Under SPAM hack attack

Discussion in 'General' started by binover, Nov 17, 2008.

  1. binover

    binover New Member

    Hi to all, this is a very serious problem... in the few past days one of my servers is delivering A LOT of spam to different mailbox, I'm know for sure it was hack :mad: some how, I'm preparing a new install but... how can I stop that attack? were can I look? I'm short of knowledge right know. :confused:

    Thanks to all!
     
  2. binover

    binover New Member

    PD: Here is a extract of the Mailq:

    593D01FC274 2629 Mon Nov 17 10:55:52 [email protected]
    (host mail-in.roc2.bluetie.com[208.89.132.202] said: 450 4.7.1 <[email protected]>: Recipient address rejected: Greylisting in action, please try again in 5 minutes. (in reply to RCPT TO command))
    [email protected]
    (host mx1.comcast.net[76.96.62.116] refused to talk to me: 554 IMTA09.westchester.pa.mail.comcast.net comcast 200.5.90.196 Comcast BL004 Blocked for spam. Please see http://help.comcast.net/content/faq/BL004)
    [email protected]
    [email protected]
    (host mx2.optonline.net[167.206.4.79] refused to talk to me: 452 try later)
    [email protected]
    (host mailin-03.mx.aol.com[205.188.252.17] said: 421-: (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html 421 SERVICE NOT AVAILABLE (in reply to end of DATA command))
    [email protected]
    [email protected]
    [email protected]
    [email protected]
    [email protected]
    [email protected]
    [email protected]
    [email protected]
    (host b.mx.mail.yahoo.com[66.196.97.250] refused to talk to me: 421 4.7.0 [TS02] Messages from 200.5.90.196 temporarily deferred due to user complaints - 4.16.56.1; see http://postmaster.yahoo.com/421-ts02.html)
    [email protected]
    [email protected]
    [email protected]
    [email protected]
    [email protected]
    [email protected]
    [email protected]
    [email protected]
    [email protected]
    [email protected]
    [email protected]
    [email protected]
    [email protected]
    [email protected]
    [email protected]
    [email protected]
    (connect to mail.wbia.net [65.14.23.101]: read timeout)
    [email protected]
     
  3. madmucho

    madmucho ISPConfig Developer ISPConfig Developer

    as i see you will need implement some spam defense, or your mailserver defense, try search fail2ban and set it to your distro. Will help
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Most likely one of the websites you host is misused to send spam, e.g. trough a unsave contact form. You should check the mails in the queue with the postcat command to find out trogh which website they had been sent.
     

Share This Page