Hello,
We have a spam problem, someone is using our server to send spam mail. We blocked the localhost from sending at this point (but Webmail in the meantime will not be able to send emails). Here is an example of spam trying to use the server:
#Software: MailEnable SMTP Server Version 1.0a
#Version: 1.0
#Date: 12/05/12 23:49:37
#Fields: date time c-ip agent account s-ip s-port cs-method cs-uristem cs-uriquery s-computername sc-bytes cs-bytes cs-username
2012-12-05 23:49:38 127.0.0.1 SMTP-IN 127.0.0.1 644 HELO HELO+VPSxxxx 250+Requested+mail+action+okay,+completed VPSxxxx 43 14
2012-12-05 23:49:38 127.0.0.1 SMTP-IN 127.0.0.1 644 MAIL MAIL+FROM:<[email protected]> 250+Requested+mail+action+okay,+completed VPSxxxx 43 40
2012-12-05 23:49:38 127.0.0.1 SMTP-IN 127.0.0.1 644 RCPT RCPT+TO:<[email protected]> 503+This+mail+server+requires+authentication+when+attempting+to+send+to+a+non-local+e-mail+address.+Please+check+your+mail+client+settings+or+contact+your+administrator+to+verify+that+the+domain+or+address+is+defined+for+this+server. VPSxxxx 235 37
2012-12-05 23:49:38 127.0.0.1 SMTP-IN 127.0.0.1 644 QUIT QUIT 221+Service+closing+transmission+channel VPSxxxx 42 6
2012-12-05 23:49:38 127.0.0.1 SMTP-IN 127.0.0.1 660 HELO HELO+VPSxxxx 250+Requested+mail+action+okay,+completed VPSxxxx 43 14
2012-12-05 23:49:38 127.0.0.1 SMTP-IN 127.0.0.1 660 MAIL MAIL+FROM:<[email protected]> 250+Requested+mail+action+okay,+completed VPSxxxx 43 36
2012-12-05 23:49:38 127.0.0.1 SMTP-IN 127.0.0.1 660 RCPT RCPT+TO:<[email protected]> 503+This+mail+server+requires+authentication+when+attempting+to+send+to+a+non-local+e-mail+address.+Please+check+your+mail+client+settings+or+contact+your+administrator+to+verify+that+the+domain+or+address+is+defined+for+this+server. VPSxxxx 235 43
2012-12-05 23:49:38 127.0.0.1 SMTP-IN 127.0.0.1 660 QUIT QUIT 221+Service+closing+transmission+channel VPSxxxx 42 6
Any help please to identify the source???
BR,
Hassan
We have a spam problem, someone is using our server to send spam mail. We blocked the localhost from sending at this point (but Webmail in the meantime will not be able to send emails). Here is an example of spam trying to use the server:
#Software: MailEnable SMTP Server Version 1.0a
#Version: 1.0
#Date: 12/05/12 23:49:37
#Fields: date time c-ip agent account s-ip s-port cs-method cs-uristem cs-uriquery s-computername sc-bytes cs-bytes cs-username
2012-12-05 23:49:38 127.0.0.1 SMTP-IN 127.0.0.1 644 HELO HELO+VPSxxxx 250+Requested+mail+action+okay,+completed VPSxxxx 43 14
2012-12-05 23:49:38 127.0.0.1 SMTP-IN 127.0.0.1 644 MAIL MAIL+FROM:<[email protected]> 250+Requested+mail+action+okay,+completed VPSxxxx 43 40
2012-12-05 23:49:38 127.0.0.1 SMTP-IN 127.0.0.1 644 RCPT RCPT+TO:<[email protected]> 503+This+mail+server+requires+authentication+when+attempting+to+send+to+a+non-local+e-mail+address.+Please+check+your+mail+client+settings+or+contact+your+administrator+to+verify+that+the+domain+or+address+is+defined+for+this+server. VPSxxxx 235 37
2012-12-05 23:49:38 127.0.0.1 SMTP-IN 127.0.0.1 644 QUIT QUIT 221+Service+closing+transmission+channel VPSxxxx 42 6
2012-12-05 23:49:38 127.0.0.1 SMTP-IN 127.0.0.1 660 HELO HELO+VPSxxxx 250+Requested+mail+action+okay,+completed VPSxxxx 43 14
2012-12-05 23:49:38 127.0.0.1 SMTP-IN 127.0.0.1 660 MAIL MAIL+FROM:<[email protected]> 250+Requested+mail+action+okay,+completed VPSxxxx 43 36
2012-12-05 23:49:38 127.0.0.1 SMTP-IN 127.0.0.1 660 RCPT RCPT+TO:<[email protected]> 503+This+mail+server+requires+authentication+when+attempting+to+send+to+a+non-local+e-mail+address.+Please+check+your+mail+client+settings+or+contact+your+administrator+to+verify+that+the+domain+or+address+is+defined+for+this+server. VPSxxxx 235 43
2012-12-05 23:49:38 127.0.0.1 SMTP-IN 127.0.0.1 660 QUIT QUIT 221+Service+closing+transmission+channel VPSxxxx 42 6
Any help please to identify the source???
BR,
Hassan