Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

under email attack!

Discussion in 'E-mail Discussion' started by Radio_Head, Nov 7, 2006.

  1. Radio_Head

    Radio_Head Well-Known Member

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    343
    I have a client , I'll call him myclientdomain.org, which is under email attack . The attack is also overloading the server .

    The attack is coming from different ip address (thousand of proxy ips).
    The attack also if seems to be a dictionary attack is NOT detected using the antidictionary
    script provided By Chirpy . As it seems they are attempts to relay email ?

    The log shows line like these

    2006-11-07 07:14:53 H=yipfw1.joho-yamaguchi.or.jp (mail1) [210.225.240.91] F=<> rejected RCPT <Hattiesgrickshaw@myclientdomain.org>: yipfw1.joho-yamaguchi.or.jp (mail1) [210.225.240.91] is currently not permitted to relay through this server. Perhaps you have not logged into the pop/imap server in the last 30 minutes or do not have SMTP Authentication turned on in your email client.
    2006-11-07 07:14:55 H=mercury.alienwebshop.com [67.91.233.6] F=<> rejected RCPT <BrandiiHblood@myclientdomain.org>: mercury.alienwebshop.com [67.91.233.6]
    is currently not permitted to relay through this server. Perhaps you have not logged into the pop/imap server in the last 30 minutes or do not have SMTP Authentication turned on in your email client.
    2006-11-07 07:14:56 H=blu.primehs.net [211.125.95.164] F=<> rejected RCPT <BrandikQhorology@myclientdomain.org>: blu.primehs.net [211.125.95.164] is currently not permitted to relay through this server. Perhaps you have not logged into the pop/imap server in the last 30 minutes or do not have SMTP Authentication turned on in your email client.
    2006-11-07 07:14:57 H=mxdrop25.xs4all.nl [194.109.24.83] F=<> rejected RCPT <Guadalupebclip@myclientdomain.org>: mxdrop25.xs4all.nl [194.109.24.83] is currently not permitted to relay through this server. Perhaps you have not logged into the pop/imap server in the last 30 minutes or do not have SMTP Authentication turned on in your email client.


    How to stop this attack ?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice