Today I start to get something like that in my qmail-smtpd log:
@40000000425d5b4710447784 CHKUSER rejected rcpt: from <::> remote <mailstep.com:
unknown:18.104.22.168> rcpt <[EMAIL PROTECTED]> : not existing recipient
@40000000425d5b47106c75cc tcpserver: status: 3/20
@40000000425d5ba019eb855c CHKUSER rejected rcpt: from <::> remote <mail.7cv.com:
unknown:22.214.171.124> rcpt <[EMAIL PROTECTED]> : not existing recipient
It's clear that someone are trying to use my server to send SPAM. Thanks to CHKUSER to block this attempts.
So, It's drive me crazy cause I can't figure how it happen. In a desperate attempt to stop this I simple block a few hundreds of IPs in tcp.smtp file, but it's not a solution. My log now got this:
@40000000425d5b3300cf1994 tcpserver: end 24918 status 25600 @40000000425d5b3300cf6b9c tcpserver: status: 2/20 @40000000425d5b331f231f6c tcpserver: status: 3/20 @40000000425d5b331f2336dc tcpserver: pid 24920 from 126.96.36.199 @40000000425d5b331f234294 tcpserver: deny 24920 0:x.x.x.x:25 :188.8.131.52 0::32301
And I know that the IP's used can change...
I think that somebody with some user password for smtp is making this, but I can't determine from where or which account he is using. I have no logs for smpt-auth user success or failed...
Please, somebody could give me some light to stop that?
Cheers, -- Walter.