Spam sent from web

Discussion in 'General' started by buliyo, Oct 14, 2013.

  1. buliyo

    buliyo New Member

    Do you have any idea how to prevent this?
    The only way you captcha on the site with page?
    PHP can be secure and enforce additional authorization?

    Fragment of my postqueue:
    Code:
    -Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
    8FBF9304815* 3453 Sun Oct 13 12:46:08 web35@prime.pl
    gioia.pisano@ey.com
    
    540EE30480D* 3446 Sun Oct 13 12:46:07 web35@prime.pl
    ginobianchini@ey.com
    
    29F7B30BF17* 3466 Mon Oct 14 08:13:26 web35@prime.pl
    kmarcoux@maildomination.com
    
    75484305A84* 3453 Sat Oct 12 21:33:37 web35@prime.pl
    support@kongu.com
    
    9C2EE303DAB* 3472 Sat Oct 12 13:23:59 web35@prime.pl
    thebjohnstons@sbcglobla.net
    
    58CF7304808* 3451 Sun Oct 13 12:46:06 web35@prime.pl
    gino.sasso@ey.com
    
    020F830D0B1* 3444 Mon Oct 14 07:30:25 web35@prime.pl
    saccentev@coned.com
    
    00B6D305742* 3441 Sat Oct 12 23:30:59 web35@prime.pl
    Mulee@compaq.net
    
    DB88930D0D3* 3450 Mon Oct 14 07:30:22 web35@prime.pl
    sablianj@coned.com
    
    A263D30A5BE* 3438 Mon Oct 14 02:21:03 web35@prime.pl
    roger@villa.com
    
    ED5AB30D08D* 3454 Mon Oct 14 07:30:25 web35@prime.pl
    saddiesmith@coned.com
    
    611AD30481A* 3443 Sun Oct 13 12:46:02 web35@prime.pl
    ginny.hoce@ey.com
    
    F3F9130D0A6* 3439 Mon Oct 14 07:30:21 web35@prime.pl
    sabinoaa@coned.com
    
    D322930D0AC* 3440 Mon Oct 14 07:30:23 web35@prime.pl
    sablod@coned.com
    mail.log:
    Code:
    Oct 10 09:53:29 prime postfix/qmgr[2954]: C5E0F1287ED4: from=<web35@prime.pl>, size=4842, nrcpt=1 (queue active)
    Oct 10 09:53:29 prime amavis[27159]: (27159-09-23) Passed CLEAN {RelayedOpenRelay}, <web35@prime.pl> -> <2052124@compass-group.co.uk>, Message-ID: <20131010075322.892481287EE7@prime.pl>, mail_i
    Oct 10 09:53:30 prime postfix/local[27848]: 1C8BB1287ED8: to=<web35@prime.pl>, relay=local, delay=0.03, delays=0.01/0/0/0.02, dsn=2.0.0, status=sent (delivered to mailbox)
    Oct 10 09:53:30 prime postfix/local[27848]: 742271287ECF: to=<web35@prime.pl>, relay=local, delay=0.02, delays=0.01/0/0/0.01, dsn=2.0.0, status=sent (delivered to mailbox)
    Oct 10 09:53:33 prime postfix/local[27848]: 8CB2F1287ECD: to=<web35@prime.pl>, relay=local, delay=0.01, delays=0.01/0/0/0, dsn=2.0.0, status=sent (delivered to mailbox)
    Oct 10 09:53:33 prime amavis[27159]: (27159-09-25) Passed CLEAN {RelayedInbound}, [74.125.83.66]:46601 [74.125.83.66] <> -> <web35@prime.pl>, Queue-ID: 187C71287ED1, Message-ID: <089e01681ba4d5fad104e
    Oct 10 09:53:33 prime postfix/smtp[27036]: 187C71287ED1: to=<web35@prime.pl>, relay=127.0.0.1[127.0.0.1]:10024, conn_use=25, delay=8.5, delays=0.12/4.9/0/3.5, dsn=2.0.0, status=sent (250 2.0.0 from MT
    Oct 10 09:53:38 prime amavis[27873]: (27873-02) Passed CLEAN {RelayedInbound}, [212.188.178.246]:52393 [212.188.178.246] <> -> <web35@prime.pl>, Queue-ID: 2ECCD1287ECD, Message-ID: <20131010075332.DB7
    Oct 10 09:53:38 prime postfix/local[27848]: 0F0981287ECE: to=<web35@prime.pl>, relay=local, delay=0.02, delays=0.01/0/0/0.01, dsn=2.0.0, status=sent (delivered to mailbox)
    Oct 10 09:53:38 prime postfix/smtp[26447]: 2ECCD1287ECD: to=<web35@prime.pl>, relay=127.0.0.1[127.0.0.1]:10024, delay=3.9, delays=0.19/0/0/3.7, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0
    Oct 10 09:59:55 prime postfix/qmgr[2954]: E5D961287ECC: from=<web35@prime.pl>, size=4860, nrcpt=1 (queue active)
    
     
    Last edited: Oct 14, 2013
  2. SamTzu

    SamTzu Member HowtoForge Supporter

    We started to block ALL email (@gw) from web-servers that tried to send email directly out. This requires (external) SMTP accounts for ALL web-sites on these servers.

    Basically this is a lot more work but so far we have not figured out a way to do this smarter.
     
  3. Ovidiu

    Ovidiu Active Member

  4. Ovidiu

    Ovidiu Active Member

    reviving this old thread as I have a related question:

    so assuming I've mostly secured outgoing emails, what about the occasional ones that slip through? I mean they bounce back into something like web35@prime.pl (just picking up the above example) which means they'll never reach me or the client.

    Would it not be possible to setup a catch-all which redirects all webXX to the client who owns that particular web?
     

Share This Page