Re: EMERGENCY - need to secure my server against an ongoing SPAMMER

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Here is a truncated logwatch indicating more than 1000 spams sent but
seemingly a lot more denied, and most if not all bounced. I have
truncated the "Relaying denied" list because it ran into pages. There
are continuing attempts to relay through my server, every few minutes,
all denied now. Hopefully the bast**ds will give up and move on
soon...

 --------------------- sendmail Begin ------------------------ 

Bytes Transferred: 12332471
Messages Sent:     1010
Total recipients:  13027

271 messages returned after 4 hours

1255 User Unknown notifications

Top relays (recipients/connections - min 10 rcpts, max 50 lines):
    2441/125: 219-81-152-11.static.tfn.net.tw [219.81.152.11]
    1250/74: 61-31-142-15.dynamic.tfn.net.tw [61.31.142.15]
    1200/78: 219-81-147-236.static.tfn.net.tw [219.81.147.236]
    1020/102: 61-31-132-192.dynamic.tfn.net.tw [61.31.132.192]
    900/90: 219-81-152-68.static.tfn.net.tw [219.81.152.68]
    691/35: 219-81-148-55.static.tfn.net.tw [219.81.148.55]
    600/30: 61-31-138-36.dynamic.tfn.net.tw [61.31.138.36]
    540/54: 61-31-135-89.dynamic.tfn.net.tw [61.31.135.89]
    480/36: 61-31-134-142.dynamic.tfn.net.tw [61.31.134.142]
    473/48: 61-31-141-57.dynamic.tfn.net.tw [61.31.141.57]
    360/24: 219-81-146-75.static.tfn.net.tw [219.81.146.75]
    360/36: 219-81-147-234.static.tfn.net.tw [219.81.147.234]
    360/36: 61-31-143-231.dynamic.tfn.net.tw [61.31.143.231]
    301/25: 61-31-134-51.dynamic.tfn.net.tw [61.31.134.51]
    270/27: 219-81-152-242.static.tfn.net.tw [219.81.152.242]
    250/25: 61-31-143-110.dynamic.tfn.net.tw [61.31.143.110]
    240/12: 219-81-146-16.static.tfn.net.tw [219.81.146.16]
    240/18: 61-31-143-233.dynamic.tfn.net.tw [61.31.143.233]
    225/23: 219-81-152-9.static.tfn.net.tw [219.81.152.9]
    180/9: 61-31-141-122.dynamic.tfn.net.tw [61.31.141.122]
    180/18: 61-31-130-73.dynamic.tfn.net.tw [61.31.130.73]
    120/12: 61-31-135-224.dynamic.tfn.net.tw [61.31.135.224]
    120/12: 219-81-148-189.static.tfn.net.tw [219.81.148.189]
    120/12: 61-31-129-123.dynamic.tfn.net.tw [61.31.129.123]
    60/3: 61-31-137-64.dynamic.tfn.net.tw [61.31.137.64]
    10/10: lon1-probe-1-0.mail.omr-demon.co.uk [193.195.24.130]


Relaying denied:
    From www.abuse.net [208.31.42.77] to securitytest@xxxxxxxxx: 4 Time(s)
    From www.abuse.net [208.31.42.77] to user-49733@xxxxxxxxxxxx: 4 Time(s)
    From 219-81-145-182.static.tfn.net.tw [219.81.145.182] to
118917086@xxxxxxxxxxxx: 1 Time(s)
    From 219-81-145-182.static.tfn.net.tw [219.81.145.182] to
3zt5@xxxxxxxxxxxx: 1 Time(s)
    From 219-81-145-182.static.tfn.net.tw [219.81.145.182] to
boucy@xxxxxxxxxx: 1 Time(s)
    From 219-81-145-182.static.tfn.net.tw [219.81.145.182] to
ho@xxxxxxxxxxxxxx: 1 Time(s)
    From 219-81-145-182.static.tfn.net.tw [219.81.145.182] to
jacky.howard@xxxxxxxxxxxxx: 1 Time(s)
    From 219-81-145-182.static.tfn.net.tw [219.81.145.182] to
jshad@xxxxxxxxxxxxxx: 1 Time(s)
    From 219-81-145-182.static.tfn.net.tw [219.81.145.182] to
mxw0823@xxxxxxxxxxxx: 1 Time(s)
    From 219-81-145-182.static.tfn.net.tw [219.81.145.182] to
sammicheng99@xxxxxxxxxxx: 1 Time(s)
    From 219-81-145-182.static.tfn.net.tw [219.81.145.182] to
simulation@xxxxxxxxxx: 1 Time(s)
    From 219-81-145-182.static.tfn.net.tw [219.81.145.182] to
v17582001@xxxxxxxxxxxx: 1 Time(s)
    From 219-81-145-182.static.tfn.net.tw [219.81.145.182] to
vbs@xxxxxxxxxxxxxxx: 1 Time(s)
    From 219-81-145-182.static.tfn.net.tw [219.81.145.182] to
wong2000@xxxxxxxxxxxx: 1 Time(s)
    From 219-81-145-182.static.tfn.net.tw [219.81.145.182] to
yaku@xxxxxxxxxxxxx: 1 Time(s)
    From 219-81-145-182.static.tfn.net.tw [219.81.145.182] to
ynya@xxxxxxxxxx: 1 Time(s)
    From 219-81-146-16.static.tfn.net.tw [219.81.146.16] to
ansheng1@xxxxxxxxxxx: 1 Time(s)
    From 219-81-146-16.static.tfn.net.tw [219.81.146.16] to
bluelans@xxxxxxxxxxxxxx: 1 Time(s)
    From 219-81-146-16.static.tfn.net.tw [219.81.146.16] to
chairman@xxxxxxxxxxxxxxxxx: 1 Time(s)
    From 219-81-146-16.static.tfn.net.tw [219.81.146.16] to
freebienewsletter-subscribe@xxxxxxxxxxx: 1 Time(s)

[truncated]

Unknown hosts:
    dev.null.: 8 Time(s)
    ms08.hinet.net: 2 Time(s)
    sparc20.ee.cycu.e: 2 Time(s)
    yahoo.comtw: 2 Time(s)
    .: 1 Time(s)
    127.0.0.1.prodigy.com.: 1 Time(s)
    aacolala.happy.everyday: 1 Time(s)
    bbs.ee.ncu.edu.t: 1 Time(s)
    bbs.nsysu.e: 1 Time(s)
    bbs.s: 1 Time(s)
    cathlife.com.twhttp: 1 Time(s)
    mail.taivs: 1 Time(s)
    mcp__exam.com: 1 Time(s)
    mediaone.actwin.com.: 1 Time(s)
    ms41.hinet: 1 Time(s)
    ms49.url.com: 1 Time(s)
    ms52.url: 1 Time(s)
    msa.inet.net: 1 Time(s)
    mse.he.net: 1 Time(s)
    news.cwix.com: 1 Time(s)
    odell.tp.silkera.net: 1 Time(s)
    redbbs.cc.ntut.edu.t: 1 Time(s)
    sanyo.com.t: 1 Time(s)
    shaparak.net: 1 Time(s)
    sinamali.com: 1 Time(s)
    tainan.dorm10.nctu: 1 Time(s)
    this.domain.is.not.used.for.email.: 1 Time(s)
    tm.net.com: 1 Time(s)
    tungkwang.pine.ncu.e: 1 Time(s)
    tw.arthurandersen.com: 1 Time(s)
    u2.wownet.net: 1 Time(s)
    ufo.ufo.net: 1 Time(s)
    ukypy.com: 1 Time(s)
    usenet-rulez.net: 1 Time(s)
    viking.cris.com: 1 Time(s)
    vinyltap.demon: 1 Time(s)
    vlsi1.i: 1 Time(s)
    vlsi1.iie: 1 Time(s)
    vlsi1.iie.ncku.edu.t: 1 Time(s)
    vm.ucs.ual: 1 Time(s)
    wareyi.net: 1 Time(s)
    www.cn.nctu: 1 Time(s)
    xxtra.big.com: 1 Time(s)
    yahoo.com.twltw: 1 Time(s)
    ynisu.net: 1 Time(s)
    your.email.address: 1 Time(s)

	Total:  56
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux