Re: Mail server under attack

From: Bill Unruh (unruh_at_string.physics.ubc.ca)
Date: 06/23/04

Next message: Gandalf Parker: "Re: Mail server under attack"
Previous message: Nuno Paquete: "Re: Mail server under attack"
In reply to: Nuno Paquete: "Re: Mail server under attack"
Next in thread: Gandalf Parker: "Re: Mail server under attack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 23 Jun 2004 17:48:18 +0000 (UTC)

Nuno Paquete <nmp@ispgaya.pt> writes:

]Thomas B wrote:

]> In my /var/log/maillog, the following messages are shown repeatedly.
]> It seems that my e-mail server is under attack.
]>
]>
]> Jun 23 08:55:02 mail sendmail[7168]: i5N0t2dV007168: ruho@mydomain.com...
]> User unknown
]> Jun 23 08:55:03 mail sendmail[7168]: i5N0t2dV007168: lost input channel
]> from
]> [218.16.108.71] to MTA after rcpt
]> Jun 23 08:55:03 mail sendmail[7168]: i5N0t2dV007168:
]> from=<jackeyng@hsdomain.com>, size=0, class=0, nrcpts=0, proto=SMTP,
]> daemon=MTA, relay=[218.16.108.71]

This is standard spam junk. Somewhere a spammer has gotten the idea that
you have a user ruho on your system and is sending mail to them.

]>
]>
]> The traffic coming into my server is extremely busy.
]> I've check the IP in www.checkdomain.com, it just shows the IP is
]> originated from Australia, but ISP is not shown.
]> What can I do?

Nothing. This is life in the net jungle these days.

]Hi.
]I think that your mail server is not well configured and is allowing
]external and anonymous users to relay mail through your mail server.
]You have to give more information to someone can help you.
]What is your mail server? Postfix? Sendmail?...

It may be that you have relaying improperly set up, but I do not see the
evidence thereof in what you posted.

Next message: Gandalf Parker: "Re: Mail server under attack"
Previous message: Nuno Paquete: "Re: Mail server under attack"
In reply to: Nuno Paquete: "Re: Mail server under attack"
Next in thread: Gandalf Parker: "Re: Mail server under attack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Outlook wont send large attachments
... the one operating your own personal mail server. ... header to the e-mail client while they interrogate the message but that only ... the timeout due to excessive delay. ...
(microsoft.public.outlook)
RE: No delivery report 4.4.7
... mail.rabarberlandet.dk is a mail server host on our ISP. ... Please let me know where the mail.rabarberlandet.dk host on. ... Microsoft CSS Online Newsgroup Support ...
(microsoft.public.windows.server.sbs)
[SLE] MADAY - smtp attack on my server - How to Stop?
... Of course 'sales' doesn't exist on my system, but it is killing my server. ... : Recipient address rejected: User unknown in local ... Right now I have blocked port 25 on the router and this stops the attack. ...
(SuSE)
Re: Is a DC needed Here?
... Yes I FULLY agree with you I want the file server for the mail but there are ... the mail you can create accounts just in the mail server DB alone. ... My mail server does not require AD ... because a mailbox is a difinitive object. ...
(microsoft.public.windows.server.active_directory)
Re: help understand relaying and authentication
... Bharat Suneja ... MVP - Exchange ... access on the SMTP virtual server that receives internet mail, ... mail server, then other mail servers fail to send email to me... ...
(microsoft.public.exchange.admin)