Stefano Bagnara schrieb:
WHy did you deleted the list of non-local addresses from the log?
Maybe its content is useful.
I assume that at least some of the addresses are real, so I didn't want
to list them here. The first mail was sent to 45 addresses in the
following domains:
fiaip.it, katamail.com, virgilio.it, whitehouse.com, pager.icq.com,
gmail.com and www.pinkpanteens.com
The user parts were mostly numeric, 5 to 7 digits. After this, more than
1000 mails were sent from the same sender, all from
[EMAIL PROTECTED] and all to a list of recipients (not only
numerical user parts and many different domains). A lot of the mails
were successfully delivered, some failed with permanent errors and
yesterday I had still more than 6000 mails stuck in the outbound spool
repository with temporary delivery errors.
What did you changed in james configuration from the default one?
Not much. I've configured the postmaster address, the hostname used for
the helo greeting, the list of local domains (none of the domains in the
spam attack were local), using a MySQL database as storage and some
changes to spam regocgnition, which should only apply to inbound mails.
I'm also using the VirtualUserTable, but only to map several local
addresses to one specific user or to forward local addresses. I've made
sure, that the server only accepts mails to non-local domains after
authentication (authorization is enabled in the config and authorized
addresses are limited to "127.*").
I first assumed that someone had managed to hack a username/password
combination for the server, but SMTP authentications are logged, and for
these mails, the authentication is missing in the log.
Tor
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
