For 3rd day only in 2 mail boxes in different mail server received e-mails from different sender as this: "[email protected]" <[email protected]>. This and all others senders send anti federal tax mails. I read all for this problem of this forum, but i not stop this: I execute all advice of Till for this. After when I sent to this sender in info.log of mails i saw this: Quote: Oct 20 10:19:02 shvv postfix/qmgr[6682]: 055ED4C2AC9: from=<[email protected]>, size=5157, nrcpt=1 (queue active) Oct 20 10:19:23 shvv postfix/smtp[18419]: connect to eftps.gov[12.36.213.139]:25: Connection timed out Oct 20 10:19:23 shvv postfix/smtp[18419]: 055ED4C2AC9: to=<[email protected]>, relay=none, delay=155970, delays=155949/0.03/21/0, dsn=4.4.1, status=deferred (connect to eftps.gov[12.36.213.139]:25: Connection timed out) Generally of all sender that used eftps.gov!!!! Unqoute! In "local-host-names" and 'aliases" i have not changes for this! When i run command: "dig MX house-v.eu in answer cection all is NORMAL: ;; ANSWER SECTION: house-v.eu. 28800 IN MX 10 mail.house-v.eu. ;; Query time: 1131 msec ;; SERVER: 93.152.128.1#53(93.152.128.1) ;; WHEN: Wed Oct 20 10:09:32 2010 ;; MSG SIZE rcvd: 49 Please help me to stop this.Where i tray to block this
In your log there is following message: (connect to eftps.gov[12.36.213.139]:25: Connection timed out) wich means that port 25 is closed, where is your server located? Datacenter or home?
to Damir -answer 1.Servers is my own; 2.As i sad this persist only two box in separated mail server on this server 3. on this server i have more of 10 e-mail servers; 4.I have problems only of these e-mail boxes and not any think; 5.All other boxes have not any problem to sent and read mails any where and any think; 6.this 2 e-mail sent all e-mail but only have problems with this i was wouted 7.At command dig MX those two server have not problems with ANSWER SECTIONS and have not problems with main.cfg , local-host-names,aliases and etc. So that this hypothesis of port 25 is problematic. When i run: telnet localhost 25 ALL works as need!
to Falko I don't remember try or not. But in spam tabes in ISPC2 for this e-mails i Put this address and as "name"@yahoo.com, *@yahoo.com and all possible in Black list box and discard spam . Result is this ... all time. I see that my server is attacked by open ports who i not open. In moment i tray to close by firewall it? Is i closing its I will be post result and IP address of all attackers! Between when using firewall of ISPC 2 is posible to on one rows to write starting port address and final adress? As Example: 47000-50000 Or not
As I promis Hackers IP which generate spam 113.53.220.206 183.81.19.160 118.96.6.47 12.147.208.172 186.81.67.107 213.223.211.23 213.6.213.197 95.105.10.155 217.175.1.175 12.36.213.139
Hacks occurr normally from dynamic IP's or servers that are be misused by hackers and the oweners of these servers does not even know that. So posting these IP's does not really help as the servers might be cleaned already tomorrow or the dynamic IP is assigned to another computer a few hours later.
To Till Yes Till thats rights! I do not contest this! I want to share with all my try against hackers and spamers. 1.I have practice to put such addresses to my hosts.deny with this example: ALL: 113.53.220.206: deny 2. When attack to my server is from one provider I block all as example: 113.53.220.207 or 113.54.220.206 in this case is very clear that from this address do not wait not good. Must be immediately block all from this address, etc. ALL: 113.: deny Usually all attack starting against SSH. In this case all times first blocker is file2ban. In my practice I immediately put this address in host.deny and Joomla sites - Ban IP Address. After than i restarting firewall and block this for ever, because those address in the hosts.deny.Well, this my tactics decrease risk and decrease my works. Two times I was lazy ... Last before 4 days. and result is this. I need that do not more lazy. 3. I decide my problems with this my lapse with renaming this 2 email users, and renaming name user in this two sites. Good in this that this sites is my own. I not want to imagine what will be with me is site is a client! 4. Unpleasant in this story that i put this [email protected] in Spam in all e-mails, but attack is against to one separate user in Joomla site with he e-mail address. From this all I have one question why Spam in ISPConfig don"t block this addresses? Please, Till explain for all users ISPConfig 2. Where is mistake to be not repeat it from anybody? Excepting of all, I want to thanks of all users who try to help my of this situation! Thank you !