公司内某个用户老是自动对外发送邮件。谢谢

nitchina · 发表于 2011-3-12 11:14:14

公司用户老是收到以下这样的系统退信

很抱歉您发送的邮件被退回，以下是该邮件的相关信息：

被退回邮件

主题：-投资顾问咨询服务有限公司
时间：2011-03-12 09:27:00

无法发送到 562517@qq.com
退信原因	收件人邮件地址（562517@qq.com）不存在，邮件无法送达。
解决方案	请联系您的收件人，重新核实邮箱地址，或发送到其他收信邮箱。您也可以向管理员报告此退信。

此外，您还可以点击这里获取更多关于退信的帮助信息。

系统退信，每次都会返回mail-eml附件内容如下：

Received: from szyecon.xicp.cn (unknown [183.62.96.161])
by newmx73.qq.com (NewMx) with SMTP
id ; Sat, 12 Mar 2011 05:35:50 +0800
X-QQ-DNTY: 1
X-QQ-DKIM: 9
X-QQ-SPAM:  true
X-QQ-ASM: true 0.00000000000
X-QQ-SSF:000000010000000000000000031000
X-QQ-mid:mx73t1299879350t992t18613
Received: from WWWA8BF7821796 [119.142.187.54] by szyecon.xicp.cn with ESMTP
  (SMTPD-8.22) id A66502CC; Sat, 12 Mar 2011 05:38:45 +0800
Thread-Topic: =?gb2312?B?fs2218q5y87K18nRry23/n4uzvEg09DP3iAuKi25qyfLvg==?=
Reply-To: <1006653821@qq.com>
thread-index: AcvgNBy2Z6H8w8BgTvilOfDefVZM2Q==
From: <cxy925@szyecon.xicp.cn>
To: <537368@qq.com>,
<622477@qq.com>,
<919626@qq.com>,
<291717@qq.com>,
<749881@qq.com>,
<566121@qq.com>,
<685951@qq.com>
Subject: =?gb2312?B?fs2218q5y87K18nRry23/n4uzvEg09DP3iAuKi25qyfLvg==?=
Date: Sat, 12 Mar 2011 05:34:33 +0800
Message-ID: <[email=C313CF86BF3A4C0E95F5FB0F9BF361D7@WWWA8BF7821796]C313CF86BF3A4C0E95F5FB0F9BF361D7@WWWA8BF7821796[/email]>
MIME-Version: 1.0
X-Mailer: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5931


  投资顾问咨询服务有限公司

<代  <髮>  <点> <服>

   <開 <漂>  <数>  <务>

   <发  <保>  <优> <第>

   <漂  <真>  <惠> <一>

                     咨询热线：136，8029，2966梁经理

服务器发送日志如下：
03:12 10:32 SMTPD(db2e01710000f5b7) [59.35.191.169] MAIL FROM: <cxy925@szyecon.xicp.cn>
03:12 10:32 SMTPD(db2e01710000f5b7) [59.35.191.169] RCPT TO: <565693@qq.com>
03:12 10:32 SMTPD(db2e01710000f5b7) [59.35.191.169] RCPT TO: <641293@qq.com>
03:12 10:32 SMTPD(db2e01710000f5b7) [59.35.191.169] RCPT TO: <811527@qq.com>
03:12 10:32 SMTPD(db2e01710000f5b7) [59.35.191.169] RCPT TO: <912914@qq.com>
03:12 10:32 SMTPD(db2e01710000f5b7) [59.35.191.169] RCPT TO: <357573@qq.com>
03:12 10:32 SMTPD(db2e01710000f5b7) [59.35.191.169] RCPT TO: <778112@qq.com>
03:12 10:32 SMTPD(db2e01710000f5b7) [59.35.191.169] RCPT TO: <887874@qq.com>
03:12 10:32 SMTPD(db2e01710000f5b7) [59.35.191.169] RCPT TO: <454767@qq.com>
03:12 10:32 SMTPD(db2e01710000f5b7) [59.35.191.169] RCPT TO: <872384@qq.com>
03:12 10:32 SMTPD(db2e01710000f5b7) [59.35.191.169] E:\IMail\spool\Ddb2e01710000f5b7.SMD 2592
03:12 10:32 SMTP-(0000000000000000) E:\IMail\spool\Qdb2e01710000f5b7.SMD Q file exceeds 512 bytes in size
03:12 10:32 SMTP-(db2e01710000f5b7) processing E:\IMail\spool\Qdb2e01710000f5b7.SMD
03:12 10:32 SMTP-(db2e01710000f5b7) Trying qq.com (0)
03:12 10:32 SMTP-(db2e01710000f5b7) Connect qq.com [119.147.14.120:25] (1)
03:12 10:32 SMTP-(db2e01710000f5b7) 220 newmx55.qq.com MX QQ Mail Server
03:12 10:32 SMTP-(db2e01710000f5b7) >EHLO szyecon.xicp.cn
03:12 10:32 SMTP-(db2e01710000f5b7) 250-newmx55.qq.com
03:12 10:32 SMTP-(db2e01710000f5b7) 250-SIZE 73400320
03:12 10:32 SMTP-(db2e01710000f5b7) 250 OK
03:12 10:32 SMTP-(db2e01710000f5b7) >MAIL FROM:<cxy925@szyecon.xicp.cn>
03:12 10:32 SMTP-(db2e01710000f5b7) 250 Ok
03:12 10:32 SMTP-(db2e01710000f5b7) >RCPT To:<357573@qq.com>
03:12 10:32 SMTP-(db2e01710000f5b7) 250 Ok
03:12 10:32 SMTP-(db2e01710000f5b7) >RCPT To:<454767@qq.com>
03:12 10:32 SMTP-(db2e01710000f5b7) 250 Ok
03:12 10:32 SMTP-(db2e01710000f5b7) >RCPT To:<565693@qq.com>
03:12 10:32 SMTP-(db2e01710000f5b7) 250 Ok
03:12 10:32 SMTP-(db2e01710000f5b7) >RCPT To:<641293@qq.com>
03:12 10:32 SMTP-(db2e01710000f5b7) 250 Ok
03:12 10:32 SMTP-(db2e01710000f5b7) >RCPT To:<778112@qq.com>
03:12 10:32 SMTP-(db2e01710000f5b7) 250 Ok
03:12 10:32 SMTP-(db2e01710000f5b7) >DATA
03:12 10:32 SMTP-(db2e01710000f5b7) 354 End data with <CR><LF>.<CR><LF>
03:12 10:32 SMTP-(db2e01710000f5b7) >.
03:12 10:32 SMTP-(db2e01710000f5b7) 250 Ok: queued as
03:12 10:32 SMTP-(db2e01710000f5b7) rdeliver qq.com multiple (5) <cxy925@szyecon.xicp.cn> 2592
03:12 10:32 SMTP-(db2e01710000f5b7) >QUIT
03:12 10:32 SMTP-(db2e01710000f5b7) 221 Bye
03:12 10:32 SMTP-(db2e01710000f5b7) Connect qq.com [119.147.14.120:25] (1)
03:12 10:32 SMTP-(db2e01710000f5b7) 220 newmx55.qq.com MX QQ Mail Server
03:12 10:32 SMTP-(db2e01710000f5b7) >EHLO szyecon.xicp.cn
03:12 10:32 SMTP-(db2e01710000f5b7) 250-newmx55.qq.com
03:12 10:32 SMTP-(db2e01710000f5b7) 250-SIZE 73400320
03:12 10:32 SMTP-(db2e01710000f5b7) 250 OK
03:12 10:32 SMTP-(db2e01710000f5b7) >MAIL FROM:<cxy925@szyecon.xicp.cn>
03:12 10:32 SMTP-(db2e01710000f5b7) 250 Ok
03:12 10:32 SMTP-(db2e01710000f5b7) >RCPT To:<811527@qq.com>
03:12 10:32 SMTP-(db2e01710000f5b7) 250 Ok
03:12 10:32 SMTP-(db2e01710000f5b7) >RCPT To:<872384@qq.com>
03:12 10:32 SMTP-(db2e01710000f5b7) 250 Ok
03:12 10:32 SMTP-(db2e01710000f5b7) >RCPT To:<887874@qq.com>
03:12 10:32 SMTP-(db2e01710000f5b7) 550 Mailbox unavailable or access denied
03:12 10:32 SMTP-(db2e01710000f5b7) >RCPT To:<912914@qq.com>
03:12 10:32 SMTP-(db2e01710000f5b7) 550 Mailbox unavailable or access denied
03:12 10:32 SMTP-(db2e01710000f5b7) >DATA
03:12 10:32 SMTP-(db2e01710000f5b7) 354 End data with <CR><LF>.<CR><LF>
03:12 10:32 SMTP-(db2e01710000f5b7) >.
03:12 10:32 SMTP-(db2e01710000f5b7) 250 Ok: queued as
03:12 10:32 SMTP-(db2e01710000f5b7) rdeliver qq.com multiple (2) <cxy925@szyecon.xicp.cn> 2592
03:12 10:32 SMTP-(db2e01710000f5b7) >QUIT
03:12 10:32 SMTP-(db2e01710000f5b7) 221 Bye
03:12 10:32 SMTP-(db2e01710000f5b7) Creating message from Postmaster
03:12 10:32 SMTP-(db2e01710000f5b7) Delivery process now using new file: db2f00000eb0066c
03:12 10:32 SMTP-(db2f00000eb0066c) processing E:\IMail\spool\Qdb2f00000eb0066c.GSE
03:12 10:32 SMTP-(db2e01710000f5b7) finished E:\IMail\spool\Qdb2e01710000f5b7.SMD status=2
03:12 10:32 SMTP-(db2f00000eb0066c) ldeliver szyecon.xicp.cn cxy925-main (1) 2736
03:12 10:32 SMTP-(db2f00000eb0066c) finished E:\IMail\spool\Qdb2f00000eb0066c.GSE status=1
03:12 10:32 SMTPD(db3301500000f5b9) [192.168.10.10] connect 119.147.10.246 port 36491
03:12 10:32 SMTPD(db3301500000f5b9) [119.147.10.246] HELO smtpbg87.qq.com
03:12 10:32 SMTPD(db3301500000f5b9) [119.147.10.246] MAIL FROM: <PostMaster@qq.com>
03:12 10:32 SMTPD(db3301500000f5b9) [119.147.10.246] RCPT TO: <cxy925@szyecon.xicp.cn>
03:12 10:32 SMTPD(db3301500000f5b9) [119.147.10.246] E:\IMail\spool\Ddb3301500000f5b9.SMD 4757
03:12 10:32 SMTPD(db3301500000f5b9) performing antispam checks
03:12 10:32 SMTP-(db3301500000f5b9) processing E:\IMail\spool\Qdb3301500000f5b9.SMD
03:12 10:32 SMTP-(db3301500000f5b9) ldeliver szyecon.xicp.cn cxy925-main (1) PostMaster@qq.com 4757
03:12 10:32 SMTP-(db3301500000f5b9) finished E:\IMail\spool\Qdb3301500000f5b9.SMD status=1

nitchina · 发表于 2011-3-12 11:16:00

该用户反映从来没有主动对上面的邮箱发送过邮件，感觉她被中继了一样，不知理解是否正确。谢谢

lgj858 · 发表于 2011-3-12 21:41:02

修改密码之后观察看看
同时排除客户端和服务器端中病毒

lgj858 · 发表于 2011-3-12 21:41:31

或者你有耐心可以，筛选分析日志
并回溯检查日志

joefee · 发表于 2011-4-1 13:17:00

我公司天天见,这基本是广告信主机退信给对方主机,由于对方是伪装邮箱地址,所以对方主机又退回给你,别想太多了

ineedrmb · 发表于 2011-4-26 13:37:34

莫名其妙的退信偶尔有几封都是正常的，但多了就要考虑是否是用户密码被盗了。

用户名		自动登录	找回密码
密码			会员注册

[求助] 公司内某个用户老是自动对外发送邮件。谢谢