Results 1 to 4 of 4
  1. #1

    Spamming from the server !!

    Hello,

    Awkward situation.Some unknown user who doesn't exist on our domain, using our domain to send spam. We're using postfix/dovecot. Please check one of the email log for user [email protected] where mydomain is the domain on our vps and this user doesn't exist on this domain. Urgently required help as our ip has been blacklisted on baracuda server.


    Dec 19 10:58:43 mail postfix/smtpd[32212]: 1485EE43669: client=unknown[198.143.128.133]
    Dec 19 10:58:44 mail postfix/cleanup[31526]: 1485EE43669: message-id=<>
    Dec 19 10:58:44 mail postfix/qmgr[30803]: 1485EE43669: from=<[email protected]>, size=1631, nrcpt=10 (queue active)
    Dec 19 10:58:45 mail postfix/smtp[32198]: 1485EE43669: to=<[email protected]>, relay=mx3.hotmail.com[65.55.37.88]:25, delay=2.4, delays=1.8/0/0.4/0.19, dsn=5.0.0, status=bounced (host mx3.hotmail.com[65.55.37.88] said: 550 Requested action not taken: mailbox unavailable (in reply to RCPT TO command))
    Dec 19 10:58:45 mail postfix/smtp[32198]: 1485EE43669: to=<[email protected]>, relay=mx3.hotmail.com[65.55.37.88]:25, delay=2.6, delays=1.8/0/0.4/0.36, dsn=2.0.0, status=sent (250 <[email protected]> Queued mail for delivery)
    Dec 19 10:58:45 mail postfix/smtp[32198]: 1485EE43669: to=<[email protected]>, relay=mx3.hotmail.com[65.55.37.88]:25, delay=2.6, delays=1.8/0/0.4/0.36, dsn=2.0.0, status=sent (250 <[email protected]> Queued mail for delivery)
    Dec 19 10:58:45 mail postfix/smtp[32198]: 1485EE43669: to=<[email protected]>, relay=mx3.hotmail.com[65.55.37.88]:25, delay=2.6, delays=1.8/0/0.4/0.36, dsn=2.0.0, status=sent (250 <[email protected]> Queued mail for delivery)
    Dec 19 10:58:45 mail postfix/smtp[32185]: 1485EE43669: to=<[email protected]>, relay=marinaswindshop.com.br[50.116.92.38]:25, delay=2.8, delays=1.8/0.01/0.6/0.34, dsn=2.0.0, status=sent (250 OK id=1VtYfA-0008Mr-7P)
    Dec 19 10:58:46 mail postfix/smtp[32195]: 1485EE43669: to=<[email protected]>, relay=mx.marinebox.com.br[186.233.144.41]:25, delay=3.4, delays=1.8/0.01/1.2/0.32, dsn=4.0.0, status=deferred (host mx.marinebox.com.br[186.233.144.41] said: 451 Blocked_by_b.barracudacentral.org (in reply to RCPT TO command))
    Dec 19 10:58:47 mail postfix/smtp[32175]: 1485EE43669: to=<[email protected]>, relay=mx.ig.com.br[177.153.26.10]:25, delay=4, delays=1.8/0/0.8/1.4, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 41DAE140BCB)
    Dec 19 10:58:47 mail postfix/smtp[31745]: 1485EE43669: to=<[email protected]>, relay=mx.b.correio.biz[187.45.217.20]:25, delay=4.4, delays=1.8/0.01/1.6/1, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 99494EC1AF)
    Dec 19 10:58:47 mail postfix/smtp[31690]: 1485EE43669: to=<[email protected]>, relay=mx.b.locaweb.com.br[187.45.217.20]:25, delay=4.5, delays=1.8/0/1.6/1, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 99F0FEC24B)

  2. #2
    Join Date
    Nov 2013
    Posts
    97
    Hi,

    did you set up your servers as open relay? Do you make authentication of the senders?

  3. #3
    Following is the example when some valid user send email from the server :

    grep DAAF2E428E7 /var/log/maillog
    grep DAAF2E428E7 /var/log/maillog
    Dec 19 12:52:46 mail postfix/smtpd[4390]: DAAF2E428E7: client=unknown[39.45.206.27], sasl_method=PLAIN, sasl_username=zunair
    Dec 19 12:52:47 mail postfix/cleanup[4401]: DAAF2E428E7: message-id=<[email protected]>
    Dec 19 12:52:47 mail postfix/qmgr[622]: DAAF2E428E7: from=<[email protected]>, size=672, nrcpt=1 (queue active)
    Dec 19 12:53:18 mail postfix/smtp[4412]: DAAF2E428E7: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[173.194.74.26]:25, delay=32, delays=1.1/0.01/31/0.64, dsn=2.0.0, status=sent (250 2.0.0 OK 1387447409 v3si2336187qat.117 - gsmtp)


    We're not using open-relay, i've already test this using the following guide.

    http://www.cyberciti.biz/tips/test-m...pen-relay.html

    >> Do you make authentication of the senders?
    Could you please explain a bit regarding this ? As i am newbie :-|

  4. #4
    Join Date
    Nov 2013
    Posts
    97
    You can prevent people sending out emails from your e-mail server by limiting the hosts from which postfix accepts the e-mails (this would give you headaches if your users are checking their e-mails from their home were most probably they have dynamically assigned IP addresses) or by forcing smtp authentication. Therefore the users has to set a username and password and postfix will use dovecot to authenticate the users before sending out the e-mails.

Similar Threads

  1. Spamming through my server
    By Prince in forum Dedicated Server
    Replies: 5
    Last Post: 11-08-2006, 05:29 PM
  2. spamming on your server
    By swijaya0101 in forum Hosting Security and Technology
    Replies: 2
    Last Post: 08-26-2004, 12:50 PM
  3. Spamming from server....
    By lamp in forum Hosting Security and Technology
    Replies: 4
    Last Post: 01-30-2004, 11:12 AM
  4. Help! Someone is spamming through my server!
    By VetteMan in forum Web Hosting
    Replies: 10
    Last Post: 08-10-2001, 06:56 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •