Noel Jones:
> A lot of the folks that might help are unwilling to visit a webpage.
>
> Please send the information about the problem system directly to the
> list.
>
> Do not post debug logs unless specifically requested.
Note that your verbose logging is incomplete. For example, after
about 200
On 5/6/2017 10:04 AM, Steve Kuekes wrote:
> Hello,
>
> I have a problem with spam. Some connections do not seem to run my
> smtpd_recipient_restrictions and therefore let spam into my system.
> Specifically my rbl checks. I have 2 logs from the same postfix
> system. One y
Hello,
I have a problem with spam. Some connections do not seem to run my
smtpd_recipient_restrictions and therefore let spam into my system.
Specifically my rbl checks. I have 2 logs from the same postfix
system. One you can see the rbl checks being done and one where it
doesn't ru
ginal Message-
From: owner-postfix-us...@postfix.org
[mailto:owner-postfix-us...@postfix.org] On Behalf Of Christos Chatzaras
Sent: Sunday, May 24, 2015 2:48 PM
To: postfix-users@postfix.org
Subject: Re: problem with spam
We have some customers that use their gmail account for SMTP, but on port
58
We have some customers that use their gmail account for SMTP, but on port 587
and not port 25. So I don't think it will cause any problem. If it cause any
problem I can enable smtp to port 25 for specific customers.
just out of curiosity: wouldn't this also block legitimate users who use a
third party mailserver on port 25?
Am 24. Mai 2015 13:23:01 MESZ, schrieb Christos Chatzaras :
>Thank you everyone for the replies. I think I found the problem. The
>spambot (uploaded by hacked websites) does direct conne
Thank you everyone for the replies. I think I found the problem. The spambot
(uploaded by hacked websites) does direct connections to port 25 to other mail
providers. That's why I don't see any logs for outgoing e-mails but I get
backscatter from hotmail and other providers. I will try to use th
On 24.05.2015 13:10, Christos Chatzaras wrote:
> What I try to find out is how spam is sent out if only users that
> authenticate can send e-mail and when no user e-mail accounts credentials are
> hacked.
>
Instead of searching for mails sent to the address sir...@hotmail.com, I
would rather se
spammer or whatever.
So you wont see in the log that the password was cracked, unless you rummage
through months of log history.
-Ursprungligt meddelande-
From: Christos Chatzaras
Sent: Sunday, May 24, 2015 1:10 PM
To: postfix-users@postfix.org
Subject: Re: problem with spam
What I try to
What I try to find out is how spam is sent out if only users that authenticate
can send e-mail and when no user e-mail accounts credentials are hacked.
down to the customer’s billing country, or
employ 2FA authentication.
From: Christos Chatzaras
Sent: Sunday, May 24, 2015 1:01 PM
To: Sebastian Nielsen
Cc: postfix-users@postfix.org
Subject: Re: problem with spam
I do shared hosting, so users should be able to use any ISP to connect.
postconf
On 24.05.2015 13:01, Christos Chatzaras wrote:
> I do shared hosting, so users should be able to use any ISP to connect.
Filter outgoing mail with a spam scanner before they leave your server.
If it is detected as Spam, just reject it with an according message.
Michael
I do shared hosting, so users should be able to use any ISP to connect.
postconf -Mf :
smtp inet n - n - - smtpd
submission inet n - n - - smtpd
-o smtpd_tls_security_level=may
-o smtpd_sasl_auth_enable=yes
-o smtpd_clie
PM
To: postfix-users@postfix.org
Subject: problem with spam
Μy server with IP 178.63.64.86 is blacklisted at http://cbl.abuseat.org for
stealrat spambot. My mail server is configured to send only e-mail from
authenticated users. Also local users (from shell) can't send e-mail and
also mail
Μy server with IP 178.63.64.86 is blacklisted at http://cbl.abuseat.org for
stealrat spambot. My mail server is configured to send only e-mail from
authenticated users. Also local users (from shell) can't send e-mail and also
mail() php function is disabled too. I got this e-mail from hotmail (
On 4/26/2010 4:05 PM, Josh Cason wrote:
After working on some other issues. I came back to this spam problem. I
once again do not have the -v. The spam I was looking at came in last
wensday (I disabled the -v for a few weeks now until I can get back to
it) and one difference I noticed is it does
After working on some other issues. I came back to this spam problem.
I once again do not have the -v. The spam I was looking at came in
last wensday (I disabled the -v for a few weeks now until I can get
back to it) and one difference I noticed is it does not have a hold
header on it. It d
On 3/25/2010 4:27 PM, Josh Cason wrote:
I checked a few setting as explained. I have a stupid question and also
my results.
First of all it is not just comming from postini. It once in a while
wonders in from the outside. Not that I know how since all my mx records
points to postini. Just random
On 2010-03-25 Josh Cason wrote:
> First of all it is not just comming from postini. It once in a while
> wonders in from the outside. Not that I know how since all my mx
> records points to postini. Just random junk I suspose.
Your previous log excerpt did not include a full transaction (much less
I checked a few setting as explained. I have a stupid question and
also my results.
First of all it is not just comming from postini. It once in a while
wonders in from the outside. Not that I know how since all my mx
records points to postini. Just random junk I suspose.
The next thing i
On 3/25/2010 12:22 PM, Josh Cason wrote:
Thanks for the help so far. I already posted my config file in the very
first post. However, I will repost it. Plus an additional log file of
the attack. Yes to me it seems like an open relay. As stated before when
I run tests they say closed relay. As for
Thanks for the help so far. I already posted my config file in the
very first post. However, I will repost it. Plus an additional log
file of the attack. Yes to me it seems like an open relay. As stated
before when I run tests they say closed relay. As for reading the
howto's. I have been t
On 2010-03-24 7:24 PM, Josh Cason wrote:
> As I said a person connnects up. (not one of the email users). Just a
> random ip number. Sometimes it is postini (we use postini), aol, etc,
> etc. That sends one message in with mutiple reciepients. Then it sends
> out like say 20 or 30 or 100 messages t
It isn't just aol. It is any isp system that they seem to be spamming.
As I said a person connnects up. (not one of the email users). Just a
random ip number. Sometimes it is postini (we use postini), aol, etc,
etc. That sends one message in with mutiple reciepients. Then it sends
out like
Josh Cason a écrit :
> I have two problems. I built a new postfix e-mail system that worked
> great for about 1 year. Then I started getting spam that comes into our
> system as one msg and is then routed out to mutiple e-mail addresses
> like aol.com.
so you forward mail to aol and the like? ple
On 2010-03-24 Josh Cason wrote:
> I have two problems. I built a new postfix e-mail system that worked
> great for about 1 year. Then I started getting spam that comes into
> our system as one msg and is then routed out to mutiple e-mail
> addresses like aol.com.
Check your logs to find out how th
I have two problems. I built a new postfix e-mail system that worked
great for about 1 year. Then I started getting spam that comes into
our system as one msg and is then routed out to mutiple e-mail
addresses like aol.com. I have since update my postfix config file to
block even more spam
an...@iguanait.com a écrit :
> Hi,
>
> in our two mail servers i see last weeks this:
>
> non-SMTP command from 250.84.221.62.dyn.idknet.com[62.221.84.250]:
> From: ? VIAGRA ? Official Site
>
> How can i block these accesses?
add
reject_rbl_client zen.spamhaus.org
to your smtpd_recipien
On Thu, 10 Sep 2009, an...@iguanait.com wrote:
> in our two mail servers i see last weeks this:
>
> non-SMTP command from 250.84.221.62.dyn.idknet.com[62.221.84.250]:
> From: ? VIAGRA ? Official Site
>
> How can i block these accesses?
These are harmless; leave it alone. If you are adamant on
Hi,
in our two mail servers i see last weeks this:
non-SMTP command from 250.84.221.62.dyn.idknet.com[62.221.84.250]:
From: ? VIAGRA ? Official Site
How can i block these accesses?
our system is :
Centos 5.3 - postfix-2.3.3-2.1.el5_2 -
amavisd-maia-2.2.1-2_1.0.2.centos5 - clamd-0.95.2-4.el5.rf
30 matches
Mail list logo
