Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi,
Starting a few days ago, I have been getting severely hit by spamming software of some sort, which tries connecting to my mail servers (primary and secondary) and sending mail to <Random Text>@mydomain.com It is always the same domain (mydomain.com), and always a bogus random username. It has really gotten on my nerves as I have no idea how to stop this since all the incoming connections originate from distinct relays. Here is a small excerpt from my maillog:
I am running the latest (8.13.4) version of sendmail and am not set up to relay for any domains on the primary mail server (which is getting hit the worst).
This has been going for some time and the number of attempts is upwards of 6,000 now. If anybody has any ideas/insight/experience with this, I would greatly appreciate hearing from you. Thanks
If you have not allowed any "relaying" then it should say in the logs that "relaying denied" which does not seem to be the case here. You might want to double check who is and who is not allowed to relay.
If you are really getting hammered then use iptables to drop packets from that IP.
The only relaying that is allowed on that server is after sasl authentication.
I have double checked on dnsreport.com and everything is perfect, either way the mail is directed towards my domain, not an external one.
I would love to block them, but like I said, they are all coming in from unique mail servers:
I can't figure what exactly this person(s) is trying to do, I was thinking maybe they were just trying to have my bounce messages act as spam, but there is never a From address given so that can't be it.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.