It looks like this happened by the attacker sending emails to an account on
my mailserver such as [EMAIL PROTECTED], those emails will be from the likes
of [EMAIL PROTECTED], so my IMGATE goes and checks if this email exists on
hotmail before it accepts it. Multiply this by 100k emails, and hotmail
blocks me for a dictionary attack.
How do I prevent this? I don't have SAV or RAV enabled.
Thanks,
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Omar K.
Sent: Sunday, April 08, 2007 9:35 AM
To: IMGate@mgw2.MEIway.com
Subject: [IMGate] Being used to do harvest hotmail accounts?
I got an email from hotmail.com saying that my IMGATE machine is being used
to harvest hotmail account, I looked at my queue file and found a ton of
these entries:
7B9E23EB5E*5650 Sat Apr 7 04:58:52 MAILER-DAEMON
[EMAIL PROTECTED]
7FE143EB1B*5643 Sat Apr 7 04:58:53 MAILER-DAEMON
[EMAIL PROTECTED]
7A86A54247*5655 Sat Apr 7 05:14:50 MAILER-DAEMON
[EMAIL PROTECTED]
7D7F554249*5660 Sat Apr 7 05:14:50 MAILER-DAEMON
[EMAIL PROTECTED]
I am pretty sure my machine isnt an open relay, how could someone have done
that?
Here are smtpd restrictions in main.cf:
smtpd_recipient_restrictions =
reject_invalid_hostname,
reject_unlisted_recipient,
reject_unauth_pipelining,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
permit_mynetworks,
reject_non_fqdn_hostname,
hash:/etc/postfix/to_recipients_bw.map,
reject_unauth_destination,
check_helo_access hash:/etc/postfix/helo_hostnames.map,
check_client_access hash:/etc/postfix/mta_clients_bw.map,
check_sender_access regexp:/etc/postfix/from_senders.regexp,
check_sender_access hash:/etc/postfix/from_senders_bw.map,
check_sender_access hash:/etc/postfix/from_senders_mybogus.map,
reject_rbl_client dul.dnsbl.sorbs.net,
reject_rbl_client pbl.spamhaus.org,
reject_rhsbl_sender dynamic.rhs.mailpolice.com,
reject_rhsbl_client dynamic.rhs.mailpolice.com,
reject_rbl_client dynamic.dnsbl.rangers.eu.org,
permit
