One of your email id and password seems to be compromised.
You must be getting lots of bounced messages in one of the email ids. Get the sender IP from the bounced message and find which user is authenticating from that IP. You can grep /var/log/maillog Change the password of that IP and scan the device for malwares/spywares. Delete queued messages from the sender using qmail-remove qmail-remove -r -p emai...@mydomain.com Biju Jose Mobile : 989 5990 272 From: Tony White <t...@ycs.com.au> Sent: 04 February 2025 17:49 To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] a single domain on my server is under attack Hi, I have come to realise this is a battle I cannot win. A quick fix I did was edit the tcp.smtp to CHKUSER_WRONGRCPTLIMIT="3" and rebuild the tcp file. Seems to be working well enough but it frustrating though. regards Tony White On 4/2/25 22:28, b...@whitesindia.com <mailto:b...@whitesindia.com> wrote: Hi Tony, Are you using fail2ban? That helps to block usernotfound and password fails. You can also use spamdyke to black list the domains and Ips Some more info about what kind of attack you are facing can help in finding solutions. Biju Jose Mobile : 989 5990 272 From: Tony White <mailto:t...@ycs.com.au> <t...@ycs.com.au> Sent: 04 February 2025 16:43 To: qmailtoaster-list@qmailtoaster.com <mailto:qmailtoaster-list@qmailtoaster.com> Subject: [qmailtoaster] a single domain on my server is under attack Hi Folks, Can someone please suggest how to stop/slow/reject this issue to a single domain? I have slowed it as far as I can but cannot stop it. TIA :(
