Thanks for your help.

You probably are receiving a dictionary scan from infected PC's.
Be sure to use rblsmtpd against one or more of the good rbl sites.

I have tried this before write here. So maybe too much rbl's, look:


QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`

MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`

exec /usr/local/bin/softlimit -m 10000000 \
/usr/local/bin/tcpserver \
-v -H -R -l 0 \
-x /etc/tcprules/tcp.smtp.cdb -c "$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
/usr/local/bin/rblsmtpd -b -C \
-r " mail server is listed in DSBL list." \
-r " mail server is listed in Spamcop blocklist." \
-r " mail server is an OPEN RELAY (ORDB list)." \
-r " mail server is listed in SBL-Spamhaus." \
-r " See <>" \
-r " See <>" \
-t 5 \
/var/qmail/bin/qmail-smtpd \
/var/vpopmail/bin/vchkpw /bin/true 2>&1

Another thing you can do is scan for frequent IP's to bad users
in the smtp log files and build new tcp.smtp deny lines.

Yes. That what I'm doing:

and so on...

But there is a way to determine if the spammer are using an account on my server, with password, to do that? So I can change the password and block him.


Reply via email to