[BlueOnyx:01642] Re: Slammed with Spammer

Paul paul at planetcentral.net
Sat Jul 11 13:12:04 -05 2009 

I'm getting similar issues :(... here's a cat of the sendmail log...

Jul 11 19:04:21 www sendmail[10386]: AUTH=server, 
relay=p50988f93.dip0.t-ipconnect.de [80.152.143.147], authid=info, 
mech=LOGIN, bits=0
Jul 11 19:05:06 www sendmail[10534]: AUTH=server, 
relay=p50988f93.dip0.t-ipconnect.de [80.152.143.147], authid=info, 
mech=LOGIN, bits=0
Jul 11 19:05:45 www sendmail[10797]: AUTH=server, 
relay=p50988f93.dip0.t-ipconnect.de [80.152.143.147], authid=info, 
mech=LOGIN, bits=0
Jul 11 19:07:08 www sendmail[10816]: AUTH=server, 
relay=p50988f93.dip0.t-ipconnect.de [80.152.143.147], authid=info, 
mech=LOGIN, bits=0
Jul 11 19:07:46 www sendmail[10847]: AUTH=server, 
relay=p50988f93.dip0.t-ipconnect.de [80.152.143.147], authid=info, 
mech=LOGIN, bits=0


[root at www mqueue]# cat /var/log/maillog | grep  ogin | grep 80.152.143.147
<no output>

Please could someone tell me the easiest way to block this IP from 
connecting to the box....

Thanks
Paul

Ken Marcus - Precision Web Hosting, Inc. wrote:
> ----- Original Message ----- 
> From: "Steve Davis" <steve at zio.com>
> To: <blueonyx at blueonyx.it>
> Sent: Saturday, June 27, 2009 10:04 AM
> Subject: [BlueOnyx:01513] Slammed with Spammer
>
>
>   
>> Having an issue with an old enemy on a new BO box.
>>
>> net.tw,
>> gov.tw
>> org.tw
>> net.tw
>> com.tw
>>
>> take your pick.
>>
>> Some how, they must know one of the emails userid and password on the
>> box and are sending 4000 - 5000 spams per hour into my mail queue.
>>
>> I have turned off PopBeforeSMTP, so probably not sending email out.
>> Probably.
>>
>> How do I tell which account is being used to connect.
>>
>> Any other suggestion of course is always appreciated.
>>
>> Steve
>>
>>
>>
>>     
>
> Look carefully at the one of the spam mail files in /var/spool/mqueue
> You will either see the username or at least the IP.
>
> If you know the IP, then just  check the mail log for a login with that IP.
> E.g if the IP was  123.456.789.10 then
>
> cat /var/log/maillog | grep  ogin | grep   123.456.789.10
>
>
>
> ----
> Ken Marcus
> Ecommerce Web Hosting by
> Precision Web Hosting, Inc.
> http://www.precisionweb.net
>
>
>
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at blueonyx.it
> http://www.blueonyx.it/mailman/listinfo/blueonyx
>

More information about the Blueonyx mailing list