Spam sent from web

Discussion in 'General' started by buliyo, Oct 14, 2013.

  1. buliyo

    buliyo New Member

    Do you have any idea how to prevent this?
    The only way you captcha on the site with page?
    PHP can be secure and enforce additional authorization?

    Fragment of my postqueue:
    Code:
    -Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
    8FBF9304815* 3453 Sun Oct 13 12:46:08 [email protected]
    [email protected]
    
    540EE30480D* 3446 Sun Oct 13 12:46:07 [email protected]
    [email protected]
    
    29F7B30BF17* 3466 Mon Oct 14 08:13:26 [email protected]
    [email protected]
    
    75484305A84* 3453 Sat Oct 12 21:33:37 [email protected]
    [email protected]
    
    9C2EE303DAB* 3472 Sat Oct 12 13:23:59 [email protected]
    [email protected]
    
    58CF7304808* 3451 Sun Oct 13 12:46:06 [email protected]
    [email protected]
    
    020F830D0B1* 3444 Mon Oct 14 07:30:25 [email protected]
    [email protected]
    
    00B6D305742* 3441 Sat Oct 12 23:30:59 [email protected]
    [email protected]
    
    DB88930D0D3* 3450 Mon Oct 14 07:30:22 [email protected]
    [email protected]
    
    A263D30A5BE* 3438 Mon Oct 14 02:21:03 [email protected]
    [email protected]
    
    ED5AB30D08D* 3454 Mon Oct 14 07:30:25 [email protected]
    [email protected]
    
    611AD30481A* 3443 Sun Oct 13 12:46:02 [email protected]
    [email protected]
    
    F3F9130D0A6* 3439 Mon Oct 14 07:30:21 [email protected]
    [email protected]
    
    D322930D0AC* 3440 Mon Oct 14 07:30:23 [email protected]
    [email protected]
    mail.log:
    Code:
    Oct 10 09:53:29 prime postfix/qmgr[2954]: C5E0F1287ED4: from=<[email protected]>, size=4842, nrcpt=1 (queue active)
    Oct 10 09:53:29 prime amavis[27159]: (27159-09-23) Passed CLEAN {RelayedOpenRelay}, <[email protected]> -> <[email protected]>, Message-ID: <[email protected]>, mail_i
    Oct 10 09:53:30 prime postfix/local[27848]: 1C8BB1287ED8: to=<[email protected]>, relay=local, delay=0.03, delays=0.01/0/0/0.02, dsn=2.0.0, status=sent (delivered to mailbox)
    Oct 10 09:53:30 prime postfix/local[27848]: 742271287ECF: to=<[email protected]>, relay=local, delay=0.02, delays=0.01/0/0/0.01, dsn=2.0.0, status=sent (delivered to mailbox)
    Oct 10 09:53:33 prime postfix/local[27848]: 8CB2F1287ECD: to=<[email protected]>, relay=local, delay=0.01, delays=0.01/0/0/0, dsn=2.0.0, status=sent (delivered to mailbox)
    Oct 10 09:53:33 prime amavis[27159]: (27159-09-25) Passed CLEAN {RelayedInbound}, [74.125.83.66]:46601 [74.125.83.66] <> -> <[email protected]>, Queue-ID: 187C71287ED1, Message-ID: <089e01681ba4d5fad104e
    Oct 10 09:53:33 prime postfix/smtp[27036]: 187C71287ED1: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, conn_use=25, delay=8.5, delays=0.12/4.9/0/3.5, dsn=2.0.0, status=sent (250 2.0.0 from MT
    Oct 10 09:53:38 prime amavis[27873]: (27873-02) Passed CLEAN {RelayedInbound}, [212.188.178.246]:52393 [212.188.178.246] <> -> <[email protected]>, Queue-ID: 2ECCD1287ECD, Message-ID: <20131010075332.DB7
    Oct 10 09:53:38 prime postfix/local[27848]: 0F0981287ECE: to=<[email protected]>, relay=local, delay=0.02, delays=0.01/0/0/0.01, dsn=2.0.0, status=sent (delivered to mailbox)
    Oct 10 09:53:38 prime postfix/smtp[26447]: 2ECCD1287ECD: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=3.9, delays=0.19/0/0/3.7, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0
    Oct 10 09:59:55 prime postfix/qmgr[2954]: E5D961287ECC: from=<[email protected]>, size=4860, nrcpt=1 (queue active)
    
     
    Last edited: Oct 14, 2013
  2. SamTzu

    SamTzu Member HowtoForge Supporter

    We started to block ALL email (@gw) from web-servers that tried to send email directly out. This requires (external) SMTP accounts for ALL web-sites on these servers.

    Basically this is a lot more work but so far we have not figured out a way to do this smarter.
     
  3. Ovidiu

    Ovidiu Active Member

  4. Ovidiu

    Ovidiu Active Member

    reviving this old thread as I have a related question:

    so assuming I've mostly secured outgoing emails, what about the occasional ones that slip through? I mean they bounce back into something like [email protected] (just picking up the above example) which means they'll never reach me or the client.

    Would it not be possible to setup a catch-all which redirects all webXX to the client who owns that particular web?
     

Share This Page