I think I'd block that ip (206.228.154.18) on my firewall. If someone else has a better ideal, I'm all ears.
On 4/10/2015 7:47 PM, Richard Baxant wrote: > Hi Eric, > > Sorry it is the following that i'm monitoring: > > tail -f /var/log/qmail/smtp/current | tai64nlocal > > I've used mxtoolbox to do that check and still have green check marks > > I will give those a try. > > Is there anything else I should be looking for? > > TIA > Richard > > > On Fri, Apr 10, 2015 at 9:21 PM, Eric Broch <[email protected] > <mailto:[email protected]>> wrote: > > Hi Richard, > > Yes, I've had this happen before. It really is quite a drag. You > might want to check if your domain is blacklisted also, here > <http://mxtoolbox.com/blacklists.aspx>. > > What is the log file you're looking at? I'm fairly sure it's not > /var/log/qmail/current, maybe /var/log/qmail/send/current? > > You might want to check your queue to see if there are any > residual messages in it. Use 'qmHandle -l' or 'qmailctl queue' and > delete those that come from the dummy account. > > EricB > > > > > On 4/10/2015 7:11 PM, Richard Baxant wrote: >> Hello, >> >> I had a dummy email with a rather simple password. I've since >> deleted that account however it sent out 70,000+ spam emails in a >> 24 hour period according to my service provider. >> >> Running the following: >> >> tail -f /var/log/qmail/current | tai64nlocal >> >> I get the following output every 2 minutes: >> >> 2015-04-10 20:43:57.710673500 tcpserver: end 9843 status 0 >> 2015-04-10 20:43:57.710675500 tcpserver: status: 0/100 >> 2015-04-10 20:43:57.737495500 tcpserver: status: 1/100 >> 2015-04-10 20:43:57.737497500 tcpserver: pid 9849 from 206.228.154.18 >> 2015-04-10 20:43:57.737498500 tcpserver: ok 9849 >> mail.mailserver.ca:192.168.1.151:25 :206.228.154.18::12377 >> 2015-04-10 20:45:56.131885500 CHKUSER accepted sender: from <::> >> remote <steelport2-out.isp_domain.com:unknown:206.228.154.18> >> rcpt <> : accepted null sender always >> 2015-04-10 20:45:56.162199500 CHKUSER rejected rcpt: from <::> >> remote <steelport2-out.isp_domain.com:unknown:206.228.154.18> >> rcpt <panarcadian@tld_domain.com >> <mailto:panarcadian@tld_domain.com>> : not existing recipient >> 2015-04-10 20:45:57.191969500 CHKUSER accepted sender: from <::> >> remote <steelport2-out.isp_domain.com:unknown:206.228.154.18> >> rcpt <> : accepted null sender always >> 2015-04-10 20:45:57.220769500 CHKUSER rejected rcpt: from <::> >> remote <steelport2-out.isp_domain.com:unknown:206.228.154.18> >> rcpt <panarcadian@tld_domain.com >> <mailto:panarcadian@tld_domain.com>> : not existing recipient >> 2015-04-10 20:45:58.554122500 CHKUSER accepted sender: from <::> >> remote <steelport2-out.isp_domain.com:unknown:206.228.154.18> >> rcpt <> : accepted null sender always >> 2015-04-10 20:45:58.585896500 CHKUSER rejected rcpt: from <::> >> remote <steelport2-out.isp_domain.com:unknown:206.228.154.18> >> rcpt <panarcadian@tld_domain.com >> <mailto:panarcadian@tld_domain.com>> : not existing recipient >> 2015-04-10 20:46:00.227320500 CHKUSER accepted sender: from <::> >> remote <steelport2-out.isp_domain.com:unknown:206.228.154.18> >> rcpt <> : accepted null sender always >> 2015-04-10 20:46:00.255546500 CHKUSER rejected rcpt: from <::> >> remote <steelport2-out.isp_domain.com:unknown:206.228.154.18> >> rcpt <panarcadian@tld_domain.com >> <mailto:panarcadian@tld_domain.com>> : not existing recipient >> 2015-04-10 20:46:02.199074500 CHKUSER accepted sender: from <::> >> remote <steelport2-out.isp_domain.com:unknown:206.228.154.18> >> rcpt <> : accepted null sender always >> 2015-04-10 20:46:02.229860500 CHKUSER rejected rcpt: from <::> >> remote <steelport2-out.isp_domain.com:unknown:206.228.154.18> >> rcpt <panarcadian@tld_domain.com >> <mailto:panarcadian@tld_domain.com>> : not existing recipient >> 2015-04-10 20:46:04.489161500 CHKUSER accepted sender: from <::> >> remote <steelport2-out.isp_domain.com:unknown:206.228.154.18> >> rcpt <> : accepted null sender always >> 2015-04-10 20:46:04.521678500 CHKUSER rejected rcpt: from <::> >> remote <steelport2-out.isp_domain.com:unknown:206.228.154.18> >> rcpt <panarcadian@tld_domain.com >> <mailto:panarcadian@tld_domain.com>> : not existing recipient >> 2015-04-10 20:46:07.051435500 CHKUSER accepted sender: from <::> >> remote <steelport2-out.isp_domain.com:unknown:206.228.154.18> >> rcpt <> : accepted null sender always >> 2015-04-10 20:46:07.096971500 CHKUSER rejected rcpt: from <::> >> remote <steelport2-out.isp_domain.com:unknown:206.228.154.18> >> rcpt <panarcadian@tld_domain.com >> <mailto:panarcadian@tld_domain.com>> : not existing recipient >> 2015-04-10 20:46:09.926907500 CHKUSER accepted sender: from <::> >> remote <steelport2-out.isp_domain.com:unknown:206.228.154.18> >> rcpt <> : accepted null sender always >> 2015-04-10 20:46:09.957904500 CHKUSER rejected rcpt: from <::> >> remote <steelport2-out.isp_domain.com:unknown:206.228.154.18> >> rcpt <panarcadian@tld_domain.com >> <mailto:panarcadian@tld_domain.com>> : not existing recipient >> 2015-04-10 20:46:13.086119500 CHKUSER accepted sender: from <::> >> remote <steelport2-out.isp_domain.com:unknown:206.228.154.18> >> rcpt <> : accepted null sender always >> 2015-04-10 20:46:13.115577500 CHKUSER rejected rcpt: from <::> >> remote <steelport2-out.isp_domain.com:unknown:206.228.154.18> >> rcpt <panarcadian@tld_domain.com >> <mailto:panarcadian@tld_domain.com>> : not existing recipient >> 2015-04-10 20:46:16.544113500 CHKUSER accepted sender: from <::> >> remote <steelport2-out.isp_domain.com:unknown:206.228.154.18> >> rcpt <> : accepted null sender always >> 2015-04-10 20:46:16.586794500 CHKUSER rejected rcpt: from <::> >> remote <steelport2-out.isp_domain.com:unknown:206.228.154.18> >> rcpt <panarcadian@tld_domain.com >> <mailto:panarcadian@tld_domain.com>> : not existing recipient >> 2015-04-10 20:46:20.287366500 CHKUSER intrusion threshold: from >> <::> remote >> <steelport2-out.isp_domain.com:unknown:206.228.154.18> rcpt >> <panarcadian@tld_domain.com <mailto:panarcadian@tld_domain.com>> >> : max number of allowed invalid rcpt >> >> >> Any idea what is happening? Are these bounces? > >
