spamming, how to find origin
Posted: Sun 24. May 2020, 22:44
Hello,
somebody started massive spamming from my Keyhelp server, I have found this in mail.log, how to know the way of the spammer?
May 24 22:30:33 user postfix/smtpd[7048]: 7DD115DD44: client=localhost[127.0.0.1]
May 24 22:30:33 user postfix/cleanup[6694]: 7DD115DD44: message-id=<0b14a1e176f9431ee38789b133f0910b@example.com>
May 24 22:30:33 user postfix/smtpd[7048]: disconnect from localhost[127.0.0.1] ehlo=1 mail=2 rcpt=2 data=2 noop=1 quit=1 commands=9
May 24 22:30:33 user postfix/qmgr[2733]: 7DD115DD44: from=<user.somebody@gmail.com>, size=2826, nrcpt=1 (queue active)
May 24 22:30:33 user postfix/error[6709]: 7DD115DD44: to=<somebody@gmx.de>, relay=none, delay=0.01, delays=0.01/0/0/0, dsn=4.0.0, status=deferred (delivery temporarily suspended: host mx01.emig.gmx.net[212.227.17.5] refused to talk to me: 554-gmx.net (mxgmx116) Nemesis ESMTP Service not available 554-No SMTP service 554-Bad DNS PTR resource record. 554 For explanation visit https://www.gmx.net/mail/senderguidelin ... .12&c=rdns)
May 24 22:30:33 user amavis[7037]: (07037-02) Passed CLEAN {RelayedOpenRelay}, [127.0.0.1] <user.somebody@gmail.com> -> <somebody@gmx.de>, Message-ID: <0b14a1e176f9431ee38789b133f0910b@example.com>, mail_id: vCvoh5bEv1_q, Hits: 3.202, size: 2389, queued_as: 7DD115DD44, 997 ms
May 24 22:30:33 user postfix/smtp[6701]: 81B6A5DD3B: to=<somebody@gmx.de>, relay=127.0.0.1[127.0.0.1]:10024, delay=1, delays=0.01/0/0.01/1, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 7DD115DD44)
thank you
Zoltan
somebody started massive spamming from my Keyhelp server, I have found this in mail.log, how to know the way of the spammer?
May 24 22:30:33 user postfix/smtpd[7048]: 7DD115DD44: client=localhost[127.0.0.1]
May 24 22:30:33 user postfix/cleanup[6694]: 7DD115DD44: message-id=<0b14a1e176f9431ee38789b133f0910b@example.com>
May 24 22:30:33 user postfix/smtpd[7048]: disconnect from localhost[127.0.0.1] ehlo=1 mail=2 rcpt=2 data=2 noop=1 quit=1 commands=9
May 24 22:30:33 user postfix/qmgr[2733]: 7DD115DD44: from=<user.somebody@gmail.com>, size=2826, nrcpt=1 (queue active)
May 24 22:30:33 user postfix/error[6709]: 7DD115DD44: to=<somebody@gmx.de>, relay=none, delay=0.01, delays=0.01/0/0/0, dsn=4.0.0, status=deferred (delivery temporarily suspended: host mx01.emig.gmx.net[212.227.17.5] refused to talk to me: 554-gmx.net (mxgmx116) Nemesis ESMTP Service not available 554-No SMTP service 554-Bad DNS PTR resource record. 554 For explanation visit https://www.gmx.net/mail/senderguidelin ... .12&c=rdns)
May 24 22:30:33 user amavis[7037]: (07037-02) Passed CLEAN {RelayedOpenRelay}, [127.0.0.1] <user.somebody@gmail.com> -> <somebody@gmx.de>, Message-ID: <0b14a1e176f9431ee38789b133f0910b@example.com>, mail_id: vCvoh5bEv1_q, Hits: 3.202, size: 2389, queued_as: 7DD115DD44, 997 ms
May 24 22:30:33 user postfix/smtp[6701]: 81B6A5DD3B: to=<somebody@gmx.de>, relay=127.0.0.1[127.0.0.1]:10024, delay=1, delays=0.01/0/0.01/1, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 7DD115DD44)
thank you
Zoltan