Under SPAM hack attack

Discussion in 'General' started by binover, Nov 17, 2008.

  1. binover

    binover New Member

    Hi to all, this is a very serious problem... in the few past days one of my servers is delivering A LOT of spam to different mailbox, I'm know for sure it was hack :mad: some how, I'm preparing a new install but... how can I stop that attack? were can I look? I'm short of knowledge right know. :confused:

    Thanks to all!
     
  2. binover

    binover New Member

    PD: Here is a extract of the Mailq:

    593D01FC274 2629 Mon Nov 17 10:55:52 rev_fr_jean_white2@unitednations.org
    (host mail-in.roc2.bluetie.com[208.89.132.202] said: 450 4.7.1 <deedee5@excite.com>: Recipient address rejected: Greylisting in action, please try again in 5 minutes. (in reply to RCPT TO command))
    deedee5@excite.com
    (host mx1.comcast.net[76.96.62.116] refused to talk to me: 554 IMTA09.westchester.pa.mail.comcast.net comcast 200.5.90.196 Comcast BL004 Blocked for spam. Please see http://help.comcast.net/content/faq/BL004)
    deedee12858@comcast.net
    deedee28@comcast.net
    (host mx2.optonline.net[167.206.4.79] refused to talk to me: 452 try later)
    deedee56@optonline.net
    (host mailin-03.mx.aol.com[205.188.252.17] said: 421-: (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html 421 SERVICE NOT AVAILABLE (in reply to end of DATA command))
    deedee128748@aol.com
    deedee1331@aol.com
    deedee178215@aol.com
    deedee2902@aol.com
    deedee2987@aol.com
    deedee3737@aol.com
    deedee4585@aol.com
    deedee573@aol.com
    (host b.mx.mail.yahoo.com[66.196.97.250] refused to talk to me: 421 4.7.0 [TS02] Messages from 200.5.90.196 temporarily deferred due to user complaints - 4.16.56.1; see http://postmaster.yahoo.com/421-ts02.html)
    deedee1137@yahoo.com
    deedee1165@yahoo.com
    deedee12167@yahoo.com
    deedee12356@yahoo.com
    deedee128691@yahoo.com
    deedee15dr@yahoo.com
    deedee16552002@yahoo.com
    deedee18ro@yahoo.com
    deedee200415@yahoo.com
    deedee229@yahoo.com
    deedee262004@yahoo.com
    deedee3835@yahoo.com
    deedee47882@yahoo.com
    deedee50@yahoo.com
    deedee5111@yahoo.com
    deedee7332003@yahoo.com
    (connect to mail.wbia.net [65.14.23.101]: read timeout)
    deedee125@wbia.net
     
  3. madmucho

    madmucho ISPConfig Developer ISPConfig Developer

    as i see you will need implement some spam defense, or your mailserver defense, try search fail2ban and set it to your distro. Will help
     
  4. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

    Most likely one of the websites you host is misused to send spam, e.g. trough a unsave contact form. You should check the mails in the queue with the postcat command to find out trogh which website they had been sent.
     

Share This Page