I agree about Fail2Ban. That's your ultimate goal, but for me, getting the other users of the mail server back online is first... (Assuming you can w/o using Fail2ban)
I've found once attacks like this get effectively blocked, they go away, unless as South says, they pissed someone off and are a specific target... Michael J. Colvin NorCal Internet Services www.norcalisp.com > -----Original Message----- > From: South Computers [mailto:[email protected]] > Sent: Tuesday, March 01, 2011 7:07 PM > To: [email protected] > Subject: Re: [qmailtoaster] SMTP attack > > Sounds like they may have gotten hit with a virus or pissed someone off. > I would block the domain from relaying & inform the customer, possibly > make them change their email account passwords if it's not a large > organization. Ask them to relay through their provider if possible for > the time being. Fail2ban would be the best solution for the time being > as previously mentioned. > > Sergio M wrote: > > Michael Colvin escribió: > >> Are all of the username portions of the e-mail addresses legitimate > >> e-mails? > >> IE, it looks like you cleansed the domain portion, but, in the log, > >> are the > >> all, or most, of the e-mails legitimate? > >> > >> I've seen this with random attempts at guessing e-mails and > >> passwords, but > >> not with all legit e-mails. > >> > >> If they are all legit, is the domain yours? Or is it theirs? (IE do > >> you > >> host it as an ISP, or is this the only domain and you control it?) > >> > >> > >> Michael J. Colvin > >> NorCal Internet Services > >> www.norcalisp.com > >> > > Hi Michael, > > they are all legitimate email addresses, for one domain only though. > > We host it as an ISP. > > Thanks! > > > > ------------------------------------------------------------------------ > --------- > > > > Qmailtoaster is sponsored by Vickers Consulting Group > > (www.vickersconsulting.com) > > Vickers Consulting Group offers Qmailtoaster support and > > installations. > > If you need professional help with your setup, contact them today! > > ------------------------------------------------------------------------ > --------- > > > > Please visit qmailtoaster.com for the latest news, updates, and > > packages. > > To unsubscribe, e-mail: > > [email protected] > > For additional commands, e-mail: > > [email protected] > > > > > > > > > > > -------------------------------------------------------------------------- > ------- > Qmailtoaster is sponsored by Vickers Consulting Group > (www.vickersconsulting.com) > Vickers Consulting Group offers Qmailtoaster support and > installations. > If you need professional help with your setup, contact them today! > -------------------------------------------------------------------------- > ------- > Please visit qmailtoaster.com for the latest news, updates, and > packages. > > To unsubscribe, e-mail: qmailtoaster-list- > [email protected] > For additional commands, e-mail: qmailtoaster-list- > [email protected] > --------------------------------------------------------------------------------- Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! --------------------------------------------------------------------------------- Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
