#1  
Old 20th May 2007, 09:34
fordwrench fordwrench is offline
Member
 
Join Date: Apr 2007
Posts: 58
Thanks: 6
Thanked 4 Times in 2 Posts
Default hacking mail?

I get a lot of these everyday:

May 20 02:04:51 srv1 postfix/smtpd[9411]: NOQUEUE: reject: RCPT from unknown[218.88.34.12]: 550 5.1.1 <beatificaiken@rrmaps.com>: Recipient address rejected: User unknown in local recipient table; from=<aandafordjbea@163data.com.cn> to=<beatificaiken@rrmaps.com> proto=SMTP helo=<163data.com.cn>
May 20 02:04:51 srv1 postfix/smtpd[9411]: NOQUEUE: reject: RCPT from unknown[218.88.34.12]: 550 5.1.1 <cain.appian@rrmaps.com>: Recipient address rejected: User unknown in local recipient table; from=<aandafordjbea@163data.com.cn> to=<cain.appian@rrmaps.com> proto=SMTP helo=<163data.com.cn>
May 20 02:04:52 srv1 postfix/smtpd[9411]: NOQUEUE: reject: RCPT from unknown[218.88.34.12]: 550 5.1.1 <braindainty@rrmaps.com>: Recipient address rejected: User unknown in local recipient table; from=<aandafordjbea@163data.com.cn> to=<braindainty@rrmaps.com> proto=SMTP helo=<163data.com.cn>
May 20 02:04:53 srv1 postfix/smtpd[9411]: NOQUEUE: reject: RCPT from unknown[218.88.34.12]: 550 5.1.1 <briefallot@rrmaps.com>: Recipient address rejected: User unknown in local recipient table; from=<aandafordjbea@163data.com.cn> to=<briefallot@rrmaps.com> proto=SMTP helo=<163data.com.cn>
May 20 02:04:54 srv1 postfix/smtpd[9411]: NOQUEUE: reject: RCPT from unknown[218.88.34.12]: 550 5.1.1 <barnhardbernardo@rrmaps.com>: Recipient address rejected: User unknown in local recipient table; from=<aandafordjbea@163data.com.cn> to=<barnhardbernardo@rrmaps.com> proto=SMTP helo=<163data.com.cn>
May 20 02:04:55 srv1 postfix/smtpd[9411]: NOQUEUE: reject: RCPT from unknown[218.88.34.12]: 550 5.1.1 <caution.awaken@rrmaps.com>: Recipient address rejected: User unknown in local recipient table; from=<aandafordjbea@163data.com.cn> to=<caution.awaken@rrmaps.com> proto=SMTP helo=<163data.com.cn>


how do I stop these people from trying to hack in?
How can I stop them by ip?
I have fail2ban installed but it does not catch this.

Fordwrench
Reply With Quote
Sponsored Links
  #2  
Old 20th May 2007, 11:32
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,787
Thanks: 821
Thanked 5,337 Times in 4,187 Posts
 
Default

These are no real hack attempts, they just try to deliver email to non existing accounts.

Maybe policyd is the solution you are looking for:

http://policyd.sourceforge.net/readme.html
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Postfix & mail forwarding loop varnik Server Operation 21 9th December 2008 15:13
Postfix reject connections gabrix Server Operation 27 25th January 2007 08:37
postfix-tls sasl2 mysql courier-authmysql gabrix Server Operation 4 12th January 2007 22:09
Core 4: Error Messages on Fresh Install re CTX/SSL jjw Installation/Configuration 30 6th September 2006 12:16
Virtual Users And Domains With Postfix, Courier And MySQL (+ SMTP-AUTH, Quota, SpamAs ebbay Installation/Configuration 9 4th March 2006 11:47


All times are GMT +2. The time now is 14:13.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.