Re: [spamdyke-users] MAILER-DAEMON Flood
Well, I have spamdyke-qrv installed and turned on in spamdyke.conf, but am still getting stuff like this (maillog): Nov 8 21:48:51 33a45916-5b78-11e6-a0e5-0cc47a6975be spamdyke[17138]: ALLOWED from: filenkokir...@shopon.net to: sergushk...@bk.ru origin_ip: 10.0.1.15 origin_rdns: (unknown) auth: (unknown) encryption: (none) reason: 250_ok_1478666931_qp_17140 so someone is trying to use my system as a relay, right? with the resulting MAILER-DAEMON bounce. The 10.0.1.15 is the IP of the jail that qmail runs in. Any other thoughts? On 11/7/2016 9:13 AM, Gary Gendel via spamdyke-users wrote: This doesn't look like it's email originating from your system. Instead, it looks like spamdyke has accepted the message and then qmail is doing the rejection. My guess is that it passes through spamdyke with an invalid destination user. Qmail then tries to reject it. You can avoid this by adding invalid user checks in spamdyke so it doesn't reach qmail by setting "recipient-validation-command=" (I use spamdyke-qrv) and "reject-recipient=invalid". Gary ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] MAILER-DAEMON Flood
Thank you very much. I'll look into that. On 11/7/2016 9:13 AM, Gary Gendel via spamdyke-users wrote: This doesn't look like it's email originating from your system. Instead, it looks like spamdyke has accepted the message and then qmail is doing the rejection. My guess is that it passes through spamdyke with an invalid destination user. Qmail then tries to reject it. You can avoid this by adding invalid user checks in spamdyke so it doesn't reach qmail by setting "recipient-validation-command=" (I use spamdyke-qrv) and "reject-recipient=invalid". ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] MAILER-DAEMON Flood
This doesn't look like it's email originating from your system. Instead, it looks like spamdyke has accepted the message and then qmail is doing the rejection. My guess is that it passes through spamdyke with an invalid destination user. Qmail then tries to reject it. You can avoid this by adding invalid user checks in spamdyke so it doesn't reach qmail by setting "recipient-validation-command=" (I use spamdyke-qrv) and "reject-recipient=invalid". Gary On 11/07/2016 10:59 AM, BC via spamdyke-users wrote: It hasn't risen to the level of DDOS, yet, but I'm getting many hundreds of these messages per night (and it is now continuing during the day). They look like this: Hi. This is the qmail-send program at purgatoire.org. I tried to deliver a bounce message to this address, but the bounce bounced!: 212.4.107.202 does not like recipient. Remote host said: 550 5.1.1 : Recipient address rejected: telcom.es Giving up on 212.4.107.202. --- Below this line is the original bounce. ... each one with totally unrelated email and IP addresses and with variable sizes and all in MIME format. I use FreeBSD here. Running qmail in a jail. I do use ssmtp running on the host (not jailed) in order to get the periodic daily/weekly/monthly reports. Is someone somehow using my system to try to send spam? Any idea how to block this? ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users smime.p7s Description: S/MIME Cryptographic Signature ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] MAILER-DAEMON Flood
It hasn't risen to the level of DDOS, yet, but I'm getting many hundreds of these messages per night (and it is now continuing during the day). They look like this: Hi. This is the qmail-send program at purgatoire.org. I tried to deliver a bounce message to this address, but the bounce bounced!: 212.4.107.202 does not like recipient. Remote host said: 550 5.1.1 : Recipient address rejected: telcom.es Giving up on 212.4.107.202. --- Below this line is the original bounce. ... each one with totally unrelated email and IP addresses and with variable sizes and all in MIME format. I use FreeBSD here. Running qmail in a jail. I do use ssmtp running on the host (not jailed) in order to get the periodic daily/weekly/monthly reports. Is someone somehow using my system to try to send spam? Any idea how to block this? ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users