Re: [spamdyke-users] MAILER-DAEMON Flood

[BC via spamdyke-users]

Well, I have spamdyke-qrv installed and turned on in spamdyke.conf, 
but am still getting stuff like this (maillog):


Nov  8 21:48:51 33a45916-5b78-11e6-a0e5-0cc47a6975be spamdyke[17138]: 
ALLOWED from: filenkokir...@shopon.net to: sergushk...@bk.ru 
origin_ip: 10.0.1.15 origin_rdns: (unknown) auth: (unknown) 
encryption: (none) reason: 250_ok_1478666931_qp_17140


so someone is trying to use my system as a relay, right?

with the resulting MAILER-DAEMON bounce.  The 10.0.1.15 is the IP of 
the jail that qmail runs in.


Any other thoughts?


On 11/7/2016 9:13 AM, Gary Gendel via spamdyke-users wrote:
This doesn't look like it's email originating from your system.  
Instead, it looks like spamdyke has accepted the message and then 
qmail is doing the rejection.  My guess is that it passes through 
spamdyke with an invalid destination user. Qmail then tries to 
reject it.


You can avoid this by adding invalid user checks in spamdyke so it 
doesn't reach qmail by setting 
"recipient-validation-command=" (I use spamdyke-qrv) and 
"reject-recipient=invalid".


Gary



___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] MAILER-DAEMON Flood

[BC via spamdyke-users]

Thank you very much. I'll look into that.

On 11/7/2016 9:13 AM, Gary Gendel via spamdyke-users wrote:
This doesn't look like it's email originating from your system.  
Instead, it looks like spamdyke has accepted the message and then 
qmail is doing the rejection.  My guess is that it passes through 
spamdyke with an invalid destination user. Qmail then tries to 
reject it.


You can avoid this by adding invalid user checks in spamdyke so it 
doesn't reach qmail by setting 
"recipient-validation-command=" (I use spamdyke-qrv) and 
"reject-recipient=invalid".


___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] MAILER-DAEMON Flood

[Gary Gendel via spamdyke-users]

This doesn't look like it's email originating from your system.  
Instead, it looks like spamdyke has accepted the message and then qmail 
is doing the rejection.  My guess is that it passes through spamdyke 
with an invalid destination user.  Qmail then tries to reject it.


You can avoid this by adding invalid user checks in spamdyke so it 
doesn't reach qmail by setting "recipient-validation-command=" 
(I use spamdyke-qrv) and "reject-recipient=invalid".


Gary

On 11/07/2016 10:59 AM, BC via spamdyke-users wrote:


It hasn't risen to the level of DDOS, yet, but I'm getting many 
hundreds of these messages per night (and it is now continuing during 
the day).


They look like this:



Hi. This is the qmail-send program at purgatoire.org.
I tried to deliver a bounce message to this address, but the bounce 
bounced!


:
212.4.107.202 does not like recipient.
Remote host said: 550 5.1.1: Recipient address 
rejected: telcom.es

Giving up on 212.4.107.202.

--- Below this line is the original bounce.




... each one with totally unrelated email and IP addresses and with 
variable sizes and all in MIME format.


I use FreeBSD here.  Running qmail in a jail.  I do use ssmtp running 
on the host (not jailed) in order to get the periodic 
daily/weekly/monthly reports.


Is someone somehow using my system to try to send spam?

Any idea how to block this?

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users






smime.p7s
Description: S/MIME Cryptographic Signature
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

[spamdyke-users] MAILER-DAEMON Flood

[BC via spamdyke-users]

It hasn't risen to the level of DDOS, yet, but I'm getting many 
hundreds of these messages per night (and it is now continuing during 
the day).


They look like this:



Hi. This is the qmail-send program at purgatoire.org.
I tried to deliver a bounce message to this address, but the bounce bounced!

:
212.4.107.202 does not like recipient.
Remote host said: 550 5.1.1: Recipient address rejected: 
telcom.es
Giving up on 212.4.107.202.

--- Below this line is the original bounce.




... each one with totally unrelated email and IP addresses and with variable 
sizes and all in MIME format.

I use FreeBSD here.  Running qmail in a jail.  I do use ssmtp running on the 
host (not jailed) in order to get the periodic daily/weekly/monthly reports.

Is someone somehow using my system to try to send spam?

Any idea how to block this?

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users