[BlueOnyx:01644] Re: Slammed with Spammer

Jeff Folk jefffolk at mac.com
Sat Jul 11 13:28:57 -05 2009 

Add the IP address to /etc/hosts.deny

That will block it from using any service in inetd.

Jeff

On Jul 11, 2009, at 1:12 PM, Paul wrote:

>
> I'm getting similar issues :(... here's a cat of the sendmail log...
>
> Jul 11 19:04:21 www sendmail[10386]: AUTH=server,
> relay=p50988f93.dip0.t-ipconnect.de [80.152.143.147], authid=info,
> mech=LOGIN, bits=0
> Jul 11 19:05:06 www sendmail[10534]: AUTH=server,
> relay=p50988f93.dip0.t-ipconnect.de [80.152.143.147], authid=info,
> mech=LOGIN, bits=0
> Jul 11 19:05:45 www sendmail[10797]: AUTH=server,
> relay=p50988f93.dip0.t-ipconnect.de [80.152.143.147], authid=info,
> mech=LOGIN, bits=0
> Jul 11 19:07:08 www sendmail[10816]: AUTH=server,
> relay=p50988f93.dip0.t-ipconnect.de [80.152.143.147], authid=info,
> mech=LOGIN, bits=0
> Jul 11 19:07:46 www sendmail[10847]: AUTH=server,
> relay=p50988f93.dip0.t-ipconnect.de [80.152.143.147], authid=info,
> mech=LOGIN, bits=0
>
>
> [root at www mqueue]# cat /var/log/maillog | grep  ogin | grep  
> 80.152.143.147
> <no output>
>
> Please could someone tell me the easiest way to block this IP from
> connecting to the box....
>
> Thanks
> Paul
>
> Ken Marcus - Precision Web Hosting, Inc. wrote:
>> ----- Original Message -----
>> From: "Steve Davis" <steve at zio.com>
>> To: <blueonyx at blueonyx.it>
>> Sent: Saturday, June 27, 2009 10:04 AM
>> Subject: [BlueOnyx:01513] Slammed with Spammer
>>
>>
>>
>>> Having an issue with an old enemy on a new BO box.
>>>
>>> net.tw,
>>> gov.tw
>>> org.tw
>>> net.tw
>>> com.tw
>>>
>>> take your pick.
>>>
>>> Some how, they must know one of the emails userid and password on  
>>> the
>>> box and are sending 4000 - 5000 spams per hour into my mail queue.
>>>
>>> I have turned off PopBeforeSMTP, so probably not sending email out.
>>> Probably.
>>>
>>> How do I tell which account is being used to connect.
>>>
>>> Any other suggestion of course is always appreciated.
>>>
>>> Steve
>>>
>>>
>>>
>>>
>>
>> Look carefully at the one of the spam mail files in /var/spool/mqueue
>> You will either see the username or at least the IP.
>>
>> If you know the IP, then just  check the mail log for a login with  
>> that IP.
>> E.g if the IP was  123.456.789.10 then
>>
>> cat /var/log/maillog | grep  ogin | grep   123.456.789.10
>>
>>
>>
>> ----
>> Ken Marcus
>> Ecommerce Web Hosting by
>> Precision Web Hosting, Inc.
>> http://www.precisionweb.net
>>
>>
>>
>> _______________________________________________
>> Blueonyx mailing list
>> Blueonyx at blueonyx.it
>> http://www.blueonyx.it/mailman/listinfo/blueonyx
>>
>
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at blueonyx.it
> http://www.blueonyx.it/mailman/listinfo/blueonyx

More information about the Blueonyx mailing list