Hey guys. I've just switched my old mail server to Opensuse 10.1 with ISPConfig about week ago. It is running great and I am very satisfied with the results, But today I am getting some strange emails. I don't know if I should be concerned or not but someone out there is constantly sending same email to my mail server. So far, I got around 10-20 mails and it originated from various servers. It feels like the guy is giving me a little warning, and is going to heavily spam my servers soon. Just for preventive measures, I think I am going to notify my ISP before I get heavily attacked by this person or groups. Have anybody gotten emails similar to this? Should I be concered? What should be the other things that I should be doing beside check my system logs and mail logs right now? Code: Return-Path: <[email protected]> X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on ns1.mymailsver.com X-Spam-Level: **** X-Spam-Status: No, score=4.4 required=5.0 tests=RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_XBL autolearn=no version=3.1.7 X-Original-To: [email protected] Delivered-To: [email protected] Received: by ns1.mymailsver.com (Postfix) id A18093FE0FE; Mon, 19 Feb 2007 10:33:53 -0500 (EST) Delivered-To: [email protected] Received: from kameleon.edubrovnik.org (unknown [71.30.108.74]) by ns1.mymailsver.com (Postfix) with ESMTP id 6D1CC3FE0FA for <[email protected]>; Mon, 19 Feb 2007 10:33:53 -0500 (EST) Received: from edulink.pl (HELO edulink.pl) ([83.238.130.114]) by t296.edulink.pl with ESMTP id ; Mon, 19 Feb 2007 15:33:52 +0300 Received: from 0833.xavient.com ([34.85.160.196]) by xt.filosofia.uniba.it (Sun Java System Messaging Server 6.1 HotFix 0.07 (built Oct 10 2005)) with ESMTP id <[email protected]> for [email protected]; Mon, 19 Feb 2007 15:33:52 +0300 (IST) Date: Mon, 19 Feb 2007 15:33:52 +0300 From: "Trena Kim" <[email protected]> To: <[email protected]> Subject: Trena Message-ID: <[email protected]> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-Virus-Status: No X-Virus-Checker-Version: clamassassin 1.2.3 with clamscan / ClamAV 0.88.7/2603/Mon Feb 19 09:46:59 2007 Hi How are you ? Call me. one day a week. Poor you, i don't even think how much spam you are recive. activities can be 68796D6D78667179746B786E7368726668796E726E45777E666D743374 Code: Return-Path: <[email protected]> X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on ns1.mymailsver.com X-Spam-Level: *** X-Spam-Status: No, score=3.7 required=5.0 tests=RCVD_IN_NJABL_DUL, RCVD_IN_SORBS_DUL autolearn=no version=3.1.7 X-Original-To: [email protected] Delivered-To: [email protected] Received: by ns1.mymailsver.com (Postfix) id 6D7E23FE100; Mon, 19 Feb 2007 09:49:08 -0500 (EST) Delivered-To: [email protected] Received: from wrzb-590cfe2c.pool.einsundeins.de (wrzb-590cfe2c.pool.einsundeins.de [89.12.254.44]) by ns1.mymailsver.com (Postfix) with ESMTP id 923CC3FE0FA for <[email protected]>; Mon, 19 Feb 2007 09:49:05 -0500 (EST) Received: from hcctel.net.commsysinc.mail7.psmtp.com (HELO hcctel.net) ([64.18.5.13]) by i107.hcctel.net with ESMTP id ; Mon, 19 Feb 2007 14:51:55 -0060 Received: from nqf6.webm.ru ([90.147.90.101]) by d9txy8.web-slingers.com (Sun Java System Messaging Server 6.1 HotFix 0.07 (built Sep 1 2002)) with ESMTP id <[email protected]> for [email protected]; Mon, 19 Feb 2007 14:51:55 -0060 (IST) Date: Mon, 19 Feb 2007 14:51:55 -0060 From: "Vanieca Knowlden" <[email protected]> To: <[email protected]> Subject: Vanieca Message-ID: <[email protected]> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-Virus-Status: No X-Virus-Checker-Version: clamassassin 1.2.3 with clamscan / ClamAV 0.88.7/2601/Mon Feb 19 06:45:48 2007 Hi How are you ? Call me. you almost Poor you, i don't even think how much spam you are recive. resists 68796D6D78667179746B786E7368726668796E726E45777E666D743374 Best Wishes! Sonny...
You are not the only one receiving this. Google for: "Poor you, i don't even think how much spam you are recive"
I have added zen.spamhaus.org to my postfix at the MTA level. This junk in not even processed on my systems
Thanks edge! I thought I was the only one, getting this kind of mails. I guess I was right about going to heavily spamed, Just got another 10 mails containing exactly same contents passing spamassassin. I read there's going to be hundreads more of this. Cheers! Sonny...
Thanks martinfst!!! I am going to look in to doing samething. I guess there should be howto around here some where? Anywayz thanks for the reply! I am just relieved that I am not the only one who's getting this.
There's probably no howto as it is very simple. 1st use (as root) Code: postconf -n | grep smtpd_recipient_restrictions Make a note of the string behind the equal sign. Then use Code: postconf -e "smtpd_recipient_restrictions = <the string after = sign>, reject_rbl_client zen.spamhaus.org" My full reject list is Code: smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks, check_sender_access hash:/etc/postfix/whitelist, reject_unauth_destination, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_invalid_hostname, reject_non_fqdn_hostname, reject_rbl_client zen.spamhaus.org but don't just copy / paste this. Try to understand the options and verify if they apply for you. Only then add them and watch your log files for FP. I'm still not having a perfect setup myself as I (including active spamassasin) still get around 10 spams per day in my inbox. I have some more ideas to add, but I'd like to make that a standard part of ISPConfig (RulesduJour, selectable FuzzyOCR, etc). Or at least a package add-on. But I don't have the time to do much on this on short notice.
You are my hero for today! I've just added reject_rbl_client zen.spamhaus.org for now, I'll look into other options later!
