[BlueOnyx:19688] e-mail flooding

"Meaulnes Legler"@MailList bluelist at waveweb.ch
Fri Jun 10 08:33:45 -05 2016 

dear list

I have a user that receives since yesterday a massive mailing (about 5 e-mails per minute) from different senders but very similar contents (redheaded seeking contact:-). His quota got quickly busted and me as admin get the message following further down.

In the GUI, I suspended the user hoping the surge would ebb away... No way, the mailing keeps on going at high rate. I cannot enable the users account yet.

Since the senders differ, I cannot use the apf firewall, or can I? I think I could use SpamAssasin to filter out those mails, but I don't know how to configure it.

Any ideas?

Thank you for your help and best regards

Meaulnes Legler
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
~  www.WaveWeb.ch  ~
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
~ Zurich, Switzerland ~
~ tel: +41 44 2601660 ~



---------------------------------------------------------------------

The original message was received at Fri, 10 Jun 2016 14:45:17 +0200
from localhost
with id u5A7k9dH011088

    ----- The following addresses had permanent fatal errors -----
<janis at legler.org>
     (reason: Can't create output)

    ----- Transcript of session follows -----
procmail: Lock failure on "/home/.sites/112/site7/.users/96/janis/mbox.lock"
procmail: Error while writing to "/home/.sites/112/site7/.users/96/janis/mbox"
550 5.0.0 <janis at legler.org>... Can't create output

Reporting-MTA: dns; vs.legler.net
Arrival-Date: Fri, 10 Jun 2016 14:45:17 +0200

Final-Recipient: RFC822; janis at legler.org
X-Actual-Recipient: RFC822; janis at vs.legler.net
Action: failed
Status: 5.3.0
Diagnostic-Code: X-Unix; 73
Last-Attempt-Date: Fri, 10 Jun 2016 14:45:19 +0200

---------------------------------------------------------------------

ForwardedMessage.eml

Return-Path: <MAILER-DAEMON>
Received: from localhost (localhost)
     by vs.legler.net (8.14.4/8.14.4) id u5A7k9dH011088;
     Fri, 10 Jun 2016 14:45:17 +0200
Date: Fri, 10 Jun 2016 14:45:17 +0200
From: Mail Delivery Subsystem <MAILER-DAEMON>
Message-Id: <201606101245.u5A7k9dH011088 at vs.legler.net>
To: <janis at legler.org>
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
     boundary="u5A7k9dH011088.1465562717/vs.legler.net"
Subject: Returned mail: see transcript for details
Auto-Submitted: auto-generated (failure)

This is a MIME-encapsulated message

--u5A7k9dH011088.1465562717/vs.legler.net

The original message was received at Thu, 9 Jun 2016 06:03:34 +0200
from 138-185-239-223.dynamic.solucoespower.com.br [138.185.239.223] (may be forged)

    ----- The following addresses had permanent fatal errors -----
<loqmantolba at yahoo.ca>
<larryross01 at yahoo.com>
<antoniogleason at yahoo.com>

    ----- Transcript of session follows -----
<bjean3309 at aol.com>... Deferred
... while talking to mta5.am0.yahoodns.net.:
 >>> MAIL From:<janis at legler.org> SIZE=1052
<<< 421 4.7.0 [TS01] Messages from 94.103.99.73 temporarily deferred due to user complaints - 4.16.55.1; see https://help.yahoo.com/kb/postmaster/SLN3434.html
554 5.0.0 Service unavailable
Warning: message still undelivered after 4 hours
Will keep trying until message is 5 days old

--u5A7k9dH011088.1465562717/vs.legler.net
Content-Type: message/delivery-status

Reporting-MTA: dns; vs.legler.net
Arrival-Date: Thu, 9 Jun 2016 06:03:34 +0200

Final-Recipient: RFC822; loqmantolba at yahoo.ca
Action: failed
Status: 5.5.0
Last-Attempt-Date: Fri, 10 Jun 2016 14:45:17 +0200

Final-Recipient: RFC822; larryross01 at yahoo.com
Action: failed
Status: 5.5.0
Last-Attempt-Date: Fri, 10 Jun 2016 14:45:17 +0200

Final-Recipient: RFC822; antoniogleason at yahoo.com
Action: failed
Status: 5.5.0
Last-Attempt-Date: Fri, 10 Jun 2016 14:45:17 +0200

--u5A7k9dH011088.1465562717/vs.legler.net
Content-Type: message/rfc822

Return-Path: <janis at legler.org>
Received: from [127.0.0.1] (138-185-239-223.dynamic.solucoespower.com.br [138.185.239.223] (may be forged))
     (authenticated bits=0)
     by vs.legler.net (8.14.4/8.14.4) with ESMTP id u593twcR021135;
     Thu, 9 Jun 2016 06:03:34 +0200
Message-ID: <5758F8A5.DAFFDFE6 at legler.org>
Date: Thu, 9 Jun 2016 05:03:37 +0100
From: "Kate Simpson" <janis at legler.org>
Subject: hey there!
To: antoniogleason at yahoo.com, bjean3309 at aol.com, dominguez4 at hotmail.com,
         zareimz at gmail.com, larryross01 at yahoo.com, loqmantolba at yahoo.ca
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=UTF-8
X-Virus-Scanned: clamav-milter 0.98.4 at vs.legler.net
X-Virus-Status: Clean
X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED,AWL autolearn=ham
     version=3.3.2
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on vs.legler.net

Howdy, do u remember me? LOL 2 of days ago we had a good time 2gether.=
  I want to meet you again. message me @ 909-551-four zero zero nine 2 =
get my sexy pixx where I am nude. C Ya! XOXO

--u5A7k9dH011088.1465562717/vs.legler.net--

---------------------------------------------------------------------


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20160610/55676dc7/attachment.html>

More information about the Blueonyx mailing list