Results 1 to 2 of 2

Thread: Hammered by spam

Hybrid View

  1. #1
    Join Date
    Apr 2008
    Location
    Catonsville MD
    Posts
    101
    Rep Power
    8

    Default Hammered by spam

    I am getting hammered by the following entries in my logs:

    Apr 15 08:14:09 mail postfix/smtp[27060]: CA127721A5E: to=<info@cool-body.ru>, relay=127.0.0.1[127.0.0.1]:10026, delay=8, delays=7.3/0/0.02/0.62, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10030): 250 2.0.0 Ok: queued as 62DA0721595)
    Apr 15 08:14:09 mail postfix/smtp[27060]: CA127721A5E: to=<info@elremo.ru>, relay=127.0.0.1[127.0.0.1]:10026, delay=8, delays=7.3/0/0.02/0.62, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10030): 250 2.0.0 Ok: queued as 62DA0721595)
    Apr 15 08:14:09 mail postfix/smtp[27060]: CA127721A5E: to=<info@girlsigry.ru>, relay=127.0.0.1[127.0.0.1]:10026, delay=8, delays=7.3/0/0.02/0.62, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10030): 250 2.0.0 Ok: queued as 62DA0721595)
    Apr 15 08:14:09 mail postfix/smtp[27060]: CA127721A5E: to=<tatiana@livebooks.ru>, relay=127.0.0.1[127.0.0.1]:10026, delay=8, delays=7.3/0/0.02/0.62, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10030): 250 2.0.0 Ok: queued as 62DA0721595)
    Apr 15 08:14:09 mail postfix/smtp[27060]: CA127721A5E: to=<info@npgen.ru>, relay=127.0.0.1[127.0.0.1]:10026, delay=8, delays=7.3/0/0.02/0.62, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10030): 250 2.0.0 Ok: queued as 62DA0721595)
    Apr 15 08:14:09 mail postfix/smtp[27060]: CA127721A5E: to=<info@oknoliya.ru>, relay=127.0.0.1[127.0.0.1]:10026, delay=8, delays=7.3/0/0.02/0.62, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10030): 250 2.0.0 Ok: queued as 62DA0721595)
    Apr 15 08:14:09 mail postfix/smtp[27060]: CA127721A5E: to=<fc@rosbi.ru>, relay=127.0.0.1[127.0.0.1]:10026, delay=8, delays=7.3/0/0.02/0.62, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10030): 250 2.0.0 Ok: queued as 62DA0721595)
    Apr 15 08:14:09 mail postfix/smtp[27060]: CA127721A5E: to=<info@servitio.ru>, relay=127.0.0.1[127.0.0.1]:10026, delay=8, delays=7.3/0/0.02/0.62, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10030): 250 2.0.0 Ok: queued as 62DA0721595)
    Apr 15 08:14:09 mail postfix/smtp[27060]: CA127721A5E: to=<office@shadowww.ru>, relay=127.0.0.1[127.0.0.1]:10026, delay=8, delays=7.3/0/0.02/0.62, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10030): 250 2.0.0 Ok: queued as 62DA0721595)
    Apr 15 08:14:09 mail postfix/smtp[27060]: CA127721A5E: to=<sergei.tarasov@sun.com>, relay=127.0.0.1[127.0.0.1]:10026, delay=8, delays=7.3/0/0.02/0.62, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10030): 250 2.0.0 Ok: queued as 62DA0721595)


    How are these guys ale to relay off my servers? Is this possibly coming from an authorized user who has some malware?

  2. #2
    Join Date
    Dec 2006
    Posts
    184
    Rep Power
    10

    Default

    Look in your logs for the sender. Chances are they are auth users. By default there's no rate control. Grep for sasl_username for example to list...

Similar Threads

  1. Replies: 3
    Last Post: 08-17-2012, 01:01 PM
  2. Replies: 0
    Last Post: 06-20-2012, 01:59 AM
  3. Replies: 9
    Last Post: 07-01-2009, 10:20 AM
  4. X-Spam-Flag issue- same score < kill but flagged as spam?
    By jameztcc in forum Administrators
    Replies: 6
    Last Post: 06-15-2009, 08:09 PM
  5. Replies: 2
    Last Post: 12-20-2006, 08:07 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •