#1  
Old 22nd February 2012, 13:23
vaio1 vaio1 is offline
Senior Member
 
Join Date: Jul 2007
Location: Italy
Posts: 664
Thanks: 77
Thanked 12 Times in 7 Posts
Default SPAM email: qq.com

Hi guys,

I get this string from the mail logs and seems to me that something send a message to *@qq.com, is what I said correct?

Code:
Feb 14 13:47:09 mailserver amavis[25685]: (25685-20) Passed CLEAN, [59.50.129.210] [59.50.129.210] <info@mydomain.com> -> <1004406938@qq.com>,<1005249125@qq.com>,<1006155961@qq.com>,<1033870196@qq.com>,<976662574@qq.com>,<977869125@qq.com>,<978869240@qq.com>,<979952356@qq.com>,<986474624@qq.com>,<992920531@qq.com>,<994968252@qq.com>, Message-ID: <126D8A9B611E75959AB7D203882778D9@uc>, mail_id: RzYVR7GFFqxh, Hits: 1.546, size: 8319, queued_as: 7389BA23B1, 753 ms
thanks
Reply With Quote
Sponsored Links
  #2  
Old 24th February 2012, 02:55
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,744 Times in 2,577 Posts
Default

Yes, that seems to be correct.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 24th February 2012, 08:08
vaio1 vaio1 is offline
Senior Member
 
Join Date: Jul 2007
Location: Italy
Posts: 664
Thanks: 77
Thanked 12 Times in 7 Posts
 
Talking

I was under Spam attack.

I have set up the /etc/fail2ban/jail.local in this way:

Code:
## bantime of 3600 = 60*60 = one hour
## bantime of 86400 = 60*60*24 = one day
## bantime of 604800 = 60*60*24*7 = one week
## bantime of 2592000 = 60*60*24*30 = (approx) one month
## bantime of 31536000 = 60*60*24*365 = (approx) one year

[dovecot-pop3imap]
enabled = true
filter = dovecot-pop3imap
port = pop3,pop3s,imap,imaps
logpath = /var/log/mail.log
maxretry = 20
findtime = 60
bantime = 86400
in the /etc/fail2ban/filter.d/dovecot-pop3imap.conf file I have written:

Code:
[Definition]
failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconn$
ignoreregex =
and then I have restarted the fail2ban software:

Code:
/etc/init.d/fail2ban restart
then I have seen the IP of the spammer in the fail2ban log software as BANNNED!

Thanks
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Spamfilter policy - question about spam actions prisfeo Installation/Configuration 4 2nd February 2010 16:17
hotmail rejects outgoing email nzimas Server Operation 3 1st May 2009 03:39
email spam filter options the_spy Feature Requests 1 7th September 2008 17:04
Ubuntu 8.04 Spamsnake - all SA scores 0.00 Thomas_Powers HOWTO-Related Questions 23 24th June 2008 17:37
Email problem - all outgoing mail end up as spam haaglin General 8 16th October 2007 17:35


All times are GMT +2. The time now is 10:02.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.