It looks like this happened by the attacker sending emails to an account on my mailserver such as [EMAIL PROTECTED], those emails will be from the likes of [EMAIL PROTECTED], so my IMGATE goes and checks if this email exists on hotmail before it accepts it. Multiply this by 100k emails, and hotmail blocks me for a dictionary attack.
How do I prevent this? I don't have SAV or RAV enabled. Thanks, -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Omar K. Sent: Sunday, April 08, 2007 9:35 AM To: [email protected] Subject: [IMGate] Being used to do harvest hotmail accounts? I got an email from hotmail.com saying that my IMGATE machine is being used to harvest hotmail account, I looked at my queue file and found a ton of these entries: 7B9E23EB5E* 5650 Sat Apr 7 04:58:52 MAILER-DAEMON [EMAIL PROTECTED] 7FE143EB1B* 5643 Sat Apr 7 04:58:53 MAILER-DAEMON [EMAIL PROTECTED] 7A86A54247* 5655 Sat Apr 7 05:14:50 MAILER-DAEMON [EMAIL PROTECTED] 7D7F554249* 5660 Sat Apr 7 05:14:50 MAILER-DAEMON [EMAIL PROTECTED] I am pretty sure my machine isnt an open relay, how could someone have done that? Here are smtpd restrictions in main.cf: smtpd_recipient_restrictions = reject_invalid_hostname, reject_unlisted_recipient, reject_unauth_pipelining, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, permit_mynetworks, reject_non_fqdn_hostname, hash:/etc/postfix/to_recipients_bw.map, reject_unauth_destination, check_helo_access hash:/etc/postfix/helo_hostnames.map, check_client_access hash:/etc/postfix/mta_clients_bw.map, check_sender_access regexp:/etc/postfix/from_senders.regexp, check_sender_access hash:/etc/postfix/from_senders_bw.map, check_sender_access hash:/etc/postfix/from_senders_mybogus.map, reject_rbl_client dul.dnsbl.sorbs.net, reject_rbl_client pbl.spamhaus.org, reject_rhsbl_sender dynamic.rhs.mailpolice.com, reject_rhsbl_client dynamic.rhs.mailpolice.com, reject_rbl_client dynamic.dnsbl.rangers.eu.org, permit
