[courier-users] question about old version... 0.43.2 or 0.44.2

[Mitch (BitBlock)]

I have some older servers - we are in the process of upgrading, but I just had 
a wave of what I believe were spam which were being relayed by using our 
servers. The messages were presented as dsn (I see the module dsn) - is there a 
way to mitigate this kind of attack until I can finish the migration?

I reset the users password, which didn't help - the only thing that seemed to 
mitigate the emails was actually modifying the users email address. When I did 
that, the email flow stopped.

The fact that I saw module=dsn and that the password reset had no effect lead 
me to believe they are using a loophole in the server or that I've somehow 
misconfigured it.

Any suggestions for limiting the impact of this attack while I finish my 
upgrades would be greatly appreciated.

Thank you,

Mitch

Jul 29 04:48:11 slim1 courierd: newmsg,id=00050D02.53D72785.00010128: dns; 
[192.168.1.10] ([113.167.164.185])
Jul 29 04:48:11 slim1 courierd: 
started,id=00050D02.53D72785.00010128,from=<blaine@SENDERDOM>,module=esmtp,host=gmail.com,addr=<getimmunocal...@gmail.com>
Jul 29 04:48:11 slim1 courierd: 
started,id=00050D02.53D72785.00010128,from=<blaine@SENDERDOM>,module=esmtp,host=gmail.com,addr=<abuelo...@gmail.com>
Jul 29 04:48:11 slim1 courierd: 
started,id=00050D02.53D72785.00010128,from=<blaine@SENDERDOM>,module=esmtp,host=route66isp.com,addr=<s_palmer...@route66isp.com>
Jul 29 04:48:11 slim1 courierd: 
started,id=00050D02.53D72785.00010128,from=<blaine@SENDERDOM>,module=esmtp,host=web.de,addr=<c.g...@web.de>
Jul 29 04:48:11 slim1 courierd: 
started,id=00050D02.53D72785.00010128,from=<blaine@SENDERDOM>,module=esmtp,host=mrmjc.wanadoo.co.uk,addr=<m...@mrmjc.wanadoo.co.uk>
Jul 29 04:48:11 slim1 courieresmtp: 
id=00050D02.53D72785.00010128,from=<blaine@SENDERDOM>,addr=<s_palmer...@route66isp.com>:
 No such domain.
Jul 29 04:48:11 slim1 courieresmtp: 
id=00050D02.53D72785.00010128,from=<blaine@SENDERDOM>,addr=<s_palmer...@route66isp.com>,status:
 failure
Jul 29 04:48:12 slim1 courieresmtp: 
id=00050D02.53D72785.00010128,from=<blaine@SENDERDOM>,addr=<getimmunocal...@gmail.com>:
 550-5.7.1 [SERVERIP      12] Our system has detected that this message is
Jul 29 04:48:12 slim1 courieresmtp: 
id=00050D02.53D72785.00010128,from=<blaine@SENDERDOM>,addr=<abuelo...@gmail.com>:
 550-5.7.1 [SERVERIP      12] Our system has detected that this message is
Jul 29 04:48:12 slim1 courieresmtp: 
id=00050D02.53D72785.00010128,from=<blaine@SENDERDOM>,addr=<getimmunocal...@gmail.com>:
 550-5.7.1 likely unsolicited mail. To reduce the amount of spam sent to Gmail,
Jul 29 04:48:12 slim1 courieresmtp: 
id=00050D02.53D72785.00010128,from=<blaine@SENDERDOM>,addr=<abuelo...@gmail.com>:
 550-5.7.1 likely unsolicited mail. To reduce the amount of spam sent to Gmail,
Jul 29 04:48:12 slim1 courieresmtp: 
id=00050D02.53D72785.00010128,from=<blaine@SENDERDOM>,addr=<getimmunocal...@gmail.com>:
 550-5.7.1 this message has been blocked. Please visit
Jul 29 04:48:12 slim1 courieresmtp: 
id=00050D02.53D72785.00010128,from=<blaine@SENDERDOM>,addr=<abuelo...@gmail.com>:
 550-5.7.1 this message has been blocked. Please visit
Jul 29 04:48:12 slim1 courieresmtp: 
id=00050D02.53D72785.00010128,from=<blaine@SENDERDOM>,addr=<getimmunocal...@gmail.com>:
 550-5.7.1 http://support.google.com/mail/bin/answer.py?hl=en&answer=188131 for
Jul 29 04:48:12 slim1 courieresmtp: 
id=00050D02.53D72785.00010128,from=<blaine@SENDERDOM>,addr=<abuelo...@gmail.com>:
 550-5.7.1 http://support.google.com/mail/bin/answer.py?hl=en&answer=188131 for
Jul 29 04:48:12 slim1 courieresmtp: 
id=00050D02.53D72785.00010128,from=<blaine@SENDERDOM>,addr=<getimmunocal...@gmail.com>:
 550 5.7.1 more information. rb5si8718177pbc.13 - gsmtp
Jul 29 04:48:12 slim1 courieresmtp: 
id=00050D02.53D72785.00010128,from=<blaine@SENDERDOM>,addr=<abuelo...@gmail.com>:
 550 5.7.1 more information. rb5si8718177pbc.13 - gsmtp
Jul 29 04:48:12 slim1 courieresmtp: 
id=00050D02.53D72785.00010128,from=<blaine@SENDERDOM>,addr=<getimmunocal...@gmail.com>,status:
 failure
Jul 29 04:48:12 slim1 courieresmtp: 
id=00050D02.53D72785.00010128,from=<blaine@SENDERDOM>,addr=<abuelo...@gmail.com>,status:
 failure
Jul 29 04:48:12 slim1 courieresmtp: 
id=00050D02.53D72785.00010128,from=<blaine@SENDERDOM>,addr=<c.g...@web.de>: 550 
Requested action not taken: mailbox unavailable
Jul 29 04:48:12 slim1 courieresmtp: 
id=00050D02.53D72785.00010128,from=<blaine@SENDERDOM>,addr=<c.g...@web.de>,status:
 failure
Jul 29 04:48:17 slim1 courieresmtp: 
id=00050D02.53D72785.00010128,from=<blaine@SENDERDOM>,addr=<m...@mrmjc.wanadoo.co.uk>:
 550 5.2.0 Mail rejete. Mail rejected. ouk_506 [506]
Jul 29 04:48:17 slim1 courieresmtp: 
id=00050D02.53D72785.00010128,from=<blaine@SENDERDOM>,addr=<m...@mrmjc.wanadoo.co.uk>,status:
 failure
Jul 29 04:48:17 slim1 courierd: completed,id=00050D02.53D72785.00010128
Jul 29 04:48:17 slim1 courierd: 
started,id=00050D02.53D72785.00010128,from=<>,module=dsn,host=,addr=<blaine@SENDERDOM>
Jul 29 04:48:17 slim1 courierd: completed,id=00050D02.53D72785.00010128


------------------------------------------------------------------------------
Infragistics Professional
Build stunning WinForms apps today!
Reboot your WinForms applications with our WinForms controls. 
Build a bridge from your legacy apps to the future.
http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users