HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=4)
-   -   Spam Attack slowing postfix (http://www.howtoforge.com/forums/showthread.php?t=47598)

azteca2137 28th July 2010 01:50

Spam Attack slowing postfix
 
Some spammer is trying to send mails thru my mail server, according to the logs the mails are not going thru, but my outgoing valid emails are taking too many time to go (for example: I have been trying to send an email of 600kb and it can't get out since an hour) :mad:

is there something I could do so my valid emails go faster? or I'm stuck until the attack finish?

Thanks in advance

fishtenors 28th July 2010 04:58

I had a similar issue where one of my user's password had been compromised, and some spammer was using the account to blast messages through my server. See what's in the queue with:

#postqueue -p

There is a great Perl script called pfdel that I used to clear out the queue:

http://www.ustrem.org/en/articles/po...eue-delete-en/

Save that script somewhere, and then add execute permissions:

#chmod +x /some/path/pfdel

Execution of the script is really simple. Usage: pfdel <email_address>:

#/some/path/pfdel email@spammer.org

If you are running Postfix with SASL, run:

#cat /var/log/mail.log | grep sasl

to see if you have any user that is authenticating at a higher rate than normal. That is how I was able to identify the hijacked account. Hope that helps!

azteca2137 28th July 2010 18:43

Thank you for your reply, however that is not the case, the spam is not going thru my server, my server is blocking all of it and the queue is empty, but the server is just realy slow for send valid emails.

Any idea, I'm running Fedora 7, ISPConfig 2.2.32

till 28th July 2010 20:26

Is the spam coming just from a few IP's? Then block the IP's with the route command:

http://www.faqforge.com/linux/how-to...ress-on-linux/

azteca2137 29th July 2010 06:07

Thanks for your reply Till, but there are too many IP's, however it seems that the spam stopped about half hour ago and the server is running normally again (let's hope that stay that way)

I am interested in the route command for blocking IP's, is blocked before making the request to the postfix?

Thanks again for your help Till and fishtenors :D


All times are GMT +2. The time now is 14:25.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.