I have some older servers - we are in the process of upgrading, but I just had
a wave of what I believe were spam which were being relayed by using our
servers. The messages were presented as dsn (I see the module dsn) - is there a
way to mitigate this kind of attack until I can finish the migration?
I reset the users password, which didn't help - the only thing that seemed to
mitigate the emails was actually modifying the users email address. When I did
that, the email flow stopped.
The fact that I saw module=dsn and that the password reset had no effect lead
me to believe they are using a loophole in the server or that I've somehow
misconfigured it.
Any suggestions for limiting the impact of this attack while I finish my
upgrades would be greatly appreciated.
Thank you,
Mitch
Jul 29 04:48:11 slim1 courierd: newmsg,id=00050D02.53D72785.00010128: dns;
[192.168.1.10] ([113.167.164.185])
Jul 29 04:48:11 slim1 courierd:
started,id=00050D02.53D72785.00010128,from=<blaine@SENDERDOM>,module=esmtp,host=gmail.com,addr=<getimmunocal...@gmail.com>
Jul 29 04:48:11 slim1 courierd:
started,id=00050D02.53D72785.00010128,from=<blaine@SENDERDOM>,module=esmtp,host=gmail.com,addr=<abuelo...@gmail.com>
Jul 29 04:48:11 slim1 courierd:
started,id=00050D02.53D72785.00010128,from=<blaine@SENDERDOM>,module=esmtp,host=route66isp.com,addr=<s_palmer...@route66isp.com>
Jul 29 04:48:11 slim1 courierd:
started,id=00050D02.53D72785.00010128,from=<blaine@SENDERDOM>,module=esmtp,host=web.de,addr=<c.g...@web.de>
Jul 29 04:48:11 slim1 courierd:
started,id=00050D02.53D72785.00010128,from=<blaine@SENDERDOM>,module=esmtp,host=mrmjc.wanadoo.co.uk,addr=<m...@mrmjc.wanadoo.co.uk>
Jul 29 04:48:11 slim1 courieresmtp:
id=00050D02.53D72785.00010128,from=<blaine@SENDERDOM>,addr=<s_palmer...@route66isp.com>:
No such domain.
Jul 29 04:48:11 slim1 courieresmtp:
id=00050D02.53D72785.00010128,from=<blaine@SENDERDOM>,addr=<s_palmer...@route66isp.com>,status:
failure
Jul 29 04:48:12 slim1 courieresmtp:
id=00050D02.53D72785.00010128,from=<blaine@SENDERDOM>,addr=<getimmunocal...@gmail.com>:
550-5.7.1 [SERVERIP 12] Our system has detected that this message is
Jul 29 04:48:12 slim1 courieresmtp:
id=00050D02.53D72785.00010128,from=<blaine@SENDERDOM>,addr=<abuelo...@gmail.com>:
550-5.7.1 [SERVERIP 12] Our system has detected that this message is
Jul 29 04:48:12 slim1 courieresmtp:
id=00050D02.53D72785.00010128,from=<blaine@SENDERDOM>,addr=<getimmunocal...@gmail.com>:
550-5.7.1 likely unsolicited mail. To reduce the amount of spam sent to Gmail,
Jul 29 04:48:12 slim1 courieresmtp:
id=00050D02.53D72785.00010128,from=<blaine@SENDERDOM>,addr=<abuelo...@gmail.com>:
550-5.7.1 likely unsolicited mail. To reduce the amount of spam sent to Gmail,
Jul 29 04:48:12 slim1 courieresmtp:
id=00050D02.53D72785.00010128,from=<blaine@SENDERDOM>,addr=<getimmunocal...@gmail.com>:
550-5.7.1 this message has been blocked. Please visit
Jul 29 04:48:12 slim1 courieresmtp:
id=00050D02.53D72785.00010128,from=<blaine@SENDERDOM>,addr=<abuelo...@gmail.com>:
550-5.7.1 this message has been blocked. Please visit
Jul 29 04:48:12 slim1 courieresmtp:
id=00050D02.53D72785.00010128,from=<blaine@SENDERDOM>,addr=<getimmunocal...@gmail.com>:
550-5.7.1 http://support.google.com/mail/bin/answer.py?hl=en&answer=188131 for
Jul 29 04:48:12 slim1 courieresmtp:
id=00050D02.53D72785.00010128,from=<blaine@SENDERDOM>,addr=<abuelo...@gmail.com>:
550-5.7.1 http://support.google.com/mail/bin/answer.py?hl=en&answer=188131 for
Jul 29 04:48:12 slim1 courieresmtp:
id=00050D02.53D72785.00010128,from=<blaine@SENDERDOM>,addr=<getimmunocal...@gmail.com>:
550 5.7.1 more information. rb5si8718177pbc.13 - gsmtp
Jul 29 04:48:12 slim1 courieresmtp:
id=00050D02.53D72785.00010128,from=<blaine@SENDERDOM>,addr=<abuelo...@gmail.com>:
550 5.7.1 more information. rb5si8718177pbc.13 - gsmtp
Jul 29 04:48:12 slim1 courieresmtp:
id=00050D02.53D72785.00010128,from=<blaine@SENDERDOM>,addr=<getimmunocal...@gmail.com>,status:
failure
Jul 29 04:48:12 slim1 courieresmtp:
id=00050D02.53D72785.00010128,from=<blaine@SENDERDOM>,addr=<abuelo...@gmail.com>,status:
failure
Jul 29 04:48:12 slim1 courieresmtp:
id=00050D02.53D72785.00010128,from=<blaine@SENDERDOM>,addr=<c.g...@web.de>: 550
Requested action not taken: mailbox unavailable
Jul 29 04:48:12 slim1 courieresmtp:
id=00050D02.53D72785.00010128,from=<blaine@SENDERDOM>,addr=<c.g...@web.de>,status:
failure
Jul 29 04:48:17 slim1 courieresmtp:
id=00050D02.53D72785.00010128,from=<blaine@SENDERDOM>,addr=<m...@mrmjc.wanadoo.co.uk>:
550 5.2.0 Mail rejete. Mail rejected. ouk_506 [506]
Jul 29 04:48:17 slim1 courieresmtp:
id=00050D02.53D72785.00010128,from=<blaine@SENDERDOM>,addr=<m...@mrmjc.wanadoo.co.uk>,status:
failure
Jul 29 04:48:17 slim1 courierd: completed,id=00050D02.53D72785.00010128
Jul 29 04:48:17 slim1 courierd:
started,id=00050D02.53D72785.00010128,from=<>,module=dsn,host=,addr=<blaine@SENDERDOM>
Jul 29 04:48:17 slim1 courierd: completed,id=00050D02.53D72785.00010128
------------------------------------------------------------------------------
Infragistics Professional
Build stunning WinForms apps today!
Reboot your WinForms applications with our WinForms controls.
Build a bridge from your legacy apps to the future.
http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users