[chuug] server relaying spam
Tony Maro
tony at maro.net
Thu Jun 7 15:34:07 EDT 2007
If you find your server's relay controls are properly configured, one
thing to consider is that it might be bounce notices. Check to see if
they are all rejection notices that it's sending out.
You might be the victim of a "dictionary" attack and the only real
solution is to block the sending IP's at your firewall. A spam
dictionary attack is where the offender is external to your network and
is trying to guess e-mail addresses repeatedly. This will have the side
effect of generating bounce notices a lot of times depending on how the
server is configured, and you'll get a huge stack of outbound bounce
notices with no real place to go. You can check your mail logs to see
if you're getting a lot of "invalid recipient" entries.
My own ISP tried to tell me I had a "hacked PHP form" once and I had to
show them in their own logs where it was all coming from outside as a
dictionary attack. They had actually disabled my account for three days
and wouldn't tell me why.
On Thu, 2007-06-07 at 15:04 -0400, phoebe wrote:
> hello,
> i have recently discovered that my mail server is being used to relay
> massive amounts of spam. there are dozens and dozens of outgoing spam
> messages piled up in my mail queue. i need to get this problem fixed,
> obviously, but have no idea what to do or where to get help. does
> anyone have any advice on where a good place to start is, or how i
> might go about figuring out where the spam is originating from? ive
> been told its most likely coming from a hacked php form in one of the
> accounts on the server, but i have no idea if thats true or not or
> what other causes there might be besides vulnerable php forms. thanks
> for any advice.
> phoebe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://listmgr.cv.nrao.edu/pipermail/chuug/attachments/20070607/05c491c8/attachment.html
More information about the Chuug
mailing list