Link to home
Start Free TrialLog in
Avatar of sutech08
sutech08

asked on

Large number of user unknown entries

I'm getting tons of user unknown entries from all kinds of relay servers trying to send to non existent users in my domain, below is a snippet of my maillog file (mydomain.com being my domain).  I'm not sure if its some kind of indirect DDoS attack, whereby someone's computer was infected and starting sending emails to different users at different domains with a return address of a random user at my domain.  I just started getting these today that I'm aware of, regular mail is still passing OK at the moment.  I know you're not supposed to block blank from addresses because they are used for bounces, but I'm not sure how else to stop these because they are coming from everywhere.

I am using sendmail 8.13 with ClamAV and spamassassin.

Apr 14 11:56:11 mail sendmail[3526]: o3EFuAjd003526: from=<>, size=9005, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=vd1.online.sh.cn [202.96.209.52]
Apr 14 11:56:11 mail sendmail[3533]: o3EFuBEO003533: <epepicani1383@mydomain.com>... User unknown
Apr 14 11:56:11 mail sendmail[3533]: o3EFuBEO003533: from=<>, size=11007, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=smtp-in-109.livemail.co.uk [213.171.216.170]
Apr 14 11:56:13 mail sendmail[3540]: o3EFuCLK003540: <aeledi6024@mydomain.com>... User unknown
Apr 14 11:56:13 mail sendmail[3540]: o3EFuCLK003540: from=<PostMaster@qq.com>, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA, relay=[64.71.138.53]
Apr 14 11:56:14 mail sendmail[3543]: STARTTLS=server, relay=relay03.mail.esat.net [193.95.141.41], version=TLSv1/SSLv3, verify=NO, cipher=AES256-SHA, bits=256/256
Apr 14 11:56:14 mail sendmail[3543]: o3EFuDhm003543: <ymisyo6047@mydomain.com>... User unknown
Apr 14 11:56:14 mail sendmail[3543]: o3EFuDhm003543: from=<>, size=9720, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=relay03.mail.esat.net [193.95.141.41]
Apr 14 11:56:15 mail sendmail[3548]: o3EFuFAO003548: <abialixal7293@mydomain.com>... User unknown
Apr 14 11:56:15 mail sendmail[3548]: o3EFuFAO003548: from=<>, size=9872, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=popserv.tcp.net.uk [195.80.0.247]
Apr 14 11:56:16 mail sendmail[3553]: STARTTLS=server, relay=mx3.freeparking.co.uk [72.1.194.110], version=TLSv1/SSLv3, verify=NO, cipher=DHE-RSA-AES256-SHA, bits=256/256
Apr 14 11:56:16 mail sendmail[3553]: o3EFuFXU003553: <uuqaje2242@mydomain.com>... User unknown
Apr 14 11:56:16 mail sendmail[3553]: o3EFuFXU003553: from=<>, size=7542, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=mx3.freeparking.co.uk [72.1.194.110]
ASKER CERTIFIED SOLUTION
Avatar of Jan Bacher
Jan Bacher
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial