Hi Biju,
Good pick up. Thank you. I cannot believe after all my
discussions this client set such simple password.
I hope this resolves the issue. I will continue to monitor
for the rest of the night.
Oddly the entire email input are from random domains and
using very random usernames for the single domain...
Looks like they have a list of names then add the domain to it.
Remo I am looking into the examples you sent thank you.
Appreciate the effort greatly.
regards
Tony White
On 5/2/25 01:14, [email protected] wrote:
One of your email id and password seems to be compromised.
You must be getting lots of bounced messages in one of the email ids. Get the
sender IP from the bounced message and find which user is authenticating from
that IP. You can grep /var/log/maillog
Change the password of that IP and scan the device for malwares/spywares.
Delete queued messages from the sender using qmail-remove
qmail-remove -r [email protected]
Biju Jose
Mobile : 989 5990 272
From: Tony White<[email protected]>
Sent: 04 February 2025 17:49
To:[email protected]
Subject: Re: [qmailtoaster] a single domain on my server is under attack
Hi,
I have come to realise this is a battle I cannot win.
A quick fix I did was edit the tcp.smtp to CHKUSER_WRONGRCPTLIMIT="3"
and rebuild the tcp file.
Seems to be working well enough but it frustrating though.
regards
Tony White
On 4/2/25 22:28,[email protected] <mailto:[email protected]> wrote:
Hi Tony,
Are you using fail2ban? That helps to block usernotfound and password fails.
You can also use spamdyke to black list the domains and Ips
Some more info about what kind of attack you are facing can help in finding solutions.
Biju Jose
Mobile : 989 5990 272
From: Tony White<mailto:[email protected]> <[email protected]>
Sent: 04 February 2025 16:43
To:[email protected] <mailto:[email protected]>
Subject: [qmailtoaster] a single domain on my server is under attack
Hi Folks,
Can someone please suggest how to stop/slow/reject this issue to a single
domain?
I have slowed it as far as I can but cannot stop it.
TIA :(
