Sponsor:

Server and Web Integrator
Link:
Kloxo-MR logo
6.5.0 or 7.0.0
Click for "How to install"
Donation/Sponsorship:
Kloxo-MR is open-source.
Donate and or Sponsorship always welcome.
Click to:
Click Here
Please login or register. 2024-03-29, 14:37:30

Author Topic: Server is getting spammed  (Read 7989 times)

0 Members and 1 Guest are viewing this topic.

Offline rsakhale

  • Valuable Member
  • *
  • Posts: 103
  • Karma: +1/-0
  • Gender: Male
  • Rohan Sakhale
    • View Profile
    • Rohan Rajan Sangita Sakhale
Server is getting spammed
« on: 2017-09-01, 07:18:21 »
Team,

Someone is using our SMTP for sending spam mails, and the failures are coming back to us.

Requesting you to please guide on security measures we need to take on securing the mail server.

Offline MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,807
  • Karma: +119/-11
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: Server is getting spammed
« Reply #1 on: 2017-09-01, 11:42:53 »
You need investigate your website one-by-one for where websites hacked. You can see maldect, maillog and clamd log in 'log manager' to know about send mail issue.

Till you clean up your website, you can add '/home/<user>' for certain users in 'sendmail bans'. With this trick, send from website for certain users will be banned (aka no permit to send mail).
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline rsakhale

  • Valuable Member
  • *
  • Posts: 103
  • Karma: +1/-0
  • Gender: Male
  • Rohan Sakhale
    • View Profile
    • Rohan Rajan Sangita Sakhale
Re: Server is getting spammed
« Reply #2 on: 2017-09-04, 07:36:07 »
Mail log
Code: [Select]
t.db:_unexpected_file_type_or_format/write:_0x2072920,_4096:_Bad_file_descriptor/Can't_open_file_'wordlist.db'_in_directory_'/var/bogofilter/'./error_#9_-_Bad_file_descriptor./did_0+0+1/
Sep  3 09:33:33 {USERNAME} send: status: local 8/10 remote 57/60
Sep  3 09:33:33 {USERNAME} send: delivery 34239: success: /var/bogofilter//wordlist.db:_unexpected_file_type_or_format/write:_0x21fa920,_4096:_Bad_file_descriptor/Can't_open_file_'wordlist.db'_in_directory_'/var/bogofilter/'./error_#9_-_Bad_file_descriptor./did_0+0+1/
Sep  3 09:33:33 {USERNAME} send: status: local 7/10 remote 57/60
Sep  3 09:33:33 {USERNAME} send: delivery 34243: success: /var/bogofilter//wordlist.db:_unexpected_file_type_or_format/write:_0x913920,_4096:_Bad_file_descriptor/Can't_open_file_'wordlist.db'_in_directory_'/var/bogofilter/'./error_#9_-_Bad_file_descriptor./did_0+0+1/
Sep  3 09:33:33 {USERNAME} send: status: local 6/10 remote 57/60
Sep  3 09:33:33 {USERNAME} send: delivery 34148: failure: User_and_password_not_set,_continuing_without_authentication./74.125.30.26_does_not_like_recipient./Remote_host_said:_550-5.2.1_The_user_you_are_trying_to_contact_is_receiving_mail_at_a_rate_that/550-5.2.1_prevents_additional_messages_from_being_delivered._For_more/550-5.2.1_information,_please_visit/550_5.2.1__https://support.google.com/mail/?p=ReceivingRatePerm_b186si2813252oif.408_-_gsmtp/Giving_up_on_74.125.30.26./
Sep  3 09:33:33 {USERNAME} send: status: local 6/10 remote 56/60
Sep  3 09:33:33 {USERNAME} send: starting delivery 34254: msg 3366047 to remote hiren@{USERNAME}.com.test-google-a.com
Sep  3 09:33:33 {USERNAME} send: status: local 6/10 remote 57/60
Sep  3 09:33:33 {USERNAME} clamd: ERROR: Can't initialize the internal logger
Sep  3 09:33:33 {USERNAME} send: bounce msg 3365485 qp 30437
Sep  3 09:33:33 {USERNAME} send: end msg 3365485
Sep  3 09:33:33 {USERNAME} send: delivery 34244: success: /var/bogofilter//wordlist.db:_unexpected_file_type_or_format/write:_0xbe5920,_4096:_Bad_file_descriptor/Can't_open_file_'wordlist.db'_in_directory_'/var/bogofilter/'./error_#9_-_Bad_file_descriptor./did_0+0+1/

Clamd log was clean only database status check was seen

If Spamdyke is enabled, this isn't the step that should have blocked spamming?

I am trying to Enable Default DNS RBL Servers, but the checkbox always stays unticked.
Screenshot as below.


Could you please suggest steps to protect servers from spamming

Offline rsakhale

  • Valuable Member
  • *
  • Posts: 103
  • Karma: +1/-0
  • Gender: Male
  • Rohan Sakhale
    • View Profile
    • Rohan Rajan Sangita Sakhale
Re: Server is getting spammed
« Reply #3 on: 2017-09-07, 07:33:58 »
Is there any way I can configure SMTP to stop mailing for anonymous mails? Any good configuration I can do for stopping spammer from using our mail route?

Offline MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,807
  • Karma: +119/-11
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: Server is getting spammed
« Reply #4 on: 2017-09-07, 08:06:53 »
Try 'sendmail to bans' for certain client.
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline rsakhale

  • Valuable Member
  • *
  • Posts: 103
  • Karma: +1/-0
  • Gender: Male
  • Rohan Sakhale
    • View Profile
    • Rohan Rajan Sangita Sakhale
Re: Server is getting spammed
« Reply #5 on: 2017-09-07, 08:16:31 »
Doing that won't ban the entire mailing for that particular client?

Offline MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,807
  • Karma: +119/-11
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: Server is getting spammed
« Reply #6 on: 2017-09-07, 08:59:05 »
Only ban if client use sendmail (not smtp) where usually send from website.
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline rsakhale

  • Valuable Member
  • *
  • Posts: 103
  • Karma: +1/-0
  • Gender: Male
  • Rohan Sakhale
    • View Profile
    • Rohan Rajan Sangita Sakhale
Re: Server is getting spammed
« Reply #7 on: 2017-09-07, 12:02:50 »
Ok this is now added

But is there a way we can block SMTP sending without login credentials?

Offline MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,807
  • Karma: +119/-11
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: Server is getting spammed
« Reply #8 on: 2017-09-07, 12:24:38 »
Ok this is now added

But is there a way we can block SMTP sending without login credentials?
Look at 'mail log' in 'log manager'.
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline rsakhale

  • Valuable Member
  • *
  • Posts: 103
  • Karma: +1/-0
  • Gender: Male
  • Rohan Sakhale
    • View Profile
    • Rohan Rajan Sangita Sakhale
Re: Server is getting spammed
« Reply #9 on: 2017-09-09, 04:44:21 »
Spamming started again even after having sendmail ban to that user

Code: [Select]
0?????????^?????&?????.l?????\????#??U?[???f??m?
Sep  9 02:05:33 MYDOMAIN send: delivery 77969: deferral: Connected_to_98.138.112.35_but_sender_was_rejected./Remote_host_said:_421_4.7.0_[TSS04]_Messages_from_104.237.4.24_temporarily_deferred_due_to_user_complaints_-_4.16.55.1;_see_https://help.yahoo.com/kb/postmaster/SLN3434.html/
Sep  9 02:05:33 MYDOMAIN send: status: local 0/10 remote 8/60
Sep  9 02:05:34 MYDOMAIN submission: 10374 < ???? ?5K?F???
Sep  9 02:05:34 MYDOMAIN submission: 10374 < ?&|?r????@Te??zl?[?MW??????@>??o??U?c??????????]??{7Dy???K??e???1T??????-???Y??1?.?k??]?????+
Sep  9 02:05:34 MYDOMAIN submission: CHKUSER accepted sender: from <MYUSERNAME@MYDOMAIN.com:MYUSERNAME@MYDOMAIN.com:> remote <[127.0.0.1]:unknown:59.126.0.142> rcpt <> : sender accepted
Sep  9 02:05:34 MYDOMAIN submission: 10374 > ???? ??X?k?????0?4nd?s??:"?"?Nx?dq??????? P??>T??\?L!9?u?????????-??k??teE+
Sep  9 02:05:34 MYDOMAIN submission: 19180 < ???? ?^/MH,?(?&?F?????r?w&????b-??? ????? >???o????SW?J--????w????????3???+
Sep  9 02:05:34 MYDOMAIN submission: 19180 > ???? D8???#?>?)???????%??'?????%?H???????0??I^?9???i???7P???R#-???!]?tG??H?s%??'?????|????+
Sep  9 02:05:34 MYDOMAIN authlib: INFO: stopping authdaemond children
Sep  9 02:05:35 MYDOMAIN spamdyke[19180]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: liz.dockery@ihg.com origin_ip: 88.100.19.45 origin_rdns: 45.19.broadband5.iol.cz auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504902935_qp_23394
Sep  9 02:05:36 MYDOMAIN spamdyke[10374]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: shyamsingh16@rediffmail.com origin_ip: 59.126.0.142 origin_rdns: 59-126-0-142.hinet-ip.hinet.net auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504902936_qp_23416
Sep  9 02:05:39 MYDOMAIN spamdyke[10374]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: garbuja_298@yahoo.com origin_ip: 59.126.0.142 origin_rdns: 59-126-0-142.hinet-ip.hinet.net auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504902939_qp_23419
Sep  9 02:05:40 MYDOMAIN spamdyke[19180]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: tressa@pld.com origin_ip: 88.100.19.45 origin_rdns: 45.19.broadband5.iol.cz auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504902940_qp_23420
Sep  9 02:05:41 MYDOMAIN spamdyke[10374]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: mgasin@hotmail.com origin_ip: 59.126.0.142 origin_rdns: 59-126-0-142.hinet-ip.hinet.net auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504902941_qp_23426
Sep  9 02:05:44 MYDOMAIN spamdyke[10374]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: dantehall@mbo.net origin_ip: 59.126.0.142 origin_rdns: 59-126-0-142.hinet-ip.hinet.net auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504902944_qp_23428
Sep  9 02:05:47 MYDOMAIN spamdyke[10374]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: library@msn.com origin_ip: 59.126.0.142 origin_rdns: 59-126-0-142.hinet-ip.hinet.net auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504902947_qp_23430
Sep  9 02:05:47 MYDOMAIN spamdyke[19180]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: theresasmith377@gmail.com origin_ip: 88.100.19.45 origin_rdns: 45.19.broadband5.iol.cz auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504902947_qp_23431
Sep  9 02:05:50 MYDOMAIN spamdyke[10374]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: johnson.ebony8883@gmail.com origin_ip: 59.126.0.142 origin_rdns: 59-126-0-142.hinet-ip.hinet.net auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504902950_qp_23490
Sep  9 02:05:53 MYDOMAIN spamdyke[10374]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: bigflirt90210@aol.com origin_ip: 59.126.0.142 origin_rdns: 59-126-0-142.hinet-ip.hinet.net auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504902953_qp_23491
Sep  9 02:05:55 MYDOMAIN spamdyke[19180]: DENIED_OTHER from: MYUSERNAME@MYDOMAIN.com to: adiactinicn@overbakedl.megabulkmessage235.com origin_ip: 88.100.19.45 origin_rdns: 45.19.broadband5.iol.cz auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 550_5.1.2_sorry,_can't_find_a_valid_MX_for_rcpt_domain_(chkuser)
Sep  9 02:05:56 MYDOMAIN spamdyke[10374]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: rachid.el-azizi@socgen.com origin_ip: 59.126.0.142 origin_rdns: 59-126-0-142.hinet-ip.hinet.net auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504902956_qp_23492
Sep  9 02:06:00 MYDOMAIN spamdyke[10374]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: lynumn_17@yahoo.com origin_ip: 59.126.0.142 origin_rdns: 59-126-0-142.hinet-ip.hinet.net auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504902960_qp_23528
Sep  9 02:06:04 MYDOMAIN spamdyke[10374]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: compras@grupomaggi.com.br origin_ip: 59.126.0.142 origin_rdns: 59-126-0-142.hinet-ip.hinet.net auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504902964_qp_23531
Sep  9 02:06:04 MYDOMAIN spamdyke[19180]: DENIED_OTHER from: MYUSERNAME@MYDOMAIN.com to: adiactinicn@overbakedl.megabulkmessage235.com origin_ip: 88.100.19.45 origin_rdns: 45.19.broadband5.iol.cz auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 550_5.1.2_sorry,_can't_find_a_valid_MX_for_rcpt_domain_(chkuser)
Sep  9 02:06:07 MYDOMAIN spamdyke[10374]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: 4046458183@mymetropcs.com origin_ip: 59.126.0.142 origin_rdns: 59-126-0-142.hinet-ip.hinet.net auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504902967_qp_23532
Sep  9 02:06:08 MYDOMAIN spamdyke[19180]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: 168170548@qq.com origin_ip: 88.100.19.45 origin_rdns: 45.19.broadband5.iol.cz auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504902968_qp_23533
Sep  9 02:06:10 MYDOMAIN spamdyke[10374]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: emmybim@cis.net origin_ip: 59.126.0.142 origin_rdns: 59-126-0-142.hinet-ip.hinet.net auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504902970_qp_23556
Sep  9 02:06:11 MYDOMAIN spamdyke[19180]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: gilchukdesignanddraftingl@email.ydmailer.com origin_ip: 88.100.19.45 origin_rdns: 45.19.broadband5.iol.cz auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504902971_qp_23565
Sep  9 02:06:13 MYDOMAIN spamdyke[10374]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: aikey.lucinda1953@yahoo.com origin_ip: 59.126.0.142 origin_rdns: 59-126-0-142.hinet-ip.hinet.net auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504902973_qp_23566
Sep  9 02:06:13 MYDOMAIN spamdyke[19180]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: cjaj8173@aol.com origin_ip: 88.100.19.45 origin_rdns: 45.19.broadband5.iol.cz auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504902973_qp_23567
Sep  9 02:06:16 MYDOMAIN spamdyke[10374]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: silvio.trevilato@uol.com.br origin_ip: 59.126.0.142 origin_rdns: 59-126-0-142.hinet-ip.hinet.net auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504902976_qp_23597
Sep  9 02:06:16 MYDOMAIN spamdyke[19180]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: monitoramento@grupojorima.com.br origin_ip: 88.100.19.45 origin_rdns: 45.19.broadband5.iol.cz auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504902976_qp_23598
Sep  9 02:06:19 MYDOMAIN spamdyke[19180]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: scbwayne@telkomsa.net origin_ip: 88.100.19.45 origin_rdns: 45.19.broadband5.iol.cz auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504902979_qp_23599
Sep  9 02:06:19 MYDOMAIN spamdyke[10374]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: jharish@hotmail.com origin_ip: 59.126.0.142 origin_rdns: 59-126-0-142.hinet-ip.hinet.net auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504902979_qp_23600
Sep  9 02:06:21 MYDOMAIN spamdyke[19180]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: vaidyanilay@yahoo.com origin_ip: 88.100.19.45 origin_rdns: 45.19.broadband5.iol.cz auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504902981_qp_23601
Sep  9 02:06:21 MYDOMAIN spamdyke[10374]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: vammartins@hotmail.com origin_ip: 59.126.0.142 origin_rdns: 59-126-0-142.hinet-ip.hinet.net auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504902981_qp_23602
Sep  9 02:06:24 MYDOMAIN spamdyke[10374]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: machomeschool-index@mail.maclaunch.com origin_ip: 59.126.0.142 origin_rdns: 59-126-0-142.hinet-ip.hinet.net auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504902984_qp_23603
Sep  9 02:06:25 MYDOMAIN spamdyke[19180]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: day_bigcats@hotmail.com.com origin_ip: 88.100.19.45 origin_rdns: 45.19.broadband5.iol.cz auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504902985_qp_23604
Sep  9 02:06:29 MYDOMAIN spamdyke[10374]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: infor@edwardart.lt origin_ip: 59.126.0.142 origin_rdns: 59-126-0-142.hinet-ip.hinet.net auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504902989_qp_23605
Sep  9 02:06:29 MYDOMAIN spamdyke[19180]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: elouk@aol.com origin_ip: 88.100.19.45 origin_rdns: 45.19.broadband5.iol.cz auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504902989_qp_23606
Sep  9 02:06:32 MYDOMAIN spamdyke[10374]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: petermeouchy@hotmail.com origin_ip: 59.126.0.142 origin_rdns: 59-126-0-142.hinet-ip.hinet.net auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504902992_qp_23607
Sep  9 02:06:32 MYDOMAIN spamdyke[19180]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: luvhws@icsi.net origin_ip: 88.100.19.45 origin_rdns: 45.19.broadband5.iol.cz auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504902992_qp_23608
Sep  9 02:06:34 MYDOMAIN spamdyke[19180]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: galin221@hotmail.com origin_ip: 88.100.19.45 origin_rdns: 45.19.broadband5.iol.cz auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504902994_qp_23610
Sep  9 02:06:35 MYDOMAIN spamdyke[10374]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: pierre.sarzaud@defense.gouv.fr origin_ip: 59.126.0.142 origin_rdns: 59-126-0-142.hinet-ip.hinet.net auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504902995_qp_23609
Sep  9 02:06:38 MYDOMAIN spamdyke[10374]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: gcalcador@aol.com origin_ip: 59.126.0.142 origin_rdns: 59-126-0-142.hinet-ip.hinet.net auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504902998_qp_23611
Sep  9 02:06:38 MYDOMAIN spamdyke[19180]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: emma_2626@hotmail.com origin_ip: 88.100.19.45 origin_rdns: 45.19.broadband5.iol.cz auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504902998_qp_23612
Sep  9 02:06:40 MYDOMAIN spamdyke[10374]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: fkn-famous@live.nl origin_ip: 59.126.0.142 origin_rdns: 59-126-0-142.hinet-ip.hinet.net auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504903000_qp_23613
Sep  9 02:06:41 MYDOMAIN spamdyke[19180]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: david.lecorps@bmo.ca origin_ip: 88.100.19.45 origin_rdns: 45.19.broadband5.iol.cz auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504903001_qp_23614
Sep  9 02:06:43 MYDOMAIN spamdyke[10374]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: bankerslife55@gmail.com origin_ip: 59.126.0.142 origin_rdns: 59-126-0-142.hinet-ip.hinet.net auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504903003_qp_23615
Sep  9 02:06:45 MYDOMAIN spamdyke[19180]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: m_quadra@comcast.net origin_ip: 88.100.19.45 origin_rdns: 45.19.broadband5.iol.cz auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504903005_qp_23616
Sep  9 02:06:46 MYDOMAIN spamdyke[10374]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: verwaltung@meyer-transformatoren.de origin_ip: 59.126.0.142 origin_rdns: 59-126-0-142.hinet-ip.hinet.net auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504903006_qp_23617
Sep  9 02:06:49 MYDOMAIN spamdyke[10374]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: aminabinitsngebhaaapomj@outlook.com origin_ip: 59.126.0.142 origin_rdns: 59-126-0-142.hinet-ip.hinet.net auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504903009_qp_23618
Sep  9 02:06:51 MYDOMAIN spamdyke[19180]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: dcallender51@gmail.com origin_ip: 88.100.19.45 origin_rdns: 45.19.broadband5.iol.cz auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504903011_qp_23619
Sep  9 02:06:52 MYDOMAIN spamdyke[10374]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: palm@broadcom.com origin_ip: 59.126.0.142 origin_rdns: 59-126-0-142.hinet-ip.hinet.net auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504903012_qp_23620
Sep  9 02:06:55 MYDOMAIN spamdyke[19180]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: kirkbcrafty@gmail.com origin_ip: 88.100.19.45 origin_rdns: 45.19.broadband5.iol.cz auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504903015_qp_23621
Sep  9 02:06:55 MYDOMAIN spamdyke[10374]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: william.mitzeliotis@gmail.com origin_ip: 59.126.0.142 origin_rdns: 59-126-0-142.hinet-ip.hinet.net auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504903015_qp_23622
Sep  9 02:06:58 MYDOMAIN spamdyke[10374]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: ahmed921984@aol.com origin_ip: 59.126.0.142 origin_rdns: 59-126-0-142.hinet-ip.hinet.net auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504903018_qp_23623
Sep  9 02:06:59 MYDOMAIN spamdyke[19180]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: wfallied_claro@accbpo.com origin_ip: 88.100.19.45 origin_rdns: 45.19.broadband5.iol.cz auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504903019_qp_23624
Sep  9 02:07:00 MYDOMAIN spamdyke[10374]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: butch81866@gmail.com origin_ip: 59.126.0.142 origin_rdns: 59-126-0-142.hinet-ip.hinet.net auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504903020_qp_23625
Sep  9 02:07:01 MYDOMAIN spamdyke[19180]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: sharahollis@hotmail.com origin_ip: 88.100.19.45 origin_rdns: 45.19.broadband5.iol.cz auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504903021_qp_23626
Sep  9 02:07:03 MYDOMAIN spamdyke[10374]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: andres.rodriguez@whimex.com origin_ip: 59.126.0.142 origin_rdns: 59-126-0-142.hinet-ip.hinet.net auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504903023_qp_23627
Sep  9 02:07:05 MYDOMAIN spamdyke[19180]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: concretecow@gmail.com origin_ip: 88.100.19.45 origin_rdns: 45.19.broadband5.iol.cz auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504903025_qp_23628
Sep  9 02:07:07 MYDOMAIN spamdyke[10374]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: pr03@szhona.com origin_ip: 59.126.0.142 origin_rdns: 59-126-0-142.hinet-ip.hinet.net auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504903027_qp_23671
Sep  9 02:07:08 MYDOMAIN spamdyke[19180]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: mariel@catherinecortezmasto.com origin_ip: 88.100.19.45 origin_rdns: 45.19.broadband5.iol.cz auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504903028_qp_23672
Sep  9 02:07:10 MYDOMAIN spamdyke[10374]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: lilface010@gmail.com origin_ip: 59.126.0.142 origin_rdns: 59-126-0-142.hinet-ip.hinet.net auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504903030_qp_23673
Sep  9 02:07:14 MYDOMAIN spamdyke[10374]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: pavlenko@fresh-bread.ru origin_ip: 59.126.0.142 origin_rdns: 59-126-0-142.hinet-ip.hinet.net auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504903034_qp_23674
Sep  9 02:07:16 MYDOMAIN spamdyke[19180]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: visitorinfo@olmsteduu.org origin_ip: 88.100.19.45 origin_rdns: 45.19.broadband5.iol.cz auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504903036_qp_23675
Sep  9 02:07:17 MYDOMAIN spamdyke[10374]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: lorisams@yahoo.com origin_ip: 59.126.0.142 origin_rdns: 59-126-0-142.hinet-ip.hinet.net auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504903037_qp_23676
Sep  9 02:07:20 MYDOMAIN spamdyke[10374]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: adalson2@gmail.com origin_ip: 59.126.0.142 origin_rdns: 59-126-0-142.hinet-ip.hinet.net auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504903040_qp_23677
Sep  9 02:07:20 MYDOMAIN spamdyke[19180]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: mad.aim@web.de origin_ip: 88.100.19.45 origin_rdns: 45.19.broadband5.iol.cz auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504903040_qp_23678
Sep  9 02:07:23 MYDOMAIN spamdyke[10374]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: service@piclife.com origin_ip: 59.126.0.142 origin_rdns: 59-126-0-142.hinet-ip.hinet.net auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504903043_qp_23679
Sep  9 02:07:23 MYDOMAIN spamdyke[19180]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: m.goldlewski@clinique-verdaich.com origin_ip: 88.100.19.45 origin_rdns: 45.19.broadband5.iol.cz auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504903043_qp_23680
Sep  9 02:07:26 MYDOMAIN spamdyke[10374]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: derrickhustle26@webmail.co.za origin_ip: 59.126.0.142 origin_rdns: 59-126-0-142.hinet-ip.hinet.net auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504903046_qp_23681
Sep  9 02:07:26 MYDOMAIN spamdyke[19180]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: cjrtaylor@gmail.com origin_ip: 88.100.19.45 origin_rdns: 45.19.broadband5.iol.cz auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504903046_qp_23682
Sep  9 02:07:28 MYDOMAIN spamdyke[10374]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: gomzap@webmail.co.za origin_ip: 59.126.0.142 origin_rdns: 59-126-0-142.hinet-ip.hinet.net auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504903048_qp_23683
Sep  9 02:07:31 MYDOMAIN spamdyke[10374]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: lenny@perdanagroup.com origin_ip: 59.126.0.142 origin_rdns: 59-126-0-142.hinet-ip.hinet.net auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504903051_qp_23684
Sep  9 02:07:34 MYDOMAIN spamdyke[10374]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: lrathe@fundacionplenitud.org origin_ip: 59.126.0.142 origin_rdns: 59-126-0-142.hinet-ip.hinet.net auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504903054_qp_23714
Sep  9 02:07:37 MYDOMAIN spamdyke[10374]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: ramaqalkadi@yahoo.com origin_ip: 59.126.0.142 origin_rdns: 59-126-0-142.hinet-ip.hinet.net auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504903057_qp_23715
Sep  9 02:07:40 MYDOMAIN spamdyke[10374]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: tash2300@gmail.com origin_ip: 59.126.0.142 origin_rdns: 59-126-0-142.hinet-ip.hinet.net auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504903060_qp_23717
Sep  9 02:07:43 MYDOMAIN spamdyke[10374]: ALLOWED from: MYUSERNAME@MYDOMAIN.com to: dillen_68850@yahoo.com origin_ip: 59.126.0.142 origin_rdns: 59-126-0-142.hinet-ip.hinet.net auth: MYUSERNAME@MYDOMAIN.com encryption: TLS reason: 250_ok_1504903063_qp_23718

Offline MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,807
  • Karma: +119/-11
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: Server is getting spammed
« Reply #10 on: 2017-09-09, 04:54:36 »
'Sendmail to bans' only work for sendmail (send in 'mail log'). No impact for submission or smtp.

Inform here what's you set for 'sendmail to bans'.

For your issue, clean your applications (php file and or database) for hack code.

BTW, are using wordpress?.
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline rsakhale

  • Valuable Member
  • *
  • Posts: 103
  • Karma: +1/-0
  • Gender: Male
  • Rohan Sakhale
    • View Profile
    • Rohan Rajan Sangita Sakhale
Re: Server is getting spammed
« Reply #11 on: 2017-09-09, 05:50:46 »
Sendmail ban screenshot



Yes, we are using WordPress for our main site with the latest update, below are plugins we are using

  • Akismet Anti-Spam
  • Autoptimize
  • Contact Form 7
  • LayerSlider WP
  • ManageWP - Worker
  • Simple Custom CSS and JS
  • Simple Job Board
  • Slider Revolution
  • Unyson
  • WP Super Cache
  • Yoast SEO

Offline rsakhale

  • Valuable Member
  • *
  • Posts: 103
  • Karma: +1/-0
  • Gender: Male
  • Rohan Sakhale
    • View Profile
    • Rohan Rajan Sangita Sakhale
Re: Server is getting spammed
« Reply #12 on: 2017-09-10, 18:11:46 »
Can configuring rcpthosts file here help avoiding the current spam attack?

Can you please point me in right direction?

Offline MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,807
  • Karma: +119/-11
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: Server is getting spammed
« Reply #13 on: 2017-09-10, 21:21:06 »
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline rsakhale

  • Valuable Member
  • *
  • Posts: 103
  • Karma: +1/-0
  • Gender: Male
  • Rohan Sakhale
    • View Profile
    • Rohan Rajan Sangita Sakhale
Re: Server is getting spammed
« Reply #14 on: 2017-09-12, 04:48:42 »
Have added below lines to "/var/qmail/control/rcpthosts" file

Code: [Select]
127.:allow,RELAYCLIENT=""
192.168.1.:allow,RELAYCLIENT=""

Will this help make our server not an open relay client for others?

 


MRatWork Affiliates:    BIGRAF(R) Inc.    House of LMAR    EFARgrafix
Click Here

Page created in 0.032 seconds with 20 queries.

web stats analysis