W dniu 31.08.2009 05:32, Hajid pisze:
My domain panentour.com
* From: * Vidyadhar [mailto:vidyadha...@gmail.com]
*Sent:* Monday, August 31, 2009 10:23 AM
*To:* qmailtoaster-list@qmailtoaster.com
*Subject:* Re: [qmailtoaster] qmail machine being spammer help...
What is your domain name?
Sent
Remove RoundCube, use squirrelmail. Check your http log, you probably find
successful attack on RC (POST method).
For example:
POST /roundcube/bin/html2text.php HTTP/1.0
I got this log from apache.
143.127.102.144 - - [27/Jul/2009:02:23:55 +0700] POST
http://143.127.103.23:25/ HTTP/1.0 302 - -
W dniu 31.08.2009 10:35, Hajid pisze:
I got this log from apache.
143.127.102.144 - - [27/Jul/2009:02:23:55 +0700] POST
http://143.127.103.23:25/ HTTP/1.0 302 - - -
195.4.92.4 - - [14/Aug/2009:01:00:44 +0700] CONNECT mtrap.freenet.de:25
HTTP/1.0 302 - - -
195.4.92.4 - - [14/Aug/2009:01:00:45
Dear hajid,
Actually this is not a proper mail header, So kindly paste proper
header of this mail,
This is happening due to simple and guessable password of email Id's of
users.
Regards,
Ganesh
On Mon, Aug 31, 2009 at 6:23 AM, Hajid ha...@masolusi.com wrote:
Hello all please help
Hello friends,
Just let you know.
My previous email about using Fail2ban with qmail and vpopmail, more
specific to ban email adr. Harvesting / hammering pop3 , seems to be
working.
Cheers!
B/R
Ole J
Message from Fail2ban:
[Fail2Ban] pop3: banned 72.3.226.134
Hi,
The IP
Hello
ok that's typical attack :)
even if you have proxy disabled it happends
What you can do to block this quickly , simply use apache mod_security
and block CONNECT
something like this :
#Proxy CONNECT Request
SecFilterSelective THE_REQUEST ^CONNECT
Hajid wrote:
Remove RoundCube, use
Is this a vulnerability that needs to be addressed in the stock toaster,
or is it only due to roundcube?
Philip wrote:
Hello
ok that's typical attack :)
even if you have proxy disabled it happends
What you can do to block this quickly , simply use apache mod_security
and block CONNECT
Hello
it is due to apache
got nothing to do with toaster
Eric Shubert wrote:
Is this a vulnerability that needs to be addressed in the stock
toaster, or is it only due to roundcube?
Philip wrote:
Hello
ok that's typical attack :)
even if you have proxy disabled it happends
What you can do
Maybe nothing to do with email, but since various toaster packages use
apache, I would think that there's a relationship.
Philip wrote:
Hello
it is due to apache
got nothing to do with toaster
Eric Shubert wrote:
Is this a vulnerability that needs to be addressed in the stock
toaster, or is
Eric Shubert wrote:
Is this a vulnerability that needs to be addressed in the stock
toaster, or is it only due to roundcube?
From the last half-dozen or so servers I've fixed from issues just like
this, the vulnerability has been because of Roundcube (1 was because of
other custom-written
Thanks Jake. So is this simply an apache configuration issue? Is there
an easy way it can be 'fixed' in a toaster package configuration?
Jake Vickers wrote:
Eric Shubert wrote:
Is this a vulnerability that needs to be addressed in the stock
toaster, or is it only due to roundcube?
From
Eric Shubert wrote:
Thanks Jake. So is this simply an apache configuration issue? Is there
an easy way it can be 'fixed' in a toaster package configuration?
It's actually an issue with the programming of the application (talking
about Roundcube here). There are a couple different Apache
Ole,
I set mine up the way you suggested and had one attempt today also. It
ended on the 4th try, but I didn't receive my notification. Everything
appears to be working correctly except the notification.
CJ
Ole N.Johansen wrote:
Hello friends,
Just let you know.
My previous email about
It notified me, perhaps you typed in wrong email adress/typo error?
Perhaps i could send you the config files as attachments since my post
here screwed the format of the config files content abit.
Ole,
I set mine up the way you suggested and had one attempt today also. It
ended on the 4th
Ole,
That would be great. You can just send it directly to me if you like.
c...@yother.com
I did compare the syntax to the other jail entries and it looked
correct. I'll check it again.
CJ
ole.johan...@cryonix.no wrote:
It notified me, perhaps you typed in wrong email adress/typo error?
Hello list, I need to add a domain in QMT, bearing the letter Ñ, is
possible?
Hola lista, necesito agregar un dominio en qmt, que lleva la letra Ñ , es
posible ??
Hello
we had a lot of those attacks on our web hosting servers in the past
and it has only to do with apache . It is a known and old exploit,
a spam relay is using Apache to forward data to an open mail relay.
We check those at router level but the mod_security works fine for a
single machine
Ariel wrote:
Hello list, I need to add a domain in QMT, bearing the letter Ñ, is
possible?
Hola lista, necesito agregar un dominio en qmt, que lleva la letra Ñ ,
es posible ??
I do not think this is possible, since the extended character set it not
support by ARIN/DNS (someone correct me
W dniu 31.08.2009 22:15, Ariel pisze:
Hello list, I need to add a domain in QMT, bearing the letter Ñ, is
possible?
Hola lista, necesito agregar un dominio en qmt, que lleva la letra Ñ ,
es posible ??
http://en.wikipedia.org/wiki/Internationalized_domain_name
--
Pozdrawiam / Regards,
On Aug 31, 2009, at 1:24 PM, Jake Vickers wrote:
I do not think this is possible, since the extended character set it
not support by ARIN/DNS (someone correct me if I am wrong). There
would be no point in allowing a character if DNS will not allow it
anyway - nothing wou
How to see proper header of email? I just use qmhandle -m option for it.
hajid
_
From: Ganesh.payelkar [mailto:ganesh.payel...@gmail.com]
Sent: Monday, August 31, 2009 7:07 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] need help qmail do spam bot
21 matches
Mail list logo