Advertisement

01.03.2006 at 08:32AM PST, ID: 21682248
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
5.0

Hijacked Server

Zone: SendMail Email Server
Tags: sendmail
I am running an email server on a Linux box and have gotten several hijackers using it to spam their junk now.  I have tried to block these IP addresses in the sysconfig/iptables file but this has not worked.  I have been getting return notices of failed emails for Viagra and Mortgage Refinancing (I don't send out that crap) and have seen that they are spoofing my domains.  I am using dovecot.

I receive a log report everyday and most of them are being blocked except for the following:

  --------------------- Kernel Begin ------------------------
 
 
Logged 1906 packets on interface eth0
  From 4.78.204.162 - 17 packets to tcp(25)
  From 63.123.248.14 - 20 packets to tcp(25)
  From 63.123.248.24 - 16 packets to tcp(25)
  From 198.104.156.37 - 1757 packets to tcp(25)
  From 211.195.53.169 - 75 packets to tcp(25)
  From 218.237.66.213 - 21 packets to tcp(25)
 
  ---------------------- Kernel End -------------------------


I have tried to block these in the iptables file but to no avail.  I have this server on a private ip address behind a firewall which forwards from one of our public ip addresses.  This is on a cable connection (incidentally, I did not have this problem when I was using a T1 connection).  How do I get rid of these spammers?

Here is the complete log (I've change my IP address and domain name so it won't be posted here though):

--------------------- httpd Begin ------------------------
 
A total of 1 unidentified 'other' records logged
   with response code(s)
 
  ---------------------- httpd End -------------------------
 
 
  --------------------- Kernel Begin ------------------------
 
 
Logged 1906 packets on interface eth0
  From 4.78.204.162 - 17 packets to tcp(25)
  From 63.123.248.14 - 20 packets to tcp(25)
  From 63.123.248.24 - 16 packets to tcp(25)
  From 198.104.156.37 - 1757 packets to tcp(25)
  From 211.195.53.169 - 75 packets to tcp(25)
  From 218.237.66.213 - 21 packets to tcp(25)
 
  ---------------------- Kernel End -------------------------
 
 
  --------------------- pam_unix Begin ------------------------
 
crond:
   Unknown Entries:
      session closed for user root: 50 Time(s)
      session opened for user root by (uid=0): 50 Time(s)
      session closed for user mydomain: 25 Time(s)
      session opened for user mydomain by (uid=0): 25 Time(s)
 
dovecot:
   Unknown Entries:
      authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=info: 96 Time(s)
 
 
  ---------------------- pam_unix End -------------------------
 
 
  --------------------- sendmail Begin ------------------------
 
 
 
Bytes Transferred: 5552241
Messages Sent:     1262
Total recipients:  3119
 
2 User Unknown notifications
 
Unknown local users:
 
   Total: 2089
 
 
Top relays (recipients/connections - min 10 rcpts, max 50 lines):
    2010/221: [125.190.5.5]
    52/27: [58.79.85.60]
    51/51: [58.20.160.82]
    50/50: localhost.localdomain [127.0.0.1]
    40/40: [211.195.53.91]
    25/25: mydomain@localhost
 
    25/25: root@localhost
 
    12/12: [192.168.2.1]
 
 
Relaying denied:
    From [125.190.5.5] to rzo31uadc@yahoo.co.kr: 1 Time(s)
    From [211.190.205.184] to wyvern8888@hanmail.net: 1 Time(s)
    From [211.190.43.191] to wyvern8888@hanmail.net: 1 Time(s)
    From [58.79.85.60] to 00babo00@orgio.net: 1 Time(s)
    From [58.79.85.60] to 0119953@netian.net: 1 Time(s)
    From [58.79.85.60] to 0lu4c@lycos.co.kr: 1 Time(s)
    From [58.79.85.60] to 11qjn@lycos.co.kr: 1 Time(s)
    From [58.79.85.60] to 19791117@dreamx.net: 1 Time(s)
    From [58.79.85.60] to 20866@hananet.net: 1 Time(s)
    From [58.79.85.60] to 33281818@hitel.net: 1 Time(s)
    From [58.79.85.60] to 4846@hananet.net: 1 Time(s)
    From [58.79.85.60] to 629702@lycos.co.kr: 1 Time(s)
    From [58.79.85.60] to 7624737@hananet.net: 1 Time(s)
    From [58.79.85.60] to 89190@lycos.co.kr: 1 Time(s)
    From [58.79.85.60] to a0401@lycos.co.kr: 1 Time(s)
    From [58.79.85.60] to aaa2470@hitel.net: 1 Time(s)
    From [58.79.85.60] to acacia1016@lycos.co.kr: 1 Time(s)
    From [58.79.85.60] to acsiiqdy@neolife.net: 1 Time(s)
    From [58.79.85.60] to adlow@lycos.co.kr: 1 Time(s)
    From [58.79.85.60] to aehfdkdl@lycos.co.kr: 1 Time(s)
    From [58.79.85.60] to ahonbang@lycos.co.kr: 1 Time(s)
    From [58.79.85.60] to hanusarang@lycos.co.kr: 1 Time(s)
    From [58.79.85.60] to happytea@nownuri.net: 1 Time(s)
    From [58.79.85.60] to haylee@dreamx.net: 1 Time(s)
    From [58.79.85.60] to hdin@chollian.net: 1 Time(s)
    From [58.79.85.60] to hee6413@lycos.co.kr: 1 Time(s)
    From [58.79.85.60] to helan@chollian.net: 1 Time(s)
    From [58.79.85.60] to herie@unitel.co.kr: 1 Time(s)
    From [58.79.85.60] to hgao1104@lycos.co.kr: 1 Time(s)
    From [58.79.85.60] to hi-dreamtech@lycos.co.kr: 1 Time(s)
    From [58.79.85.60] to hikaru2020@lycos.co.kr: 1 Time(s)
    From [58.79.85.60] to hite0032@lycos.co.kr: 1 Time(s)
    From [58.79.85.60] to hjhj6123@chollian.net: 1 Time(s)
    From [58.79.85.60] to hjy7351@lycos.co.kr: 1 Time(s)
    From [58.79.85.60] to hl2xrf@lycos.co.kr: 1 Time(s)
    From [58.79.85.60] to hnkms@hananet.net: 1 Time(s)
    From [58.79.85.60] to hoinja@orgio.net: 1 Time(s)
    From [58.79.85.60] to hong6168@lycos.co.kr: 1 Time(s)
    From [58.79.85.60] to hoonmin24@lycos.co.kr: 1 Time(s)
    From [58.79.85.60] to hoya32@lycos.co.kr: 1 Time(s)
    From [58.79.85.60] to hsbb@hitel.net: 1 Time(s)
    From [58.79.85.60] to hsprh@paxnet.co.kr: 1 Time(s)
    From [58.79.85.60] to huisug1@lycos.co.kr: 1 Time(s)
    From [58.79.85.60] to huzzz@paxnet.co.kr: 1 Time(s)
    From [58.79.85.60] to hwoing@hosanna.net: 1 Time(s)
    From [58.79.85.60] to hye2530@shinbiro.co.kr: 1 Time(s)
    From [58.79.85.60] to hyojaung@ez-i.co.kr: 1 Time(s)
    From [58.79.85.60] to hyundukie@kornet.net: 1 Time(s)
    From [58.79.85.60] to iahg@hitel.net: 1 Time(s)
    From [58.79.85.60] to iceyong@lycos.co.kr: 1 Time(s)
    From [58.79.85.60] to ieys@orgio.net: 1 Time(s)
    From [58.79.85.60] to ilsang@nownuri.net: 1 Time(s)
    From [58.79.85.60] to imsig1010@orgio.net: 1 Time(s)
    From [58.79.85.60] to inglife@hosanna.net: 1 Time(s)
    From [58.79.85.60] to internet@miny.co.kr: 1 Time(s)
    From [58.79.85.60] to irisfam@hitel.net: 1 Time(s)
    From [58.79.85.60] to iunni@jubu21.net: 1 Time(s)
    From [58.79.85.60] to j2192@chollian.net: 1 Time(s)
    From [58.79.85.60] to jacky88@comcast.co.kr: 1 Time(s)
    From [58.79.85.60] to mr5cheol@zaigen.co.kr: 1 Time(s)
 
  Total:  60
 
 
Client quit before communicating:
    125.190.5.5 : 1 Time(s)
    141.158.240.178 : 1 Time(s)
    148.64.131.91 : 1 Time(s)
    172.30.2.1 : 2 Time(s)
    190.48.215.135 : 1 Time(s)
    193.170.198.154 : 1 Time(s)
    198.79.109.46 : 1 Time(s)
    200-205-217-239.customer.tdatabrasil.net.br : 1 Time(s)
    200.121.145.184 : 1 Time(s)
    200.124.166.153 : 1 Time(s)
    200.157.214.130 : 1 Time(s)
    200.158.30.198 : 1 Time(s)
    202.30.42.67 : 1 Time(s)
    203.223.45.2 : 1 Time(s)
    207.218.165.202 : 1 Time(s)
    207.42.191.40 : 1 Time(s)
    210.76.60.134 : 1 Time(s)
    212.41.82.125 : 2 Time(s)
    213.207.238.106 : 1 Time(s)
    213.22.209.67 : 1 Time(s)
    216.39.127.228 : 1 Time(s)
    218.12.38.82 : 1 Time(s)
    218.150.169.43 : 1 Time(s)
    218.155.236.238 : 1 Time(s)
    218.4.110.185 : 1 Time(s)
    218.82.203.119 : 1 Time(s)
    220.137.95.89 : 5 Time(s)
    220.171.195.171 : 1 Time(s)
    220.30.196.73 : 1 Time(s)
    220.72.39.83 : 1 Time(s)
    221.202.62.54 : 1 Time(s)
    221.202.73.217 : 1 Time(s)
    221.3.25.70 : 1 Time(s)
    222.88.207.140 : 1 Time(s)
    24.11.155.83 : 1 Time(s)
    24.215.154.56 : 1 Time(s)
    24.55.245.240 : 1 Time(s)
    58.79.85.60 : 1 Time(s)
    59.5.22.179 : 1 Time(s)
    60.196.91.14 : 1 Time(s)
    65.87.143.227 : 1 Time(s)
    66.111.201.124 : 1 Time(s)
    67.169.13.95 : 2 Time(s)
    69.143.27.81 : 1 Time(s)
    71.125.228.170 : 1 Time(s)
    71.226.46.160 : 1 Time(s)
    71.30.52.17 : 1 Time(s)
    82.207.124.6 : 1 Time(s)
    83.135.88.17 : 1 Time(s)
    83.9.237.25 : 1 Time(s)
    84.133.107.65 : 1 Time(s)
 
 
Unknown hosts:
    muslcemaster.com: 1 Time(s)
 
  Total:  1
 
 
Unresolved sender domains:
    andrenemaxwell@ifasupportservices.net: 6 Time(s)
    daniel.fassbind@ntdxy.com: 3 Time(s)
    sedac@e-gariepy.com: 3 Time(s)
    luannxx@charter-stl.com: 2 Time(s)
    mariaxx@attbi.com: 2 Time(s)
    FavoritesList-myname=mydomain.com@buysnetwork.com: 1 Time(s)
    darrelh659@daidoprecast.com: 1 Time(s)
    ianherc@server149.teknonservers.com: 1 Time(s)
    jenniferxx@attbi.com: 1 Time(s)
    jwarne@csidesign.com: 1 Time(s)
    pmwpmw1@evasilk.com: 1 Time(s)
 
  Total:  22
 
**Unmatched Entries**
   DSN: Local configuration error: 2 Time(s)
   SYSERR(root): mail.buypetmed.com. config error: mail loops back to me (MX problem?): 2 Time(s)
 
 
Summary:
  Total Mail Rejected: 2172
 
  ---------------------- sendmail End -------------------------

I have done an IP search on these and found that alot are originating from Korea or Australia.  I'm not sure what to do to clean this up.  I don't want to just start over with this server or abandon the domains.
 
Start your free trial to view this solution
Question Stats
Zone: Software
Question Asked By: midav2004
Solution Provided By: PsiCop
Participating Experts: 5
Solution Grade: A
Views: 0
Translate:
Loading Advertisement...
01.03.2006 at 08:39AM PST, ID: 15600079

Rank: Guru

PsiCop:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
01.03.2006 at 08:49AM PST, ID: 15600169
midav2004:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
01.03.2006 at 08:53AM PST, ID: 15600213
midav2004:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
01.03.2006 at 09:04AM PST, ID: 15600305

Rank: Guru

PsiCop:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
01.03.2006 at 09:35AM PST, ID: 15600611

Rank: Guru

PsiCop:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
01.03.2006 at 09:55AM PST, ID: 15600789
kenfcamp:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
01.03.2006 at 09:56AM PST, ID: 15600801
midav2004:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
01.03.2006 at 10:14AM PST, ID: 15600953

Rank: Guru

PsiCop:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
01.03.2006 at 10:15AM PST, ID: 15600968

Rank: Guru

PsiCop:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
01.03.2006 at 10:56AM PST, ID: 15601268
midav2004:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
01.03.2006 at 10:59AM PST, ID: 15601305

Rank: Master

anfi:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
01.03.2006 at 11:40AM PST, ID: 15601649
midav2004:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
01.03.2006 at 11:58AM PST, ID: 15601799

Rank: Master

anfi:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
01.03.2006 at 03:34PM PST, ID: 15603896

Rank: Wizard

jlevie:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
01.03.2006 at 03:53PM PST, ID: 15603996
midav2004:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
01.03.2006 at 04:59PM PST, ID: 15604341

Rank: Wizard

jlevie:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
01.04.2006 at 04:58AM PST, ID: 15607164
midav2004:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
01.04.2006 at 05:55AM PST, ID: 15607593

Rank: Wizard

jlevie:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
01.04.2006 at 10:03AM PST, ID: 15609976
midav2004:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
01.04.2006 at 11:59AM PST, ID: 15611108

Rank: Wizard

jlevie:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
01.05.2006 at 06:04AM PST, ID: 15617965
midav2004:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
01.05.2006 at 02:55PM PST, ID: 15624182

Rank: Wizard

jlevie:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
01.05.2006 at 03:06PM PST, ID: 15624290
midav2004:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
01.07.2006 at 03:29PM PST, ID: 15639311

Rank: Wizard

jlevie:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
01.10.2006 at 07:58AM PST, ID: 15661637
midav2004:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
01.13.2006 at 09:56AM PST, ID: 15693692
midav2004:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
01.13.2006 at 01:06PM PST, ID: 15695640

Rank: Guru

PsiCop:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
01.13.2006 at 08:27PM PST, ID: 15698556

Rank: Wizard

jlevie:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
02.26.2006 at 02:28PM PST, ID: 16051039
Venabili:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.03.2006 at 05:48AM PST, ID: 16094048
DarthMod:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
 
Loading Advertisement...
20080236-EE-VQP-29