hugo_backup/themes/public/article/e7-ad-86-e8-a8-98-e5-9c-a8m.../index.html

<!doctype html>
<html class="no-js" lang="en">
    <head>
        <meta charset="utf-8">
        <meta name="viewport" content="width=device-width, initial-scale=1">
        <meta name="author" content="Lednerb">
        <meta name="description" content="Bilberry Premium Theme for Hugo.">
        <meta name="keywords" content="blog,personal,responsive,search,font awesome,pages,posts,multilingual,highlight.js,syntax highlighting,premium,shortcuts">
        <meta name="generator" content="Hugo 0.50" />
        <title> [筆記]在MAILLOG中快速找出從外部利用SASL認證發信的帳號及IP | My cool new Blog</title>
        <meta name="description" content="[筆記]在MAILLOG中快速找出從外部利用SASL認證發信的帳號及IP - Bilberry Premium Theme for Hugo.">
        <meta itemprop="name" content="[筆記]在MAILLOG中快速找出從外部利用SASL認證發信的帳號及IP">
        <meta itemprop="description" content="[筆記]在MAILLOG中快速找出從外部利用SASL認證發信的帳號及IP - Bilberry Premium Theme for Hugo.">
        <meta property="og:title" content="[筆記]在MAILLOG中快速找出從外部利用SASL認證發信的帳號及IP">
        <meta property="og:description" content="[筆記]在MAILLOG中快速找出從外部利用SASL認證發信的帳號及IP - Bilberry Premium Theme for Hugo.">
        <meta property="og:image" content="https://www.gravatar.com/avatar/88188b6cc451928eba90e8400bc68086?size=200">
        <meta property="og:url" content="https://h.cowbay.org/article/e7-ad-86-e8-a8-98-e5-9c-a8maillog-e4-b8-ad-e5-bf-ab-e9-80-9f-e6-89-be-e5-87-ba-e5-be-9e-e5-a4-96-e9-83-a8-e5-88-a9-e7-94-a8sasl-e8-aa-8d-e8-ad-89-e7-99-bc-e4-bf-a1-e7-9a-84-e5-b8-b3-e8-99-9f/">
        <meta property="og:site_name" content="My cool new Blog">
        <meta property="og:type" content="article">
        <link rel="icon" type="image/png" href="https://h.cowbay.org/favicon-32x32.png" sizes="32x32">
        <link rel="icon" type="image/png" href="https://h.cowbay.org/favicon-16x16.png" sizes="16x16">


        <link rel="stylesheet" href="https://h.cowbay.org/sass/combined.min.717098cb5503581e75f12e486a847ca410bf8367d4d8713f4c37affc868c5a1d.css">


    </head>
    <body class="bilberry-hugo-theme">

<nav>

    <div class="container">
        <ul class="topnav">


                    <li><a href="/page/about-bilberry/">About Bilberry</a></li>


                    <li><a href="https://github.com/Lednerb/bilberry-hugo-theme" target="_blank">Github</a></li>


        </ul>


            <div id="search-box" class="search">
                <i class="fa fa-search"></i>
                <input id="search" type="text" placeholder="Search ...">
            </div>

    </div>
</nav>


        <header>
    <div class="container">
        <div class="logo">
            <a href="/" class="logo">

                    <img src="https://www.gravatar.com/avatar/88188b6cc451928eba90e8400bc68086?d=mm&size=200" alt="">


                <span class="overlay"><i class="fa fa-home"></i></span>
            </a>
        </div>
        <div class="titles">
            <h3 class="title"><a href="/">My cool new Blog</a></h3>

                <span class="subtitle">Hello World! This is the most epic subtitle ever.</span>

        </div>

    <div class="languages">


                        <a href="/en" class="active">en</a>


                        <a href="/de">de</a>


            </div>


        <div class="toggler">

            <i class="fa fa-bars" aria-hidden="true"></i>
        </div>
    </div>
</header>


        <div class="main container">


    <div class="article-wrapper u-cf single">

            <a class="bubble" href="/article/e7-ad-86-e8-a8-98-e5-9c-a8maillog-e4-b8-ad-e5-bf-ab-e9-80-9f-e6-89-be-e5-87-ba-e5-be-9e-e5-a4-96-e9-83-a8-e5-88-a9-e7-94-a8sasl-e8-aa-8d-e8-ad-89-e7-99-bc-e4-bf-a1-e7-9a-84-e5-b8-b3-e8-99-9f/">
    <i class="fa fa-fw fa-pencil"></i>
</a>

<article class="default article">


    <div class="content">
    <h3><a href="/article/e7-ad-86-e8-a8-98-e5-9c-a8maillog-e4-b8-ad-e5-bf-ab-e9-80-9f-e6-89-be-e5-87-ba-e5-be-9e-e5-a4-96-e9-83-a8-e5-88-a9-e7-94-a8sasl-e8-aa-8d-e8-ad-89-e7-99-bc-e4-bf-a1-e7-9a-84-e5-b8-b3-e8-99-9f/">[筆記]在MAILLOG中快速找出從外部利用SASL認證發信的帳號及IP</a></h3>
    <div class="meta">


                <span class="date moment">2013-11-13</span>


            <span class="categories">

                    <a href="/categories/%E6%9C%AA%E5%88%86%E9%A1%9E">未分類</a>

            </span>


    </div>


<p>找出來之後，再去判斷這個人是否有需要，是否真的會在外部發信。</p>

<p>&nbsp;
&gt; cat maillog-20131027 |grep sasl|grep -v 192.168
&nbsp;</p>

<p>Oct 26 01:24:17 SH-DNS-FC14 postfix/smtpd[25649]: C2A1A88E5E: client=23-24-225-177-static.hfc.comcastbusiness.net[23.24.225.177], sasl_method=LOGIN, sasl_username=cindy
Oct 26 01:24:18 SH-DNS-FC14 postfix/smtpd[25645]: 931E388E5F: client=23-24-225-177-static.hfc.comcastbusiness.net[23.24.225.177], sasl_method=LOGIN, sasl_username=cindy
Oct 26 01:24:20 SH-DNS-FC14 postfix/smtpd[25645]: 9B15488E60: client=23-24-225-177-static.hfc.comcastbusiness.net[23.24.225.177], sasl_method=LOGIN, sasl_username=cindy
Oct 26 01:24:31 SH-DNS-FC14 postfix/smtpd[25645]: A957B88E69: client=23-24-225-177-static.hfc.comcastbusiness.net[23.24.225.177], sasl_method=LOGIN, sasl_username=cindy
Oct 26 01:24:32 SH-DNS-FC14 postfix/smtpd[25648]: D7D2788E6A: client=23-24-225-177-static.hfc.comcastbusiness.net[23.24.225.177], sasl_method=LOGIN, sasl_username=cindy
Oct 26 01:24:32 SH-DNS-FC14 postfix/smtpd[25649]: D9C1488E6B: client=23-24-225-177-static.hfc.comcastbusiness.net[23.24.225.177], sasl_method=LOGIN, sasl_username=cindy
Oct 26 01:24:32 SH-DNS-FC14 postfix/smtpd[25647]: DAFD188E6C: client=23-24-225-177-static.hfc.comcastbusiness.net[23.24.225.177], sasl_method=LOGIN, sasl_username=cindy
Oct 26 01:24:32 SH-DNS-FC14 postfix/smtpd[25650]: DC24988E6D: client=23-24-225-177-static.hfc.comcastbusiness.net[23.24.225.177], sasl_method=LOGIN, sasl_username=cindy
Oct 26 01:24:36 SH-DNS-FC14 postfix/smtpd[25645]: AA62088E6F: client=23-24-225-177-static.hfc.comcastbusiness.net[23.24.225.177], sasl_method=LOGIN, sasl_username=cindy
Oct 26 01:24:37 SH-DNS-FC14 postfix/smtpd[25648]: DA31F88E73: client=23-24-225-177-static.hfc.comcastbusiness.net[23.24.225.177], sasl_method=LOGIN, sasl_username=cindy
Oct 26 01:24:37 SH-DNS-FC14 postfix/smtpd[25647]: DA38088E74: client=23-24-225-177-static.hfc.comcastbusiness.net[23.24.225.177], sasl_method=LOGIN, sasl_username=cindy
Oct 26 01:24:37 SH-DNS-FC14 postfix/smtpd[25649]: DA5E988E75: client=23-24-225-177-static.hfc.comcastbusiness.net[23.24.225.177], sasl_method=LOGIN, sasl_username=cindy
Oct 26 01:24:37 SH-DNS-FC14 postfix/smtpd[25650]: E1C2888E76: client=23-24-225-177-static.hfc.comcastbusiness.net[23.24.225.177], sasl_method=LOGIN, sasl_username=cindy
Oct 26 01:24:38 SH-DNS-FC14 postfix/smtpd[25645]: E524388E77: client=23-24-225-177-static.hfc.comcastbusiness.net[23.24.225.177], sasl_method=LOGIN, sasl_username=cindy
Oct 26 01:24:40 SH-DNS-FC14 postfix/smtpd[25645]: ECC7B88E7A: client=23-24-225-177-static.hfc.comcastbusiness.net[23.24.225.177], sasl_method=LOGIN, sasl_username=cindy</p>

<p>像這樣，短時間內大量發信，肯定就是USER的帳號密碼被猜到了，先改密碼或者把帳號砍掉，接下來封這些IP，再叫USER換一組強度高一點的密碼。</p>

<p>如果被打得很有經驗，手邊應該會有非常多的IP要封鎖，可以參考底下這篇文章用iptables把這些IP都擋掉</p>

<h1 id="教學-自動透過-iptables-封鎖-ip-黑名單-http-yenpai-idis-com-tw-archives-399-e6-95-99-e5-ad-b8-e8-87-aa-e5-8b-95-e9-80-8f-e9-81-8e-iptables-e5-b0-81-e9-8e-96-ip-e9-bb-91-e5-90-8d-e5-96-ae"><a href="http://yenpai.idis.com.tw/archives/399-%E6%95%99%E5%AD%B8-%E8%87%AA%E5%8B%95%E9%80%8F%E9%81%8E-iptables-%E5%B0%81%E9%8E%96-ip-%E9%BB%91%E5%90%8D%E5%96%AE">[教學] 自動透過 iptables 封鎖 IP 黑名單</a></h1>

<p>程式不難，看一下大概就知道怎麼改了，我是改成自己手邊的黑名單(算一算也有上百個吧)&hellip;.</p>

<p>&nbsp;</p>


</div>


<div class="footer no-tags">


</div>

</article>


    </div>


        <div id="disqus_thread"></div>
<script type="application/javascript">
    var disqus_config = function () {


    };
    (function() {
        if (["localhost", "127.0.0.1"].indexOf(window.location.hostname) != -1) {
            document.getElementById('disqus_thread').innerHTML = 'Disqus comments not available by default when the website is previewed locally.';
            return;
        }
        var d = document, s = d.createElement('script'); s.async = true;
        s.src = '//' + "bilberry-hugo-theme" + '.disqus.com/embed.js';
        s.setAttribute('data-timestamp', +new Date());
        (d.head || d.body).appendChild(s);
    })();
</script>
<noscript>Please enable JavaScript to view the <a href="https://disqus.com/?ref_noscript">comments powered by Disqus.</a></noscript>
<a href="https://disqus.com" class="dsq-brlink">comments powered by <span class="logo-disqus">Disqus</span></a>


        </div>


<footer>
    <div class="container">


        <div class="recent-posts">
            <strong>Latest posts</strong>
                <ul>

                    <li>
                        <a href="/article/google-550-5-7-1-sloution/">寄信給google被退信 錯誤 550-5.7.1的解法</a>
                    </li>

                    <li>
                        <a href="/article/netdata-linux-system-performance-monitor-dashboard/">Netdata Linux System Performance Monitor Dashboard</a>
                    </li>

                    <li>
                        <a href="/article/linux-performance-monitor-dashboard-netdata-md/">Linux 底下極其詳細的System performace Monitor Dashboard - Netdata</a>
                    </li>

                    <li>
                        <a href="/article/syntax-test/">Syntax Test</a>
                    </li>

                    <li>
                        <a href="/article/psql-create-role-and-assign-priviledges/">psql create role and assign priviledges</a>
                    </li>

                    <li>
                        <a href="/article/study-url/">Study URL</a>
                    </li>

                    <li>
                        <a href="/article/rsync-time-backup/">[筆記] Linux 底下好用的備份工具 rsync-time-backup</a>
                    </li>

                </ul>
        </div>


        <div class="categories">
            <a href="/categories/"><strong>Categories</strong></a>
                <ul>

                    <li>
                        <a href="/categories/%E6%9C%AA%E5%88%86%E9%A1%9E">未分類 (86)</a>
                    </li>

                    <li>
                        <a href="/categories/%E5%B7%A5%E4%BD%9C%E7%AD%86%E8%A8%98">工作筆記 (68)</a>
                    </li>

                    <li>
                        <a href="/categories/%E5%85%B6%E4%BB%96">其他 (46)</a>
                    </li>

                    <li>
                        <a href="/categories/%E7%AD%86%E8%A8%98">筆記 (30)</a>
                    </li>

                    <li>
                        <a href="/categories/%E5%89%AA%E5%A0%B1">剪報 (18)</a>
                    </li>

                    <li>
                        <a href="/categories/starting">Starting (5)</a>
                    </li>

                    <li>
                        <a href="/categories/blog">Blog (4)</a>
                    </li>

            </ul>
        </div>


        <div class="right">

            <div class="external-profiles">
                <strong>Social media</strong>


                    <a href="https://twitter.com/TheRealLednerb" target="_blank"><i class="fa fa-twitter-adblock-proof"></i></a>


                    <a href="https://github.com/Lednerb" target="_blank"><i class="fa fa-github"></i></a>


            </div>


            <div class="languages">
                    <strong>Other languages</strong>


                            <a href="/en" class="active">en</a>


                            <a href="/de">de</a>


                </div>

        </div>
    </div>
</footer>


<div class="credits">
    <div class="container">
        <div class="copyright">
            <a href="https://github.com/Lednerb" target="_blank">
                &copy;

                    2017

                by Lednerb
            </a>

        </div>
        <div class="author">
            <a href="https://github.com/Lednerb/bilberry-hugo-theme" target="_blank">Bilberry Hugo Theme</a>
        </div>
    </div>
</div>


        <script type="text/javascript" src="https://h.cowbay.org/js/externalDependencies.39c47e10e241eae2947b3fe21809c572.js" integrity="md5-OcR&#43;EOJB6uKUez/iGAnFcg=="></script>


        <script type="text/javascript" src="https://h.cowbay.org/js/theme.ff50ae6dc1bfc220b23bf69dbb41b54e.js" integrity="md5-/1CubcG/wiCyO/adu0G1Tg=="></script>

        <script>
            $(".moment").each(function() {
                $(this).text(
                    moment( $(this).text() )
                        .locale( "en" )
                        .format('LL')
                );
            });

            $(".footnote-return sup").html("");
        </script>


            <script>
    var client = algoliasearch("Y2C4RWMPXW", "50ea7f8c41c0ad233926e0be2b769ed1");
    var index = client.initIndex("default-content");

    $('#search').autocomplete({ hint: false, autoselect: true, debug: false },
      [
        {

            source: $.fn.autocomplete.sources.hits(index, { hitsPerPage: 5, filters: 'language: en' }),

          displayKey: function(suggestion) {
            return suggestion.title || suggestion.author
          },
          templates: {
            suggestion: function(suggestion) {
                return "<span class='entry " + suggestion.type + "'>"
                      + "<span class='title'>" + suggestion.title + "</span>"
                      + "<span class='fa fa-fw " + suggestion.iconClass + "'></span>"
                  + "</span>"
                ;
            },
            empty: function() {
              return "<span class='empty'>Nothing found.</span>"
            },
            footer: function() {
              return '<div class="branding">Powered by <img src="https:\/\/h.cowbay.org\/dist\/algolia-logo-light.svg" /></div>'
            }

          },
        }
      ])
      .on('autocomplete:selected', function(event, suggestion, dataset) {
        window.location = (suggestion.url);
      })
      .keypress(function (event, suggestion) {
        if (event.which == 13) {
          window.location = (suggestion.url);
        }
      });
</script>


    </body>
</html>