Hello,
Here is my case;
Yesterday one of my websites goes offline for some reason and sent a lot of error mails to a mail account with its own domain. So the host company blocked the smtp port. When I realize this situation in the morning, i disabled the effected domain, and told my host to unblock. They say they unblocked the smtp but after 12 hours none of my websites can not send emails, they receive fine.
From squirrelmail it gives me this error:
When i run telnet command, it gives this:
But my host says, telnet command gives this:
I and also DA support guys checked the server and found nothing wrong really. Firewall seems ok, doesnt blocking any smtp.
Although i am getting brute force attack messages from my servers own ip. Which i believe effected domain (doctus.org) still trying to send error messages.
exim logs have some errors
exim paniclog:
exim mainlog:
exim rejectlog:
So any ideas, what might be the problem.
Here is my case;
Yesterday one of my websites goes offline for some reason and sent a lot of error mails to a mail account with its own domain. So the host company blocked the smtp port. When I realize this situation in the morning, i disabled the effected domain, and told my host to unblock. They say they unblocked the smtp but after 12 hours none of my websites can not send emails, they receive fine.
From squirrelmail it gives me this error:
Code:
Message not sent. Server replied:
Requested action not taken: mailbox unavailable
550 User account [email protected] has sent too many emailsWhen i run telnet command, it gives this:
Code:
telnet xxxxxx.com 25
Trying 89.33.197.92...
telnet: Unable to connect to remote host: Connection timed outBut my host says, telnet command gives this:
Code:
telnet archisections.com 25
Trying 89.33.197.92...
Connected to archisections.com.
Escape character is '^]'.
220 server.doctus.org ESMTP Exim 4.87 Sun, 07 Aug 2016 21:19:28 +0300
^]
telnet> Connection closed.I and also DA support guys checked the server and found nothing wrong really. Firewall seems ok, doesnt blocking any smtp.
Although i am getting brute force attack messages from my servers own ip. Which i believe effected domain (doctus.org) still trying to send error messages.
exim logs have some errors
exim paniclog:
Code:
2016-08-07 21:45:33 1bWT4m-0004nm-SX User 0 set for local_delivery transport is on the never_users list
2016-08-07 21:50:35 1bWT9f-00068U-MT User 0 set for local_delivery transport is on the never_users list
2016-08-07 21:50:35 1bWT9f-00068Y-Rn User 0 set for local_delivery transport is on the never_users list
Code:
2016-08-07 21:56:40 login authenticator failed for (mail.doctus.org) [89.33.197.92]: 535 Incorrect authentication data ([email protected])
2016-08-07 21:56:41 login authenticator failed for (mail.doctus.org) [89.33.197.92]: 535 Incorrect authentication data ([email protected])
2016-08-07 21:56:58 login authenticator failed for (mail.doctus.org) [89.33.197.92]: 535 Incorrect authentication data ([email protected])
2016-08-07 21:57:00 login authenticator failed for (mail.doctus.org) [89.33.197.92]: 535 Incorrect authentication data ([email protected])
2016-08-07 21:57:00 login authenticator failed for (mail.doctus.org) [89.33.197.92]: 535 Incorrect authentication data ([email protected])
2016-08-07 21:58:22 cwd=/home/admin/domains/sesliblog.com/public_html/all 6 args: /usr/sbin/sendmail -t -i -f [email protected] [email protected]
2016-08-07 21:58:22 1bWTHC-0007TE-CJ <= [email protected] U=admin P=local S=3340 [email protected] T="Email Authentication Request From your IWP admin panel." from <[email protected]> for [email protected]
2016-08-07 21:58:22 1bWTHC-0007TE-CJ => blackhole (non-SMTP ACL discarded recipients): User account (admin) has sent too many emails. Script delivery blocked.
2016-08-07 21:58:22 1bWTHC-0007TE-CJ Completed
2016-08-07 22:01:55 login authenticator failed for almostworkout.com (ADMIN) [173.208.209.114]: 535 Incorrect authentication data ([email protected])
2016-08-07 22:02:39 H=([89.33.197.92]) [127.0.0.1] F=<[email protected]> A=login:[email protected] rejected RCPT <[email protected]>: User account [email protected] has sent too many emails
2016-08-07 22:03:13 login authenticator failed for (XL-20160217QQJV) [157.122.148.196]: 535 Incorrect authentication data (set_id=anonymous)
2016-08-07 22:03:14 login authenticator failed for (XL-20160217QQJV) [157.122.148.196]: 535 Incorrect authentication data (set_id=anonymous)
2016-08-07 22:03:25 H=(XL-20160217QQJV) [157.122.148.196] rejected AUTH LOGIN: Only one authentication attempt is allowed per connection
2016-08-07 22:06:31 H=([89.33.197.92]) [127.0.0.1] F=<[email protected]> A=login:[email protected] rejected RCPT <[email protected]>: User account [email protected] has sent too many emails
2016-08-07 22:07:23 cwd=/var/spool/exim 2 args: /usr/sbin/exim -q
2016-08-07 22:07:34 cwd=/home/admin/domains/veradeltasamsun.com/public_html 5 args: /usr/sbin/sendmail -t -i -f [email protected]
2016-08-07 22:07:34 1bWTQ6-0001bt-9l <= [email protected] U=admin P=local S=1419 [email protected] T="Sucuri Alert, veradeltasamsun.com, Failed Login" from <[email protected]> for [email protected]
2016-08-07 22:07:34 1bWTQ6-0001bt-9l => blackhole (non-SMTP ACL discarded recipients): User account (admin) has sent too many emails. Script delivery blocked.
2016-08-07 22:07:34 1bWTQ6-0001bt-9l Completed
2016-08-07 22:10:00 login authenticator failed for (User) [185.125.4.135]: 535 Incorrect authentication data ([email protected])
Code:
2016-08-07 21:57:00 login authenticator failed for (mail.doctus.org) [89.33.197.92]: 535 Incorrect authentication data ([email protected])
2016-08-07 21:57:00 login authenticator failed for (mail.doctus.org) [89.33.197.92]: 535 Incorrect authentication data ([email protected])
2016-08-07 22:01:55 login authenticator failed for almostworkout.com (ADMIN) [173.208.209.114]: 535 Incorrect authentication data ([email protected])
2016-08-07 22:02:39 H=([89.33.197.92]) [127.0.0.1] F=<[email protected]> A=login:[email protected] rejected RCPT <[email protected]>: User account [email protected] has sent too many emails
2016-08-07 22:03:13 login authenticator failed for (XL-20160217QQJV) [157.122.148.196]: 535 Incorrect authentication data (set_id=anonymous)
2016-08-07 22:03:14 login authenticator failed for (XL-20160217QQJV) [157.122.148.196]: 535 Incorrect authentication data (set_id=anonymous)
2016-08-07 22:03:25 H=(XL-20160217QQJV) [157.122.148.196] rejected AUTH LOGIN: Only one authentication attempt is allowed per connection
2016-08-07 22:06:31 H=([89.33.197.92]) [127.0.0.1] F=<[email protected]> A=login:[email protected] rejected RCPT <[email protected]>: User account [email protected] has sent too many emails
2016-08-07 22:10:00 login authenticator failed for (User) [185.125.4.135]: 535 Incorrect authentication data ([email protected])
2016-08-07 22:17:49 H=(mail.NEHIRGIYIMTASARIM.COM) [177.11.51.73] sender verify fail for <[email protected]>:
2016-08-07 22:17:49 H=(mail.NEHIRGIYIMTASARIM.COM) [177.11.51.73] F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2016-08-07 22:17:49 H=(mail.NEHIRGIYIMTASARIM.COM) [177.11.51.73] F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2016-08-07 22:17:50 H=(mail.NEHIRGIYIMTASARIM.COM) [177.11.51.73] F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2016-08-07 22:17:52 H=(mail.NEHIRGIYIMTASARIM.COM) [177.11.51.73] F=<[email protected]> rejected RCPT <[email protected]>: authentication required
2016-08-07 22:17:55 H=(mail.NEHIRGIYIMTASARIM.COM) [177.11.51.73] F=<[email protected]> rejected RCPT <[email protected]>: authentication required
2016-08-07 22:17:57 H=(mail.NEHIRGIYIMTASARIM.COM) [177.11.51.73] F=<[email protected]> rejected RCPT <[email protected]>: authentication required
2016-08-07 22:18:01 login authenticator failed for (ADMIN) [117.158.39.146]: 535 Incorrect authentication data ([email protected])So any ideas, what might be the problem.