Re: [qmailtoaster] a single domain on my server is under attack

Tue, 04 Feb 2025 06:44:15 -0800 

Hi Biju,
  Good pick up. Thank you. I cannot believe after all my
discussions this client set such simple password.
  I hope this resolves the issue. I will continue to monitor
for the rest of the night.
  Oddly the entire email input are from random domains and
using very random usernames for the single domain...
Looks like they have a list of names then add the domain to it.
  Remo I am looking into the examples you sent thank you.
Appreciate the effort greatly.

regards
Tony White


On 5/2/25 01:14, b...@whitesindia.com wrote:

One of your email id and password seems to be compromised.


You must be getting lots of bounced messages in one of the email ids. Get the 
sender IP from the bounced message and find which user is authenticating from 
that IP. You can grep /var/log/maillog

Change the password of that IP and scan the device for malwares/spywares.  
Delete queued messages from the sender using qmail-remove

qmail-remove -r -pemai...@mydomain.com


Biju Jose
Mobile : 989 5990 272
From: Tony White<t...@ycs.com.au> Sent: 04 February 2025 17:49 
To:qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] a single domain on my server is under attack


Hi,
   I have come to realise this is a battle I cannot win.
A quick fix I did was edit the tcp.smtp to CHKUSER_WRONGRCPTLIMIT="3"
and rebuild the tcp file.

Seems to be working well enough but it frustrating though.




regards
Tony White

On 4/2/25 22:28,b...@whitesindia.com <mailto:b...@whitesindia.com>  wrote:

Hi Tony,
Are you using fail2ban? That helps to block usernotfound and password fails. You can also use spamdyke to black list the domains and Ips Some more info about what kind of attack you are facing can help in finding solutions. Biju Jose 
Mobile : 989 5990 272
From: Tony White<mailto:t...@ycs.com.au> <t...@ycs.com.au> Sent: 04 February 2025 16:43 To:qmailtoaster-list@qmailtoaster.com <mailto:qmailtoaster-list@qmailtoaster.com> Subject: [qmailtoaster] a single domain on my server is under attack Hi Folks, 
   Can someone please suggest how to stop/slow/reject this issue to a single 
domain?
I have slowed it as far as I can but cannot stop it.
TIA :(

Reply via email to