...@shubes.net]
Sent: 16 February 2014 05:35 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] Re: Spamming via valid vpopmail account
It appears that either the password for "valid vpopmail account" has been
compromised, or the computer being used by that user has some m
On 02/16/2014 09:27 AM, Wicus Roets wrote:
Thanks Eric.
Steps I took upon noticing:
1.) qmailctl stop
2.)qmHandle -S"YOUR BLAH BLAH..."
3.) Reviewed bounce messages and deleted them with qmHandle upon review
qmail-qstat
qmail-qread
qmHandle -mxxx quick check on mail mes
On 02/16/2014 10:20 AM, Wicus Roets wrote:
In favour of myself and some else referring to this mail list in future,
would you mind elaborating on qmail-remote throttling? (until the
"offending/spamming user" feature gets implemented)
Presently, qmail-remote has no throttle other than the concur
e it's deemed stable (by me), QMT will use it to
handle authentication (on port 587).
--
-Eric 'shubes'
Thanks
-Original Message-
From: Eric Shubert [mailto:e...@shubes.net]
Sent: 16 February 2014 08:14 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] Re
this.
--
-Eric 'shubes'
-Original Message-
From: Dan McAllister [mailto:q...@it4soho.com]
Sent: 16 February 2014 08:33 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Re: Spamming via valid vpopmail account
Wicus' issues are not uncommon:
An "attacker&
I don't see how fail2ban would be of any help with this. Can you elaborate?
--
-Eric 'shubes'
On 02/16/2014 12:11 PM, Finn Buhelt wrote:
Hi.
Wouldn't it be possible to block port 25 outgoing and let fail2ban check
submission logs ?
Regards,
Finn
Den 16-02-2014 19:33, Dan McAllister skrev:
On 02/16/2014 11:33 AM, Dan McAllister wrote:
Wicus' issues are not uncommon:
An "attacker" gains a password (through guesswork or other means) of a
user on your system, then proceeds to spam the hell out of the world
from your system.
Alternatively, some user gets a malware infection on their
Yes, but in this case there are no bad entries. The spammer has the
password.
I suppose F2B might check for a number of submissions in a given time
period, but blocking and unblocking could get to be cumbersome.
I suppose a throttle could be put on qmail-smtp to limit submissions.
The proble
On 02/16/2014 04:17 PM, Wicus Roets wrote:
Therefore, my confusion relates to using Telnet, whereby no authentication
is implemented prior to sending the test message?
Like Dan said, messages are only accepted (on port 25) with no
authentication when the message is for local (rcpthost) deliver
On 02/16/2014 02:59 PM, Dan McAllister wrote:
Again, the CORRECT use of port 25 is SOLELY for the receipt of inbound
messages for the local server. Users (who authenticate) should be using
ports 587 or 465 -- which, after they authenticate, will allow them to
relay to other servers.
I agree wit
d.
Will advise should we pick up anything.
-Original Message-
From: Eric Shubert [mailto:e...@shubes.net]
Sent: 17 February 2014 04:50 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] Re: Spamming via valid vpopmail account
On 02/16/2014 02:59 PM, Dan McAllister wrote:
...
-Original Message-
From: Eric Shubert [mailto:e...@shubes.net]
Sent: 16 February 2014 06:11 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] Re: Spamming via valid vpopmail account
There are bit flags associated with each user account which can be set with
the /h
-
From: Eric Shubert [mailto:e...@shubes.net]
Sent: 16 February 2014 07:03 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] Re: Spamming via valid vpopmail account
On 02/16/2014 09:27 AM, Wicus Roets wrote:
> Thanks Eric.
>
> Steps I took upon noticing:
>
&
--Original Message-
From: Eric Shubert [mailto:e...@shubes.net]
Sent: 16 February 2014 07:03 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] Re: Spamming via valid vpopmail account
On 02/16/2014 09:27 AM, Wicus Roets wrote:
> Thanks Eric.
>
> Steps I took upon noticin
feature gets implemented)
>
> -Original Message-
> From: Eric Shubert [mailto:e...@shubes.net]
> Sent: 16 February 2014 07:03 PM
> To: qmailtoaster-list@qmailtoaster.com
> Subject: [qmailtoaster] Re: Spamming via valid vpopmail account
>
> On 02/16/2014 09:27 AM, Wicus Roets wrote:
l based only on the "rcpt to:" of the
header. As an interim, would inclusion of verification on the "mail from:"
be easier/quicker ?
Thanks
-Original Message-
From: Eric Shubert [mailto:e...@shubes.net]
Sent: 16 February 2014 08:14 PM
To: qmailtoaster-list@qmailtoas
Wicus' issues are not uncommon:
An "attacker" gains a password (through guesswork or other means) of a
user on your system, then proceeds to spam the hell out of the world
from your system.
Alternatively, some user gets a malware infection on their system that
uses their mail program (usuall
ister [mailto:q...@it4soho.com]
Sent: 16 February 2014 08:33 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Re: Spamming via valid vpopmail account
Wicus' issues are not uncommon:
An "attacker" gains a password (through guesswork or other means) of a user
on
PM
>Subject: Re: [qmailtoaster] Re: Spamming via valid vpopmail account
>
>
>Wicus' issues are not uncommon:
>
>An "attacker" gains a password (through guesswork or other means) of a
>user on your system, then proceeds to spam the hell out of the world
>f
Hi.
Wouldn't it be possible to block port 25 outgoing and let fail2ban check
submission logs ?
Regards,
Finn
Den 16-02-2014 19:33, Dan McAllister skrev:
Wicus' issues are not uncommon:
An "attacker" gains a password (through guesswork or other means) of a
user on your system, then procee
s.net]
Sent: 16 February 2014 09:56 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] Re: Spamming via valid vpopmail account
On 02/16/2014 11:32 AM, Wicus Roets wrote:
> That explains is quite nicely.
>
> One more question though ;)
>
> Quoting from "http://gmane.
Hi Eric.
You can have Fail2ban check Your logs for bad entries that happens
within a given period of time and then ban the IP address (Ip tables).
Let Fail2ban check on the LAN ip address that is submitting the email in
the submit log and then take action when Your tresholds are triggered -
on
authentication of a valid account/pw pair, how could I have send mail via
telnet on port 25 by only supplying a valid account (without a password)?
-Original Message-
From: Eric Shubert [mailto:e...@shubes.net]
Sent: 16 February 2014 09:56 PM
To: qmailtoaster-list@qmailtoaster.com
Subjec
r] Re: Spamming via valid vpopmail account
Wicus' issues are not uncommon:
An "attacker" gains a password (through guesswork or other means)
of a
user on your system, then proceeds to spam the hell out of the world
from your system.
Alternatively, some user gets a
Message-rcp
From: Dan McAllister [mailto:q...@it4soho.com]
Sent: 17 February 2014 12:00 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Re: Spamming via valid vpopmail account
Wicus -
On port 25 CURRENTLY:
- If the connection is for a LOCAL address (that is: the RECIPIE
hines within the network is
currently be performed.
Will advise should we pick up anything.
-Original Message-
From: Eric Shubert [mailto:e...@shubes.net]
Sent: 17 February 2014 04:50 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] Re: Spamming via valid vpopmail accoun
26 matches
Mail list logo
