#1  
Old 10th December 2010, 20:30
itsnedkeren itsnedkeren is offline
Senior Member
 
Join Date: May 2009
Location: Denmark
Posts: 128
Thanks: 32
Thanked 10 Times in 10 Posts
Default Odd Spam behaviour

Hi all,

I'm having some issues with odd spam mails.

I recieve a lot of "Undelivered Mail Returned to Sender" mail in my own inbox these days

They usually come with an attachment, which I presume is the original mail.

Are these just spammers spoofing my email address and sends spam, or are there anything misconfigured on my ISPConfig 3.0.3 server?

Following here is all the warnings I've been getting lately in "mail.warn" log:
Code:
Dec 9 22:50:05 node01 postfix/smtpd[32495]: warning: 187.40.22.233: address not listed for hostname 18740022233.user.veloxzone.com.br
Dec 9 23:03:50 node01 postfix/smtpd[20799]: warning: 94.25.162.233: address not listed for hostname wimax-client.yota.ru
Dec 9 23:11:24 node01 postfix/smtpd[1448]: warning: 189.41.241.248: address not listed for hostname 189-041-241-248.xdsl-dinamico.ctbcnetsuper.com.br
Dec 9 23:14:44 node01 postfix/smtpd[21127]: warning: 95.153.184.35: address not listed for hostname 95x153x184x35.kubangsm.ru
Dec 9 23:21:49 node01 postfix/smtpd[21127]: warning: 201.230.101.147: address not listed for hostname client-201.230.101.147.speedy.net.pe
Dec 9 23:22:01 node01 postfix/smtpd[21127]: warning: 187.34.215.213: address not listed for hostname 187-34-215-213.dsl.telesp.net.br
Dec 9 23:25:23 node01 postfix/smtpd[21127]: warning: 190.191.251.32: address not listed for hostname 32-251-191-190.cab.prima.net.ar
Dec 9 23:27:10 node01 postfix/smtpd[21127]: warning: 95.78.24.244: address not listed for hostname net24.78.95-244.chelny.ertelecom.ru
Dec 9 23:27:10 node01 postfix/smtpd[22192]: warning: 95.78.24.244: address not listed for hostname net24.78.95-244.chelny.ertelecom.ru
Dec 10 00:06:45 node01 postfix/smtpd[23914]: warning: 190.53.202.193: address not listed for hostname ip-190.53.202.193.cablemodem.amnethn.com
Dec 10 00:22:52 node01 postfix/smtpd[23914]: warning: 91.200.156.214: address not listed for hostname vpn-ip-214.ipsystems.com.ua
Dec 10 00:27:07 node01 postfix/smtpd[23914]: warning: 92.127.221.83: address not listed for hostname ws.92.127.221.83.nsk.sibirtelecom.ru
Dec 10 00:48:15 node01 postfix/smtpd[23914]: warning: 187.59.197.166: address not listed for hostname 187.59.197.166.static.host.gvt.net.br
Dec 10 00:55:29 node01 postfix/smtpd[23914]: warning: 187.117.127.89: address not listed for hostname ip-187-117-127-89.user.vivozap.com.br
Dec 10 00:56:55 node01 postfix/smtpd[27350]: warning: 82.166.15.77: address not listed for hostname 82-166-15-77.informatika.co.il
Dec 10 00:59:39 node01 postfix/smtpd[27350]: warning: 200.90.248.213: address not listed for hostname 200-90-248-213.baf.movistar.cl
Dec 10 01:06:09 node01 postfix/smtpd[27350]: warning: 189.63.52.11: address not listed for hostname bd3f340b.virtua.com.br
Dec 10 01:10:50 node01 postfix/smtpd[27350]: warning: 200.38.7.105: address not listed for hostname 200.38.7.105.ded.telnor.net
Dec 10 01:19:39 node01 postfix/smtpd[27350]: warning: 189.216.70.117: address not listed for hostname customer-189-216-70-117.cablevision.net.mx
Dec 10 01:38:35 node01 postfix/smtpd[27350]: warning: 190.143.45.128: address not listed for hostname cable-baq-co-128.45.143.190.dinanet.net.co
Dec 10 01:52:06 node01 postfix/smtpd[27350]: warning: 190.72.250.135: address not listed for hostname 190-72-250-135.dyn.dsl.cantv.net
Dec 10 01:56:48 node01 postfix/smtpd[27350]: warning: 113.162.230.59: address not listed for hostname dynamic.vdc.vn
Dec 10 02:06:14 node01 postfix/smtpd[30959]: warning: 58.68.99.94: address not listed for hostname abs-static-94.99.68.58.aircel.co.in
Dec 10 02:15:46 node01 postfix/smtpd[30959]: warning: 93.88.184.11: address not listed for hostname ipaddress.ustu.ru
Dec 10 02:25:33 node01 postfix/smtpd[30959]: warning: 190.24.179.149: address not listed for hostname adsl190-24179149.dyn.etb.net.co
Dec 10 02:30:10 node01 postfix/smtpd[30959]: warning: 201.230.101.147: address not listed for hostname client-201.230.101.147.speedy.net.pe
Dec 10 02:47:18 node01 postfix/smtpd[621]: warning: 113.162.54.110: address not listed for hostname localhost
Dec 10 03:26:52 node01 postfix/smtpd[601]: warning: 194.79.63.29: address not listed for hostname looker.alchevsk.net
Dec 10 03:32:19 node01 postfix/smtpd[601]: warning: 190.20.56.152: address not listed for hostname 190-20-56-152.baf.movistar.cl
Dec 10 03:32:42 node01 postfix/smtpd[601]: warning: 122.173.33.130: address not listed for hostname ABTS-North-Dynamic-130.33.173.122.airtelbroadband.in
Dec 10 03:58:38 node01 postfix/smtpd[3728]: warning: 187.59.197.166: address not listed for hostname 187.59.197.166.static.host.gvt.net.br
Dec 10 04:09:37 node01 postfix/smtpd[3728]: warning: 85.196.122.26: address not listed for hostname c85-196-122-26.sdsl.no
Dec 10 04:26:02 node01 postfix/smtpd[3728]: warning: 201.230.101.147: address not listed for hostname client-201.230.101.147.speedy.net.pe
Dec 10 06:20:28 node01 postfix/smtpd[26905]: warning: 119.226.22.50: address not listed for hostname segment-119-226.sify.net
Dec 10 06:58:30 node01 postfix/smtpd[26905]: warning: 109.202.1.38: address not listed for hostname host-109-202-1-38.avantel.ru
Dec 10 08:20:19 node01 postfix/smtpd[31291]: warning: 212.22.210.27: address not listed for hostname 212.22.210.27.freenet.com.ua
Dec 10 10:17:29 node01 postfix/smtpd[5662]: warning: 203.76.181.70: address not listed for hostname 70-Sonali-1.pacenet-india.com
Dec 10 10:28:47 node01 postfix/smtpd[5662]: warning: 86.57.244.233: address not listed for hostname 86.57.244.233.ripe.vitebsk.by
Dec 10 11:04:19 node01 postfix/smtpd[9784]: warning: 61.17.226.54: address not listed for hostname PPP-ekm-dsl-61.17.226.54.vsnl.net.in
Dec 10 13:08:08 node01 postfix/smtpd[13862]: warning: 14.96.189.140: address not listed for hostname Static-140.189.96.14.tataidc.co.in
Dec 10 13:08:14 node01 postfix/smtpd[13862]: warning: 113.166.160.101: address not listed for hostname localhost
Dec 10 13:08:56 node01 postfix/smtpd[17737]: warning: 195.2.233.234: address not listed for hostname nat-pool-tos.lentel.ru
Dec 10 13:10:12 node01 postfix/smtpd[17737]: warning: 213.132.255.182: address not listed for hostname ip182.nedjma.dz
Dec 10 13:10:55 node01 postfix/smtpd[17766]: warning: 113.163.94.114: address not listed for hostname dynamic.vdc.vn
Dec 10 13:11:08 node01 postfix/smtpd[17766]: warning: 95.65.98.140: address not listed for hostname 95-65-98-140.starnet.md
Dec 10 13:11:36 node01 postfix/smtpd[17766]: warning: 217.150.57.105: address not listed for hostname AMobile-gw.transtelecom.net
Dec 10 13:11:46 node01 postfix/smtpd[17737]: warning: 220.231.69.11: address not listed for hostname localhost
Dec 10 13:12:30 node01 postfix/smtpd[17766]: warning: 118.82.28.146: address not listed for hostname public-146.28.82.118.smkn3-palu.kailinetwork.net
Dec 10 13:12:45 node01 postfix/smtpd[17766]: warning: 195.2.233.234: address not listed for hostname nat-pool-tos.lentel.ru
Dec 10 13:12:48 node01 postfix/smtpd[17737]: warning: 193.203.103.179: address not listed for hostname host-193.203.103.179.tario.su
Dec 10 13:14:11 node01 postfix/smtpd[17766]: warning: 201.209.253.77: address not listed for hostname 201-209-253-77.genericrev.cantv.net
Dec 10 13:14:29 node01 postfix/smtpd[17737]: warning: 190.74.65.16: address not listed for hostname 190.74-65-16.dyn.dsl.cantv.net
Dec 10 13:15:22 node01 postfix/smtpd[17766]: warning: 119.226.46.126: address not listed for hostname segment-119-226.sify.net
Dec 10 13:15:48 node01 postfix/smtpd[17737]: warning: 109.87.203.106: address not listed for hostname 106.203.87.109.triolan.net
Dec 10 13:16:22 node01 postfix/smtpd[17766]: warning: 109.251.82.42: address not listed for hostname 109.251.82.42.freenet.com.ua
Dec 10 13:16:55 node01 postfix/smtpd[17737]: warning: 123.27.111.67: address not listed for hostname localhost
Dec 10 13:17:23 node01 postfix/smtpd[17766]: warning: 95.215.48.22: address not listed for hostname customer.optima-east.net
Dec 10 13:18:11 node01 postfix/smtpd[17737]: warning: 195.191.59.141: address not listed for hostname gw141-211.micro.net.ua
Dec 10 13:18:49 node01 postfix/smtpd[17737]: warning: 110.92.119.98: address not listed for hostname 98.119.92.110.static.qala.com.sg
Dec 10 13:19:15 node01 postfix/smtpd[17766]: warning: 80.83.238.92: address not listed for hostname 80.83.238.92.gprs.mrdv.mts.ru
Dec 10 13:36:31 node01 postfix/smtpd[18609]: warning: 122.179.38.95: address not listed for hostname ABTS-KK-Dynamic-095.38.179.122.airtelbroadband.in
Dec 10 15:10:37 node01 postfix/smtpd[22722]: warning: 194.187.151.109: address not listed for hostname ip-194-187-151-109.ava.net.ua
Dec 10 15:11:51 node01 postfix/smtpd[22722]: warning: 186.87.191.43: address not listed for hostname Dynamic-IP-1868719143.cable.net.co
Dec 10 15:12:14 node01 postfix/smtpd[22722]: warning: 186.104.90.81: address not listed for hostname 186-104-90-81.baf.movistar.cl
Dec 10 15:12:21 node01 postfix/smtpd[22722]: warning: 86.34.183.38: address not listed for hostname adsl86-34-183-38.romtelecom.net
Dec 10 15:12:26 node01 postfix/smtpd[22722]: warning: 212.80.34.232: address not listed for hostname 232-34-80-212.dhcp.homenet.adamant.net
Dec 10 15:13:09 node01 postfix/smtpd[22722]: warning: 122.164.116.193: address not listed for hostname ABTS-TN-dynamic-193.116.164.122.airtelbroadband.in
Dec 10 15:13:51 node01 postfix/smtpd[22722]: warning: 124.83.15.46: address not listed for hostname 124.83.15.46_static_pldt.net
Dec 10 15:14:02 node01 postfix/smtpd[22722]: warning: 115.78.133.88: address not listed for hostname adsl.viettel.vn
Dec 10 15:14:11 node01 postfix/smtpd[22722]: warning: 222.254.185.140: address not listed for hostname localhost
Dec 10 15:14:44 node01 postfix/smtpd[22722]: warning: numeric hostname: 190.208.90.149
Dec 10 15:16:42 node01 postfix/smtpd[22722]: warning: 80.78.101.237: address not listed for hostname ip2-237.serov.info
Dec 10 15:18:04 node01 postfix/smtpd[22722]: warning: 58.187.56.157: address not listed for hostname adsl-dynamic-pool-xxx.fpt.vn
Dec 10 15:18:54 node01 postfix/smtpd[24957]: warning: 186.10.47.95: address not listed for hostname 186-10-47-95.net.entelpcs.cl
Dec 10 15:19:24 node01 postfix/smtpd[22722]: warning: 89.110.237.42: address not listed for hostname kdsnbg237-42.ptt.rs
Dec 10 15:19:40 node01 postfix/smtpd[24957]: warning: 80.242.105.253: address not listed for hostname 253-105.plus.kerch.net
Dec 10 15:20:15 node01 postfix/smtpd[24957]: warning: 123.28.208.101: address not listed for hostname localhost
Dec 10 15:20:19 node01 postfix/smtpd[24957]: warning: 109.236.212.199: address not listed for hostname du-212-199.sv-en.ru
Dec 10 15:20:31 node01 postfix/smtpd[24957]: warning: 200.75.35.58: address not listed for hostname corporat200-075035058.sta.etb.net.co
Dec 10 15:20:59 node01 postfix/smtpd[24957]: warning: 94.153.244.66: address not listed for hostname 94-153-244-66-dn.ip.kyivstar.net
Dec 10 16:22:52 node01 postfix/smtpd[27523]: warning: 78.133.192.30: address not listed for hostname wanicki.pl
Dec 10 17:48:15 node01 postfix/smtpd[1613]: warning: 94.233.129.140: address not listed for hostname inside-ip-115.astranet.ru
Dec 10 18:44:38 node01 postfix/smtpd[6087]: warning: 46.146.176.8: address not listed for hostname net176-8.perm.ertelecom.ru
Dec 10 19:13:26 node01 postfix/smtpd[6087]: warning: 217.118.81.27: address not listed for hostname user-27.81.118.217.in-addr.arpa
Dec 10 19:25:11 node01 postfix/smtpd[6087]: warning: 94.25.144.243: address not listed for hostname wimax-client.yota.ru
Dec 10 20:12:53 node01 postfix/smtpd[10041]: warning: 113.190.164.56: address not listed for hostname localhost
Dec 10 20:14:01 node01 postfix/smtpd[10041]: warning: 186.85.67.163: address not listed for hostname Dynamic-IP-1868567163.cable.net.co
Dec 10 20:15:23 node01 postfix/smtpd[10041]: warning: 86.51.153.22: address not listed for hostname static-86-51-153-22.mobily.com.sa
Dec 10 20:16:00 node01 postfix/smtpd[10041]: warning: 190.176.0.141: address not listed for hostname 190-176-0-141.speedy.com.ar
Dec 10 20:16:13 node01 postfix/smtpd[10041]: warning: 89.34.74.228: address not listed for hostname client-ip-89-34-74-228.romexnet.ro
Dec 10 20:16:27 node01 postfix/smtpd[10041]: warning: 93.186.101.83: address not listed for hostname pool-93-186-101-83.lanta-net.ru
Dec 10 20:16:45 node01 postfix/smtpd[10041]: warning: 93.157.232.74: address not listed for hostname host-93-157-232-74.ip-home.net
Dec 10 20:17:17 node01 postfix/smtpd[11660]: warning: 201.210.32.181: address not listed for hostname 201-210-32-181.genericrev.cantv.net
Dec 10 20:17:51 node01 postfix/smtpd[10041]: warning: 190.198.85.201: address not listed for hostname 190-198-85-201.dyn.dsl.cantv.net
Dec 10 20:18:54 node01 postfix/smtpd[11660]: warning: 89.222.225.141: address not listed for hostname gate141.spnet.ru
Dec 10 20:20:18 node01 postfix/smtpd[11660]: warning: 190.205.210.7: address not listed for hostname 190-205-210-7.dyn.dsl.cantv.net
Dec 10 20:21:36 node01 postfix/smtpd[10041]: warning: 113.161.71.102: address not listed for hostname static.vdc.vn
Dec 10 20:22:41 node01 postfix/smtpd[10041]: warning: 201.223.179.179: address not listed for hostname 201-223-179-179.baf.movistar.cl
Dec 10 20:23:42 node01 postfix/smtpd[10041]: warning: 203.113.117.146: address not listed for hostname 203-113-117-146.totisp.net
Dec 10 20:24:49 node01 postfix/smtpd[11660]: warning: 190.178.76.249: address not listed for hostname 190-178-76-249.speedy.com.ar
I have setup fail2ban, to ban on 3 wrong SMTP auths, which seem to be working
Code:
2010-12-05 10:31:16,295 fail2ban.actions: WARNING [postfix] Ban 109.187.189.127
2010-12-05 10:41:16,303 fail2ban.actions: WARNING [postfix] Unban 109.187.189.127
2010-12-05 11:34:41,313 fail2ban.actions: WARNING [postfix] Ban 125.163.165.101
2010-12-05 11:44:41,315 fail2ban.actions: WARNING [postfix] Unban 125.163.165.101
2010-12-06 09:57:18,899 fail2ban.actions: WARNING [postfix] Ban 94.59.206.115
2010-12-06 10:07:19,899 fail2ban.actions: WARNING [postfix] Unban 94.59.206.115
2010-12-06 12:14:37,319 fail2ban.actions: WARNING [postfix] Ban 213.87.88.129
2010-12-06 12:24:37,327 fail2ban.actions: WARNING [postfix] Unban 213.87.88.129
2010-12-06 17:03:14,356 fail2ban.actions: WARNING [postfix] Ban 85.26.225.134
2010-12-06 17:13:14,375 fail2ban.actions: WARNING [postfix] Unban 85.26.225.134
2010-12-06 17:44:28,391 fail2ban.actions: WARNING [postfix] Ban 95.78.113.194
2010-12-06 17:54:28,392 fail2ban.actions: WARNING [postfix] Unban 95.78.113.194
2010-12-07 01:27:09,743 fail2ban.actions: WARNING [postfix] Ban 187.15.211.140
2010-12-07 01:37:10,743 fail2ban.actions: WARNING [postfix] Unban 187.15.211.140
2010-12-07 05:46:56,911 fail2ban.actions: WARNING [postfix] Ban 122.177.56.3
2010-12-07 05:56:57,911 fail2ban.actions: WARNING [postfix] Unban 122.177.56.3
2010-12-07 09:40:03,013 fail2ban.actions: WARNING [courierauth] Ban 46.4.11.252
2010-12-07 09:50:03,017 fail2ban.actions: WARNING [courierauth] Unban 46.4.11.252
2010-12-07 21:18:02,420 fail2ban.actions: WARNING [postfix] Ban 190.234.148.120
2010-12-07 21:28:02,435 fail2ban.actions: WARNING [postfix] Unban 190.234.148.120
2010-12-09 07:10:45,267 fail2ban.actions: WARNING [postfix] Ban 94.179.84.208
2010-12-09 07:20:46,267 fail2ban.actions: WARNING [postfix] Unban 94.179.84.208
I have attached 2 screenshots the mail, as well as the attachment.

Thanks for any assistance
Attached Images
  
__________________
Best regards

Jim
Reply With Quote
Sponsored Links
  #2  
Old 11th December 2010, 14:20
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
 
Default

Quote:
Originally Posted by itsnedkeren View Post
Are these just spammers spoofing my email address and sends spam
I think so. Maybe you can see in the email header where the mails originated from.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Spam Filter Policy don't seem to work bmclean Installation/Configuration 4 15th April 2010 23:54
Stops all spam regardless of settings? Nicke Installation/Configuration 11 10th February 2010 16:09
Spamfilter policy - question about spam actions prisfeo Installation/Configuration 4 2nd February 2010 16:17
accessing CGI-BIN / odd script behaviour jamesls Installation/Configuration 2 2nd August 2009 07:16
Ubuntu 8.04 Spamsnake - all SA scores 0.00 Thomas_Powers HOWTO-Related Questions 23 24th June 2008 17:37


All times are GMT +2. The time now is 14:16.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.