31]: 450 4.7.1 <email at kunde.de>:
Recipient address rejected: Greylisted, see
http://isg.ee.ethz.ch/tools/postgrey/help/kunde.de.html;
from=<anneh at crocker.com> to=<email at kunde.de> proto=ESMTP
helo=<adsl-entr-1-c19-p031.vtx.ch>

Jun 26 14:10:15 mailhost postfix/smtpd[5428]: NOQUEUE: reject: RCPT from
adsl-entr-1-c19-p031.vtx.ch[212.147.19.31]: 450 4.7.1 <email at kunde.de>:
Recipient address rejected: Greylisted, see
http://isg.ee.ethz.ch/tools/postgrey/help/kunde.de.html;
from=<dd_bettyboop at yahoo.com> to=<email at kunde.de> proto=ESMTP
helo=<adsl-entr-1-c19-p031.vtx.ch>

Jun 26 14:10:51 mailhost postfix/smtpd[5428]: NOQUEUE: reject: RCPT from
adsl-entr-1-c19-p031.vtx.ch[212.147.19.31]: 450 4.7.1 <email at kunde.de>:
Recipient address rejected: Greylisted, see
http://isg.ee.ethz.ch/tools/postgrey/help/kunde.de.html;
from=<roland at zirndorf.de> to=<email at kunde.de> proto=ESMTP
helo=<adsl-entr-1-c19-p031.vtx.ch>

Jun 26 14:11:23 mailhost postfix/smtpd[6994]: NOQUEUE: reject: RCPT from
adsl-entr-1-c19-p031.vtx.ch[212.147.19.31]: 450 4.7.1 <email at kunde.de>:
Recipient address rejected: Greylisted, see
http://isg.ee.ethz.ch/tools/postgrey/help/kunde.de.html;
from=<nkianzad at web.de> to=<email at kunde.de> proto=ESMTP
helo=<adsl-entr-1-c19-p031.vtx.ch>

Jun 26 14:11:48 mailhost postfix/smtpd[5428]: NOQUEUE: reject: RCPT from
adsl-entr-1-c19-p031.vtx.ch[212.147.19.31]: 450 4.7.1 <email at kunde.de>:
Recipient address rejected: Greylisted, see
http://isg.ee.ethz.ch/tools/postgrey/help/kunde.de.html;
from=<hendersonfamily at att.net> to=<email at kunde.de> proto=ESMTP
helo=<adsl-entr-1-c19-p031.vtx.ch>

Jun 26 14:12:22 mailhost postfix/smtpd[7424]: NOQUEUE: reject: RCPT from
adsl-entr-1-c19-p031.vtx.ch[212.147.19.31]: 450 4.7.1 <email at kunde.de>:
Recipient address rejected: Greylisted, see
http://isg.ee.ethz.ch/tools/postgrey/help/kunde.de.html;
from=<rnakka at dehavilland.ca> to=<email at kunde.de> proto=ESMTP
helo=<adsl-entr-1-c19-p031.vtx.ch>

Jun 26 14:14:14 mailhost postfix/smtpd[7420]: NOQUEUE: reject: RCPT from
unknown[124.157.169.246]: 450 4.7.1 <email at kunde.de>: Recipient address
rejected: Greylisted, see
http://isg.ee.ethz.ch/tools/postgrey/help/kunde.de.html;
from=<dcpdqauto at on.aibn.com> to=<email at kunde.de> proto=ESMTP
helo=<adsl-pool-124.157.169-246.tttmaxnet.com>

Jun 26 14:14:36 mailhost postfix/smtpd[7418]: NOQUEUE: reject: RCPT from
unknown[124.157.169.246]: 450 4.7.1 <email at kunde.de>: Recipient address
rejected: Greylisted, see
http://isg.ee.ethz.ch/tools/postgrey/help/kunde.de.html;
from=<doremi at eds.com> to=<email at kunde.de> proto=ESMTP
helo=<adsl-pool-124.157.169-246.tttmaxnet.com>

Jun 26 14:14:55 mailhost postfix/smtpd[7420]: NOQUEUE: reject: RCPT from
unknown[124.157.169.246]: 450 4.7.1 <email at kunde.de>: Recipient address
rejected: Greylisted, see
http://isg.ee.ethz.ch/tools/postgrey/help/kunde.de.html;
from=<rnakka at dehavilland.ca> to=<email at kunde.de> proto=ESMTP
helo=<adsl-pool-124.157.169-246.tttmaxnet.com>

Jun 26 14:15:23 mailhost postfix/smtpd[7420]: NOQUEUE: reject: RCPT from
unknown[124.157.169.246]: 450 4.7.1 <email at kunde.de>: Recipient address
rejected: Greylisted, see
http://isg.ee.ethz.ch/tools/postgrey/help/kunde.de.html;
from=<conner at nationalspirit.com> to=<email at kunde.de> proto=ESMTP
helo=<adsl-pool-124.157.169-246.tttmaxnet.com>

Jun 26 14:15:54 mailhost postfix/smtpd[7420]: NOQUEUE: reject: RCPT from
unknown[124.157.169.246]: 450 4.7.1 <email at kunde.de>: Recipient address
rejected: Greylisted, see
http://isg.ee.ethz.ch/tools/postgrey/help/kunde.de.html;
from=<law at idmedia.co.uk> to=<email at kunde.de> proto=ESMTP
helo=<adsl-pool-124.157.169-246.tttmaxnet.com>

Jun 26 14:50:36 mailhost postfix/smtpd[9599]: NOQUEUE: reject: RCPT from
unknown[123.108.202.83]: 450 4.7.1 <email at kunde.de>: Recipient address
rejected: Greylisted, see
http://isg.ee.ethz.ch/tools/postgrey/help/kunde.de.html;
from=<Tarcisonicolae at imagesunlimited.co.uk> to=<email at kunde.de> proto=ESMTP
helo=<[123.108.202.83]>

Jun 26 18:55:00 mailhost postfix/smtpd[23888]: NOQUEUE: reject: RCPT from
M2303P003.adsl.highway.telekom.at[80.123.31.195]: 450 4.7.1
<email at kunde.de>: Recipient address rejected: Greylisted, see
http://isg.ee.ethz.ch/tools/postgrey/help/kunde.de.html;
from=<coddle at nctta.org> to=<email at kunde.de> proto=SMTP
helo=<M2303P003.adsl.highway.telekom.at>

Jun 26 19:45:24 mailhost postfix/smtpd[26907]: NOQUEUE: reject: RCPT from
unknown[89.169.134.210]: 450 4.7.1 <email at kunde.de>: Recipient address
rejected: Greylisted, see
http://isg.ee.ethz.ch/tools/postgrey/help/kunde.de.html;
from=<evade at turtleg.com> to=<email at kunde.de> proto=ESMTP
helo=<[89.169.134.210]>

Jun 26 19:46:23 mailhost postfix/smtpd[27122]: NOQUEUE: reject: RCPT from
unknown[89.169.134.210]: 450 4.7.1 <email at kunde.de>: Recipient address
rejected: Greylisted, see
http://isg.ee.ethz.ch/tools/postgrey/help/kunde.de.html;
from=<lam at itera.com> to=<email at kunde.de> proto=ESMTP helo=<[89.169.134.210]>

Jun 26 19:47:45 mailhost postfix/smtpd[26177]: NOQUEUE: reject: RCPT from
unknown[89.169.134.210]: 450 4.7.1 <email at kunde.de>: Recipient address
rejected: Greylisted, see
http://isg.ee.ethz.ch/tools/postgrey/help/kunde.de.html;
from=<eva.verhoeven at unilever.com> to=<email at kunde.de> proto=ESMTP
helo=<[89.169.134.210]>

 

… wie gesagt. Ich kann mir nicht erklären wie die eMail in das System kommt.
Wäre Sie von einem Kunden verschickt worden würde ich vorher die
Authentifizierung sehen. Aber dies ist nicht der Fall.

-------------- nächster Teil --------------
Ein Dateianhang mit HTML-Daten wurde abgetrennt...
URL: <https://listi.jpberlin.de/pipermail/postfixbuch-users/attachments/20070626/ecebc450/attachment.html>


Mehr Informationen über die Mailingliste Postfixbuch-users