The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How do I stop a box from getting flooded with emails? (I tried :blackhole:)

Discussion in 'E-mail Discussions' started by AbeFroman, Aug 2, 2004.

  1. AbeFroman

    AbeFroman BANNED

    Joined:
    Feb 16, 2002
    Messages:
    654
    Likes Received:
    1
    Trophy Points:
    0
    How do I stop a box from getting flooded with emails?

    I have a domain that has received over 18,000 emails in an hour.

    What is the easiest way to stop these emails from coming in? They are getting stuck in the mail queue and increasing /var exponentially.
     
  2. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    If there is trouble, it will find me
  3. AbeFroman

    AbeFroman BANNED

    Joined:
    Feb 16, 2002
    Messages:
    654
    Likes Received:
    1
    Trophy Points:
    0
    Thanks, but it doesn't seem to be blocking the dictionary attack, got any tips:
    root@server112 [/var/log]# tail -f exim_mainlog | grep unitedamericans\.com
    2004-08-02 11:29:00 H=(namip.ru) [195.230.75.130] F=<> rejected RCPT <moosehea@unitedamericans.com>: (namip.ru) [195.230.75.130] is currently not permitted to relay through this server. Perhaps you have not logged into the pop/imap server in the last 30 minutes or do not have SMTP Authentication turned on in your email client.
    2004-08-02 11:29:00 H=ns.sprint-v.com.ru [81.22.0.3] F=<> rejected RCPT <hans@unitedamericans.com>: ns.sprint-v.com.ru [81.22.0.3] is currently not permitted to relay through this server. Perhaps you have not logged into the pop/imap server in the last 30 minutes or do not have SMTP Authentication turned on in your email client.
    2004-08-02 11:29:00 H=hunter.resume-bank.ru (resume-bank.ru) [62.118.252.51] F=<> rejected RCPT <thu@unitedamericans.com>: hunter.resume-bank.ru (resume-bank.ru) [62.118.252.51] is currently not permitted to relay through this server. Perhaps you have not logged into the pop/imap server in the last 30 minutes or do not have SMTP Authentication turned on in your email client.
    2004-08-02 11:29:01 H=ns.sprint-v.com.ru [81.22.0.3] F=<> rejected RCPT <jamilah@unitedamericans.com>: ns.sprint-v.com.ru [81.22.0.3] is currently not permitted to relay through this server. Perhaps you have not logged into the pop/imap server in the last 30 minutes or do not have SMTP Authentication turned on in your email client.
    2004-08-02 11:29:01 H=he104war.uk.vianw.net [195.102.244.135] F=<> rejected RCPT <yuan@unitedamericans.com>: he104war.uk.vianw.net [195.102.244.135] is currently not permitted to relay through this server. Perhaps you have not logged into the pop/imap server in the last 30 minutes or do not have SMTP Authentication turned on in your email client.
    2004-08-02 11:29:01 H=ns2.caravan.ru [217.23.142.1] F=<> rejected RCPT <kris@unitedamericans.com>: ns2.caravan.ru [217.23.142.1] is currently not permitted to relay through this server. Perhaps you have not logged into the pop/imap server in the last 30 minutes or do not have SMTP Authentication turned on in your email client.
    2004-08-02 11:29:02 H=(namip.ru) [195.230.75.130] F=<> rejected RCPT <fairfax@unitedamericans.com>: (namip.ru) [195.230.75.130] is currently not permitted to relay through this server. Perhaps you have not logged into the pop/imap server in the last 30 minutes or do not have SMTP Authentication turned on in your email client.
    2004-08-02 11:29:04 H=(namip.ru) [195.230.75.130] F=<> rejected RCPT <ssu-kuan@unitedamericans.com>: (namip.ru) [195.230.75.130] is currently not permitted to relay through this server. Perhaps you have not logged into the pop/imap server in the last 30 minutes or do not have SMTP Authentication turned on in your email client.
    2004-08-02 11:29:05 H=smtp2.easydns.com (rack5.easydns.com) [205.210.42.53] F=<> rejected RCPT <vinod@unitedamericans.com>: smtp2.easydns.com (rack5.easydns.com) [205.210.42.53] is currently not permitted to relay through this server. Perhaps you have not logged into the pop/imap server in the last 30 minutes or do not have SMTP Authentication turned on in your email client.
    2004-08-02 11:29:05 H=(namip.ru) [195.230.75.130] F=<> rejected RCPT <seamus@unitedamericans.com>: (namip.ru) [195.230.75.130] is currently not permitted to relay through this server. Perhaps you have not logged into the pop/imap server in the last 30 minutes or do not have SMTP Authentication turned on in your email client.
    2004-08-02 11:29:09 H=voip.solaris.ru [194.85.25.5] F=<> rejected RCPT <rengaraj@unitedamericans.com>: voip.solaris.ru [194.85.25.5] is currently not permitted to relay through this server. Perhaps you have not logged into the pop/imap server in the last 30 minutes or do not have SMTP Authentication turned on in your email client.
    2004-08-02 11:29:09 H=uven.ru [62.76.35.173] F=<> rejected RCPT <pelham@unitedamericans.com>: uven.ru [62.76.35.173] is currently not permitted to relay through this server. Perhaps you have not logged into the pop/imap server in the last 30 minutes or do not have SMTP Authentication turned on in your email client.
    2004-08-02 11:29:10 H=(namip.ru) [195.230.75.130] F=<> rejected RCPT <ellis@unitedamericans.com>: (namip.ru) [195.230.75.130] is currently not permitted to relay through this server. Perhaps you have not logged into the pop/imap server in the last 30 minutes or do not have SMTP Authentication turned on in your email client.
    2004-08-02 11:29:10 H=mx1.pol.ru (pol.ru) [217.23.130.3] F=<> rejected RCPT <ching-en@unitedamericans.com>: mx1.pol.ru (pol.ru) [217.23.130.3] is currently not permitted to relay through this server. Perhaps you have not logged into the pop/imap server in the last 30 minutes or do not have SMTP Authentication turned on in your email client.
    2004-08-02 11:29:10 H=(mona.myownemail.com) [65.198.177.209] F=<> rejected RCPT <zhongmin@unitedamericans.com>: (mona.myownemail.com) [65.198.177.209] is currently not permitted to relay through this server. Perhaps you have not logged into the pop/imap server in the last 30 minutes or do not have SMTP Authentication turned on in your email client.
    2004-08-02 11:29:10 H=(namip.ru) [195.230.75.130] F=<> rejected RCPT <hillary@unitedamericans.com>: (namip.ru) [195.230.75.130] is currently not permitted to relay through this server. Perhaps you have not logged into the pop/imap server in the last 30 minutes or do not have SMTP Authentication turned on in your email client.
    2004-08-02 11:29:11 H=(namip.ru) [195.230.75.130] F=<> rejected RCPT <arvandus@unitedamericans.com>: (namip.ru) [195.230.75.130] is currently not permitted to relay through this server. Perhaps you have not logged into the pop/imap server in the last 30 minutes or do not have SMTP Authentication turned on in your email client.
     
  4. AbeFroman

    AbeFroman BANNED

    Joined:
    Feb 16, 2002
    Messages:
    654
    Likes Received:
    1
    Trophy Points:
    0
    What should the default email be set to to get this to work?
    username ?
    :fail: ?
    :blackhole: ?
     
  5. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    What you've posted are attempts to relay through your server, not deliver to it. Exim is working correctlky and telling the sender that they haven't been authorised to realy. There's nothing more you can do, except block their IP address in your firewall.
     
  6. AbeFroman

    AbeFroman BANNED

    Joined:
    Feb 16, 2002
    Messages:
    654
    Likes Received:
    1
    Trophy Points:
    0
    Now I am getting the following what does the ** mean? How do i get it to show "Dictionnary attack (x failed probes). Dropping connection!" like it says on http://linux.cvf.net/cp_eximrules.html:
    2004-08-02 11:54:06 1BrdWq-0004nX-ER ** balthazar@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:06 1Brfry-0006c9-Rt ** aminadab@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:06 1BrdX4-0005VH-5p ** huyen@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:06 1BrdWo-0004nX-V7 ** kai-yuen@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:06 1BrdWr-0004nX-Tb ** natalia@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:06 1BrdWm-0004nX-SE ** wilfred@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:06 1BrdWm-0005GX-9u ** constant@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:06 1BrdWj-0004nX-C2 ** dekai@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:06 H=(nti-msx1.NetTechInc.net) [64.122.3.58] F=<> rejected RCPT <alice@unitedamericans.com>:
    2004-08-02 11:54:07 1BrdWi-0005GX-1f ** ruben@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:07 1BrdWg-0004nX-Vc ** chrispen@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:07 1BrdWf-0004nX-Mn ** tuan@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:07 1BrdWa-0004nX-UT ** torsten@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:07 1BrdWc-0004nX-QG ** kian@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:07 1BrdWZ-0004nX-Vq ** willen@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:07 H=(cgp.dol.ru) [194.87.5.78] F=<> rejected RCPT <avraham@unitedamericans.com>:
    2004-08-02 11:54:07 H=(summer.cbr.ryazan.su) [212.26.227.30] F=<> rejected RCPT <adi@unitedamericans.com>:
    2004-08-02 11:54:07 1BrdWX-0004nX-Kb ** mordecai@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:07 1BrdgB-0007x6-Mf ** kianusch@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:07 1BrdWW-0004nX-BY ** sylvester@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:08 H=(rocket.naverex.net) [213.169.64.107] F=<> rejected RCPT <munaish@unitedamericans.com>:
    2004-08-02 11:54:08 1BrdWV-0004nX-HB ** ramon@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:08 1BrdWR-0004nX-V3 ** hon-kam@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:08 1BrdgQ-0000CM-7M ** ganapath@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:08 1BrdWR-0004nX-Cp ** tove@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:08 1BrdWO-0004nX-Ef ** filbert@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:09 H=(cgp.dol.ru) [194.87.5.78] F=<> rejected RCPT <vibhu@unitedamericans.com>:
    2004-08-02 11:54:09 1BrdWP-0004nX-VW ** tod@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:09 H=(ice.kirov.ru) [217.9.147.42] F=<> rejected RCPT <mahlon@unitedamericans.com>:
    2004-08-02 11:54:09 1BrdWP-0004nX-Hf ** masoud@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:09 1Brdg9-0007x6-MF ** zale@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:09 H=(amber.rsu.ru) [195.208.252.10] F=<> rejected RCPT <nancy@unitedamericans.com>:
    2004-08-02 11:54:09 1BrdgD-0007x6-Q7 ** isil@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:09 1Brdg1-0007x6-Ev ** carlyle@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:09 1BrdgG-0000CM-Cz ** jie@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:09 1BrdWG-0004yc-Ne ** dirk@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:09 1BrdWG-000573-21 ** tsung-lu@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:09 1BrdWK-0004yc-9n ** leann@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:09 1Brdg8-00008Y-Q6 ** shelby@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:09 H=(aaa09.gavs.ru) [212.45.13.107] F=<> rejected RCPT <amyas@unitedamericans.com>:
    2004-08-02 11:54:09 1BrdWF-00058r-Az ** abner@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:09 1Brdg8-0007x6-Du ** marlena@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:09 1BrdWC-0004nX-Q5 ** jiachen@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:09 1BrdWD-0004nX-K2 ** soumitra@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:09 1Brdfy-0007x6-RO ** andre@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:10 1Brdfx-0007x6-Cz ** jayson@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:10 H=(ice.kirov.ru) [217.9.147.42] F=<> rejected RCPT <takaji@unitedamericans.com>:
    2004-08-02 11:54:10 1BrdWB-0004nX-3b ** dwight@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:10 1Brdg3-0007x6-E3 ** hee-sub@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:10 1BrdW9-0004nX-Eh ** kay@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:10 1Brdfv-0007x6-6V ** theodora@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:10 1Brdfq-0007x6-9E ** jethro@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:10 1Brdg0-0007x6-5o ** daryl@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:10 1BrdW3-0004nX-Uk ** rusty@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:10 H=(mx.nsu.ru) [212.192.164.5] F=<> rejected RCPT <becky@unitedamericans.com>:
    2004-08-02 11:54:10 1Brdft-0007x6-84 ** sarah@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:10 1BrdW2-0004nX-Aw ** millard@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:10 1BrdVx-0004nX-VO ** ariella@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:10 1Brdfm-0007x6-5f ** wyatt@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:11 1Brdfk-0007x6-Pk ** jo@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:11 1BrdVu-0004nX-Tl ** kathleen@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:11 1Brdfn-0007x6-Dt ** yates@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:11 1BrdVv-0004nX-Cu ** azuriah@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:11 1BrdfX-0007x6-JU ** sterling@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:11 1BrdVs-0004nX-PH ** marie@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:11 H=(twin1.cbr.ru) [212.40.192.42] F=<> rejected RCPT <lincoln@unitedamericans.com>:
    2004-08-02 11:54:11 1BrdVs-0004nX-Dc ** manish@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:11 1BrdVq-0004nX-FK ** claude@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:11 1BrdVo-0004zy-U1 ** egidio@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:12 1Brdec-00080E-IC ** aneliese@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:12 1BrdeZ-00080E-Qj ** jeanette@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:12 1BrdVl-0004nX-6n ** ani@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:12 1Brdeg-00080E-4X ** montgomery@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:12 1BrdVh-0004nX-U8 ** obadiah@unitedamericans.com R=virtual_aliases:
    2004-08-02 11:54:12 H=(ice.kirov.ru) [217.9.147.42] F=<> rejected RCPT <jianping@unitedamericans.com>:
     
  7. AbeFroman

    AbeFroman BANNED

    Joined:
    Feb 16, 2002
    Messages:
    654
    Likes Received:
    1
    Trophy Points:
    0
    Is it support to be writing to hostrejectrcpt, those files arent changing
    root@server112 [/etc/exim/acls]# ll
    total 20
    drwxr-xr-x 2 root root 4096 Aug 2 11:49 ./
    drwxr-xr-x 3 root root 4096 Aug 2 11:05 ../
    -rw-r--r-- 1 root root 295 Aug 2 11:51 denyenvsenders
    -rw-r--r-- 1 root root 81 Aug 2 11:53 destwhitelist
    -rw-r--r-- 1 root root 588 Aug 2 11:53 hostrejectrcpt
     
  8. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,578
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
  9. AbeFroman

    AbeFroman BANNED

    Joined:
    Feb 16, 2002
    Messages:
    654
    Likes Received:
    1
    Trophy Points:
    0
    It seem like this line is the one that is suppose to stop it....
    # How many bad receipients must fail before we drop the connection?
    # Leave it at default 3 unless you have a very good reason to change it.
    ALLOWEDRCPTFAIL=3
    but
    I dont see where it writes ips to block to this file:
    /etc/exim/acls/hostrejectrcpt

    Got any tips? Or do you know of another way to block such an attack?
     
  10. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    If there is trouble, it will find me
    Yes, it's working great for me and blocking dictionary attacks left and right.
     
  11. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    If there is trouble, it will find me
    You put what you want in there manually.
     
  12. AbeFroman

    AbeFroman BANNED

    Joined:
    Feb 16, 2002
    Messages:
    654
    Likes Received:
    1
    Trophy Points:
    0
    Casey, where does it put the IP's it blocks in the dictionary attack?

    Got any tips for us?

    What does the default address have to be set as?

    Are you running Exim 4.34?

    Would you be so kind as to post a copy of your /etc/exim.conf file here?
     
Loading...

Share This Page