I want to thank everyone who responded so
quickly to my post! Following the advice of several of you I was able to
get a small logfile (seconds after I restarted the logging) and found that I’m
being hammered by a dictionary attack coming from 89.138.31.75. I’m
looking to block the IP add
1. You are probably experiencing Dictionary
attacks which could account for sudden jump in log files.
2. Your server may be hijacked and is
relaying spam.
3. Possible that one or more computers
(man would I like to say users, he he) is infected with a virus and is sending
out large amount
Under your domain name (based on your email), I
performed several tests to make sure you are not an open relay, and it seems you
aren't .
with that said, only thing I can think of is that you are
suffering a huge dictionary attack and that infor is -of course-
being logged.
Probably "Ve
If you have it set up for the "log server", it is in fact a syslog
server and you might have another app that is sending packets to it.
If you can't open the logs, then delete the current day's log and then
open it after it starts to grow again. It is likely that the data
being recorded will
Yes, happened a month or so ago, for several
days. I think during a particularly heavy dictionary attack.
Spammers don't make sense, attacking a server so hard as to effectively crash
it. They're cutting their own throats.
G.Z.
- Original Message -
From: Wolf Tombe
To: dec
Title: Message
1.
Check your logging level. Make sure it is not at a debug
level.
M
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Wolf
TombeSent: Wednesday, September 20, 2006 4:35 PMTo:
declude.junkmail@declude.comSubject: [Declude.J
I apologize if this is OT; but this is the best support
group I know of for emergency situations, and I have one. Starting one
week ago today (slept 13th), my iMail Sysxxx.txt log files began to grow
out of control. Files, that for several years have averaged around 4Mb in
size, suddenly
I also use baretailpro from baremetalsoft.com to look at log files.
When the server is getting "peaky" its excellent for looking at logs "on the
fly" because you can tell it to highlight certain keyword.
They do a couple of versions. A free version and a pro version.
The free version is okay but
Yeah I have the DLAnalyser on two mail servers and its also a decent
product.
It automatically emails me a nice html report each day showing all spam and
virus activity for the previous day.
Nice one Darrell.
Kindest Regards
Craig Edmonds
123 Marbella Internet
W: www.123marbella.com
E : [EMAIL P
Try here: http://www.invariantsystems.com/
Karl Hentschel wrote:
Up until upgrading from Declude 2.06 to 3.11 I had been using delog 1.08b
from imagefxonline for analyzing my junkmail log files. After the upgrade it
no longer works. Delog was a simple tool that emailed me daily and gave
statisti
Karl,
I would recommend DLAnalyzer - (since its our product). It can process both
virus and junkmail logs, process multiple days, process multiple servers,
email capability, as well as providing all types of reports. It is
compatible with past and current versions of Declude.
Here is a li
It is a little tricky from the standpoint that it does not automatically
block the IPs and Blackice does not document how to enable this feature. I
actually got it working some years ago when I found a guy who had written
their software manual. He and I corresponded and he helped me get it
figure
I've been using my own, written in VB.net . Quick and dirty, but it gets
the job done.
Been thinking of porting it to run under a web page and selling it for
cheap if there was an interest.
Karl Drugge
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Be
I just bought it and installed it one of my mail servers and its pretty
good.
Worth 300 bucks.
Easy install easy to configure.
Kindest Regards
Craig Edmonds
123 Marbella Internet
W: www.123marbella.com
E : [EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PRO
Up until upgrading from Declude 2.06 to 3.11 I had been using delog 1.08b
from imagefxonline for analyzing my junkmail log files. After the upgrade it
no longer works. Delog was a simple tool that emailed me daily and gave
statistics for all the tests. From this I could determine which were the
mos
How tricky is it to configure this? Current price I find is $300.
G.Z.
- Original Message -
From: "Dave Beckstrom" <[EMAIL PROTECTED]>
To:
Sent: Wednesday, September 20, 2006 1:08 PM
Subject: RE: [Declude.JunkMail] Spam Spike
I run Blackice Server on the mail server. It drops the c
These harvesting attacks need to be blocked at the smtp level, do not
continue to let your server deplete it's resources on this bogus mail. If
your server doesn't support SMTP blocking, a user on the list recently
mentioned that he runs Black Ice Servertry that.
chris
-Original M
A large spike hit here Monday. Spool processing lagged about 1.5 hours,
then got worse late in the night to over 9,000 files in spool and a 5-hr
delay. Had to stop SMTP and clear the spool.
I've noticed numerous D/T pairs that appear in \spool and hang there for a
long time (10-15 mins), locked
I run Blackice Server on the mail server. It drops the connecting IP if we
receive more than a user specified number of attempts for non-existent email
addresses within a user specified time limit. It then blocks that IP for a
user specified amount of time before removing the block.
It prevents
You can follow the link in the text that the SpamCop RBL returns, and
then follow a link there for further information:
http://www.spamcop.net/w3m?action=blcheck&ip=216.9.248.51
Which shows that this Blackberry server is listed again and will be for
the next 16 hours. It also shows the recent hi
John and Darrel. Thank you for your answers. I will be extremely careful
then with Spamcop, the revdns is a very good suggestion.
Regards
Luis
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
> Behalf Of Darrell ([EMAIL PROTECTED])
> Sent: Miércoles, 20 de Sep
Hi Everyone -
First of all, I am running iMail 8.22 on a Windows 2000 server, with Declude
4.09 and invURIBL 2.7. I have a new server on order and will be upgrading
to Windows 2003 Server, iMail 2006, and Declude 4.xx in about a month.
In the meantime (and probably very much unrelated to the abo
Darrel,
Because, we now have control of the SMTP we are able to do things like drop
the connection on bad IP' instead of processing the entire email. We have a
feature called block list which essentially tracks the weights of emails
from an IP and then adds them to a block list this helps reduce a
Yes, servers can be removed from Spamcop pretty quick depending on various
factors. FWIW IMO Spamcop tends to list known legit mailservers fairly
often (gmail, aol, earthlink, etc). I use it, but I also counter weight
revdns for some of those big providers mailservers to counter spamcop hits.
Yes, an IP could be delisted within a few hours.
John T
eServices For You
"Seek, and ye shall find!"
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Panda
> Consulting S.A. Luis Alberto Arango
> Sent: Tuesday, September 19, 2006 8:20 PM
> To: declude
25 matches
Mail list logo