[SATLUG] Possible Email Attacks
Jonathan Hull
masterr at gmail.com
Tue Nov 13 13:09:14 CST 2007
I would think it is just spam trying to use your server as a bounce. I
wouldn't worry too much about it seeing as you have relaying blocked.
On 11/13/07, Brad Taylor <linuxinfo at satx.rr.com> wrote:
> I am running an Ubuntu 7.04 email server (Postfix+Dovecot+ClamAV) and
> it looks like someone has been trying to get into the system. I have had
> several messages like the this one:
>
> Transcript of session follows.
>
> Out: 220 hostname.domainname.com ESMTP Postfix (Ubuntu)
> In: helo www.MyMainServer.com
> Out: 250 hostname.domainname.com
> In: mail from:<michael78694 at MyMainServer.com>
> Out: 250 2.1.0 Ok
> In: rcpt to:<candy59839 at yahoo.com.tw>
> Out: 554 5.7.1 <candy59839 at yahoo.com.tw>: Relay access denied
>
> Session aborted, reason: lost connection
>
> It looks like my server is rejecting the connection as it should, but I
> had a question about blocking this before it gets to the server.
> I traced the IP back to an Asia-Pacific area according to ARIN. If I
> put a block on the IP address in IPTABLES would that be a wise decision?
> --
> _______________________________________________
> SATLUG mailing list
> SATLUG at satlug.org
> http://alamo.satlug.org/mailman/listinfo/satlug to unsubscribe
> Powered by Rackspace (www.rackspace.com)
>
More information about the SATLUG
mailing list