[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: More then 2800 spams from the list...

Hi Joe,

Am 2018-03-20 hackte Joe in die Tasten:
> A SMTP server, by default, accepts email only for recipients which
> have
> an account on it. Aliases can be added, but on the whole, there is no
> mechanism for a 'catch-all' mailbox. Someone has to deliberately add
> some code to make such a thing happen.

Not realy true, because I have setup a honnypot for a (new) domain
which NEVER send or receive any mails and used

@example.com: honigtopf

which accept anything!  However, this EMails are forwarded to a RBL
provider which use it for analysing...  ;-)

> This has even been true of
> Exchange for the last few versions. It's generally not difficult, but
> it's not there out of the box.

Courier can do this as well as exim and postfix!
Out-of-the-Box!

Please read the documentation!

> Things aren't as bad as they used to be, probably 90% of what my mail
> server refused was once NDR spam. I could see in the logs the same
> dozen
> obviously deliberately incorrect email addresses every day, sometimes
> several times a day.

Hmmm I just checked, and verified twice, but the spammers are sleeping
today:

----[ /var/log/mail_err.log ]-------------------------------------------
<19>1 2018-03-20T01:46:16.855550+01:00 mail courieresmtpd  - - 
error,relay=::ffff:194.181.177.172,from=<Info.Googlepromo@info.com>:
517 Sender rejected: Info.Googlepromo@info.com
<19>1 2018-03-20T01:48:27.104049+01:00 mail courieresmtpd  - - 
error,relay=::ffff:78.47.104.44,from=<#@[]>: 517 Syntax error.
<19>1 2018-03-20T02:10:01.608879+01:00 mail courieresmtpd  - - 
error,relay=::ffff:185.174.23.54,from=<SexualHealth@visionveryclear.bid>,to=<jfc53@tdwave.net>:
556 Address unavailable.
<19>1 2018-03-20T02:46:27.744330+01:00 mail courieresmtpd  - - 
error,relay=::ffff:27.116.21.218,from=<cucks@glows-training.co.uk>,to=<20090120171902.gh29556@tamay-dogan.net>:
550 User <20090120171902.gh29556> unknown
<19>1 2018-03-20T02:46:28.053447+01:00 mail courieresmtpd  - - 
error,relay=::ffff:27.116.21.218,from=<cucks@glows-training.co.uk>,to=<ga16968@tamay-dogan.net>:
550 User <ga16968> unknown
<19>1 2018-03-20T02:46:28.369856+01:00 mail courieresmtpd  - - 
error,relay=::ffff:27.116.21.218,from=<cucks@glows-training.co.uk>,to=<20080919175920.gn6606@tamay-dogan.net>:
550 User <20080919175920.gn6606> unknown
<19>1 2018-03-20T02:46:28.679337+01:00 mail courieresmtpd  - - 
error,relay=::ffff:27.116.21.218,from=<cucks@glows-training.co.uk>,to=<20100613011722.gt8243@tamay-dogan.net>:
550 User <20100613011722.gt8243> unknown
<19>1 2018-03-20T02:46:28.988781+01:00 mail courieresmtpd  - - 
error,relay=::ffff:27.116.21.218,from=<cucks@glows-training.co.uk>,to=<20100625180153.gk21273@tamay-dogan.net>:
550 User <20100625180153.gk21273> unknown
<19>1 2018-03-20T02:46:29.298216+01:00 mail courieresmtpd  - - 
error,relay=::ffff:27.116.21.218,from=<cucks@glows-training.co.uk>,to=<20100625175945.gj21273@tamay-dogan.net>:
550 User <20100625175945.gj21273> unknown
<19>1 2018-03-20T03:35:17.173606+01:00 mail courieresmtpd  - - 
error,relay=::ffff:121.40.42.27,from=<subinahan57@nate.com>,to=<gg4653@tamay-dogan.net>:
550 User <gg4653> unknown
<19>1 2018-03-20T03:35:17.437402+01:00 mail courieresmtpd  - - 
error,relay=::ffff:121.40.42.27,from=<subinahan57@nate.com>,to=<gc4668@tamay-dogan.net>:
550 User <gc4668> unknown
<19>1 2018-03-20T03:35:17.700985+01:00 mail courieresmtpd  - - 
error,relay=::ffff:121.40.42.27,from=<subinahan57@nate.com>,to=<ga4668@tamay-dogan.net>:
550 User <ga4668> unknown
<19>1 2018-03-20T04:02:31.999498+01:00 mail courieresmtpd  - - 
error,relay=::ffff:220.181.97.175,from=<sales@cubeel.com>,to=<einkauf@electronica.tamay-dogan.net>:
550 User <einkauf> unknown
<19>1 2018-03-20T04:42:16.719343+01:00 mail courieresmtpd  - - 
error,relay=::ffff:119.177.128.214,from=<chulmim5@gmail.com>,to=<ge4653@tamay-dogan.net>:
550 User <ge4653> unknown
<19>1 2018-03-20T04:42:17.023533+01:00 mail courieresmtpd  - - 
error,relay=::ffff:119.177.128.214,from=<chulmim5@gmail.com>,to=<gm2093@tamay-dogan.net>:
550 User <gm2093> unknown
<19>1 2018-03-20T04:43:09.854792+01:00 mail courieresmtpd  - - 
error,relay=::ffff:194.181.177.172,from=<Info.Googlepromo@info.com>:
517 Sender rejected: Info.Googlepromo@info.com
<19>1 2018-03-20T04:45:31.704422+01:00 mail courieresmtpd  - - 
error,relay=::ffff:182.139.29.77,from=<1991019554@qq.com>,to=<20100613011722.GT8243@tamay-dogan.net>:
550 User <20100613011722.GT8243> unknown
<19>1 2018-03-20T04:50:10.555313+01:00 mail courieresmtpd  - - 
error,relay=::ffff:182.139.29.77,from=<2302627349@qq.com>,to=<20100625175945.GJ21273@tamay-dogan.net>:
550 User <20100625175945.GJ21273> unknown
<19>1 2018-03-20T04:50:11.067588+01:00 mail courieresmtpd  - - 
error,relay=::ffff:182.139.29.77,from=<1991019554@qq.com>,to=<20100625180153.GK21273@tamay-dogan.net>:
550 User <20100625180153.GK21273> unknown
<19>1 2018-03-20T06:55:51.421165+01:00 mail courieresmtpd  - - 
error,relay=::ffff:111.160.38.150,from=<chulmim5@gmail.com>,to=<gc4668@tamay-dogan.net>:
550 User <gc4668> unknown
<19>1 2018-03-20T06:55:51.770953+01:00 mail courieresmtpd  - - 
error,relay=::ffff:111.160.38.150,from=<chulmim5@gmail.com>,to=<ga4668@tamay-dogan.net>:
550 User <ga4668> unknown
<19>1 2018-03-20T06:55:52.105612+01:00 mail courieresmtpd  - - 
error,relay=::ffff:111.160.38.150,from=<chulmim5@gmail.com>,to=<gg4653@tamay-dogan.net>:
550 User <gg4653> unknown
<19>1 2018-03-20T07:12:27.384536+01:00 mail courieresmtpd  - - 
error,relay=::ffff:78.47.104.44,from=<#@[]>: 517 Syntax error.
<19>1 2018-03-20T07:22:53.284402+01:00 mail courieresmtpd  - - 
error,relay=::ffff:119.90.24.64,from=<subinahan57@nate.com>,to=<ge4653@tamay-dogan.net>:
550 User <ge4653> unknown
<19>1 2018-03-20T07:22:53.603333+01:00 mail courieresmtpd  - - 
error,relay=::ffff:119.90.24.64,from=<subinahan57@nate.com>,to=<gm2093@tamay-dogan.net>:
550 User <gm2093> unknown
<19>1 2018-03-20T07:53:55.102715+01:00 mail courieresmtpd  - - 
error,relay=::ffff:40.92.65.48,from=<ahmedhakim@live.com>: 517 Sender
rejected: ahmedhakim@live.com
<19>1 2018-03-20T08:53:15.523049+01:00 mail courieresmtpd  - - 
error,relay=::ffff:61.160.101.114,from=<natminroll@gmail.com>,to=<ga4668@tamay-dogan.net>:
550 User <ga4668> unknown
<19>1 2018-03-20T08:53:15.813412+01:00 mail courieresmtpd  - - 
error,relay=::ffff:61.160.101.114,from=<natminroll@gmail.com>,to=<gc4668@tamay-dogan.net>:
550 User <gc4668> unknown
<19>1 2018-03-20T08:53:16.105498+01:00 mail courieresmtpd  - - 
error,relay=::ffff:61.160.101.114,from=<natminroll@gmail.com>,to=<gg4653@tamay-dogan.net>:
550 User <gg4653> unknown
<19>1 2018-03-20T10:06:35.760419+01:00 mail courieresmtpd  - - 
error,relay=::ffff:114.237.210.113,from=<support@itsystems.tamay-dogan.net>,to=<2326410519@qq.com>:
513 Relaying denied.
<19>1 2018-03-20T10:11:42.659188+01:00 mail courieresmtpd  - - 
error,relay=::ffff:114.237.210.128,from=<support@jiangmin.com>,to=<2326410519@qq.com>:
513 Relaying denied.
<19>1 2018-03-20T10:36:14.814806+01:00 mail courieresmtpd  - - 
error,relay=2607:f8b0:4001:c06::246,from=<399WwWgcLAEIrsvitp22syxyfi.gsq@youtube-subscriptions.bounces.google.com>,to=<google@electronica.tamay-dogan.net>:
550 User <google> unknown
<19>1 2018-03-20T11:00:14.046567+01:00 mail courieresmtpd  - - 
error,relay=::ffff:185.174.23.49,from=<FixYourTightHips@fixtighthips.bid>,to=<jfc53@tdwave.net>:
556 Address unavailable.
<19>1 2018-03-20T12:12:43.298844+01:00 mail courieresmtpd  - - 
error,relay=::ffff:61.175.186.125,from=<fma@fmtunisie.com>: 517-Domain
does not exist: fmtunisie.com.
<19>1 2018-03-20T12:12:43.299010+01:00 mail courieresmtpd  - - 
error,relay=::ffff:61.175.186.125,from=<fma@fmtunisie.com>: 517
Invalid domain, see <URL:ftp://ftp.isi.edu/in-notes/rfc1035.txt>
<19>1 2018-03-20T12:12:48.359610+01:00 mail courieresmtpd  - - 
error,relay=::ffff:61.175.186.125,from=<fma@fmtunisie.com>: 517-Domain
does not exist: fmtunisie.com.
<19>1 2018-03-20T12:12:48.359760+01:00 mail courieresmtpd  - - 
error,relay=::ffff:61.175.186.125,from=<fma@fmtunisie.com>: 517
Invalid domain, see <URL:ftp://ftp.isi.edu/in-notes/rfc1035.txt>
<19>1 2018-03-20T12:17:00.588129+01:00 mail courieresmtpd  - - 
error,relay=::ffff:185.174.23.43,from=<LossofNails@fixtoenails.bid>,to=<jfc53@tdwave.net>:
556 Address unavailable.
<19>1 2018-03-20T13:40:39.638981+01:00 mail courieresmtpd  - - 
error,relay=::ffff:112.116.220.112,from=<gjungmin81@korea.com>,to=<gg4653@tamay-dogan.net>:
550 User <gg4653> unknown
<19>1 2018-03-20T13:40:40.089566+01:00 mail courieresmtpd  - - 
error,relay=::ffff:112.116.220.112,from=<gjungmin81@korea.com>,to=<ga4668@tamay-dogan.net>:
550 User <ga4668> unknown
<19>1 2018-03-20T13:40:40.529563+01:00 mail courieresmtpd  - - 
error,relay=::ffff:112.116.220.112,from=<gjungmin81@korea.com>,to=<gc4668@tamay-dogan.net>:
550 User <gc4668> unknown
<19>1 2018-03-20T14:12:53.871912+01:00 mail courieresmtpd  - - 
error,relay=::ffff:27.116.21.218,from=<xzrofnihhl@glowpak.com>,to=<20090120171902.gh29556@tamay-dogan.net>:
550 User <20090120171902.gh29556> unknown
<19>1 2018-03-20T14:12:54.150525+01:00 mail courieresmtpd  - - 
error,relay=::ffff:27.116.21.218,from=<xzrofnihhl@glowpak.com>,to=<ga16968@tamay-dogan.net>:
550 User <ga16968> unknown
<19>1 2018-03-20T14:12:54.428472+01:00 mail courieresmtpd  - - 
error,relay=::ffff:27.116.21.218,from=<xzrofnihhl@glowpak.com>,to=<20080919175920.gn6606@tamay-dogan.net>:
550 User <20080919175920.gn6606> unknown
<19>1 2018-03-20T14:12:55.068198+01:00 mail courieresmtpd  - - 
error,relay=::ffff:27.116.21.218,from=<xzrofnihhl@glowpak.com>,to=<20100613011722.gt8243@tamay-dogan.net>:
550 User <20100613011722.gt8243> unknown
<19>1 2018-03-20T14:12:55.346134+01:00 mail courieresmtpd  - - 
error,relay=::ffff:27.116.21.218,from=<xzrofnihhl@glowpak.com>,to=<20100625180153.gk21273@tamay-dogan.net>:
550 User <20100625180153.gk21273> unknown
<19>1 2018-03-20T14:12:55.623873+01:00 mail courieresmtpd  - - 
error,relay=::ffff:27.116.21.218,from=<xzrofnihhl@glowpak.com>,to=<20100625175945.gj21273@tamay-dogan.net>:
550 User <20100625175945.gj21273> unknown
<19>1 2018-03-20T14:38:50.419729+01:00 mail courieresmtpd  - - 
error,relay=::ffff:117.92.197.86,from=<linux4michelle@tamay-dogan.net>,to=<357302542@qq.com>:
513 Relaying denied.
<19>1 2018-03-20T14:41:27.958625+01:00 mail courieresmtpd  - - 
error,relay=::ffff:117.92.197.127,from=<linliu@nwpu.edu.cn>,to=<357302542@qq.com>:
513 Relaying denied.
<19>1 2018-03-20T15:09:00.471862+01:00 mail courieresmtpd  - - 
error,relay=::ffff:185.174.23.64,from=<UseItTonight!@edhealthnews.bid>:
517 Syntax error.
<19>1 2018-03-20T15:41:10.257348+01:00 mail courieresmtpd  - - 
error,relay=::ffff:172.82.152.171,from=<tejrryt@ecookinggames.com>,to=<paypal-20100801@electronica.tamay-dogan.net>:
550 User <paypal-20100801> unknown
<19>1 2018-03-20T16:14:00.353685+01:00 mail courieresmtpd  - - 
error,relay=::ffff:208.75.123.179,from=<AQI+Wk8iNSxS0XolMljf1PA==_1116135183271_t/XSwIj2EeOG0dSuUpLDbw==@in.constantcontact.com>:
517 Sender rejected:
AQI+Wk8iNSxS0XolMljf1PA==_1116135183271_t/XSwIj2EeOG0dSuUpLDbw==@in.constantcontact.com
<19>1 2018-03-20T16:34:48.052173+01:00 mail courieresmtpd  - - 
error,relay=::ffff:182.42.41.202,from=<support@itsystems.tamay-dogan.net>,to=<2326410519@qq.com>:
513 Relaying denied.
<19>1 2018-03-20T16:38:36.411862+01:00 mail courieresmtpd  - - 
error,relay=::ffff:144.255.49.177,from=<support@itsystems.tamay-dogan.net>,to=<2326410519@qq.com>:
513 Relaying denied.
<19>1 2018-03-20T16:42:22.206625+01:00 mail courieresmtpd  - - 
error,relay=::ffff:106.6.96.21,from=<Henry.bny5@hotmail.com>: 517
Sender rejected: Henry.bny5@hotmail.com
<19>1 2018-03-20T16:48:08.209013+01:00 mail courieresmtpd  - - 
error,relay=::ffff:208.75.123.168,from=<AgQ9YUHscSU2PUBnZ5q2g2A==_1116135183271_t/XSwIj2EeOG0dSuUpLDbw==@in.constantcontact.com>:
517 Sender rejected:
AgQ9YUHscSU2PUBnZ5q2g2A==_1116135183271_t/XSwIj2EeOG0dSuUpLDbw==@in.constantcontact.com
<19>1 2018-03-20T17:05:49.162600+01:00 mail courieresmtpd  - - 
error,relay=::ffff:66.135.215.120,from=<ebay@ebay.de>,to=<ebay@itsystems.tamay-dogan.net>:
550 User <ebay> unknown
------------------------------------------------------------------------

only arround 60 today!

On a spammy day I get more then 50.000 (!) entries.

However, I host more then 200 domains and hosts on the server and ALL
get spamed, even if they have never used for mailing. (I asked my
customers to use unused mailaccounts as catchall to get the spamers)

;-)

> This has reduced with the decline of small (and
> large!) businesses running their own private SMTP servers but
> downloading their mail from a single shared external POP3 account,
> which used to be a very common practice.

Who is still offering pop3?

Thanks in advance

-- 
Michelle Konzack        Miila ITSystems @ TDnet
GNU/Linux Developer     00372-54541400
Reply to: