Hello Eric,
See notes in text please...
best wishes
Tony White
On 08/06/2012 03:58, Eric Shubert wrote:
On 06/07/2012 02:41 AM, Tony White wrote:
Hello,
I am sending from my yahoo account as my ip is in the spamcop system. Of
course
QMT uses spamcop therefore I am unable to send email from my normal account.
At this time I am experienceing a spam attack against a single email
address in one
of my domains.
The format is as follows...
CHKUSER accepted sender: from
<escort...@9ether.com:va...@email.address.com:> remote
<static-mumbai.wnet.net.in:unkn etc......
I have had to disable the account to at least stem the flow of emails
but I do understand how
this kind of attack works. Firstly an invalid email address followed by
a valid one which
seems to guarantee delivery.
2 separate emails in one smtp session I take it? Hmmm.
When you say you disabled the account, is that the recipient account, or an
authenticated sender account?
Disabled the recipient account ie the valid one.
Is this normal? Has anyone else seen this and has a resolution? I would
appreciate
any and all help here.
I wouldn't consider it to be normal.
Also I seem to get "chkuser accepted any recipient for this domain" is
this linked to
this problem.
tcp.smtp contents might tell the story here.
What's in your tcp.smtp file?
127.:allow,RELAYCLIENT="",DKSIGN="/var/qmail/control/domainkeys/%/private"
125.168.12.213:allow,RELAYCLIENT=""
125.168.15.237:allow,RELAYCLIENT=""
:allow,CHKUSER_RCPTLIMIT="20",CHKUSER_WRONGRCPTLIMIT="20",DKSIGN="/var/qmail/control/domainkeys/%/private"
Thank you all in advance...
Tony White
A full sample from your smtp log would be helpful. You can redact your domain(s) if you'd like, but try to leave the
messages intact as much as possible. qmlog shows a nice format btw.
Are you running spamdyke? If not, installing it is the first thing I would do. I have yet to hear a good reason for not
running spamdyke (although you may need to adjust the stock settings slightly for your situation). In addition to
blocking 80+% of the spam, it will also lighten the load on your host.
On a side note, I don't know the cause, but it also seems to me that there are fewer spam attempts recently, compared to
when I first installed spamdyke. Years ago it seemed like there was an smtp session active nearly every minute. Now
several minutes may pass with no smtp activity. It's as though there are fewer spammers trying to send stuff. I'm not
certain at all what the cause of this is, but I wonder if perhaps the spam lists are being cleaned of addresses that are
undeliverable to spammers (which spamdyke rejections would appear to be). Spam lists would after all be more valuable
with a higher degree of deliverability, so they do have an incentive to keep their lists clean. Just a thought.
---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
