como bloquear o spammer de email no nível da rede?

Navegue suas respostas
2

Aqui está a captura de pacotes de como o invasor está chegando ao meu servidor e gerando uma quantidade enorme de spam, não consigo bloqueá-lo de maneira alguma. 

 220 mta1497.mail.ne1.yahoo.com ESMTP YSmtpProxy service ready
EHLO amsonere.co.uk
250-mta1497.mail.ne1.yahoo.com
250-8BITMIME
250-SIZE 41943040
250 PIPELINING
MAIL FROM:<[email protected]>
250 sender <[email protected]> ok
RCPT TO:<[email protected]>
250 recipient <[email protected]> ok
DATA
354 go ahead
Received: (qmail 3346 invoked from network); 7 May 2013 16:31:47 +0100
Received: from dsl-189-139-37-42-dyn.prod-infinitum.com.mx (HELO vdatbgpawos) (189.139.37.42)
  by amsonere.co.uk with SMTP; 7 May 2013 16:31:46 +0100
From: "fegody zaneze" <[email protected]>
To: <[email protected]>, <[email protected]>, <[email protected]>, <[email protected]>, <[email protected]>
Date: Tue, 7 May 2013 17:27:50 -0700
Subject: SHOWE RINGt itsjo b
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-2

nop, qi
ruqifaz p http://metal-surface.fr/Knee-highs.html
  .
250 ok dirdel
QUIT
221 mta1497.mail.ne1.yahoo.com

Que tipo de ataque é esse? está vindo de centenas de endereços IP. Eu não posso bloquear milhares de endereços IP. Estou usando o Qmail no Plesk

Aqui estão os logs em / usr / loca / psa / var / log / maillog 

   May  8 20:19:31 argon qmail-queue-handlers[28923]: Handlers Filter before-queue for qmail started ...
May  8 20:19:31 argon qmail-queue-handlers[28924]: Handlers Filter before-queue for qmail started ...
May  8 20:19:32 argon qmail-queue-handlers[28924]: [email protected]
May  8 20:19:32 argon qmail-queue-handlers[28924]: [email protected]
May  8 20:19:32 argon qmail-queue-handlers[28924]: [email protected]
May  8 20:19:32 argon qmail-queue-handlers[28924]: [email protected]
May  8 20:19:32 argon qmail-queue-handlers[28924]: [email protected]
May  8 20:19:32 argon qmail-queue-handlers[28924]: [email protected]
May  8 20:19:32 argon qmail-queue-handlers[28924]: [email protected]
May  8 20:19:32 argon qmail-queue-handlers[28924]: [email protected]
May  8 20:19:32 argon qmail-queue-handlers[28924]: hook_dir = '/var/qmail//handlers/before-queue'
May  8 20:19:32 argon qmail-queue-handlers[28924]: recipient[3] = '[email protected]'
May  8 20:19:32 argon qmail-queue-handlers[28924]: handlers dir = '/var/qmail//handlers/before-queue/recipient/[email protected]'
May  8 20:19:32 argon qmail-queue-handlers[28924]: recipient[4] = '[email protected]'
May  8 20:19:32 argon qmail-queue-handlers[28924]: handlers dir = '/var/qmail//handlers/before-queue/recipient/[email protected]'
May  8 20:19:32 argon qmail-queue-handlers[28924]: recipient[5] = '[email protected]'
May  8 20:19:32 argon qmail-queue-handlers[28924]: handlers dir = '/var/qmail//handlers/before-queue/recipient/[email protected]'
May  8 20:19:32 argon qmail-queue-handlers[28924]: recipient[6] = '[email protected]'
May  8 20:19:32 argon qmail-queue-handlers[28924]: handlers dir = '/var/qmail//handlers/before-queue/recipient/[email protected]'
May  8 20:19:32 argon qmail-queue-handlers[28924]: recipient[7] = '[email protected]'
May  8 20:19:32 argon qmail-queue-handlers[28924]: handlers dir = '/var/qmail//handlers/before-queue/recipient/[email protected]'
May  8 20:19:32 argon qmail-queue-handlers[28924]: recipient[8] = '[email protected]'
May  8 20:19:32 argon qmail-queue-handlers[28924]: handlers dir = '/var/qmail//handlers/before-queue/recipient/[email protected]'
May  8 20:19:32 argon qmail-queue-handlers[28924]: recipient[9] = '[email protected]'
May  8 20:19:32 argon qmail-queue-handlers[28924]: handlers dir = '/var/qmail//handlers/before-queue/recipient/[email protected]'
May  8 20:19:32 argon qmail-queue-handlers[28923]: [email protected]
May  8 20:19:32 argon qmail-queue-handlers[28923]: [email protected]
May  8 20:19:32 argon qmail-queue-handlers[28923]: [email protected]
May  8 20:19:32 argon qmail-queue-handlers[28923]: [email protected]
May  8 20:19:32 argon qmail-queue-handlers[28923]: [email protected]
May  8 20:19:32 argon qmail-queue-handlers[28923]: [email protected]
May  8 20:19:32 argon qmail-queue-handlers[28923]: [email protected]
May  8 20:19:32 argon qmail-queue-handlers[28923]: [email protected]
May  8 20:19:32 argon qmail-queue-handlers[28923]: [email protected]
May  8 20:19:32 argon qmail-queue-handlers[28923]: [email protected]
May  8 20:19:32 argon qmail-queue-handlers[28923]: hook_dir = '/var/qmail//handlers/before-queue'
May  8 20:19:32 argon qmail-queue-handlers[28923]: recipient[3] = '[email protected]'
May  8 20:19:32 argon qmail-queue-handlers[28923]: handlers dir = '/var/qmail//handlers/before-queue/recipient/[email protected]'
May  8 20:19:32 argon qmail-queue-handlers[28923]: recipient[4] = '[email protected]'
May  8 20:19:32 argon qmail-queue-handlers[28923]: handlers dir = '/var/qmail//handlers/before-queue/recipient/[email protected]'
May  8 20:19:32 argon qmail-queue-handlers[28923]: recipient[5] = '[email protected]'
May  8 20:19:32 argon qmail-queue-handlers[28923]: handlers dir = '/var/qmail//handlers/before-queue/recipient/[email protected]'
May  8 20:19:32 argon qmail-queue-handlers[28923]: recipient[6] = '[email protected]'
May  8 20:19:32 argon qmail-queue-handlers[28923]: handlers dir = '/var/qmail//handlers/before-queue/recipient/[email protected]'
May  8 20:19:32 argon qmail-queue-handlers[28923]: recipient[7] = '[email protected]'
May  8 20:19:32 argon qmail-queue-handlers[28923]: handlers dir = '/var/qmail//handlers/before-queue/recipient/[email protected]'
May  8 20:19:32 argon qmail-queue-handlers[28923]: recipient[8] = '[email protected]'
May  8 20:19:32 argon qmail-queue-handlers[28923]: handlers dir = '/var/qmail//handlers/before-queue/recipient/[email protected]'
May  8 20:19:32 argon qmail-queue-handlers[28923]: recipient[9] = '[email protected]'
May  8 20:19:32 argon qmail-queue-handlers[28923]: handlers dir = '/var/qmail//handlers/before-queue/recipient/[email protected]'
May  8 20:19:32 argon qmail-queue-handlers[28923]: recipient[10] = '[email protected]'
May  8 20:19:32 argon qmail-queue-handlers[28923]: handlers dir = '/var/qmail//handlers/before-queue/recipient/[email protected]'
May  8 20:19:32 argon qmail-queue-handlers[28923]: recipient[11] = '[email protected]'
May  8 20:19:32 argon qmail-queue-handlers[28923]: handlers dir = '/var/qmail//handlers/before-queue/recipient/[email protected]'
    
por Farhan 07.05.2013 / 17:48

1 resposta

7

Como eu vejo, não é o invasor que chega ao seu servidor, é o seu servidor enviando o e-mail para o yahoo.
Você é retransmissora aberta ou está explorando uma senha fraca e injetando a mensagem com autenticação SMTP.

    
por 07.05.2013 / 17:57

Tags

Diferença entre “confiança” e “ident” do postgreSQL? O que determina a taxa de transferência máxima de um roteador Cisco?