Results 1 to 2 of 2

Thread: Hammered by spam

  1. #1
    Join Date
    Apr 2008
    Location
    Catonsville MD
    Posts
    101
    Rep Power
    7

    Default Hammered by spam

    I am getting hammered by the following entries in my logs:

    Apr 15 08:14:09 mail postfix/smtp[27060]: CA127721A5E: to=<info@cool-body.ru>, relay=127.0.0.1[127.0.0.1]:10026, delay=8, delays=7.3/0/0.02/0.62, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10030): 250 2.0.0 Ok: queued as 62DA0721595)
    Apr 15 08:14:09 mail postfix/smtp[27060]: CA127721A5E: to=<info@elremo.ru>, relay=127.0.0.1[127.0.0.1]:10026, delay=8, delays=7.3/0/0.02/0.62, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10030): 250 2.0.0 Ok: queued as 62DA0721595)
    Apr 15 08:14:09 mail postfix/smtp[27060]: CA127721A5E: to=<info@girlsigry.ru>, relay=127.0.0.1[127.0.0.1]:10026, delay=8, delays=7.3/0/0.02/0.62, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10030): 250 2.0.0 Ok: queued as 62DA0721595)
    Apr 15 08:14:09 mail postfix/smtp[27060]: CA127721A5E: to=<tatiana@livebooks.ru>, relay=127.0.0.1[127.0.0.1]:10026, delay=8, delays=7.3/0/0.02/0.62, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10030): 250 2.0.0 Ok: queued as 62DA0721595)
    Apr 15 08:14:09 mail postfix/smtp[27060]: CA127721A5E: to=<info@npgen.ru>, relay=127.0.0.1[127.0.0.1]:10026, delay=8, delays=7.3/0/0.02/0.62, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10030): 250 2.0.0 Ok: queued as 62DA0721595)
    Apr 15 08:14:09 mail postfix/smtp[27060]: CA127721A5E: to=<info@oknoliya.ru>, relay=127.0.0.1[127.0.0.1]:10026, delay=8, delays=7.3/0/0.02/0.62, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10030): 250 2.0.0 Ok: queued as 62DA0721595)
    Apr 15 08:14:09 mail postfix/smtp[27060]: CA127721A5E: to=<fc@rosbi.ru>, relay=127.0.0.1[127.0.0.1]:10026, delay=8, delays=7.3/0/0.02/0.62, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10030): 250 2.0.0 Ok: queued as 62DA0721595)
    Apr 15 08:14:09 mail postfix/smtp[27060]: CA127721A5E: to=<info@servitio.ru>, relay=127.0.0.1[127.0.0.1]:10026, delay=8, delays=7.3/0/0.02/0.62, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10030): 250 2.0.0 Ok: queued as 62DA0721595)
    Apr 15 08:14:09 mail postfix/smtp[27060]: CA127721A5E: to=<office@shadowww.ru>, relay=127.0.0.1[127.0.0.1]:10026, delay=8, delays=7.3/0/0.02/0.62, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10030): 250 2.0.0 Ok: queued as 62DA0721595)
    Apr 15 08:14:09 mail postfix/smtp[27060]: CA127721A5E: to=<sergei.tarasov@sun.com>, relay=127.0.0.1[127.0.0.1]:10026, delay=8, delays=7.3/0/0.02/0.62, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10030): 250 2.0.0 Ok: queued as 62DA0721595)


    How are these guys ale to relay off my servers? Is this possibly coming from an authorized user who has some malware?

  2. #2
    Join Date
    Dec 2006
    Posts
    184
    Rep Power
    9

    Default

    Look in your logs for the sender. Chances are they are auth users. By default there's no rate control. Grep for sasl_username for example to list...

Similar Threads

  1. Replies: 3
    Last Post: 08-17-2012, 01:01 PM
  2. Replies: 0
    Last Post: 06-20-2012, 01:59 AM
  3. Replies: 9
    Last Post: 07-01-2009, 10:20 AM
  4. X-Spam-Flag issue- same score < kill but flagged as spam?
    By jameztcc in forum Administrators
    Replies: 6
    Last Post: 06-15-2009, 08:09 PM
  5. Replies: 2
    Last Post: 12-20-2006, 08:07 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •