In this specific case, the Spammer authenticated with the "legituser" account !!! (as confirmed by account name after the RECV in the log : 'RECV=OK" "[email protected]"') So before any others solutions, start changing que [email protected] password (with a complex one) !!!! And tell you"legituser" to completly scan all of it's computers for trojans/viries/... BEFORE changing the password at its side (to avoid spammers recover the new password)...
-----Message d'origine----- De : [email protected] [mailto:[email protected]]De la part de Fred Envoye : mercredi 6 juillet 2011 19:36 A : [email protected] Objet : [xmail] Getting hammered bad Hello all, I need help to fight against spammers, here is a sample of an smtp log entry: "mail" "mail" "72.16.236.115" "2011-07-06 12:46:21" "ALEXSERVER01.ANDREWALEX.local" "hotmail.co.uk" "[email protected]""[email protected]" "SE86331" "RECV=OK" "[email protected]" "2507" "" I am receiving sometimes hundreds of this kind of email in a short time. I have tried black listing the IP and sender domain in spam-adress.tab and spammers.tab but they just change both and they spam again. The email [email protected] is a legit user on my server. I am using spamassassin, spf filter and RBL checks. Anyone has any ideas how to block these ****ers. Thanks
_______________________________________________ xmail mailing list [email protected] http://xmailserver.org/mailman/listinfo/xmail
