I have a client , I'll call him myclientdomain.org, which is under email attack . The attack is also overloading the server .
The attack is coming from different ip address (thousand of proxy ips).
The attack also if seems to be a dictionary attack is NOT detected using the antidictionary
script provided By Chirpy . As it seems they are attempts to relay email ?
The log shows line like these
2006-11-07 07:14:53 H=yipfw1.joho-yamaguchi.or.jp (mail1) [210.225.240.91] F=<> rejected RCPT <[email protected]>: yipfw1.joho-yamaguchi.or.jp (mail1) [210.225.240.91] is currently not permitted to relay through this server. Perhaps you have not logged into the pop/imap server in the last 30 minutes or do not have SMTP Authentication turned on in your email client.
2006-11-07 07:14:55 H=mercury.alienwebshop.com [67.91.233.6] F=<> rejected RCPT <BrandiiHbloo[email protected]>: mercury.alienwebshop.com [67.91.233.6]
is currently not permitted to relay through this server. Perhaps you have not logged into the pop/imap server in the last 30 minutes or do not have SMTP Authentication turned on in your email client.
2006-11-07 07:14:56 H=blu.primehs.net [211.125.95.164] F=<> rejected RCPT <[email protected]>: blu.primehs.net [211.125.95.164] is currently not permitted to relay through this server. Perhaps you have not logged into the pop/imap server in the last 30 minutes or do not have SMTP Authentication turned on in your email client.
2006-11-07 07:14:57 H=mxdrop25.xs4all.nl [194.109.24.83] F=<> rejected RCPT <[email protected]>: mxdrop25.xs4all.nl [194.109.24.83] is currently not permitted to relay through this server. Perhaps you have not logged into the pop/imap server in the last 30 minutes or do not have SMTP Authentication turned on in your email client.
How to stop this attack ?
The attack is coming from different ip address (thousand of proxy ips).
The attack also if seems to be a dictionary attack is NOT detected using the antidictionary
script provided By Chirpy . As it seems they are attempts to relay email ?
The log shows line like these
2006-11-07 07:14:53 H=yipfw1.joho-yamaguchi.or.jp (mail1) [210.225.240.91] F=<> rejected RCPT <[email protected]>: yipfw1.joho-yamaguchi.or.jp (mail1) [210.225.240.91] is currently not permitted to relay through this server. Perhaps you have not logged into the pop/imap server in the last 30 minutes or do not have SMTP Authentication turned on in your email client.
2006-11-07 07:14:55 H=mercury.alienwebshop.com [67.91.233.6] F=<> rejected RCPT <BrandiiHbloo[email protected]>: mercury.alienwebshop.com [67.91.233.6]
is currently not permitted to relay through this server. Perhaps you have not logged into the pop/imap server in the last 30 minutes or do not have SMTP Authentication turned on in your email client.
2006-11-07 07:14:56 H=blu.primehs.net [211.125.95.164] F=<> rejected RCPT <[email protected]>: blu.primehs.net [211.125.95.164] is currently not permitted to relay through this server. Perhaps you have not logged into the pop/imap server in the last 30 minutes or do not have SMTP Authentication turned on in your email client.
2006-11-07 07:14:57 H=mxdrop25.xs4all.nl [194.109.24.83] F=<> rejected RCPT <[email protected]>: mxdrop25.xs4all.nl [194.109.24.83] is currently not permitted to relay through this server. Perhaps you have not logged into the pop/imap server in the last 30 minutes or do not have SMTP Authentication turned on in your email client.
How to stop this attack ?
