I understand Lewis.
I woke up to a customer complaining this morning about his domain customers not able to send e-mail. The server appears to be on a number of blacklists. A quick check of the server shows hundreds of messages in the mail queue, with 95% from one address. That was a easy clue. Flushed the queue (good and bad) and changed the password on the account. SPAM stopped. Then a search of the logs for "authid=username" - I found they were originating from two IP addresses, one in Poland and one here in US. Blocked both networks with IPTables - so scumbag can't start guessing passwords again. Now, the not so fun part - getting the server off the blacklists. And the question.... Spend the whole day tracking down which blacklists its on, and one at a time - submitting for removal? Or simply avoid that by changing the IP address of the server itself?? A lot quicker that way, but still a couple hours of work to get all the changes made in server, DNS, routers, etc... Hummmm..... Chuck ---------- Original Message ----------- From: Lewis Gardner <lew...@iglou.com> To: BlueOnyx General Mailing List <blueonyx@mail.blueonyx.it> Sent: Thu, 28 Sep 2017 08:56:30 -0400 Subject: [BlueOnyx:21429] Re: localhost sending 14K emails in a month? > Chuck, > > Thanks for the quick reply! > > I'm not sure about the exact mechanism that causes "backscatter" but > that server's IP address has been blacklisted by Barracuda. After seeing > this high a count I figured investigation was in order. > > Need to get to the bottom of this and get off the blacklist. > > Chuck Tetlow wrote: > > Probably "backscatter". > > > > Someone sends a message to a random address on your server, and the > > server send back a error reply if that username/e-mail address doesn't > > exist. The addresses are compiled by using the book of names for > > babies, and other lists - all trying to guess valid e-mail address > > names. If it fails or bounces - no big deal to them. If it works, then > > they have a valid e-mail address they can sell for a few pennies. > > > > Unfortunately, in the meantime - your server is kept busy sending out > > ridiculous numbers of error messages. And sometimes, can even get > > blacklisted for all those error messages. > > > > > > Chuck > > > > > > *---------- Original Message -----------* > > From: Lewis Gardner <lew...@iglou.com> > > To: BlueOnyx General Mailing List <blueonyx@mail.blueonyx.it> > > Sent: Thu, 28 Sep 2017 00:01:17 -0400 > > Subject: [BlueOnyx:21425] localhost sending 14K emails in a month? > > > > > According to Usage Information, Email, Senders localhost on one of my > > > 5209R servers has sent 13,990 emails this month. Mostly during one week > > > and one other day. > > > > > > Is there any reasonable explanation for this behavior? > > > > > > What to do? > > > _______________________________________________ > > > Blueonyx mailing list > > > Blueonyx@mail.blueonyx.it > > > http://mail.blueonyx.it/mailman/listinfo/blueonyx > > *------- End of Original Message -------* > > > > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > Blueonyx mailing list > > Blueonyx@mail.blueonyx.it > > http://mail.blueonyx.it/mailman/listinfo/blueonyx > _______________________________________________ > Blueonyx mailing list > Blueonyx@mail.blueonyx.it > http://mail.blueonyx.it/mailman/listinfo/blueonyx ------- End of Original Message ------- |
_______________________________________________ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx