The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

under email attack!

Discussion in 'E-mail Discussions' started by Radio_Head, Nov 7, 2006.

  1. Radio_Head

    Radio_Head Well-Known Member

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    38
    I have a client , I'll call him myclientdomain.org, which is under email attack . The attack is also overloading the server .

    The attack is coming from different ip address (thousand of proxy ips).
    The attack also if seems to be a dictionary attack is NOT detected using the antidictionary
    script provided By Chirpy . As it seems they are attempts to relay email ?

    The log shows line like these

    2006-11-07 07:14:53 H=yipfw1.joho-yamaguchi.or.jp (mail1) [210.225.240.91] F=<> rejected RCPT <Hattiesgrickshaw@myclientdomain.org>: yipfw1.joho-yamaguchi.or.jp (mail1) [210.225.240.91] is currently not permitted to relay through this server. Perhaps you have not logged into the pop/imap server in the last 30 minutes or do not have SMTP Authentication turned on in your email client.
    2006-11-07 07:14:55 H=mercury.alienwebshop.com [67.91.233.6] F=<> rejected RCPT <BrandiiHblood@myclientdomain.org>: mercury.alienwebshop.com [67.91.233.6]
    is currently not permitted to relay through this server. Perhaps you have not logged into the pop/imap server in the last 30 minutes or do not have SMTP Authentication turned on in your email client.
    2006-11-07 07:14:56 H=blu.primehs.net [211.125.95.164] F=<> rejected RCPT <BrandikQhorology@myclientdomain.org>: blu.primehs.net [211.125.95.164] is currently not permitted to relay through this server. Perhaps you have not logged into the pop/imap server in the last 30 minutes or do not have SMTP Authentication turned on in your email client.
    2006-11-07 07:14:57 H=mxdrop25.xs4all.nl [194.109.24.83] F=<> rejected RCPT <Guadalupebclip@myclientdomain.org>: mxdrop25.xs4all.nl [194.109.24.83] is currently not permitted to relay through this server. Perhaps you have not logged into the pop/imap server in the last 30 minutes or do not have SMTP Authentication turned on in your email client.


    How to stop this attack ?
     
Loading...

Share This Page