Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - leors

Pages: [1]
1
E-Mail / Re: Fake users sending spam
« on: January 11, 2022, 05:37:51 PM »
Jan 11 08:44:43 cwp postfix/smtpd[17250]: lost connection after RCPT from localhost[127.0.0.1]
Jan 11 08:44:43 cwp postfix/smtpd[17250]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=0/1 commands=2/3
Jan 11 08:44:43 cwp cbpolicyd[10726]: module=Quotas, action=defer, host=127.0.0.1, helo=myserver.tdl, from=collatedbg@myserver.tdl, to=b.lichtenberg@random.de, reason=quota_match, policy=6, quota=
3, limit=4, track=Sender:@myserver.tdl, counter=MessageCount, quota=11.58/10 (115.8%)
Jan 11 08:44:43 cwp postfix/smtpd[17251]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 450 4.7.1 <b.lichtenberg@random.de>: Recipient address rejected: 1; from=<collatedbg@myserver.tdl> to=<b.lichtenberg@random.de> proto=ESMTP helo=<myserver.tdl>
Jan 11 08:44:43 cwp postfix/smtpd[17251]: lost connection after RCPT from localhost[127.0.0.1]
Jan 11 08:44:43 cwp postfix/smtpd[17251]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=0/1 commands=2/3
Jan 11 08:44:43 cwp cbpolicyd[17260]: module=Quotas, action=defer, host=127.0.0.1, helo=myserver.tdl, from=f_ycqxcyirp@myserver.tdl, to=frank-rilling@random.de, reason=quota_match, policy=6, quota=3, limit=4, track=Sender:@myserver.tdl, counter=MessageCount, quota=11.58/10 (115.8%)
Jan 11 08:44:43 cwp postfix/smtpd[17258]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 450 4.7.1 <frank-rilling@random.de>: Recipient address rejected: 1; from=<f_ycqxcyirp@myserver.tdl> to=<frank-rilling@random.de> proto=ESMTP helo=<myserver.tdl>
Jan 11 08:44:43 cwp postfix/smtpd[17258]: lost connection after RCPT from localhost[127.0.0.1]
Jan 11 08:44:43 cwp postfix/smtpd[17258]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=0/1 commands=2/3
Jan 11 08:45:17 cwp postfix/smtpd[17254]: warning: hostname examsection.earacheevince.com does not resolve to address 212.192.246.26
Jan 11 08:45:17 cwp postfix/smtpd[17254]: connect from unknown[212.192.246.26]
Jan 11 08:45:20 cwp postfix/smtpd[17254]: warning: unknown[212.192.246.26]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Jan 11 08:45:20 cwp postfix/smtpd[17254]: lost connection after AUTH from unknown[212.192.246.26]
Jan 11 08:45:20 cwp postfix/smtpd[17254]: disconnect from unknown[212.192.246.26] ehlo=1 auth=0/1 commands=1/2
Jan 11 08:45:41 cwp postfix/smtpd[17224]: connect from unknown[85.202.169.215]
Jan 11 08:45:44 cwp postfix/smtpd[17224]: warning: unknown[85.202.169.215]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Jan 11 08:45:44 cwp postfix/smtpd[17224]: lost connection after AUTH from unknown[85.202.169.215]
Jan 11 08:45:44 cwp postfix/smtpd[17224]: disconnect from unknown[85.202.169.215] ehlo=1 auth=0/1 commands=1/2
Jan 11 08:45:57 cwp postfix/smtpd[17257]: connect from localhost[127.0.0.1]
Jan 11 08:45:57 cwp cbpolicyd[17233]: module=Quotas, action=defer, host=127.0.0.1, helo=myserver.tdl, from=falcon64se@myserver.tdl, to=jgrjr@random.com, reason=quota_match, policy=6, quota=3, limit=4, track=Sender:@myserver.tdl, counter=MessageCount, quota=11.36/10 (113.6%)
Jan 11 08:45:57 cwp postfix/smtpd[17257]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 450 4.7.1 <jgrjr@random.com>: Recipient address rejected: 1; from=<falcon64se@myserver.tdl> to=<jgrjr@random.com> proto=ESMTP helo=<myserver.tdl>
Jan 11 08:45:57 cwp postfix/smtpd[17257]: lost connection after RCPT from localhost[127.0.0.1]
Jan 11 08:45:57 cwp postfix/smtpd[17257]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=0/1 commands=2/3
Jan 11 08:45:57 cwp postfix/smtpd[17251]: connect from localhost[127.0.0.1]
Jan 11 08:45:57 cwp cbpolicyd[10726]: module=Quotas, action=defer, host=127.0.0.1, helo=myserver.tdl, from=equip@myserver.tdl, to=hardypark@random.com, reason=quota_match, policy=6, quota=3, limit=4, track=Sender:@myserver.tdl, counter=MessageCount, quota=11.36/10 (113.6%)
Jan 11 08:45:57 cwp postfix/smtpd[17251]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 450 4.7.1 <hardypark@random.com>: Recipient address rejected: 1; from=<equip@myserver.tdl> to=<hardypark@random.com> proto=ESMTP helo=<myserver.tdl>
Jan 11 08:45:57 cwp postfix/smtpd[17251]: lost connection after RCPT from localhost[127.0.0.1]
Jan 11 08:45:57 cwp postfix/smtpd[17251]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=0/1 commands=2/3
Jan 11 08:47:53 cwp postfix/smtpd[18216]: connect from localhost[127.0.0.1]
Jan 11 08:47:53 cwp cbpolicyd[21400]: module=Quotas, action=defer, host=127.0.0.1, helo=myserver.tdl, from=eor@myserver.tdl, to=bigdadztoyz@random.com, reason=quota_match, policy=6, quota=3, limit=4, track=Sender:@myserver.tdl, counter=MessageCount, quota=11.02/10 (110.2%)
Jan 11 08:47:53 cwp postfix/smtpd[18216]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 450 4.7.1 <bigdadztoyz@random.com>: Recipient address rejected: 1; from=<eor@myserver.tdl> to=<bigdadztoyz@random.com> proto=ESMTP helo=<myserver.tdl>
Jan 11 08:47:53 cwp postfix/smtpd[18216]: lost connection after RCPT from localhost[127.0.0.1]
Jan 11 08:47:53 cwp postfix/smtpd[18216]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=0/1 commands=2/3
Jan 11 08:48:28 cwp clamd[30013]: SelfCheck: Database status OK.

2
E-Mail / Fake users sending spam
« on: January 11, 2022, 02:40:26 PM »
On one server, I am facing problems with SPAM.
A few months ago, I noticed shots to unknown senders.
I mitigated the problem by blocking the recipient's domain.

Quote
Jan 11 08:47:53 cwp postfix/smtpd[18216]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 450 4.7.1 <recipient@random.tdl>: Recipient address rejected: 1; from=<non-existent-email@myserver.tdl> to=<recipient@random.tdl> proto=ESMTP helo=<myserver.tdl>

PHP's mail function is disabled.
I cannot detect the origin of these messages.

Pages: [1]