we had a similar problem this morning -
a spammer at ya.ru apparently got hold of an account's password and
opened several smtp sessions using 5 different spoofed - we think - ip
addresses. the reason we believe they were spoofed is that entering
them into iptables did not stop the traffic.
since the sessions were already authenticated, changing the account
password and restarting didn't help.
adding the domain name into the g_ban_from list and restarting didn't
ultimately, we added an mfilter rule:
if (rexp(from,'HIDDEN@u')) then
drop "Spammer Address in From"
which seemed to work.
seems to me there's got to be a better way to kill smtp connections that
are known to be 'bad.'
advanced web systems
On 5/5/2015 4:14 PM, Frank Bulk wrote:
> Thanks, that’s good to know. Today we move the files out as the file
> system level, and then restart Surgemail so that if there any SMPT
> sessions in progress those are close and if there are any
> authenticated SMTP sessions those are gone. We found that just
> changing the password using tellmail was insufficient.
> Are we getting closer to the point where we can deal with a spammer
> who has one of our customer’s compromised credentials and not have to
> stop and then start Surgemail?
> *From:*Surgemail Support [mailto:surgemailHIDDEN@email@example.com]
> *Sent:* Sunday, May 03, 2015 6:00 PM
> *To:* surgemailHIDDEN@etwinsite.com
> *Subject:* Re: [SurgeMail List] Suspended account still sending mail
> Just re-posting this response to get it in the archive.
> This turned out to be an issue with messages currently being sent
> being 'locked' in future builds it will correctly delete messages
> which are
> being 'sent' when the tellmail delete_contains command is used.
> On 4/15/2015 8:03 PM, Tom Cross wrote:
> A customer had a virus sending 100's of emails out.
> I suspended the account, deleted the mail queue for the user and
> restarted the service.
> I go into the Mail queue and there they are again 79 mails.
> Delete again.
> 10 min later they are back.
> Help please.
> tom cross
> Partner Synergist
> 0418 295 336
> HIDDEN@tml.net.au <mailto:firstname.lastname@example.org>
Last Message | Next Message
Site Map |
Contact Netwin |
POP3 Mail Server |
Linux Webmail |
UnInstall instructions for all products
Copyright © 2017 Netwin Ltd. All rights reserved.