#1  
Old 28th July 2010, 01:50
azteca2137 azteca2137 is offline
Member
 
Join Date: Jun 2007
Posts: 36
Thanks: 7
Thanked 0 Times in 0 Posts
Default Spam Attack slowing postfix

Some spammer is trying to send mails thru my mail server, according to the logs the mails are not going thru, but my outgoing valid emails are taking too many time to go (for example: I have been trying to send an email of 600kb and it can't get out since an hour)

is there something I could do so my valid emails go faster? or I'm stuck until the attack finish?

Thanks in advance
Reply With Quote
Sponsored Links
  #2  
Old 28th July 2010, 04:58
fishtenors fishtenors is offline
Junior Member
 
Join Date: May 2007
Posts: 4
Thanks: 0
Thanked 2 Times in 2 Posts
Default

I had a similar issue where one of my user's password had been compromised, and some spammer was using the account to blast messages through my server. See what's in the queue with:

#postqueue -p

There is a great Perl script called pfdel that I used to clear out the queue:

http://www.ustrem.org/en/articles/po...eue-delete-en/

Save that script somewhere, and then add execute permissions:

#chmod +x /some/path/pfdel

Execution of the script is really simple. Usage: pfdel <email_address>:

#/some/path/pfdel email@spammer.org

If you are running Postfix with SASL, run:

#cat /var/log/mail.log | grep sasl

to see if you have any user that is authenticating at a higher rate than normal. That is how I was able to identify the hijacked account. Hope that helps!
Reply With Quote
The Following User Says Thank You to fishtenors For This Useful Post:
azteca2137 (29th July 2010)
  #3  
Old 28th July 2010, 18:43
azteca2137 azteca2137 is offline
Member
 
Join Date: Jun 2007
Posts: 36
Thanks: 7
Thanked 0 Times in 0 Posts
Default

Thank you for your reply, however that is not the case, the spam is not going thru my server, my server is blocking all of it and the queue is empty, but the server is just realy slow for send valid emails.

Any idea, I'm running Fedora 7, ISPConfig 2.2.32
Reply With Quote
  #4  
Old 28th July 2010, 20:26
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 34,647
Thanks: 794
Thanked 5,002 Times in 3,911 Posts
Default

Is the spam coming just from a few IP's? Then block the IP's with the route command:

http://www.faqforge.com/linux/how-to...ress-on-linux/
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
The Following User Says Thank You to till For This Useful Post:
azteca2137 (29th July 2010)
  #5  
Old 29th July 2010, 06:07
azteca2137 azteca2137 is offline
Member
 
Join Date: Jun 2007
Posts: 36
Thanks: 7
Thanked 0 Times in 0 Posts
 
Default

Thanks for your reply Till, but there are too many IP's, however it seems that the spam stopped about half hour ago and the server is running normally again (let's hope that stay that way)

I am interested in the route command for blocking IP's, is blocked before making the request to the postfix?

Thanks again for your help Till and fishtenors
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ERROR: Connection dropped by IMAP server. [Centos 5.4, courier imap,squirrel, etc] darevil HOWTO-Related Questions 7 9th June 2010 14:49
localhost postfix/master: fatal: bind 127.0.0.1 port 125: Permission denied g18c Installation/Configuration 4 24th March 2009 17:39
Ubuntu 8.04 Spamsnake - all SA scores 0.00 Thomas_Powers HOWTO-Related Questions 23 24th June 2008 17:37
Centos 4.4 32bit Hangs, High Server load 3cwired_com Server Operation 11 16th November 2006 15:47
Verify email setup meekish Installation/Configuration 28 27th October 2006 15:36


All times are GMT +2. The time now is 21:37.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.