Boa noite amigos,
Trabalho em uma escola federal IFRO, e aqui eu tenho um servidor MK como firewall, DHCP, Cache e controle de banda.
Nosso link é da RNP (Rede nacional de Pesquisas), e a RNP faz um monitoramento de conteúdo.
Recentemente recebi um email deles, falando que nosso IP está enviando SPAM.
Gostaria de saber como posso fazer este monitoramento no MK para descobrir qual host está enviando estes spam, pois aqui em nossa rede temos hoje mais de 200 computadores.
Abaixo segue o email que eles me enviaram:
Email:
Dear Sir/Madam,
We have detected abuse from the IP address 200.129.130.xxx, which according to a whois lookup is on your network. We would appreciate if you would investigate and take action as appropriate.
Log lines are given below, but please ask if you require any further information.
(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process. This mail was generated by Fail2Ban.)
Note: Local timezone is +1000 (EST)
Apr 3 03:25:32 mx1 postfix/smtpd[22890]: connect from unknown[200.129.130.xxx]
Apr 3 03:25:33 mx1 postfix/smtpd[22890]: NOQUEUE: reject: RCPT from unknown[200.129.130.xxx]: 554 5.7.1 Service unavailable; Client host [200.129.130.xxx] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=200.129.130.xxx; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<[200.129.130.xxx]>
Apr 3 03:25:34 mx1 postfix/smtpd[22890]: lost connection after DATA from unknown[200.129.130.xxx]
Apr 3 03:25:34 mx1 postfix/smtpd[22890]: disconnect from unknown[200.129.130.xxx]
Apr 3 03:26:37 mx1 postfix/smtpd[31536]: connect from unknown[200.129.130.xxx]
Apr 3 03:26:38 mx1 postfix/smtpd[31536]: NOQUEUE: reject: RCPT from unknown[200.129.130.xxx]: 554 5.7.1 Service unavailable; Client host [200.129.130.xxx] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=200.129.130.xxx; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<[200.129.130.xxx]>
Apr 3 03:26:38 mx1 postfix/smtpd[31536]: lost connection after DATA from unknown[200.129.130.xxx]
Apr 3 03:26:38 mx1 postfix/smtpd[31536]: disconnect from unknown[200.129.130.xxx]
Apr 3 03:27:34 mx1 postfix/smtpd[30983]: connect from unknown[200.129.130.xxx]
Apr 3 03:27:35 mx1 postfix/smtpd[30983]: NOQUEUE: reject: RCPT from unknown[200.129.130.xxx]: 554 5.7.1 Service unavailable; Client host [200.129.130.xxx] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=200.129.130.xxx; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<[200.129.130.xxx]>
Apr 3 03:27:35 mx1 postfix/smtpd[30983]: lost connection after DATA from unknown[200.129.130.xxx]
Apr 3 03:27:35 mx1 postfix/smtpd[30983]: disconnect from unknown[200.129.130.xxx]
-
10-04-2013, 20:14 #1
- Ingresso
- Jan 2008
- Localização
- Ji-Paraná
- Posts
- 177
Hosts denunciados como sendo fontes de envio de Spam
Citação