On 2/20/2014 7:57 AM, Angus McIntyre wrote:
cj yother wrote:
Is anyone else experiencing a rise in attempted account access over the
past 24 hours?
Over the past week or so, I've seen very large numbers of
password-guessing attempts: other hosts trying to authenticate against
SMTP. They seem to try 'admin@', 'info@', 'support@', 'webmaster@' and, in
some cases, 'name-of-domain@name-of-domain'.
...
Angus
I have also seen a dramatic rise in redirected bounce failure messages
(with SPAM or virus-infected attachments).
These are the messages with the "reply to" set to one of my client's
email accounts, but addressed somewhere that successfully blocks it.
Since I host for so many domains, it's not uncommon for me to get a
handful per day -- but lately, I've been getting 10x to 20x the normal flow.
The good news is that in most cases, it's SPAM blocking that's rejecting
the message back to me (well, my server -- as the reply-to). so at least
we're catching the SPAM. And I've now trained my Thunderbird to catch
most of them as JUNK anyways, so it's less annoying now than back in
January.
Angus -- would you mind sharing with the group how you implemented the
fail2ban on your system. It should probably go into the WIKI (if its not
already there -- too lazy to check just now).
Along with the idea of not allowing SMTP Auth on port 25, I think we're
making some significant strides in "battening down" the stock QMT
installations.
Dan
IT4SOHO
--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806
CALL TOLL FREE:
877-IT4SOHO
877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax
We have support plans for QMail!
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]