Something is trying to send 221877 mails from my server !

[Spacedust]

All mails seems to be sent directly not from PHP scripts.

Probably customer zombie PC ! I have sendmail limits installed.

[Spacedust]

Attack again !

 --------------
MESSAGE NUMBER 420599
 --------------
Received: (qmail 18205 invoked from network); 27 Mar 2014 17:42:24 -0000
Received: by simscan 1.4.0 ppid: 16902, pid: 18160, t: 1.0863s
         scanners: attach: 1.4.0 clamav: 0.98.1/m:55/d:18706
Received: from unknown (HELO onlinexxx.pl) (kontakt@onlinexxx.pl@212.74.45.141)
  by onlinexxx.pl with ESMTPA; 27 Mar 2014 17:42:23 -0000
Date: Thu, 27 Mar 2014 21:42:05 +0400
From: "=?utf-8?Q?Israel_Blasingame?=" <kontakt@onlinexxx.pl>
Organization: oznnylvzd
X-Priority: 3 (Normal)
Message-ID: <602977093.20140327214205@onlinexxx.pl>
To: chuckeze@yahoo.com
Subject: =?utf-8?Q?=D1=B4=E1=BC=BB=C3=A4=C7=B5=C5=95=C3=A4?=
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit

http://invasionpubcrawl.com/sjui/view2.php?u=8576226

[Spacedust]

Changed Kloxo and e-mail password and spammers seems to be blocked:

Mar 27 19:18:43 onlinexxx vpopmail[4261]: vchkpw-smtp: password fail (pass: 'Dariusz1964') kontakt@onlinexxx.pl:194.28.70.84

We limit mail sending from php scripts why not limit authenitcated users too to prevent such situations

Now I have 3 attempts to login per second from different IP addresses ! That was a huge SPAM bomb !

[Kloxo-DR]

Hi Spacedust,

Did you read on my description of problems:

http://forum.mratwork.com/kloxo-mr-releases-and-announcements/(update)-please-update-qmail-toaster-and-courier-imap-toaster/

[fossxplorer]

@Spacedust any updates on this issue?

[Kloxo-DR]

Hi Mella,

Spacedust already replied in the other thread that his issue was not related to the one I have reported.

But I have an update:

I contacted Chris to discuss the problem. He claimed that the function "Recipient reject" worked on his server and told me to try. When I did, it did not work. This game was repeated, when he tried, it worked and when I tried it did not.

After all, Chris has written to SamC to identify why spamdye-qrv was breaking and giving a false positive for an invalid email.

In the meantime, I request to Chris to send me his tcp.smtp + run files to reconstruct an exactly the same environment. Those emails were rejected and his email address did not function.

Qmailtoaster does not work properly with spamdyke-qrv.  You cannot use bounce function because Kloxo-MR may be converted to a spam bombing server. You could only use delete for catch-all account. Then all incoming emails shall get deleted. This works now. But there is something not working with rsyslog and I have not had the time to work on it.

Unless Chris sends me his run + tcp.smtp files, I cannot continue testing, as I believe he has changed something somewhere that works a bit more than on my server.