Hi
First sorry for my english.
A few days ago I had a problem with spam which sending through my mail server.
Example from log:
After this my server was blacklisted.
H=mail.expertmail126.co.uk (mail.longlife-fabrics.pl) [23.95.52.123] :
mail.longlife-fabrics.pl this domain is on my server but 23.95.52.123 is not my IP address. In () I've seen others domains.
First I tried suspend every account in DA. But still spam was sending. I found troubleshooting http://help.directadmin.com/item.php?id=360 So I changed limit_unknown to 1 and spam was stopped. In my queue every message was frozen but still I had attack.
Only one thing help me. I blocked subnet which was sending spam on my firewall.
I'd like to ask how I could prevent before this? I don't have open relay. I use exim4.80.1 and Spamblocker 4.1.
Put limit_unknown to 1 or another number is not good solution because if limit is used then forwarders not working.
First sorry for my english.
A few days ago I had a problem with spam which sending through my mail server.
Example from log:
Code:
2014-11-20 16:35:34 1XrTld-0003B6-Kn <= [email protected] H=mail.expertmail126.co.uk (mail.longlife-fabrics.pl) [23.95.52.123] P=esmtp S=574 T="Venda suas Milhas Aereas com Seguranca." from <[email protected]> for [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected]
2014-11-20 16:35:34 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1XrTld-0003B6-Kn
2014-11-20 16:35:36 1XrTld-0003B6-Kn => [email protected] F=<[email protected]> R=lookuphost T=remote_smtp S=591 H=mx1.hotmail.com [65.55.37.72] X=TLSv1:AES256-SHA:256 C="250 <[email protected]> Queued mail for delivery"
2014-11-20 16:35:36 1XrTld-0003B6-Kn -> [email protected] F=<[email protected]> R=lookuphost T=remote_smtp S=591 H=mx1.hotmail.com [65.55.37.72] X=TLSv1:AES256-SHA:256 C="250 <[email protected]> Queued mail for delivery"
2014-11-20 16:35:37 1XrTld-0003B6-Kn => [email protected] F=<[email protected]> R=lookuphost T=remote_smtp S=591 H=mta5.am0.yahoodns.net [98.136.216.25] X=TLSv1:RC4-SHA:128 C="250 ok dirdel"
2014-11-20 16:35:39 1XrTld-0003B6-Kn => [email protected] F=<[email protected]> R=lookuphost T=remote_smtp S=591 H=mx3.hotmail.com [207.46.8.167] X=TLSv1:AES256-SHA:256 C="250 <[email protected]> Queued mail for delivery"
2014-11-20 16:35:39 1XrTld-0003B6-Kn -> [email protected] F=<[email protected]> R=lookuphost T=remote_smtp S=591 H=mx3.hotmail.com [207.46.8.167] X=TLSv1:AES256-SHA:256 C="250 <[email protected]> Queued mail for delivery"
2014-11-20 16:35:40 1XrTld-0003B6-Kn => [email protected] F=<[email protected]> R=lookuphost T=remote_smtp S=591 H=mx3.bol.com.br [200.147.36.13] C="250 2.0.0 Ok: queued as 3jk4j75wnLzKLKBv"
2014-11-20 16:35:41 1XrTld-0003B6-Kn => [email protected] F=<[email protected]> R=lookuphost T=remote_smtp S=591 H=mx4.hotmail.com [65.55.37.104] X=TLSv1:AES256-SHA:256 C="250 <[email protected]> Queued mail for delivery"
2014-11-20 16:35:41 1XrTld-0003B6-Kn -> [email protected] F=<[email protected]> R=lookuphost T=remote_smtp S=591 H=mx4.hotmail.com [65.55.37.104] X=TLSv1:AES256-SHA:256 C="250 <[email protected]> Queued mail for delivery"
2014-11-20 16:35:41 1XrTld-0003B6-Kn -> [email protected] F=<[email protected]> R=lookuphost T=remote_smtp S=591 H=mx4.hotmail.com [65.55.37.104] X=TLSv1:AES256-SHA:256 C="250 <[email protected]> Queued mail for delivery"
2014-11-20 16:35:41 1XrTld-0003B6-Kn -> [email protected] F=<[email protected]> R=lookuphost T=remote_smtp S=591 H=mx4.hotmail.com [65.55.37.104] X=TLSv1:AES256-SHA:256 C="250 <[email protected]> Queued mail for delivery"
2014-11-20 16:35:41 1XrTld-0003B6-Kn Completed
H=mail.expertmail126.co.uk (mail.longlife-fabrics.pl) [23.95.52.123] :
mail.longlife-fabrics.pl this domain is on my server but 23.95.52.123 is not my IP address. In () I've seen others domains.
First I tried suspend every account in DA. But still spam was sending. I found troubleshooting http://help.directadmin.com/item.php?id=360 So I changed limit_unknown to 1 and spam was stopped. In my queue every message was frozen but still I had attack.
Only one thing help me. I blocked subnet which was sending spam on my firewall.
I'd like to ask how I could prevent before this? I don't have open relay. I use exim4.80.1 and Spamblocker 4.1.
Put limit_unknown to 1 or another number is not good solution because if limit is used then forwarders not working.
Last edited: