Hi!
I'm using lfd's AUTHRELAY to block an IP if they send more than 100 mails. But now, some spammer got the password of 2 accounts, and it's relaying through several IPs. That is, when one IP gets blocked by lfd, it starts sending spam from another IP from another country:
Type: AUTHRELAY, Remote IP - 61.4.83.39 (CN/China/-)
Count: 101 emails relayed
Blocked: Temporary Block
Type: AUTHRELAY, Remote IP - 85.214.40.32 (DE/Germany/h1922363.stratoserver.net)
Count: 101 emails relayed
Blocked: Temporary Block
Type: AUTHRELAY, Remote IP - 87.238.161.78 (BE/Belgium/-)
Count: 101 emails relayed
Blocked: Temporary Block
Type: AUTHRELAY, Remote IP - 212.80.20.240 (IR/Iran, Islamic Republic of/-)
Count: 101 emails relayed
Blocked: Temporary Block
Type: AUTHRELAY, Remote IP - 94.23.146.176 (NL/Netherlands/-)
Count: 101 emails relayed
Blocked: Temporary Block
When I detected the problem, I changed the compromised email account password.
What else can I do? Is there a way to prevent this from happening again?
Thanks!
I'm using lfd's AUTHRELAY to block an IP if they send more than 100 mails. But now, some spammer got the password of 2 accounts, and it's relaying through several IPs. That is, when one IP gets blocked by lfd, it starts sending spam from another IP from another country:
Type: AUTHRELAY, Remote IP - 61.4.83.39 (CN/China/-)
Count: 101 emails relayed
Blocked: Temporary Block
Type: AUTHRELAY, Remote IP - 85.214.40.32 (DE/Germany/h1922363.stratoserver.net)
Count: 101 emails relayed
Blocked: Temporary Block
Type: AUTHRELAY, Remote IP - 87.238.161.78 (BE/Belgium/-)
Count: 101 emails relayed
Blocked: Temporary Block
Type: AUTHRELAY, Remote IP - 212.80.20.240 (IR/Iran, Islamic Republic of/-)
Count: 101 emails relayed
Blocked: Temporary Block
Type: AUTHRELAY, Remote IP - 94.23.146.176 (NL/Netherlands/-)
Count: 101 emails relayed
Blocked: Temporary Block
When I detected the problem, I changed the compromised email account password.
What else can I do? Is there a way to prevent this from happening again?
Thanks!