LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page [SOLVED] Problem with brute force spamming
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 10-13-2006, 12:06 PM   #1
81bones
Member
 
Registered: Oct 2006
Location: Chicago, IL
Distribution: Almalinux
Posts: 66

Rep: Reputation: 15
Unhappy Problem with brute force spamming

I'm not sure if there's anything I can do about this, but I figured it was worth a shot to ask. For almost 48 hours now my mail server has been "under attack". I am receiving a steady steam of email to non-existant, fake users. The messages are to addresses like "squatternascentQ@domain.net" and "Buddyl0Olsen@domain.net". I've received literally thousands of these emails (and still am as we speak). The messages are always rejected since the users don't exist:
Code:
 Out: 220 computer.domain.net ESMTP Postfix (2.2.5) (Mandrakelinux)
 In:  HELO ns2.uba.ar
 Out: 250 computer.domain.net
 In:  MAIL FROM:<>
 Out: 250 Ok
 In:  RCPT TO:<Elliotz5Humphrey@domain.net>
 Out: 450 <Elliotz5Humphrey@domain.net>: Recipient address rejected: User
     unknown in local recipient table
 In:  QUIT
 Out: 221 Bye
but the continual stream of them is ridiculous. The source IP on each message is almost always different but I find it hard to believe that this is not a coordinated or automated attack from a single source. Spoofing maybe? Anyway, for the time being I've closed port 25 on my router to all traffic -- it stops the spamming but of course now I can't receive any mail for legitimate users. If I open the port back up, I will start receiving the messages again. Has anyone had this happen to them? Any suggestions? Help!
 
Old 10-13-2006, 09:20 PM   #2
WindowBreaker
Member
 
Registered: Oct 2005
Distribution: Slackware
Posts: 228

Rep: Reputation: 40
It sounds like an attack, and not just random spammers. Expecially if it's as constant as you say.

Congratulations on correctly configuring postfix to reject non-existent users. If it were me, I'd just keep an eye on it and let postfix continue to reject as it is.
 
  


Reply

Tags
spamming


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Brute Force... Cottsay Linux - Software 1 03-02-2006 03:58 PM
someone trying to brute force me stitchman Slackware 8 12-16-2005 02:02 PM
Nessus Brute Force Gerardoj Linux - General 0 12-27-2003 04:07 PM
Brute force DHCP SSBN Linux - Networking 10 10-21-2003 10:34 AM
Brute Force kwigibo Linux - General 2 08-01-2002 12:42 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 01:39 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration