We are a SERVICE Provider, so we
want to provide a good service to our customers. After the first issue
from them, they cleaned up all Maschines, but the proplem reappered
two wekks later.
Maybe it is some mobile device which gets attached to their network.
So Yes, I shut down their service weeks ago. They told me, they
corrected the problem, I reactivated the account and after two weeks
it happend again... Unfortunatly they can't send from their DUP
Provider, as they force them to use the providers free eMail
Adress.
The main Problem is that this spammings normaly happens during night time. So
I am looking for a method to prevent them (and other customers) to
start this again. When we detect it (kiwi-Syslog sends alarm), it is normally
to late and our queue is filled with bounces which has to be removed manually.
To mitigate this problem, I made a small script wich monitors the queue
size and send alarm messages, if the queue grows unusual.
As the from adress is faked to, we got masses of bounces. - And the sender has
no
idea what he did...
So do you have any Idea how to force users to a special "from:"
domain? Technical, not idiological...
With best regards
Matti Haack
>>I have some problem with the way IMAL (8.x) handles SMTP-Auth email. A
>>customer from us seems to have a compromised host, which sends Spam
>>evry two weeks or so trough their local gateway
> tell them that you will not relay outbound mail that has been
> submitted to their system without SMTP AUTH.
> Since they are spamming you from a trusted IP, you show them your
> logs and shut them off until they fix their system. In the meantime,
> their own gateway can send directly to Internet and shift the problem
> onto them.
>> - which is relayed over our IMAIL Server.
>>
>>Their Mail server requires no authentification for their local hosts
>>to send mail
> I'd be surprised if a mail-bot/trojan in a compromised machine is
> doing SMTP AUTH to submit spam to their mail server. Their mail
> server is more likely doing relay for addresses.
> Len
> To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
> List Archive:
> http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
> Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
-
Matti Haack - Hit Haack IT Service Gmbh
Poltlbauer Weg 4, D-94036 Passau
+49 851 50477-22 Fax: +49 851 50477-29
http://www.haack-it.de
Dieses Dokument ist ausschliesslich fuer den Adressaten bestimmt.
Jegliche Art von Reproduktion, Verbreitung, Vervielfaeltigung, Modifikation,
Verteilung und/oder Publikation dieser E-Mail-Nachricht ist untersagt,
soweit dies nicht ausdruecklich genehmigt wurde. Jegliche Haftung fur
Ansprueche, die aufgrund der Kommunikation per E-Mail begruendet
werden koennten, ist ausgeschlossen, soweit der Haftungsausschluss
gesetzlich zulaessig ist.
-- Ausgehende E-Mail wurde auf Viren gescannt --
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
