Spam attacks? Do you think you are hard done to?

Forum for things that doesn't really have anything to do with hMailServer. Such as php.ini, beer, etc etc.
User avatar
jimimaseye
Moderator
Moderator
Posts: 8587
Joined: 2011-09-08 17:48

Spam attacks? Do you think you are hard done to?

Post by jimimaseye » 2015-05-08 23:51

Just for your information, yesterday there seems to have been a global spambot/virus wakeup. Look at my logs from yesterday (edited to show the relevance):

Code: Select all

SMTPD 1988 3721 "2015-05-07 11:32:27.137" "112.72.13.16" "SENT: 535 auth. failed. Restarting authentication process.
SMTPD 2364 3778 "2015-05-07 11:46:10.975" "117.204.163.148" "SENT: 535 auth. failed. Restarting authentication process.
SMTPD	4112	4254	"2015-05-07 13:38:51.765"	"90.154.66.61"	"SENT: 535 auth. failed. Restarting ....
SMTPD	4364	4259	"2015-05-07 13:40:11.247"	"178.175.46.131"	"SENT: 535 auth. failed. Restarting ....
SMTPD	4416	4264	"2015-05-07 13:41:29.279"	"190.176.252.165"	"SENT: 535 auth. failed. Restarting ....
SMTPD	4112	4283	"2015-05-07 13:44:57.758"	"62.150.161.140"	"SENT: 535 auth. failed. Restarting ....
SMTPD	4540	4284	"2015-05-07 13:45:19.520"	"95.96.200.208"	"SENT: 535 auth. failed. Restarting ....
SMTPD	904	4293	"2015-05-07 13:47:21.668"	"171.224.52.170"	"SENT: 535 auth. failed. Restarting ....
SMTPD	2108	4320	"2015-05-07 13:53:15.414"	"109.165.101.24"	"SENT: 535 auth. failed. Restarting ....
SMTPD	3628	4453	"2015-05-07 14:22:33.976"	"186.167.241.141"	"SENT: 535 auth. failed. Restarting ....
SMTPD	1988	5187	"2015-05-07 17:24:03.580"	"188.135.22.181"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	904	5197	"2015-05-07 17:26:52.668"	"112.196.104.99"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2108	5203	"2015-05-07 17:27:05.882"	"5.251.96.89"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3628	5205	"2015-05-07 17:27:18.377"	"46.216.46.143"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	904	5207	"2015-05-07 17:27:19.656"	"195.182.22.237"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4364	5208	"2015-05-07 17:27:20.093"	"93.78.52.195"	"SENT: 535 auth. failed. Restarting ...."
SMTPD 4472 5210 "2015-05-07 17:27:20.312" "193.8.79.23" "SENT: 535 auth. failed. Restarting ...."
SMTPD	4784	5213	"2015-05-07 17:27:21.575"	"190.235.142.18"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	5012	5215	"2015-05-07 17:27:28.158"	"110.77.204.124"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4416	5217	"2015-05-07 17:27:31.232"	"83.149.35.252"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	592	5219	"2015-05-07 17:27:36.130"	"37.214.209.143"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	620	5220	"2015-05-07 17:27:36.411"	"79.106.13.202"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	1420	5223	"2015-05-07 17:27:38.501"	"37.214.139.226"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2140	5225	"2015-05-07 17:27:44.694"	"49.128.163.73"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4564	5227	"2015-05-07 17:27:49.203"	"77.232.155.15"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4784	5229	"2015-05-07 17:27:51.262"	"91.234.27.84"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	1956	5230	"2015-05-07 17:27:51.605"	"95.159.71.222"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4420	5231	"2015-05-07 17:27:51.652"	"93.81.253.72"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	1148	5235	"2015-05-07 17:27:57.206"	"37.213.236.10"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4472	5237	"2015-05-07 17:27:58.969"	"178.89.180.187"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4420	5239	"2015-05-07 17:28:00.014"	"95.110.93.85"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4540	5241	"2015-05-07 17:28:01.277"	"91.217.13.201"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4688	5243	"2015-05-07 17:28:07.065"	"94.233.9.36"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3220	5245	"2015-05-07 17:28:07.985"	"130.193.152.208"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4564	5246	"2015-05-07 17:28:08.126"	"145.255.176.140"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4444	5247	"2015-05-07 17:28:08.765"	"95.153.192.111"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4472	5251	"2015-05-07 17:28:10.107"	"92.46.68.186"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4420	5253	"2015-05-07 17:28:11.667"	"46.71.203.244"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4472	5256	"2015-05-07 17:28:12.853"	"210.89.33.109"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	620	5255	"2015-05-07 17:28:12.993"	"37.150.161.186"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2364	5259	"2015-05-07 17:28:15.957"	"176.12.62.173"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4364	5260	"2015-05-07 17:28:16.581"	"178.91.146.82"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3220	5262	"2015-05-07 17:28:19.124"	"2.134.93.155"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4784	5263	"2015-05-07 17:28:19.529"	"5.251.109.148"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2272	5265	"2015-05-07 17:28:19.888"	"41.98.159.231"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3628	5268	"2015-05-07 17:28:22.431"	"95.58.70.171"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	1988	5270	"2015-05-07 17:28:25.707"	"5.76.132.99"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	5012	5272	"2015-05-07 17:28:31.058"	"93.127.22.213"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2364	5274	"2015-05-07 17:28:32.805"	"200.105.188.57"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4364	5276	"2015-05-07 17:28:34.552"	"178.65.173.221"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3628	5277	"2015-05-07 17:28:35.083"	"77.69.151.180"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4444	5280	"2015-05-07 17:28:38.171"	"83.149.46.154"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	904	5281	"2015-05-07 17:28:38.873"	"85.204.83.1"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4112	5284	"2015-05-07 17:28:43.273"	"2.134.243.132"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	620	5286	"2015-05-07 17:28:44.489"	"46.71.12.177"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4420	5288	"2015-05-07 17:28:51.260"	"145.255.162.128"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2364	5294	"2015-05-07 17:28:53.881"	"31.135.212.116"	"SENT: 535 auth. failed. Restarting ...."
SMTPD 3220 5295 "2015-05-07 17:28:55.191" "145.255.179.201" "SENT: 535 auth. failed. Restarting ...."
SMTPD	2364	5298	"2015-05-07 17:29:02.866"	"27.74.179.32"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4364	5299	"2015-05-07 17:29:04.099"	"5.232.86.212"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	904	5302	"2015-05-07 17:29:05.752"	"190.236.64.210"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	5012	5303	"2015-05-07 17:29:06.626"	"103.245.205.206"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4444	5306	"2015-05-07 17:29:09.153"	"146.88.41.181"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4364	5308	"2015-05-07 17:29:18.357"	"39.47.57.95"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	1420	5310	"2015-05-07 17:29:25.377"	"5.235.235.103"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	1988	5312	"2015-05-07 17:29:27.577"	"90.148.181.9"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4540	5313	"2015-05-07 17:29:29.495"	"94.232.95.131"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2272	5315	"2015-05-07 17:29:29.917"	"180.191.149.127"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4540	5318	"2015-05-07 17:29:34.175"	"171.224.44.66"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	1148	5320	"2015-05-07 17:29:36.531"	"89.237.241.59"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	1420	5322	"2015-05-07 17:29:42.646"	"118.137.127.104"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	5012	5324	"2015-05-07 17:29:46.359"	"113.163.64.150"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2140	5325	"2015-05-07 17:29:46.983"	"113.163.85.193"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4472	5328	"2015-05-07 17:29:50.322"	"200.106.124.173"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2108	5336	"2015-05-07 17:29:53.130"	"39.41.238.38"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	1956	5338	"2015-05-07 17:29:58.137"	"62.84.63.42"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4472	5340	"2015-05-07 17:29:59.650"	"203.194.98.216"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4784	5342	"2015-05-07 17:30:02.256"	"5.232.71.116"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	5012	5343	"2015-05-07 17:30:03.706"	"103.22.195.99"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4444	5346	"2015-05-07 17:30:09.198"	"117.212.239.96"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2140	5348	"2015-05-07 17:30:15.781"	"182.186.230.144"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4540	5350	"2015-05-07 17:30:20.913"	"171.224.204.42"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4444	5352	"2015-05-07 17:30:25.172"	"145.255.162.105"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4420	5351	"2015-05-07 17:30:25.578"	"113.175.109.156"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	1940	5355	"2015-05-07 17:30:26.404"	"117.2.254.37"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2364	5353	"2015-05-07 17:30:26.482"	"120.140.120.10"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4420	5360	"2015-05-07 17:30:28.729"	"85.105.66.99"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	620	5361	"2015-05-07 17:30:30.538"	"14.177.213.4"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3628	5364	"2015-05-07 17:30:34.064"	"212.154.167.11"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	1148	5365	"2015-05-07 17:30:37.964"	"116.106.2.39"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4364	5368	"2015-05-07 17:30:43.237"	"109.168.161.157"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2272	5369	"2015-05-07 17:30:44.422"	"117.7.193.56"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	5012	5370	"2015-05-07 17:30:45.249"	"213.87.241.203"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	1988	5372	"2015-05-07 17:30:50.257"	"14.164.165.174"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	1956	5379	"2015-05-07 17:31:18.196"	"117.195.222.218"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2140	5382	"2015-05-07 17:31:27.510"	"116.202.18.83"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4564	5383	"2015-05-07 17:31:28.851"	"122.102.121.165"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	620	5391	"2015-05-07 17:31:55.293"	"41.184.64.39"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4784	5392	"2015-05-07 17:31:58.195"	"176.119.70.184"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3220	5395	"2015-05-07 17:32:09.302"	"117.204.24.6"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4564	5396	"2015-05-07 17:32:17.867"	"5.108.1.214"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4416	5397	"2015-05-07 17:32:18.007"	"95.56.13.120"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	1420	5400	"2015-05-07 17:32:34.184"	"105.226.144.180"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4416	5407	"2015-05-07 17:32:59.503"	"117.203.82.105"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4472	5409	"2015-05-07 17:33:43.433"	"113.171.114.90"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4420	5415	"2015-05-07 17:34:01.061"	"190.238.57.204"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	620	5424	"2015-05-07 17:35:50.152"	"197.148.96.122"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3220	5433	"2015-05-07 17:37:39.461"	"109.125.161.82"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4688	5435	"2015-05-07 17:37:54.858"	"109.125.161.82"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2140	5436	"2015-05-07 17:38:46.760"	"112.198.118.229"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4420	5457	"2015-05-07 17:43:38.168"	"95.78.162.128"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3628	5491	"2015-05-07 17:49:54.690"	"37.254.169.226"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4564	5497	"2015-05-07 17:52:41.720"	"122.176.107.210"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4420	5498	"2015-05-07 17:52:44.528"	"59.91.77.99"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4688	5555	"2015-05-07 18:06:49.016"	"85.133.132.162"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3432	586	"2015-05-07 22:31:22.980"	"37.213.191.80"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4392	587	"2015-05-07 22:31:26.241"	"114.120.195.132"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4272	589	"2015-05-07 22:31:26.677"	"89.77.159.174"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4396	591	"2015-05-07 22:31:28.113"	"88.247.208.215"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2228	592	"2015-05-07 22:31:28.237"	"92.51.90.202"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4236	593	"2015-05-07 22:31:28.643"	"194.44.166.91"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4544	597	"2015-05-07 22:31:29.127"	"91.78.39.248"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4272	601	"2015-05-07 22:31:30.640"	"145.255.178.215"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4272	602	"2015-05-07 22:31:30.687"	"96.231.101.35"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3864	605	"2015-05-07 22:31:32.793"	"109.188.126.6"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2752	606	"2015-05-07 22:31:33.027"	"46.174.67.68"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3096	607	"2015-05-07 22:31:33.635"	"201.240.4.144"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4436	609	"2015-05-07 22:31:33.807"	"2.187.21.209"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4560	740	"2015-05-07 22:32:03.291"	"94.78.78.248"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3540	745	"2015-05-07 22:32:04.554"	"181.64.209.118"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4544	747	"2015-05-07 22:32:04.585"	"178.89.89.174"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	5088	748	"2015-05-07 22:32:04.741"	"83.149.35.241"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4128	749	"2015-05-07 22:32:05.428"	"171.234.247.153"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3864	755	"2015-05-07 22:32:06.301"	"197.131.144.244"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3096	760	"2015-05-07 22:32:07.440"	"79.123.199.56"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4236	762	"2015-05-07 22:32:07.737"	"178.151.89.142"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4560	751	"2015-05-07 22:32:07.924"	"181.114.116.61"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3864	763	"2015-05-07 22:32:07.971"	"178.167.30.209"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4456	761	"2015-05-07 22:32:08.033"	"190.234.106.158"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4544	758	"2015-05-07 22:32:08.329"	"190.117.149.212"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4628	756	"2015-05-07 22:32:08.485"	"190.233.25.112"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3032	769	"2015-05-07 22:32:09.172"	"88.85.178.115"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4456	767	"2015-05-07 22:32:09.437"	"189.193.151.103"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2228	771	"2015-05-07 22:32:09.967"	"195.211.183.216"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4744	775	"2015-05-07 22:32:10.279"	"88.204.198.38"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4456	777	"2015-05-07 22:32:10.482"	"197.118.134.243"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3476	773	"2015-05-07 22:32:10.810"	"42.116.35.220"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3864	782	"2015-05-07 22:32:11.605"	"77.67.180.197"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4172	770	"2015-05-07 22:32:11.917"	"83.110.96.239"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2248	783	"2015-05-07 22:32:12.011"	"5.41.210.54"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3476	786	"2015-05-07 22:32:12.432"	"212.87.173.140"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3856	790	"2015-05-07 22:32:13.758"	"186.47.73.94"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4236	784	"2015-05-07 22:32:13.805"	"180.191.149.201"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4272	793	"2015-05-07 22:32:14.023"	"95.107.172.250"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3432	791	"2015-05-07 22:32:14.055"	"190.236.41.217"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4456	792	"2015-05-07 22:32:14.538"	"187.149.255.140"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4436	801	"2015-05-07 22:32:15.630"	"46.147.161.178"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4560	799	"2015-05-07 22:32:16.020"	"181.67.71.209"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3032	795	"2015-05-07 22:32:16.363"	"2.191.153.49"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3476	804	"2015-05-07 22:32:16.410"	"31.169.14.44"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3476	803	"2015-05-07 22:32:17.050"	"123.22.56.44"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3096	811	"2015-05-07 22:32:17.409"	"95.53.212.97"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3432	806	"2015-05-07 22:32:17.549"	"181.66.132.112"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3432	813	"2015-05-07 22:32:17.643"	"178.163.4.139"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2752	814	"2015-05-07 22:32:17.674"	"217.16.85.235"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3096	809	"2015-05-07 22:32:17.674"	"187.156.155.89"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3864	808	"2015-05-07 22:32:18.001"	"86.104.104.171"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3864	820	"2015-05-07 22:32:18.048"	"134.17.128.138"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3864	819	"2015-05-07 22:32:18.204"	"176.209.198.125"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	5088	817	"2015-05-07 22:32:18.313"	"201.230.137.189"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3136	816	"2015-05-07 22:32:18.345"	"181.64.174.100"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	5088	825	"2015-05-07 22:32:18.391"	"176.120.60.17"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3032	815	"2015-05-07 22:32:18.688"	"190.110.197.246"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4172	822	"2015-05-07 22:32:19.125"	"89.43.2.53"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4628	827	"2015-05-07 22:32:19.125"	"152.166.116.3"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3096	835	"2015-05-07 22:32:20.139"	"46.143.246.152"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4628	838	"2015-05-07 22:32:20.248"	"37.99.31.97"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4272	837	"2015-05-07 22:32:20.248"	"178.120.4.97"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3540	842	"2015-05-07 22:32:21.106"	"178.214.67.72"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4396	839	"2015-05-07 22:32:21.371"	"113.22.155.31"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3476	812	"2015-05-07 22:32:21.511"	"113.189.159.58"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3096	847	"2015-05-07 22:32:21.745"	"197.18.171.203"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2248	846	"2015-05-07 22:32:22.291"	"93.118.96.55"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4128	850	"2015-05-07 22:32:22.837"	"145.255.206.62"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4128	856	"2015-05-07 22:32:24.569"	"190.239.182.107"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4628	859	"2015-05-07 22:32:25.723"	"31.8.11.128"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3432	858	"2015-05-07 22:32:25.817"	"87.103.128.240"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2228	857	"2015-05-07 22:32:25.817"	"200.105.191.181"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	5088	860	"2015-05-07 22:32:25.848"	"95.86.154.186"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4172	862	"2015-05-07 22:32:26.550"	"37.237.52.104"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4392	865	"2015-05-07 22:32:26.691"	"87.76.45.7"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3136	863	"2015-05-07 22:32:26.722"	"37.221.54.84"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3864	869	"2015-05-07 22:32:27.221"	"2.135.74.197"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3032	870	"2015-05-07 22:32:27.549"	"62.117.96.60"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3096	878	"2015-05-07 22:32:29.842"	"193.151.13.136"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2016	877	"2015-05-07 22:32:29.951"	"46.224.127.105"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3864	879	"2015-05-07 22:32:30.357"	"178.172.135.161"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4172	883	"2015-05-07 22:32:31.511"	"83.149.35.247"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4456	876	"2015-05-07 22:32:31.573"	"42.115.91.58"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3476	884	"2015-05-07 22:32:32.385"	"117.213.234.72"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4236	885	"2015-05-07 22:32:32.931"	"190.236.205.162"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2752	887	"2015-05-07 22:32:33.133"	"83.221.187.140"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4236	891	"2015-05-07 22:32:33.492"	"178.70.148.225"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2248	890	"2015-05-07 22:32:34.023"	"91.187.117.219"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3864	888	"2015-05-07 22:32:34.038"	"95.82.95.33"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	5088	897	"2015-05-07 22:32:34.459"	"93.78.125.253"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3856	898	"2015-05-07 22:32:35.083"	"195.246.124.52"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4236	893	"2015-05-07 22:32:35.193"	"2.184.246.68"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4744	903	"2015-05-07 22:32:35.520"	"37.104.78.49"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3856	901	"2015-05-07 22:32:35.739"	"190.239.207.216"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	5088	904	"2015-05-07 22:32:36.347"	"195.39.139.153"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3540	934	"2015-05-07 22:32:46.425"	"190.43.134.202"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3864	936	"2015-05-07 22:32:47.095"	"178.34.47.247"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3476	935	"2015-05-07 22:32:47.220"	"118.100.80.245"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2016	939	"2015-05-07 22:32:48.000"	"202.153.225.122"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4436	937	"2015-05-07 22:32:48.187"	"14.162.219.64"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3856	942	"2015-05-07 22:32:48.718"	"42.118.54.107"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4628	945	"2015-05-07 22:32:48.811"	"79.101.37.146"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4544	944	"2015-05-07 22:32:48.952"	"186.82.252.50"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4396	943	"2015-05-07 22:32:49.030"	"39.34.110.76"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3136	946	"2015-05-07 22:32:49.810"	"2.182.14.171"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4744	949	"2015-05-07 22:32:50.325"	"146.88.41.72"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3136	951	"2015-05-07 22:32:50.527"	"123.136.106.162"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4272	948	"2015-05-07 22:32:50.543"	"123.20.176.15"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2752	959	"2015-05-07 22:32:50.964"	"46.163.62.77"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4392	961	"2015-05-07 22:32:51.073"	"159.224.41.1"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4560	956	"2015-05-07 22:32:51.229"	"200.106.8.172"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3136	957	"2015-05-07 22:32:51.307"	"190.236.98.47"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4392	964	"2015-05-07 22:32:51.619"	"83.149.8.97"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4236	960	"2015-05-07 22:32:51.682"	"39.34.110.76"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4236	967	"2015-05-07 22:32:52.009"	"181.53.122.203"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3096	962	"2015-05-07 22:32:52.025"	"181.113.26.114"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4392	969	"2015-05-07 22:32:52.181"	"37.239.144.24"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4392	966	"2015-05-07 22:32:52.399"	"177.4.174.226"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2752	974	"2015-05-07 22:32:52.633"	"185.22.35.179"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2016	955	"2015-05-07 22:32:53.226"	"177.224.234.245"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2752	980	"2015-05-07 22:32:53.460"	"190.115.164.206"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3476	976	"2015-05-07 22:32:53.460"	"190.237.116.230"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3540	984	"2015-05-07 22:32:54.615"	"185.22.35.179"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2228	986	"2015-05-07 22:32:54.864"	"130.193.196.157"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4396	982	"2015-05-07 22:32:55.067"	"190.233.67.193"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4628	987	"2015-05-07 22:32:55.363"	"200.58.79.69"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4272	989	"2015-05-07 22:32:56.206"	"113.175.98.236"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4272	994	"2015-05-07 22:32:57.391"	"120.62.18.146"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4628	995	"2015-05-07 22:32:57.501"	"190.146.93.165"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4236	996	"2015-05-07 22:32:57.532"	"145.255.178.234"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4128	997	"2015-05-07 22:32:57.937"	"124.114.129.218"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2248	1005	"2015-05-07 22:32:58.624"	"46.63.157.107"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4628	1000	"2015-05-07 22:32:58.702"	"115.242.226.148"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	5088	990	"2015-05-07 22:32:59.373"	"85.26.164.215"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4560	1010	"2015-05-07 22:32:59.435"	"176.106.156.79"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3432	1012	"2015-05-07 22:32:59.903"	"178.123.184.42"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2228	1006	"2015-05-07 22:33:00.730"	"5.233.118.124"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4128	1017	"2015-05-07 22:33:01.635"	"94.245.178.59"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4560	1020	"2015-05-07 22:33:02.399"	"77.120.16.18"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	5088	1022	"2015-05-07 22:33:02.773"	"93.89.65.132"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4744	1018	"2015-05-07 22:33:02.805"	"190.129.104.138"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4128	1027	"2015-05-07 22:33:04.006"	"178.126.156.231"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3864	1029	"2015-05-07 22:33:04.271"	"37.151.93.47"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3136	1031	"2015-05-07 22:33:04.443"	"197.15.60.53"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3540	1028	"2015-05-07 22:33:04.458"	"190.43.145.165"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4392	1033	"2015-05-07 22:33:04.739"	"95.57.133.220"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3136	1032	"2015-05-07 22:33:05.004"	"167.57.52.63"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2752	1036	"2015-05-07 22:33:05.269"	"93.91.194.12"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2752	1043	"2015-05-07 22:33:05.769"	"217.196.200.206"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2228	1041	"2015-05-07 22:33:06.299"	"190.90.189.110"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3476	1019	"2015-05-07 22:33:06.408"	"85.26.164.215"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2228	1045	"2015-05-07 22:33:06.533"	"195.162.26.160"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4272	1050	"2015-05-07 22:33:06.985"	"131.72.229.232"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4172	1051	"2015-05-07 22:33:07.001"	"46.71.83.235"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4436	1054	"2015-05-07 22:33:07.141"	"91.187.117.218"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3032	1053	"2015-05-07 22:33:07.266"	"77.31.85.224"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4544	1030	"2015-05-07 22:33:07.609"	"2.187.251.142"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3136	1052	"2015-05-07 22:33:07.890"	"182.180.160.120"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4128	1060	"2015-05-07 22:33:07.953"	"185.72.217.12"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3096	1055	"2015-05-07 22:33:08.031"	"118.46.132.81"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4628	1065	"2015-05-07 22:33:08.545"	"188.190.85.78"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4628	1062	"2015-05-07 22:33:08.670"	"195.16.111.81"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4456	1066	"2015-05-07 22:33:08.779"	"109.225.29.238"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3032	1058	"2015-05-07 22:33:08.951"	"190.90.189.110"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3096	1048	"2015-05-07 22:33:09.559"	"118.107.136.226"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2248	1069	"2015-05-07 22:33:09.700"	"190.197.34.11"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3476	1049	"2015-05-07 22:33:09.731"	"114.120.195.147"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4628	1072	"2015-05-07 22:33:09.825"	"182.180.160.120"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3136	1071	"2015-05-07 22:33:09.981"	"189.158.180.192"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4560	1077	"2015-05-07 22:33:10.059"	"117.202.83.52"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2016	1079	"2015-05-07 22:33:10.558"	"185.95.23.102"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2248	1078	"2015-05-07 22:33:10.807"	"202.44.239.2"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3856	1080	"2015-05-07 22:33:11.697"	"191.37.134.29"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4560	1035	"2015-05-07 22:33:11.821"	"200.87.171.186"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3432	1087	"2015-05-07 22:33:12.196"	"178.129.131.34"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3136	1085	"2015-05-07 22:33:12.258"	"158.181.207.203"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2752	1084	"2015-05-07 22:33:12.289"	"189.158.1.223"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4172	1090	"2015-05-07 22:33:13.085"	"62.183.112.158"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4436	1095	"2015-05-07 22:33:13.147"	"178.120.120.59"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3864	1088	"2015-05-07 22:33:13.288"	"116.100.141.233"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4236	1094	"2015-05-07 22:33:13.303"	"178.210.142.76"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3432	1096	"2015-05-07 22:33:13.366"	"183.87.254.20"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2248	1091	"2015-05-07 22:33:13.444"	"188.211.50.210"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4128	1093	"2015-05-07 22:33:13.491"	"116.106.24.205"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2228	1089	"2015-05-07 22:33:13.725"	"113.171.69.236"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2016	1100	"2015-05-07 22:33:13.974"	"103.38.36.195"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3856	1103	"2015-05-07 22:33:14.567"	"201.240.222.140"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4272	1107	"2015-05-07 22:33:14.957"	"190.42.17.118"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3136	1114	"2015-05-07 22:33:14.973"	"46.241.132.0"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3096	1112	"2015-05-07 22:33:15.207"	"181.177.244.98"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3096	1108	"2015-05-07 22:33:15.831"	"190.43.167.218"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4628	1115	"2015-05-07 22:33:15.862"	"46.211.124.201"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3136	1098	"2015-05-07 22:33:16.205"	"114.120.195.169"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4272	1120	"2015-05-07 22:33:16.252"	"190.239.147.32"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3136	1122	"2015-05-07 22:33:16.267"	"43.225.250.100"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4272	1118	"2015-05-07 22:33:16.548"	"113.169.147.37"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2248	1125	"2015-05-07 22:33:17.359"	"202.147.204.78"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3540	1129	"2015-05-07 22:33:18.654"	"139.0.189.248"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2228	1132	"2015-05-07 22:33:18.779"	"190.130.243.42"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4628	1131	"2015-05-07 22:33:18.841"	"190.234.106.144"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4272	1135	"2015-05-07 22:33:19.528"	"190.234.163.232"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4744	1140	"2015-05-07 22:33:20.448"	"177.246.225.231"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4436	1141	"2015-05-07 22:33:20.901"	"186.23.229.244"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4392	1138	"2015-05-07 22:33:20.932"	"79.127.116.209"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	5088	1145	"2015-05-07 22:33:22.632"	"189.224.175.244"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3476	1148	"2015-05-07 22:33:23.834"	"83.221.194.67"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4392	1149	"2015-05-07 22:33:24.411"	"49.231.232.34"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4436	1151	"2015-05-07 22:33:25.222"	"81.28.38.18"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3864	1152	"2015-05-07 22:33:25.706"	"113.162.59.10"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3432	1155	"2015-05-07 22:33:26.626"	"41.226.57.113"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2248	1158	"2015-05-07 22:33:28.139"	"201.240.44.193"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3476	1159	"2015-05-07 22:33:28.529"	"91.192.168.70"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3476	1162	"2015-05-07 22:33:30.183"	"181.54.204.138"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4392	1164	"2015-05-07 22:33:31.134"	"197.200.210.0"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4236	1166	"2015-05-07 22:33:32.039"	"88.247.193.103"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3032	1169	"2015-05-07 22:33:33.630"	"110.36.223.82"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4544	1168	"2015-05-07 22:33:33.755"	"161.10.178.199"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4560	1171	"2015-05-07 22:33:33.958"	"145.255.162.123"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3540	1173	"2015-05-07 22:33:34.410"	"94.189.132.209"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2016	1172	"2015-05-07 22:33:34.676"	"42.119.112.80"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3136	1175	"2015-05-07 22:33:35.331"	"190.233.218.186"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4172	1170	"2015-05-07 22:33:36.298"	"190.129.185.116"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3540	1180	"2015-05-07 22:33:36.579"	"190.237.53.152"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4456	1182	"2015-05-07 22:33:37.265"	"182.68.18.82"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4172	1185	"2015-05-07 22:33:38.388"	"112.215.63.152"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4396	1189	"2015-05-07 22:33:38.685"	"181.66.157.110"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4560	1186	"2015-05-07 22:33:39.792"	"95.219.2.138"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4456	1197	"2015-05-07 22:33:40.011"	"88.200.214.245"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3864	1193	"2015-05-07 22:33:40.182"	"190.236.40.234"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3476	1194	"2015-05-07 22:33:40.245"	"190.214.44.10"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4392	1198	"2015-05-07 22:33:41.243"	"181.64.209.171"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4544	1200	"2015-05-07 22:33:41.742"	"116.203.186.42"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	5088	1204	"2015-05-07 22:33:41.961"	"201.240.93.224"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4272	1206	"2015-05-07 22:33:41.976"	"95.105.77.61"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4236	1208	"2015-05-07 22:33:42.382"	"37.214.148.131"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4272	1209	"2015-05-07 22:33:42.429"	"91.202.130.60"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4172	1215	"2015-05-07 22:33:43.396"	"114.143.6.50"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	5088	1174	"2015-05-07 22:33:43.630"	"181.67.225.156"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4128	1216	"2015-05-07 22:33:43.880"	"85.26.234.44"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4392	1218	"2015-05-07 22:33:44.613"	"125.16.41.254"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4456	1219	"2015-05-07 22:33:44.644"	"190.107.183.236"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4392	1221	"2015-05-07 22:33:44.660"	"185.8.234.18"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4744	1192	"2015-05-07 22:33:45.440"	"190.237.137.237"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3856	1223	"2015-05-07 22:33:45.549"	"46.48.150.26"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4172	1217	"2015-05-07 22:33:45.627"	"181.61.149.95"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3540	1190	"2015-05-07 22:33:45.876"	"182.19.78.5"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3540	1229	"2015-05-07 22:33:47.499"	"190.43.124.183"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4544	1224	"2015-05-07 22:33:47.655"	"5.202.174.95"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3864	1230	"2015-05-07 22:33:47.982"	"181.64.67.94"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4436	1231	"2015-05-07 22:33:48.326"	"190.234.75.142"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2016	1234	"2015-05-07 22:33:48.372"	"92.246.212.124"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4272	1237	"2015-05-07 22:33:48.544"	"105.108.242.235"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3476	1235	"2015-05-07 22:33:48.762"	"190.237.53.102"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2752	1240	"2015-05-07 22:33:48.981"	"41.142.32.109"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4436	1242	"2015-05-07 22:33:48.996"	"95.58.139.124"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2228	1241	"2015-05-07 22:33:49.168"	"182.185.113.52"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4744	1233	"2015-05-07 22:33:49.199"	"59.182.67.121"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3096	1238	"2015-05-07 22:33:49.324"	"181.64.209.203"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4628	1248	"2015-05-07 22:33:49.355"	"92.55.121.22"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4236	1256	"2015-05-07 22:33:50.946"	"141.136.64.156"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4544	1254	"2015-05-07 22:33:51.056"	"37.152.173.84"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4128	1258	"2015-05-07 22:33:51.352"	"145.255.169.134"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4172	1257	"2015-05-07 22:33:51.508"	"188.191.86.185"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4744	1259	"2015-05-07 22:33:52.007"	"115.118.143.144"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3856	1263	"2015-05-07 22:33:53.286"	"37.237.161.130"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4396	1269	"2015-05-07 22:33:54.332"	"145.255.164.149"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4560	1268	"2015-05-07 22:33:54.987"	"116.111.246.112"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3096	1271	"2015-05-07 22:33:55.330"	"190.40.14.106"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2016	1272	"2015-05-07 22:33:55.689"	"190.238.204.192"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4172	1273	"2015-05-07 22:33:55.829"	"201.240.230.101"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4456	1277	"2015-05-07 22:33:56.063"	"5.170.80.232"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2016	1276	"2015-05-07 22:33:56.250"	"190.235.120.122"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4392	1264	"2015-05-07 22:33:56.297"	"186.121.44.168"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3540	1274	"2015-05-07 22:33:56.562"	"1.46.8.104"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4272	1275	"2015-05-07 22:33:56.625"	"42.117.53.250"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3856	1278	"2015-05-07 22:33:57.498"	"123.21.100.124"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3096	1284	"2015-05-07 22:33:57.530"	"46.241.146.215"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4544	1286	"2015-05-07 22:33:58.715"	"223.223.128.210"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	5088	1292	"2015-05-07 22:33:59.339"	"200.121.134.246"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2016	1295	"2015-05-07 22:33:59.402"	"185.5.152.162"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2248	1296	"2015-05-07 22:33:59.542"	"91.246.67.157"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4456	1293	"2015-05-07 22:33:59.807"	"113.22.124.175"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4744	1297	"2015-05-07 22:34:00.026"	"186.150.200.114"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4560	1301	"2015-05-07 22:34:01.211"	"118.68.192.86"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3476	1306	"2015-05-07 22:34:01.227"	"195.211.183.16"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3432	1287	"2015-05-07 22:34:03.442"	"185.42.128.10"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4744	1310	"2015-05-07 22:34:03.754"	"171.233.81.52"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3136	1311	"2015-05-07 22:34:03.848"	"190.237.160.57"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3096	1312	"2015-05-07 22:34:04.066"	"190.24.133.169"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3136	1313	"2015-05-07 22:34:04.394"	"103.23.51.2"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3856	1317	"2015-05-07 22:34:06.702"	"188.211.63.138"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3032	1319	"2015-05-07 22:34:07.202"	"190.239.199.18"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3032	1323	"2015-05-07 22:34:09.822"	"190.233.208.246"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4628	1326	"2015-05-07 22:34:13.098"	"1.54.143.224"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2228	1327	"2015-05-07 22:34:13.223"	"213.230.73.253"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4392	1328	"2015-05-07 22:34:13.317"	"49.228.205.163"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3096	1329	"2015-05-07 22:34:13.691"	"223.255.225.76"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3136	1332	"2015-05-07 22:34:14.487"	"185.56.98.38"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4128	1330	"2015-05-07 22:34:14.783"	"42.119.155.10"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3856	1341	"2015-05-07 22:34:22.926"	"46.16.224.73"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3136	1343	"2015-05-07 22:34:24.533"	"2.134.28.67"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2016	1346	"2015-05-07 22:34:30.102"	"37.150.225.34"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4172	1339	"2015-05-07 22:34:33.176"	"203.111.224.44"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4236	1351	"2015-05-07 22:34:33.784"	"113.170.65.73"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2016	1352	"2015-05-07 22:34:34.252"	"1.52.38.6"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4396	1353	"2015-05-07 22:34:36.218"	"41.254.3.16"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3432	1363	"2015-05-07 22:34:41.303"	"103.29.144.42"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	5088	1357	"2015-05-07 22:34:42.801"	"178.125.16.203"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2016	1356	"2015-05-07 22:34:42.832"	"178.125.16.203"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3432	1362	"2015-05-07 22:34:43.924"	"181.67.9.97"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3032	1361	"2015-05-07 22:34:44.657"	"178.125.16.203"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4456	1371	"2015-05-07 22:34:44.907"	"59.184.135.104"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3864	1364	"2015-05-07 22:34:47.980"	"178.125.16.203"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4544	1368	"2015-05-07 22:34:49.041"	"178.125.16.203"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4392	1370	"2015-05-07 22:34:49.602"	"178.125.16.203"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4456	1380	"2015-05-07 22:34:50.866"	"112.215.65.69"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4172	1373	"2015-05-07 22:34:51.209"	"178.125.16.203"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4172	1382	"2015-05-07 22:34:51.303"	"112.215.65.69"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2228	1377	"2015-05-07 22:34:53.674"	"178.125.16.203"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4436	1378	"2015-05-07 22:34:54.392"	"130.193.199.209"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4744	1387	"2015-05-07 22:35:05.561"	"130.193.199.209"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4172	1395	"2015-05-07 22:35:06.014"	"109.188.127.39"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2752	1396	"2015-05-07 22:35:10.023"	"190.233.82.241"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4272	1399	"2015-05-07 22:35:18.151"	"5.234.26.126"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2016	1400	"2015-05-07 22:35:25.077"	"213.230.79.48"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4456	1402	"2015-05-07 22:35:36.980"	"85.105.2.8"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2752	1405	"2015-05-07 22:35:42.580"	"201.141.148.72"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2016	1407	"2015-05-07 22:35:45.341"	"117.198.84.218"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4544	1408	"2015-05-07 22:35:46.589"	"117.222.73.69"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2016	1404	"2015-05-07 22:35:46.979"	"212.96.79.215"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4544	1417	"2015-05-07 22:36:11.331"	"213.230.74.26"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4128	1419	"2015-05-07 22:36:26.260"	"156.184.25.236"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	2016	1418	"2015-05-07 22:36:26.837"	"185.33.33.130"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3476	1431	"2015-05-07 22:38:37.893"	"95.58.28.24"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	3476	1443	"2015-05-07 22:41:21.865"	"94.255.7.221"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4436	1474	"2015-05-07 22:47:04.925"	"188.162.39.27"	"SENT: 535 auth. failed. Restarting ...."
SMTPD	4396	1531	"2015-05-07 23:01:52.933"	"78.36.41.200"	"SENT: 535 auth. failed. Restarting ...."
(edited)

In case you wondering, that was 534 attempts to break in in a matter of a few seconds over a couple of periods in the day. Hundreds of IP addresses all at once. And yes, ALL of those different IP addresses ended up as banned IP RANGES after their 2nd attempt.

So it shows how resilient HMS is!

I took a look at their authentication attempts and the usernames were all one of the following:

"sales"
"sales@mail.mydomain.com"
"info@mail.mydomain.com".

They had assumed that once they found "mydomain.com", they then assumed there was an MX of "mail.mydomain.com" (which there isnt!), and the stuck the usual 'sales' or 'info' before it. And then they sent it to my mailserver ip address which has no dns record matching 'mydomain.com' pointing to it so how they linked 'mail.mydomain.com' and our ip address together, who knows?!
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
SorenR
Senior user
Senior user
Posts: 3582
Joined: 2006-08-21 15:38
Location: Denmark

Re: Spam attacks? Do you think you are hard done to?

Post by SorenR » 2015-05-09 00:12

I have 1 failed attempt in 24 hours on the 7'th... :mrgreen:

Mind you... "AUTH LOGIN" is not an option on the standard ports of my server, so the bugger found my other ports by chance ... :mrgreen:
SørenR.

“Those who don't know history are doomed to repeat it.”
― Edmund Burke

User avatar
jimimaseye
Moderator
Moderator
Posts: 8587
Joined: 2011-09-08 17:48

Re: Spam attacks? Do you think you are hard done to?

Post by jimimaseye » 2015-05-09 00:20

Dont get me wrong this is very rare (but not unknown). I would normally expect (on experience) just 1 a day. If that.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
jimimaseye
Moderator
Moderator
Posts: 8587
Joined: 2011-09-08 17:48

Re: Spam attacks? Do you think you are hard done to?

Post by jimimaseye » 2015-10-16 11:14

Was looking through my logs today. Found this very unusual entry. I post it here EXACTLY as it appears:

Code: Select all

"SMTPD"	2680	12243	"2015-10-12 01:11:04.821"	"213.26.54.171"	"SENT: 250 OK"
"SMTPD"	2680	12243	"2015-10-12 01:11:04.821"	"213.26.54.171"	"RECEIVED: RCPT TO: <qwertyq848@yahoo.com>"
"SMTPD"	2680	12243	"2015-10-12 01:11:04.821"	"213.26.54.171"	"SENT: 530 SMTP authentication is required."
"SMTPD"	4548	12243	"2015-10-12 01:11:04.821"	"213.26.54.171"	"RECEIVED: DATA"
"SMTPD"	4548	12243	"2015-10-12 01:11:04.821"	"213.26.54.171"	"SENT: 503 Must have sender and recipient first."
"SMTPD"	3304	12243	"2015-10-12 01:11:08.191"	"213.26.54.171"	"RECEIVED: From: smtps 185"<service@185.com>
Subject: Hello
MIME-Version: 1.0
Content-Type: text/html;
        charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
hell0
"
"SMTPD"	3304	12243	"2015-10-12 01:11:08.191"	"213.26.54.171"	"SENT: 502 Unimplemented command."
"SMTPD"	4560	12243	"2015-10-12 01:11:08.191"	"213.26.54.171"	"RECEIVED: ."
"SMTPD"	4560	12243	"2015-10-12 01:11:08.191"	"213.26.54.171"	"SENT: 502 Unimplemented command."
"SMTPD"	4368	12243	"2015-10-12 01:11:10.890"	"213.26.54.171"	"RECEIVED: QUIT"
"SMTPD"	4368	12243	"2015-10-12 01:11:10.890"	"213.26.54.171"	"SENT: 221 goodbye"

Never seen that before.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
SorenR
Senior user
Senior user
Posts: 3582
Joined: 2006-08-21 15:38
Location: Denmark

Re: Spam attacks? Do you think you are hard done to?

Post by SorenR » 2015-10-16 17:52

A BOT with a BUG :mrgreen:

Not very likely that a chinese service (185.com used to be a dialup service I used back in '01-'02) should send emails via a Telecom Italia business subscription... :roll:
SørenR.

“Those who don't know history are doomed to repeat it.”
― Edmund Burke

User avatar
jimimaseye
Moderator
Moderator
Posts: 8587
Joined: 2011-09-08 17:48

Re: Spam attacks? Do you think you are hard done to?

Post by jimimaseye » 2016-01-07 20:47

There is a 'machine' that has been trying every day for the last 2 weeks to 'break in' to our system by guessing usernames WITH (what it thinks is correct for) our domain and leaving big gaps between attempts before retrying (to avoid auto-ban). It also seems to be rotating the usual usernames such as

contact@
sales@
manager@
info@
support@
shop@
test@


and slowly changing and guessing the passwords.

Extract from the MANY attempts per day for the last two weeks:
"SMTPD" 3896 14716 "2015-12-28 12:27:23.791" "80.82.65.61" "SENT: 220 Northcote SMTP"
"SMTPD" 3380 14716 "2015-12-28 12:27:23.807" "80.82.65.61" "RECEIVED: EHLO User"
"SMTPD" 3380 14716 "2015-12-28 12:27:23.807" "80.82.65.61" "SENT: 250-mydomain-mail.net[nl]250-SIZE 25600000[nl]250-AUTH LOGIN[nl]250 HELP"
"SMTPD" 4760 14716 "2015-12-28 12:27:23.838" "80.82.65.61" "RECEIVED: AUTH LOGIN"
"SMTPD" 4760 14716 "2015-12-28 12:27:23.838" "80.82.65.61" "SENT: 334 VXNlcm5hbWU6"
"SMTPD" 1292 14716 "2015-12-28 12:27:23.853" "80.82.65.61" "RECEIVED: Y29udGFjdEBteWRvbWFpbi5jb20=
"SMTPD" 4760 14716 "2015-12-28 12:27:23.869" "80.82.65.61" "RECEIVED: ***"
"SMTPD" 4760 14716 "2015-12-28 12:27:23.900" "80.82.65.61" "SENT: 535 Authentication failed. Restarting authentication process."
"SMTPD" 3896 14716 "2015-12-28 12:27:23.916" "80.82.65.61" "RECEIVED: quit"
"SMTPD" 3896 14716 "2015-12-28 12:27:23.916" "80.82.65.61" "SENT: 221 goodbye"
Further lookups show it his happening to others too from this same user: http://www.abuseipdb.com/check/80.82.65.61

(Ive added a long term ban for this IP range.)
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
Dravion
Senior user
Senior user
Posts: 1688
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: Spam attacks? Do you think you are hard done to?

Post by Dravion » 2016-01-08 02:49

Hi Jimmy,
I can confirm your observations.My Postfix SMTP-Server was also hit by this series of wrong login attemps.I decided to close the ports 143/587 by Firewall and allow only IP's from a specific subnet (our ISP) to connect. So i have to defend port 25 only.

User avatar
Dravion
Senior user
Senior user
Posts: 1688
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: Spam attacks? Do you think you are hard done to?

Post by Dravion » 2016-01-08 16:23

I found out thadt 95% of this wrong login attemps are located in china or russia, so i blocked the
whole russian and chineese ips at all. I will watch it for a few days and report back how this is working
out.

User avatar
jimimaseye
Moderator
Moderator
Posts: 8587
Joined: 2011-09-08 17:48

Re: Spam attacks? Do you think you are hard done to?

Post by jimimaseye » 2016-01-08 16:39

This particular address I posted above is coming from the Netherlands as it happens.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

tochi
Senior user
Senior user
Posts: 278
Joined: 2015-07-28 22:55

Re: Spam attacks? Do you think you are hard done to?

Post by tochi » 2016-01-08 20:21

My clients are all using port 587 to send emails so I disabled authentication on port 25 by specifying DisableAUTHList in hmailserver.ini. It eliminates 99% of brute force attack. No idea why those attackers are not smart enough to try port 587.

Code: Select all

[Settings]
DisableAUTHList=25
; Comma delimited list of SMTP ports to disable AUTH EHLO response banner & command
; Default if not defined is SMTP AUTH enabled on all SMTP ports
; NOTE: Disables AUTH Plain as well
viewtopic.php?f=7&t=28032&p=174183&hili ... leAUTHList

User avatar
jimimaseye
Moderator
Moderator
Posts: 8587
Joined: 2011-09-08 17:48

Re: Spam attacks? Do you think you are hard done to?

Post by jimimaseye » 2016-01-08 23:27

I assume that even if that had guessed the password, they would then try sending out spam emails from our box. Well what is stopping them from trying to do that anyway (without trying to authenticate first despite "250-AUTH LOGIN" being sent from HMS)? Isnt disabling this auth option on 25 just tackling those bots that dare try to authenticate? Many bots try to send mail from your box anyway without attempting to authenticate and even then your are still at the mercy of your IP RANGE settings (as you would be even if they authenticate). And... what if they DID try on 587? You would still be then at the mercy of them guessing the password and then the IP RANGE settings.

Im open to being convinced its worth the effort. Discuss (please explain to me the thinking of this being better)

EDIT:
First post of sorens, above:
SorenR wrote:I have 1 failed attempt in 24 hours on the 7'th... :mrgreen:

Mind you... "AUTH LOGIN" is not an option on the standard ports of my server, so the bugger found my other ports by chance ... :mrgreen:
Proof that they DO still try other ports other than port 25.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

tochi
Senior user
Senior user
Posts: 278
Joined: 2015-07-28 22:55

Re: Spam attacks? Do you think you are hard done to?

Post by tochi » 2016-01-09 00:29

Previously I thought that hackers would try on port 587 too. But most of them didn't from my experience. The immediate effect I noticed is that the number of auto ban entries were greatly reduced. 99% of them were gone. 99 is a great number already, isn't it?

User avatar
jimimaseye
Moderator
Moderator
Posts: 8587
Joined: 2011-09-08 17:48

Re: Spam attacks? Do you think you are hard done to?

Post by jimimaseye » 2016-01-09 01:33

Indeed it is. I see the 'benefit' from this statistical point of view.

But I dont see the benefit from a functionality. Sure it cuts down the list of 'auto-ban' entries but so what? Having these dont really have an overhead (especially if you dont LOOK at the list and just let HMS get on with doing its job).

Ive done a test:

WITHOUT the DisableAUTHlist
spambot:
HELO...
MAIL FROM:
send ok
RCPT TO:
send 530 authentication required
QUIT

or

HELO...
MAIL FROM:
send ok
RCPT TO:
send 530 authentication required
AUTH LOGIN
recv [failed credentials]
send Authentication failed...sod off!
( + ban ip if they try again)

or

HELO...
AUTH LOGIN
recv [failed credentials]
send Authentication failed...sod off!
( + ban ip if they try again)


WITH the DisableAUTHlist
HELO...
MAIL FROM:
send ok
RCPT TO:
send 530 authentication required
QUIT

or

HELO...
MAIL FROM:
send ok
RCPT TO:
send 530 authentication required
AUTH LOGIN
send Authentication not enabled

or

HELO...
AUTH LOGIN
recv [failed credentials]
send Authentication not enabled!

In all cases they either fail to get in because they fail an authentication (and get banned) or because authentication just isnt allowed (and not reaching the auto-ban entry stage). Any other scenario is the same (at the mercy of IP RANGES allowing them to connect and send to/from that domain). But of course then there would always be the port that you DO have opened with authentication allowed then this setting is irrelevant.

My first post in this thread was put there to demonstrate how robust HMS is in handling failed authentication attempts. Im not poo-pooing the DisableAUTHport setting but for me I dont see the benefit to me (because I dont care about the number of 'auto-ban' entries in the list. I simply dont look). I do see from that link you posted earlier, though, that it did help some guy where he doesnt have the ability to override a machine's configuration that automatically responds when seeing "250-AUTH LOGIN". That was a good reason to use it.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

tochi
Senior user
Senior user
Posts: 278
Joined: 2015-07-28 22:55

Re: Spam attacks? Do you think you are hard done to?

Post by tochi » 2016-01-09 01:47

Some benefits of DisableAUTHport:
The chance of being hacked is reduced.
It's much easier to locate the blocked entry which is from a valid client in a list with fewer entries.
The common email account names like sales, service, info won't get locked frequently if Active Directory authentication is used.

User avatar
SorenR
Senior user
Senior user
Posts: 3582
Joined: 2006-08-21 15:38
Location: Denmark

Re: Spam attacks? Do you think you are hard done to?

Post by SorenR » 2016-01-09 04:10

tochi wrote:Some benefits of DisableAUTHport:
The chance of being hacked is reduced.
It's much easier to locate the blocked entry which is from a valid client in a list with fewer entries.
The common email account names like sales, service, info won't get locked frequently if Active Directory authentication is used.
Something for you all to think about...

Mailservers monitor SMTP ports and use autoblock/autoban... All well and dandy...

Webmail monitor login attempts and use autoblock/autoban ??? NOOOOOO, if they do, they block the IP of the webmail and innocent users will suffer... Bummer !

He he... Use a brute force password program on the webmail and when an account is cracked - oh well - SMTP is now open...

Unless... Well, I'm using https://github.com/stalks/roundcube-defense ... Old but still functional...

PS. Wording, spelling & gramma may not be up to my usual standard... Currently suffering 4 weeks with a frozen shoulder (adhesive capsulitis - imagine your shoulder nailed shut 24/7) popping paracetamol and morphine every 6 hours. Hopefully it should resolve itself within the next 3 years. The most annoying thing is the pink elephant behind me reading over my shoulder when I type...
SørenR.

“Those who don't know history are doomed to repeat it.”
― Edmund Burke

User avatar
jimimaseye
Moderator
Moderator
Posts: 8587
Joined: 2011-09-08 17:48

Re: Spam attacks? Do you think you are hard done to?

Post by jimimaseye » 2016-01-09 11:26

SorenR wrote:Unless... Well, I'm using https://github.com/stalks/roundcube-defense ... Old but still functional...
So in essence you are saying that all the auto-ban settings in the world on MTA's such as hmailserver are irrelevant if the spambots want to to attack the unprotected webmail clients (webmail clients should be immunised from ip blocking in the MTA). Personally I dont use Roundcube (or webmail generally) but I think that plugin you referred to should be made more prominent for Roundcude users. Looking VERY useful.

Frozen shoulder: Oooh. Just googled it. Bad times for your Soren. Hope it gets better soon (18 months expected but could be up to 3 years apparently). In the meantime, to help with your typing, perhaps you could ask the pink elephant to put down his juggling sticks and do the typing for you with one of his 8 arms. (I assume this elephant appears every 6 hours or so.... :lol: )

Image
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
Dravion
Senior user
Senior user
Posts: 1688
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: Spam attacks? Do you think you are hard done to?

Post by Dravion » 2016-01-10 00:17

I think it would be a great improvement if we could implement a feature which restrict changes on th e userid after a failed login attempt and after 3 failed trys the ip will be blacklisted for some time.For new userid password combinations you should allways need to establish a new connection which will only be allowed if your ip is not blacklisted in the first place.

User avatar
mattg
Moderator
Moderator
Posts: 20845
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Spam attacks? Do you think you are hard done to?

Post by mattg » 2016-01-10 03:54

but only for a webmail IP...

I get heaps of attacks from external IP's where they try different usernames from the same IP address - I'd like them all Autobanned after the first failed attempt (as currently happens)
I wouldn't like to entertain these bots by having any further conversation with them.

There is also captcha (or re-captcha) or similar that can be added to webmail log on forms to limit bot atacks
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

rlevis
Normal user
Normal user
Posts: 35
Joined: 2010-10-09 09:55

Re: Spam attacks? Do you think you are hard done to?

Post by rlevis » 2016-01-24 03:02

I hope I'm not hijacking this thread, but anyone else getting lots more spam in the last few weeks not being detected as spam? I rarely saw spam in my inbox in the last couple of years but now half my inbox emails are spam. Perhaps some of the DNS blacklists are not working anymore? I use

zen.spamhaus.org (5)
bl.spamcop.net (3)
bb.barracudacentral.org (3)
dnsbl.sorbs.net (3)
hostkarma.junkemailfilter.com (3)

Also multi.surbl.org in SURBL servers.

User avatar
jimimaseye
Moderator
Moderator
Posts: 8587
Joined: 2011-09-08 17:48

Re: Spam attacks? Do you think you are hard done to?

Post by jimimaseye » 2016-01-24 12:44

I dont think there is anything wrong with the blacklists as such. 'Spam' (which itself is subjective to opinion about what is and what is not) often gets sent from bots and these blacklists are reactive - that is to say they only blacklist addresses once they have been detected. So naturally there is a period of time between initial release/publication of spam and when the blacklists detect it and add them. Maybe there is just a new spam code released which is more prevalent.

I have exactly the same blacklists as you and dont see much of a change in incoming frequency - I am experiencing the same level of 'break through' spam/malware as before. That said I also use spamassassin and a new found wonder-virus detection system that it is detecting many Zero-hour threat/new releases really quickly (and consequently removing the attachments). (Look for 'ClamAV with sanesecurity' if your interested).

I did note that one of our users who up to now could proudly say she was never targeted by spam has somehow in this last 3 weeks now ended up on the same list of addresses that the spammers use and starts receiving 'stock value to rise so BUY NOW!', 'here is your invoice, please open it (and let us steal your bank details or blackmail you)' and 'here's your answer to get a big willy' (mildly amusing for a 25 year old girl to receive). Personally, I blame eBay and paypal. Its not the first time I have seen that a single innocent transaction with an outlet on there has ended up with the email address (usually the one associated with the paypal account) on a list and immediately spam ensues to that address. (And I KNOW it is from this because the address used was exclusive to paypal payments - I use a disposable address form like "my.pseudonym-paypal@yahoo.com" so I can delete it if the spam becomes uncontrollable). And I know this use has had an increased interesting in using her address to buy off ebay recently. (She's the bosses daughter. :roll: )

Summary, I dont think that there is a problem with the blacklists failing to work. Maybe your addresses have just recently found themselves on to a new spam list of addresses (just like my user above).
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
jimimaseye
Moderator
Moderator
Posts: 8587
Joined: 2011-09-08 17:48

Re: Spam attacks? Do you think you are hard done to?

Post by jimimaseye » 2016-03-02 19:59

Well, I am a few days in to an experiement. The experiment was (amongst other things) to prove a theory I had that I based on previous experince (ie, "it did it really happen like that"?

The background: the theory was that spambots research DNS for MX records and target whatever they find. Why did I think this? Well, initially I didnt have MX pointing to my mail server (as it only collected mails via External Download) although the server was still open on port 25 (it just wasnt advertised). Then I went through a period of time of turning on direct deliveries (pointing my MX record to the server). Consequently I saw a dramatic increase in attempts to break in and send spam email out (external to external). After this period of time, I changed our IP address and pointed MX back to our external provider (going back to external downloads) but, again, left the server open to port 25 but simply didnt advertise it. A consequence of this was that spambots no longer had my ip address 'on file' and nor did they find it in MX records. The result was that I barely got any 'door knocking' or attempted breakins- maybe only 3 or 4 a day.

So my conclusion was that spambots resource a lot of their mailservers direct from DNS MX records (instead of just relying on port knocking of ip addresses).

On sunday, I repeated the experiment: I turned back on direct inbound deliveries and pointed our MX records at the server again. And more or less immediately in the first I get many spambot attempts. Thankfully the DNSBL and SURBL settings do a brill job of stopping most of them in their tracks. Spot the counts of 'rejections' in the daily logs in the 2 weeks leading up to 29th February, then see the jump after I went direct (from 1st March):

[quote]C:\Program Files (x86)\hMailServer\Logs\hmailserver_2016-02-15.log (1 hit)
Line 646: "APPLICATION" 4368 "2016-02-15 11:58:19.930" "hMailServer SpamProtection rejected RCPT (Sender: z2007tw@yahoo.com.tw, IP:118.160.208.186, Reason: Rejected by Spamhaus.)"
C:\Program Files (x86)\hMailServer\Logs\hmailserver_2016-02-18.log (1 hit)
Line 1389: "APPLICATION" 2392 "2016-02-18 16:29:26.396" "hMailServer SpamProtection rejected RCPT (Sender: z2007tw@yahoo.com.tw, IP:114.24.12.41, Reason: Rejected by country-see countries.nerd.dk/isolist.txt)"
C:\Program Files (x86)\hMailServer\Logs\hmailserver_2016-02-21.log (2 hits)
Line 6: "APPLICATION" 808 "2016-02-21 02:54:18.314" "hMailServer SpamProtection rejected RCPT (Sender: jim@ROB.com, IP:101.51.61.23, Reason: Rejected by Barracuda)"
Line 17: "APPLICATION" 1820 "2016-02-21 03:27:06.270" "hMailServer SpamProtection rejected RCPT (Sender: noauth@homeip.net, IP:37.59.210.8, Reason: Rejected by hostkarma)"
C:\Program Files (x86)\hMailServer\Logs\hmailserver_2016-02-22.log (2 hits)
Line 6: "APPLICATION" 3472 "2016-02-22 04:26:04.581" "hMailServer SpamProtection rejected RCPT (Sender: jim@ROB.com, IP:213.158.35.2, Reason: Rejected by hostkarma)"
Line 925: "APPLICATION" 4888 "2016-02-22 20:06:46.246" "hMailServer SpamProtection rejected RCPT (Sender: z2007tw@yahoo.com.tw, IP:36.225.30.37, Reason: Rejected by Spamhaus.)"
C:\Program Files (x86)\hMailServer\Logs\hmailserver_2016-02-23.log (2 hits)
Line 6: "APPLICATION" 3116 "2016-02-23 06:06:14.284" "hMailServer SpamProtection rejected RCPT (Sender: z2007tw@yahoo.com.tw, IP:114.37.190.105, Reason: Rejected by country-see countries.nerd.dk/isolist.txt)"
Line 630: "APPLICATION" 4036 "2016-02-23 17:37:14.691" "hMailServer SpamProtection rejected RCPT (Sender: jim@ROB.com, IP:121.42.192.251, Reason: Rejected by hostkarma)"
C:\Program Files (x86)\hMailServer\Logs\hmailserver_2016-02-24.log (1 hit)
Line 1733: "APPLICATION" 5052 "2016-02-24 20:05:56.127" "hMailServer SpamProtection rejected RCPT (Sender: jim@ROB.com, IP:123.57.177.192, Reason: Rejected by Barracuda)"
C:\Program Files (x86)\hMailServer\Logs\hmailserver_2016-02-26.log (2 hits)
Line 506: "APPLICATION" 3716 "2016-02-26 12:35:06.182" "hMailServer SpamProtection rejected RCPT (Sender: z2007tw@yahoo.com.tw, IP:118.161.246.210, Reason: Rejected by Spamhaus.)"
Line 1043: "APPLICATION" 2216 "2016-02-26 23:46:35.101" "hMailServer SpamProtection rejected RCPT (Sender: , IP:83.223.2.217, Reason: Rejected by Barracuda)"
C:\Program Files (x86)\hMailServer\Logs\hmailserver_2016-02-27.log (2 hits)
Line 34: "APPLICATION" 3600 "2016-02-27 11:06:57.767" "hMailServer SpamProtection rejected RCPT (Sender: , IP:123.28.250.84, Reason: Rejected by Barracuda)"
Line 52: "APPLICATION" 2084 "2016-02-27 17:49:00.008" "hMailServer SpamProtection rejected RCPT (Sender: , IP:46.98.107.0, Reason: Tagged as Spam by SpamAssassin)"
C:\Program Files (x86)\hMailServer\Logs\hmailserver_2016-02-29.log (3 hits)
Line 1373: "APPLICATION" 1152 "2016-02-29 18:03:37.220" "hMailServer SpamProtection rejected RCPT (Sender: woodesonAngelina56961@bezprzewodowo.com, IP:91.222.143.46, Reason: Tagged as Spam by SpamAssassin)"
Line 1381: "APPLICATION" 2196 "2016-02-29 19:06:35.991" "hMailServer SpamProtection rejected RCPT (Sender: ands21@decro.co.uk, IP:212.175.153.170, Reason: Rejected by Barracuda)"
Line 1478: "APPLICATION" 4592 "2016-02-29 23:00:39.063" "hMailServer SpamProtection rejected RCPT (Sender: wycheGrady3026@brindian.co.uk, IP:182.53.1.233, Reason: Sender domain does not have any MX records.)"

C:\Program Files (x86)\hMailServer\Logs\hmailserver_2016-03-01.log (50 hits)
Line 47: "APPLICATION" 4872 "2016-03-01 01:22:20.237" "hMailServer SpamProtection rejected RCPT (Sender: starkeyHelena84301@fast.net.id, IP:111.94.22.185, Reason: Rejected by Spamhaus.)"
Line 60: "APPLICATION" 1612 "2016-03-01 01:24:01.933" "hMailServer SpamProtection rejected RCPT (Sender: binnsSondra194@stedu.ro, IP:89.36.10.6, Reason: Tagged as Spam by SpamAssassin)"
Line 76: "APPLICATION" 1612 "2016-03-01 03:17:20.913" "hMailServer SpamProtection rejected RCPT (Sender: robinsJoseph5732@firstorientalrugs.com, IP:180.180.12.48, Reason: Tagged as Spam by SpamAssassin)"
Line 84: "APPLICATION" 3980 "2016-03-01 03:34:58.954" "hMailServer SpamProtection rejected RCPT (Sender: mallettJayson76@benhvientiengiang.com.vn, IP:113.161.224.4, Reason: Rejected by Spamhaus.)"
Line 97: "APPLICATION" 1612 "2016-03-01 04:58:52.418" "hMailServer SpamProtection rejected RCPT (Sender: hotmanJulia9037@ballengerspars.com, IP:1.39.80.16, Reason: Rejected by Spamhaus.)"
Line 105: "APPLICATION" 5104 "2016-03-01 05:09:46.737" "hMailServer SpamProtection rejected RCPT (Sender: parkynColeman73249@alshamil.net.ae, IP:83.110.210.235, Reason: Rejected by Spamhaus.)"
Line 113: "APPLICATION" 4496 "2016-03-01 05:10:20.527" "hMailServer SpamProtection rejected RCPT (Sender: corkenEffie03872@sunrisetravelqa.com, IP:1.10.223.100, Reason: Rejected by Spamhaus.)"
Line 121: "APPLICATION" 4624 "2016-03-01 05:17:19.139" "hMailServer SpamProtection rejected RCPT (Sender: hawtonGuy66764@free-travel.gr, IP:121.54.32.143, Reason: Rejected by Spamhaus.)"
Line 134: "APPLICATION" 1612 "2016-03-01 05:24:02.758" "hMailServer SpamProtection rejected RCPT (Sender: stottsRita762@mtnl.net.in, IP:120.63.50.206, Reason: Rejected by Barracuda)"
Line 156: "APPLICATION" 1504 "2016-03-01 05:50:30.966" "hMailServer SpamProtection rejected RCPT (Sender: kingstonHarry89@peaawards.com, IP:113.168.159.80, Reason: The host name specified in HELO does not match IP address.)"
Line 183: "APPLICATION" 4996 "2016-03-01 05:58:35.941" "hMailServer SpamProtection rejected RCPT (Sender: holdgateAdrian03743@estacaodesign.com.br, IP:103.249.7.28, Reason: Rejected by Spamhaus.)"
Line 235: "APPLICATION" 3884 "2016-03-01 06:30:29.009" "hMailServer SpamProtection rejected RCPT (Sender: poyntzSheena34@airtelbroadband.in, IP:122.172.31.226, Reason: Rejected by Spamhaus.)"
Line 490: "APPLICATION" 3776 "2016-03-01 10:15:20.430" "hMailServer SpamProtection rejected RCPT (Sender: waringLewis858@sushilogia.com.br, IP:45.120.98.143, Reason: Rejected by SpamCop.)"
Line 918: "APPLICATION" 4996 "2016-03-01 11:47:31.424" "hMailServer SpamProtection rejected RCPT (Sender: StewartParker8460@vdc.vn, IP:113.163.24.160, Reason: Rejected by SpamCop.)"
Line 1182: "APPLICATION" 4996 "2016-03-01 12:09:08.068" "hMailServer SpamProtection rejected RCPT (Sender: ParrishOlga23898@ttnet.com.tr, IP:78.188.66.246, Reason: Rejected by Barracuda)"
Line 1210: "APPLICATION" 3776 "2016-03-01 12:13:40.226" "hMailServer SpamProtection rejected RCPT (Sender: BlankenshipCoy1990@grupoarisan.com, IP:123.20.79.4, Reason: Rejected by hostkarma)"
Line 3680: "APPLICATION" 4496 "2016-03-01 15:14:34.704" "hMailServer SpamProtection rejected RCPT (Sender: FarrellNapoleon84308@bmrt.ie, IP:81.43.126.219, Reason: Rejected by SpamCop.)"
Line 3688: "APPLICATION" 4496 "2016-03-01 15:17:37.833" "hMailServer SpamProtection rejected RCPT (Sender: documents@decro.co.uk, IP:122.177.126.241, Reason: Blocked by SPF ())"
Line 4364: "APPLICATION" 2180 "2016-03-01 16:29:13.414" "hMailServer SpamProtection rejected RCPT (Sender: stuartMarie18@biovarg.com, IP:117.5.128.177, Reason: Rejected by SpamCop.)"
Line 4413: "APPLICATION" 3588 "2016-03-01 16:31:10.555" "hMailServer SpamProtection rejected RCPT (Sender: merryClint0615@zdh.com, IP:117.201.0.83, Reason: Rejected by Barracuda)"
Line 4476: "APPLICATION" 3588 "2016-03-01 16:43:42.274" "hMailServer SpamProtection rejected RCPT (Sender: ingramCleo642@gdevsemoi.ru, IP:117.242.31.145, Reason: Tagged as Spam by SpamAssassin)"
Line 4488: "APPLICATION" 3776 "2016-03-01 16:46:55.480" "hMailServer SpamProtection rejected RCPT (Sender: ceelyLydia718@fspsca.com, IP:200.6.163.211, Reason: Rejected by Spamhaus.)"
Line 4500: "APPLICATION" 3776 "2016-03-01 16:51:44.923" "hMailServer SpamProtection rejected RCPT (Sender: flowerMorgan55269@bradley-yacht.com, IP:197.231.200.72, Reason: Rejected by hostkarma)"
Line 4538: "APPLICATION" 5008 "2016-03-01 17:12:33.465" "hMailServer SpamProtection rejected RCPT (Sender: goforthDaryl518@ford-id.com, IP:2.179.121.172, Reason: Rejected by hostkarma)"
Line 4551: "APPLICATION" 3588 "2016-03-01 17:19:35.883" "hMailServer SpamProtection rejected RCPT (Sender: brroughtonLatoya7828@fast.net.id, IP:139.228.147.227, Reason: Rejected by Spamhaus.)"
Line 4564: "APPLICATION" 3588 "2016-03-01 17:31:37.290" "hMailServer SpamProtection rejected RCPT (Sender: letnerMaxwell71643@era-commerce.hr, IP:185.122.253.36, Reason: Tagged as Spam by SpamAssassin)"
Line 4572: "APPLICATION" 2180 "2016-03-01 17:34:10.904" "hMailServer SpamProtection rejected RCPT (Sender: crawfurdJosephine6991@tellas.gr, IP:79.107.162.165, Reason: Rejected by Barracuda)"
Line 4580: "APPLICATION" 3016 "2016-03-01 17:54:45.960" "hMailServer SpamProtection rejected RCPT (Sender: derhamChandra4692@bancooroweb.com, IP:203.217.145.244, Reason: Rejected by SpamCop.)"
Line 4614: "APPLICATION" 3588 "2016-03-01 18:03:50.338" "hMailServer SpamProtection rejected RCPT (Sender: longtonMitzi24893@total-autosolutions.com, IP:39.32.81.86, Reason: Rejected by Spamhaus.)"
Line 4636: "APPLICATION" 1504 "2016-03-01 18:55:04.655" "hMailServer SpamProtection rejected RCPT (Sender: PerkinsBethany8526@ono.com, IP:80.174.78.59, Reason: Rejected by SpamCop.)"
Line 4649: "APPLICATION" 3588 "2016-03-01 19:05:15.845" "hMailServer SpamProtection rejected RCPT (Sender: traversOllie2576@santoshrubber.in, IP:14.99.69.36, Reason: Rejected by Barracuda)"
Line 4657: "APPLICATION" 5048 "2016-03-01 19:05:26.094" "hMailServer SpamProtection rejected RCPT (Sender: taitTamra1206@ttnet.com.tr, IP:88.247.185.128, Reason: Rejected by hostkarma)"
Line 4665: "APPLICATION" 2012 "2016-03-01 19:07:09.444" "hMailServer SpamProtection rejected RCPT (Sender: meadowsMohamed32898@puzzlereklamowe.pl, IP:167.59.77.12, Reason: Rejected by SpamCop.)"
Line 4673: "APPLICATION" 3448 "2016-03-01 19:13:22.456" "hMailServer SpamProtection rejected RCPT (Sender: RiversLillian2163@tctwest.net, IP:162.248.137.69, Reason: Rejected by Spamhaus.)"
Line 4690: "APPLICATION" 4996 "2016-03-01 19:41:00.273" "hMailServer SpamProtection rejected RCPT (Sender: prueJohnnie56@hmsvisjon.no, IP:117.204.184.236, Reason: Rejected by Spamhaus.)"
Line 4698: "APPLICATION" 5104 "2016-03-01 19:42:13.578" "hMailServer SpamProtection rejected RCPT (Sender: gristSummer84725@zingrepublic.com, IP:41.60.21.29, Reason: Listed in spameatingmonkey)"
Line 4711: "APPLICATION" 3588 "2016-03-01 19:44:01.764" "hMailServer SpamProtection rejected RCPT (Sender: thurgatsLincoln4217@cableonda.net, IP:190.219.64.112, Reason: Tagged as Spam by SpamAssassin)"
Line 4733: "APPLICATION" 3588 "2016-03-01 19:53:18.186" "hMailServer SpamProtection rejected RCPT (Sender: vennAngela95759@khrebtov.ru, IP:5.236.143.79, Reason: Rejected by Barracuda)"
Line 4741: "APPLICATION" 4624 "2016-03-01 19:54:52.254" "hMailServer SpamProtection rejected RCPT (Sender: bagshawVal5653@ocbd.net, IP:103.229.84.142, Reason: Rejected by Barracuda)"
Line 4749: "APPLICATION" 2300 "2016-03-01 19:56:44.730" "hMailServer SpamProtection rejected RCPT (Sender: dalgleishDarrin28@gurupinet.com.br, IP:217.24.250.10, Reason: Rejected by Spamhaus.)"
Line 4799: "APPLICATION" 2708 "2016-03-01 20:15:15.376" "hMailServer SpamProtection rejected RCPT (Sender: WolfeLeigh23@elektro-eldi.si, IP:213.143.60.33, Reason: Rejected by SpamCop.)"
Line 4825: "APPLICATION" 5008 "2016-03-01 20:46:34.915" "hMailServer SpamProtection rejected RCPT (Sender: HansenOdessa174@phoebemontague.com, IP:101.108.126.134, Reason: Rejected by SpamCop.)"
Line 4847: "APPLICATION" 3776 "2016-03-01 20:56:33.810" "hMailServer SpamProtection rejected RCPT (Sender: prestonLeann4336@surreybasementcrackrepair.com, IP:86.34.47.149, Reason: Rejected by Barracuda)"
Line 4869: "APPLICATION" 2180 "2016-03-01 21:28:11.649" "hMailServer SpamProtection rejected RCPT (Sender: VelazquezReba391@manage-your-bills.com, IP:200.142.146.5, Reason: Rejected by Spamhaus.)"
Line 4877: "APPLICATION" 2180 "2016-03-01 21:48:25.862" "hMailServer SpamProtection rejected RCPT (Sender: WynnVictoria4346@schooloftouch.nl, IP:188.109.97.234, Reason: Rejected by Barracuda)"
Line 4885: "APPLICATION" 5008 "2016-03-01 21:55:13.164" "hMailServer SpamProtection rejected RCPT (Sender: dykeHaley63998@bees.beeserver.local, IP:115.248.254.75, Reason: Rejected by hostkarma)"
Line 4893: "APPLICATION" 2708 "2016-03-01 22:15:16.730" "hMailServer SpamProtection rejected RCPT (Sender: kLizzie62762@iusacell.net, IP:187.189.17.18, Reason: Rejected by Barracuda)"
Line 4903: "APPLICATION" 2356 "2016-03-01 23:10:06.898" "hMailServer SpamProtection rejected RCPT (Sender: MaldonadoDorothy0454@tbc.bg, IP:94.26.108.44, Reason: Rejected by hostkarma)"
Line 4911: "APPLICATION" 2708 "2016-03-01 23:22:50.363" "hMailServer SpamProtection rejected RCPT (Sender: SparksJean65526@brasiltelecom.net.br, IP:201.11.5.247, Reason: Rejected by hostkarma)"
Line 4919: "APPLICATION" 2956 "2016-03-01 23:38:18.223" "hMailServer SpamProtection rejected RCPT (Sender: BassKarina6085@TECHNODD.intern, IP:87.193.239.154, Reason: The host name specified in HELO does not match IP address.)"

C:\Program Files (x86)\hMailServer\Logs\hmailserver_2016-03-02.log (27 hits)
Line 6: "APPLICATION" 4624 "2016-03-02 00:17:41.275" "hMailServer SpamProtection rejected RCPT (Sender: HudsonCortez1617@vtr.net, IP:200.83.67.189, Reason: Rejected by Spamhaus.)"
Line 14: "APPLICATION" 1504 "2016-03-02 00:48:58.897" "hMailServer SpamProtection rejected RCPT (Sender: SloanLoretta3487@iusacell.net, IP:187.190.166.93, Reason: Rejected by Barracuda)"
Line 22: "APPLICATION" 2988 "2016-03-02 01:20:24.119" "hMailServer SpamProtection rejected RCPT (Sender: GilmoreFrances086@newbasketbrindisi.it, IP:27.77.28.149, Reason: Rejected by hostkarma)"
Line 30: "APPLICATION" 4624 "2016-03-02 02:23:56.325" "hMailServer SpamProtection rejected RCPT (Sender: SolisJoanne47@iol.cz, IP:88.100.223.113, Reason: Rejected by Barracuda)"
Line 311: "APPLICATION" 2708 "2016-03-02 10:12:53.636" "hMailServer SpamProtection rejected RCPT (Sender: salsmanBerta582@r-v-d.ru, IP:103.29.249.252, Reason: Rejected by Spamhaus.)"
Line 338: "APPLICATION" 1600 "2016-03-02 10:15:32.179" "hMailServer SpamProtection rejected RCPT (Sender: mayneAntwan08@sc-sakhalin.ru, IP:103.9.90.229, Reason: Rejected by Barracuda)"
Line 382: "APPLICATION" 1600 "2016-03-02 10:20:59.546" "hMailServer SpamProtection rejected RCPT (Sender: coffmanIsaac6304@falconsnestmaui.com, IP:117.201.82.168, Reason: Rejected by Barracuda)"
Line 462: "APPLICATION" 1600 "2016-03-02 10:46:27.601" "hMailServer SpamProtection rejected RCPT (Sender: toulsonNeva06@burkhardtheating.com, IP:113.167.73.9, Reason: Tagged as Spam by SpamAssassin)"
Line 470: "APPLICATION" 3712 "2016-03-02 10:46:54.106" "hMailServer SpamProtection rejected RCPT (Sender: weaverPenelope56416@shradhahrd.com, IP:178.135.80.222, Reason: Blocked by SPF ())"
Line 487: "APPLICATION" 4624 "2016-03-02 10:52:34.233" "hMailServer SpamProtection rejected RCPT (Sender: Herrera.Sylvia78@airtelbroadband.in, IP:122.160.20.190, Reason: Rejected by SpamCop.)"
Line 495: "APPLICATION" 1376 "2016-03-02 10:53:54.215" "hMailServer SpamProtection rejected RCPT (Sender: notmanAlexandra3039@velo.net.id, IP:222.165.195.114, Reason: Rejected by SpamCop.)"
Line 981: "APPLICATION" 1600 "2016-03-02 13:03:29.120" "hMailServer SpamProtection rejected RCPT (Sender: sommervilleShawn35@faw-kaz.kz, IP:5.115.74.124, Reason: Tagged as Spam by SpamAssassin)"
Line 998: "APPLICATION" 3712 "2016-03-02 13:19:59.332" "hMailServer SpamProtection rejected RCPT (Sender: workSaundra43488@airtelbroadband.in, IP:122.169.89.73, Reason: Rejected by Spamhaus.)"
Line 1035: "APPLICATION" 1600 "2016-03-02 13:31:20.430" "hMailServer SpamProtection rejected RCPT (Sender: Mclean.Leslie175@ttnet.com.tr, IP:78.189.116.125, Reason: Tagged as Spam by SpamAssassin)"
Line 1226: "APPLICATION" 5008 "2016-03-02 13:41:43.605" "hMailServer SpamProtection rejected RCPT (Sender: mccafferyDorsey81411@bsnl.in, IP:117.239.188.210, Reason: Rejected by Barracuda)"
Line 1354: "APPLICATION" 1600 "2016-03-02 13:50:01.199" "hMailServer SpamProtection rejected RCPT (Sender: LambJordan90235@fibertel.com.ar, IP:186.138.71.129, Reason: Tagged as Spam by SpamAssassin)"
Line 1381: "APPLICATION" 1600 "2016-03-02 14:07:02.331" "hMailServer SpamProtection rejected RCPT (Sender: tomlinBarbra10@avrbit.com, IP:113.53.127.44, Reason: Tagged as Spam by SpamAssassin)"
Line 1422: "APPLICATION" 4160 "2016-03-02 14:18:31.479" "hMailServer SpamProtection rejected RCPT (Sender: PrinceMelinda926@ono.com, IP:212.22.51.151, Reason: Rejected by Spamhaus.)"
Line 1430: "APPLICATION" 2708 "2016-03-02 14:22:03.094" "hMailServer SpamProtection rejected RCPT (Sender: whittleEsteban58647@brapatex.com.ar, IP:188.75.72.98, Reason: Rejected by SpamCop.)"
Line 1476: "APPLICATION" 1376 "2016-03-02 14:44:35.102" "hMailServer SpamProtection rejected RCPT (Sender: connMorgan681@jamessbrown.com, IP:14.162.183.103, Reason: Rejected by SpamCop.)"
Line 1512: "APPLICATION" 2708 "2016-03-02 15:00:30.028" "hMailServer SpamProtection rejected RCPT (Sender: GoldenClaudine4145@bindinghub.com, IP:84.79.35.233, Reason: Rejected by SpamCop.)"
Line 1520: "APPLICATION" 2708 "2016-03-02 15:06:27.518" "hMailServer SpamProtection rejected RCPT (Sender: Gilmore.Nannie8@airtelbroadband.in, IP:122.164.185.82, Reason: Sender domain does not have any MX records.)"
Line 1528: "APPLICATION" 2708 "2016-03-02 15:09:06.732" "hMailServer SpamProtection rejected RCPT (Sender: Walters.Gertrude7@mandexco.com.hk, IP:113.178.12.137, Reason: Rejected by Barracuda)"
Line 1541: "APPLICATION" 1600 "2016-03-02 15:14:49.792" "hMailServer SpamProtection rejected RCPT (Sender: Mendez.Sherman068@usmot.pl, IP:1.4.207.72, Reason: Tagged as Spam by SpamAssassin)"
Line 1554: "APPLICATION" 1600 "2016-03-02 15:29:12.179" "hMailServer SpamProtection rejected RCPT (Sender: lockerbieJenifer21@architectajc.com.au, IP:36.82.131.167, Reason: Tagged as Spam by SpamAssassin)"
Line 1867: "APPLICATION" 1600 "2016-03-02 16:22:31.232" "hMailServer SpamProtection rejected RCPT (Sender: hornbyCarol516@top-tech.pl, IP:116.100.24.234, Reason: Rejected by Barracuda)"
Line 1917: "APPLICATION" 1600 "2016-03-02 16:39:55.904" "hMailServer SpamProtection rejected RCPT (Sender: abney-hastingsLaurence2718@thedanker.com, IP:116.101.8.39, Reason: Tagged as Spam by SpamAssassin)"
(....and the day is still going....)
[/quote]
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
mattg
Moderator
Moderator
Posts: 20845
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Spam attacks? Do you think you are hard done to?

Post by mattg » 2016-03-10 07:08

I have Auth over port 25 disabled
This is in my hMailserver.ini >>

Code: Select all

DisableAUTHList=25

I am getting hundreds of these in my logs. The IP changes occasionally
XXX.XXX.XXX.XXX is my public IP address

Code: Select all

"DEBUG"	15572	"2016-03-10 10:27:24.379"	"TCP connection started for session 248"
"SMTPD"	15572	248	"2016-03-10 10:27:24.379"	"155.133.82.70"	"SENT: 220 mx.mydomain.com ESMTP"
"SMTPD"	21948	248	"2016-03-10 10:27:24.732"	"155.133.82.70"	"RECEIVED: EHLO XXX.XXX.XXX.XXX"
"SMTPD"	21948	248	"2016-03-10 10:27:24.748"	"155.133.82.70"	"SENT: 250-mx.mydomain.com[nl]250-SIZE[nl]250-STARTTLS[nl]250 HELP"
"SMTPD"	15572	248	"2016-03-10 10:27:25.096"	"155.133.82.70"	"RECEIVED: AUTH LOGIN"
"SMTPD"	15572	248	"2016-03-10 10:27:25.111"	"155.133.82.70"	"SENT: 504 Authentication not enabled."
"DEBUG"	24364	"2016-03-10 10:27:25.483"	"The read operation failed. Bytes transferred: 0 Remote IP: 155.133.82.70, Session: 248, Code: 2, Message: End of file"
"DEBUG"	24364	"2016-03-10 10:27:25.483"	"Ending session 248"
I think that I will Autoban these on the fly...
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
jimimaseye
Moderator
Moderator
Posts: 8587
Joined: 2011-09-08 17:48

Re: Spam attacks? Do you think you are hard done to?

Post by jimimaseye » 2016-03-10 09:59

Yeah, I have commented before on using this 'DisableAUTHList' - I dont see the point. Im not sure how much benefit this feature gives (minimal I would think).

Why not just not use it, and let autoban do the banning anyway after its first failed login attempt? (one incorrect attempt, automatic ban). No hassles then. (What if they dont bother to attempt login and just try to send the email anyway like many spambots attempt - then they would still be subject to spam checking and you wouldnt even have the choice of autobanning them).
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
SorenR
Senior user
Senior user
Posts: 3582
Joined: 2006-08-21 15:38
Location: Denmark

Re: Spam attacks? Do you think you are hard done to?

Post by SorenR » 2016-03-10 15:00

mattg wrote:I have Auth over port 25 disabled
This is in my hMailserver.ini >>

Code: Select all

DisableAUTHList=25

I am getting hundreds of these in my logs. The IP changes occasionally
XXX.XXX.XXX.XXX is my public IP address

Code: Select all

"DEBUG"	15572	"2016-03-10 10:27:24.379"	"TCP connection started for session 248"
"SMTPD"	15572	248	"2016-03-10 10:27:24.379"	"155.133.82.70"	"SENT: 220 mx.mydomain.com ESMTP"
"SMTPD"	21948	248	"2016-03-10 10:27:24.732"	"155.133.82.70"	"RECEIVED: EHLO XXX.XXX.XXX.XXX"
"SMTPD"	21948	248	"2016-03-10 10:27:24.748"	"155.133.82.70"	"SENT: 250-mx.mydomain.com[nl]250-SIZE[nl]250-STARTTLS[nl]250 HELP"
"SMTPD"	15572	248	"2016-03-10 10:27:25.096"	"155.133.82.70"	"RECEIVED: AUTH LOGIN"
"SMTPD"	15572	248	"2016-03-10 10:27:25.111"	"155.133.82.70"	"SENT: 504 Authentication not enabled."
"DEBUG"	24364	"2016-03-10 10:27:25.483"	"The read operation failed. Bytes transferred: 0 Remote IP: 155.133.82.70, Session: 248, Code: 2, Message: End of file"
"DEBUG"	24364	"2016-03-10 10:27:25.483"	"Ending session 248"
I think that I will Autoban these on the fly...
No point in banning them after the attack, they usually change between each attack. I have blocked AUTH on port 25 also.

However, yes it would be nice to autoban on 1'st attempt... I have had one attack this month so far... 740'ish logon attempts from 3 IP addresses in 2 hours... :roll:
SørenR.

“Those who don't know history are doomed to repeat it.”
― Edmund Burke

User avatar
mattg
Moderator
Moderator
Posts: 20845
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Spam attacks? Do you think you are hard done to?

Post by mattg » 2016-03-10 23:21

jimimaseye wrote:Yeah, I have commented before on using this 'DisableAUTHList' - I dont see the point. Im not sure how much benefit this feature gives (minimal I would think).
Once all mail clients are set to use 587 or 465, the ONLY ones who try port 25 are spammers
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
jimimaseye
Moderator
Moderator
Posts: 8587
Joined: 2011-09-08 17:48

Re: Spam attacks? Do you think you are hard done to?

Post by jimimaseye » 2016-05-30 11:03

Ok so to be fair to all I turned on DISABLEAUTHLIST setting as a trial to see how we get on.

As expect, it is simply not worth the negatives. Im turning it off as I dont see the benefits but I do see downsides:
Capture.PNG
Robots clearly do not know when "no means no" and will continue to keep trying (in the above case every 4 minutes) potentially endlessly. This uses up connection threads and log file space. That is 5 lines (on this 1 ip address alone) every 4 minutes. And I can tell you there are SEVEN addresses coming from this client range (155.133.82.xx) alone. Imagine how unnecessarily filled these log files are getting (360 lines of logging PER ADDRESS per day PER ADDRESS). Mattg also has said of this weekend viewtopic.php?p=186679#p186679
mattg wrote:just for giggles I checked my logs for 504 Auth not allowed rejections, some 16500 rejections so far this month, some 3000 over the space of 3.5 hours yesterday from a single IP address in Canada.
And for what? Just to avoid a SINGLE little red entry in the autoban list?

The alternative (without disableauthlist):
HELO
AUTH LOGIN
.
.
Failed, Retry...
AUTH LOGIN
.
P1SS OFF, YOUR'E BANNED!
No more logging. Problem solved.

And the other benefit? "Risk of password being guessed": if you have autoban set correctly (low attempts and long period between retries and ban period) then this doesnt matter. And of course, using proper password helps.

I remain firmly unconvinced.

I imagine it is good for those that want complete autonomy without the worry password cracking if they dont care about looking at their logs....and as long as they dont care about the content of those logs. (We dont advise disabling SMTP logging for obvious reasons).

THE SOLUTION

Now, if this DISABLEAUTHPORT rejection also adds an autoban entry at the same time?? THAT is an idea and solves ALL the problems.
AUTH LOGIN
.
504 P1ss off. Also you are trying to 'auth logon' even though I never advertised it so your banned from trying again!"
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
jimimaseye
Moderator
Moderator
Posts: 8587
Joined: 2011-09-08 17:48

Re: Spam attacks? Do you think you are hard done to?

Post by jimimaseye » 2016-05-30 11:19

5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
SorenR
Senior user
Senior user
Posts: 3582
Joined: 2006-08-21 15:38
Location: Denmark

Re: Spam attacks? Do you think you are hard done to?

Post by SorenR » 2016-05-30 12:10

So... You had a byte too much CH3CH2OH this weekend and now you are punishing your mailserver :?:

:mrgreen:
SørenR.

“Those who don't know history are doomed to repeat it.”
― Edmund Burke

User avatar
jimimaseye
Moderator
Moderator
Posts: 8587
Joined: 2011-09-08 17:48

Re: Spam attacks? Do you think you are hard done to?

Post by jimimaseye » 2016-05-30 13:34

"too much CH3CH2OH" ???!!

That's a scandalous accusation!






Its just not possible to have too much!

Never should that phrase be seen in public again. :lol:
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
SorenR
Senior user
Senior user
Posts: 3582
Joined: 2006-08-21 15:38
Location: Denmark

Re: Spam attacks? Do you think you are hard done to?

Post by SorenR » 2016-05-30 14:35

jimimaseye wrote:Its just not possible to have too much!
Image
SørenR.

“Those who don't know history are doomed to repeat it.”
― Edmund Burke

User avatar
mattg
Moderator
Moderator
Posts: 20845
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Spam attacks? Do you think you are hard done to?

Post by mattg » 2016-05-30 16:23

A bit topical today.
Lost another tourist in far north Qld to a 5m plus croc just last night
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
jimimaseye
Moderator
Moderator
Posts: 8587
Joined: 2011-09-08 17:48

Re: Spam attacks? Do you think you are hard done to?

Post by jimimaseye » 2016-05-30 16:35

Damn them crocs. How do they eat STUPID tourists.

('Natural selection', anyone?)
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
SorenR
Senior user
Senior user
Posts: 3582
Joined: 2006-08-21 15:38
Location: Denmark

Re: Spam attacks? Do you think you are hard done to?

Post by SorenR » 2016-05-30 17:28

Image

:mrgreen:

When you are done looking at all my SPAM you can delete it :idea:
SørenR.

“Those who don't know history are doomed to repeat it.”
― Edmund Burke

User avatar
jimimaseye
Moderator
Moderator
Posts: 8587
Joined: 2011-09-08 17:48

Re: Spam attacks? Do you think you are hard done to?

Post by jimimaseye » 2016-05-30 18:03

Blimey. And I took a horse back ride in to the sea in Queensland. Weren't I asking for trouble! (Pony+shark+croc= :shock: )
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
mattg
Moderator
Moderator
Posts: 20845
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Spam attacks? Do you think you are hard done to?

Post by mattg » 2016-05-30 23:53

In that graphic MVA = Motor Vehicle Accident involving one of the animals.
Really hard to blame a cow or a kangaroo or a horse for Motor Vehicle Accident - they rarely drive. That's like saying that someone who drowns at the beach can blame the sharks.

We have some 2000 annual deaths due do MVA in Australia. I Guess the 1900 odd that aren't in that graphic are the fault of a human somewhere.
And then there is other human caused death (violence, workplace accidents, medical negligence, etc...)
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
SorenR
Senior user
Senior user
Posts: 3582
Joined: 2006-08-21 15:38
Location: Denmark

Re: Spam attacks? Do you think you are hard done to?

Post by SorenR » 2016-05-31 13:10

Jim... U up for a joke or still hung over ??

Q: What is a programmer's favorite hangout place?

A: Foo Bar

:mrgreen:
SørenR.

“Those who don't know history are doomed to repeat it.”
― Edmund Burke

User avatar
mattg
Moderator
Moderator
Posts: 20845
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Spam attacks? Do you think you are hard done to?

Post by mattg » 2016-05-31 14:39

I always get confused between 'Foo Bar' and FUBAR

FUBAR is an Acronym that I heard in the army many years ago- F##ked Up Beyond All Recognition - It means broken in really bad way, so bad that it probably can't fixed. Like your foot if run over by a truck.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
SorenR
Senior user
Senior user
Posts: 3582
Joined: 2006-08-21 15:38
Location: Denmark

Re: Spam attacks? Do you think you are hard done to?

Post by SorenR » 2016-05-31 15:02

mattg wrote:I always get confused between 'Foo Bar' and FUBAR

FUBAR is an Acronym that I heard in the army many years ago- F##ked Up Beyond All Recognition - It means broken in really bad way, so bad that it probably can't fixed. Like your foot if run over by a truck.
https://www.quora.com/Why-do-foo-and-ba ... -tutorials

https://tools.ietf.org/html/rfc1639

https://tools.ietf.org/html/rfc3092
SørenR.

“Those who don't know history are doomed to repeat it.”
― Edmund Burke

User avatar
SorenR
Senior user
Senior user
Posts: 3582
Joined: 2006-08-21 15:38
Location: Denmark

Re: Spam attacks? Do you think you are hard done to?

Post by SorenR » 2016-05-31 17:55

Back on topic....

DNSBL "sbl.spamhaus.org" return 127.0.0.3 => score 100 or more... "Just say NO" :mrgreen:

http://www.wisegeek.com/what-is-snowshoe-spamming.htm
SørenR.

“Those who don't know history are doomed to repeat it.”
― Edmund Burke

User avatar
jimimaseye
Moderator
Moderator
Posts: 8587
Joined: 2011-09-08 17:48

Re: Spam attacks? Do you think you are hard done to?

Post by jimimaseye » 2016-06-01 09:06

mattg wrote:A bit topical today.
Lost another tourist in far north Qld to a 5m plus croc just last night
The sharks want a bite of the action too (....and the people!) http://www.bbc.co.uk/news/world-australia-36423080
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
jim.bus
Senior user
Senior user
Posts: 357
Joined: 2011-05-28 11:49
Location: US

Re: Spam attacks? Do you think you are hard done to?

Post by jim.bus » 2016-11-13 14:40

SorenR,

Are you also up for a joke?

How many programmers does it take to screw in a light bulb?

Answer: None! That's a hardware problem.

User avatar
SorenR
Senior user
Senior user
Posts: 3582
Joined: 2006-08-21 15:38
Location: Denmark

Re: Spam attacks? Do you think you are hard done to?

Post by SorenR » 2016-11-13 16:00

jim.bus wrote:SorenR,

Are you also up for a joke?
Always :mrgreen:

there are 10 types of people in this world, those who understand binary and those who dont :mrgreen:

Q: How many Prolog programmers does it take to change a lightbulb?
A: False.


Explanation to the Prolog joke... -> http://www.j-paine.org/dobbs/prolog_lightbulb.html
SørenR.

“Those who don't know history are doomed to repeat it.”
― Edmund Burke

User avatar
jim.bus
Senior user
Senior user
Posts: 357
Joined: 2011-05-28 11:49
Location: US

Re: Spam attacks? Do you think you are hard done to?

Post by jim.bus » 2016-11-14 15:40

SorenR,

I particularly like the 'there are 10 types of people in this world, those who understand binary and those who dont'.

Most people wouldn't get this statement on first reading as they would interpret '10' as 'Ten' which wouldn't make much sense for the rest of the sentence.

But those who do understand Binary when looking back at the full sentence will realize '10' is Binary 2 which then makes the sentence understandable. If you understand Binary this is one type of person and if you don't understand Binary then this is the second type of person. However the sentence in itself is a false statement as there are more than Two Types of people in this world unless you are close minded and don't believe any other type of person could exist. And even if the '10' was more properly written as 10 Base 2 those who don't understand Binary will still probably not understand the sentence.

A bit of computer related Trivia:

Tell me what do these acronyms stand for:
1. ASCII.
2. EBCDIC.
3. Cobol.
4. Fortran.
5. Bit.
6. Byte.
7. URL (you most likely know this one).

Why is Hexadecimal called Hexadecimal?

What is ARPANet.

What does WWW mean in an URL?

Is the WWW the Internet?

User avatar
mattg
Moderator
Moderator
Posts: 20845
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Spam attacks? Do you think you are hard done to?

Post by mattg » 2016-11-15 02:19

jim.bus wrote:If you understand Binary this is one type of person and if you don't understand Binary then this is the second type of person. However the sentence in itself is a false statement as there are more than Two Types of people in this world unless you are close minded and don't believe any other type of person could exist.
Type 1 is those who understand Binary
Type 2 is those who DON'T understand binary.

How can there be a third option.
Is that those who can understand binary, but pretend not to understand, so they don't appear too nerdy? (subgroup of type 1), or
Those who don't understand binary, and pretend to understand it for reasons known only to themselves (subgroup of type 2)

I'm not sure that anyone's understanding of Binary is fluid, like perhaps gender can be. Although the kids that are 'gender fluid' say that their gender is 'non-binary'.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
jim.bus
Senior user
Senior user
Posts: 357
Joined: 2011-05-28 11:49
Location: US

Re: Spam attacks? Do you think you are hard done to?

Post by jim.bus » 2016-11-15 11:49

MattG,

Type 3 people understand Base 7.
Type 4 people understand Base 9.
etc.

User avatar
SorenR
Senior user
Senior user
Posts: 3582
Joined: 2006-08-21 15:38
Location: Denmark

Re: Spam attacks? Do you think you are hard done to?

Post by SorenR » 2016-11-15 17:01

jim.bus wrote:SorenR,

I particularly like the 'there are 10 types of people in this world, those who understand binary and those who dont'.

Most people wouldn't get this statement on first reading as they would interpret '10' as 'Ten' which wouldn't make much sense for the rest of the sentence.

But those who do understand Binary when looking back at the full sentence will realize '10' is Binary 2 which then makes the sentence understandable. If you understand Binary this is one type of person and if you don't understand Binary then this is the second type of person. However the sentence in itself is a false statement as there are more than Two Types of people in this world unless you are close minded and don't believe any other type of person could exist. And even if the '10' was more properly written as 10 Base 2 those who don't understand Binary will still probably not understand the sentence.

A bit of computer related Trivia:

Tell me what do these acronyms stand for:
1. ASCII.
2. EBCDIC.
3. Cobol.
4. Fortran.
5. Bit.
6. Byte.
7. URL (you most likely know this one).

Why is Hexadecimal called Hexadecimal?

What is ARPANet.

What does WWW mean in an URL?

Is the WWW the Internet?
Well, I could Google all of them :mrgreen:

The first thing I learned while studying for my BSc.EE back in the 80's was not to remember everything but know where to find it... That was WAY before Google... We got a connection to EARN via a 9600 bps modem link to the Danish hub down to Germany and the transatlantic connection to BITNET and NETNORTH... Then we could go hunting in the ListServ archives for references on a total of 1.400 computers world-wide.

I was at one time accused by Henry Nussbacher for being a hacker as I had lifted some GDDM applications from Weizman Institute of Science in Israel during a PVM session ... it was a Pac-Man game written for IBM VM/CMS mainframes to be run on IBM 3179G terminals. Back in 1984 IT security was a padlock on the door to the computer room :mrgreen:

Anyway the game sucked, our IBM 4331 was way to small and slow to play the game even though I allocated all resources to myself and kicked all the other users off the system :oops: Yeah, I had operator status = I AM GOD! 8)
SørenR.

“Those who don't know history are doomed to repeat it.”
― Edmund Burke

User avatar
jimimaseye
Moderator
Moderator
Posts: 8587
Joined: 2011-09-08 17:48

Re: Spam attacks? Do you think you are hard done to?

Post by jimimaseye » 2016-11-15 19:49

jim.bus wrote:MattG,

Type 3 people understand Base 7.
Type 4 people understand Base 9.
etc.
But do they understand binary or not? Just because you understand another base, it doesnt exclude them from understanding (or not understanding) binary. (A bit like saying just because they speak english, they cant speak French. Of course they could if they choose to learn it. Multilingual but still french speaking. But those that understand binary irrespective of whether they understand base 7 or 9 or anything else, is still type 1 and everyone else is type 2. Just as anyone speaking french is a french speaker irrespective of whether they know other languages as well or not.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
SorenR
Senior user
Senior user
Posts: 3582
Joined: 2006-08-21 15:38
Location: Denmark

Re: Spam attacks? Do you think you are hard done to?

Post by SorenR » 2016-11-15 20:05

Q: Why do computer programmers confuse Halloween with Christmas?
A: Because Oct 31 = Dec 25.

:mrgreen:

As always. If you need to explain a joke... Oh well, here goes https://armchairdissident.wordpress.com ... fine-joke/
SørenR.

“Those who don't know history are doomed to repeat it.”
― Edmund Burke

User avatar
SorenR
Senior user
Senior user
Posts: 3582
Joined: 2006-08-21 15:38
Location: Denmark

Re: Spam attacks? Do you think you are hard done to?

Post by SorenR » 2016-11-15 20:09

A programmer is sent to the supermarket with instructions to "buy butter and if they have eggs then buy a dozen."
Returning with 12 butters, the programmer says, "they had eggs".
SørenR.

“Those who don't know history are doomed to repeat it.”
― Edmund Burke

User avatar
SorenR
Senior user
Senior user
Posts: 3582
Joined: 2006-08-21 15:38
Location: Denmark

Re: Spam attacks? Do you think you are hard done to?

Post by SorenR » 2016-11-15 20:20

Oh... And... Try to guess who is who from this forum (if any) in this sketch :mrgreen:

https://www.youtube.com/watch?v=BKorP55Aqvg
SørenR.

“Those who don't know history are doomed to repeat it.”
― Edmund Burke

User avatar
SorenR
Senior user
Senior user
Posts: 3582
Joined: 2006-08-21 15:38
Location: Denmark

Re: Spam attacks? Do you think you are hard done to?

Post by SorenR » 2016-11-15 20:35

SørenR.

“Those who don't know history are doomed to repeat it.”
― Edmund Burke

User avatar
jim.bus
Senior user
Senior user
Posts: 357
Joined: 2011-05-28 11:49
Location: US

Re: Spam attacks? Do you think you are hard done to?

Post by jim.bus » 2016-11-16 09:21

MattG,

The point was the original statement 'There are 10 types of people (meaning 10 Base 2)' appears to be literally a statement meaning there are only two types of people when there can be many types of people in excess of only two types. True while there could be an infinite number of different types of people, within this infinite set of types of people each type would possess a subset of two types of people, those who understood binary and those who did not. The statement as it stood appears to refer to their only being two types of people which cannot be proved given the reality of all the different types of people you can define.

This reminds me vaguely of a Final Exam in a college philosophy class I took in college where I wrote about whether or not an object can possess more than one color. One would think an object was say red, orange, yellow, green, blue, indigo, or violet or in other words one of the colors of the spectrum.
1. One way to look at the color of an object would be to say the color of the object is the color of light which is reflected from the object. Let's say Blue in this case. Therefore this object posses the color Blue or the object in other words is Blue.
2. One way to look at the color of an object would be to say the color of the object is the color(s) which are not reflected from the object. Let's say all the colors of the spectrum but Blue in this case. In this case the object posses more than one color.
3. One way to look at the color of an object would be to look at how a person perceives the color of the object. A color blind person would see the object as a color different from the color of the object perceived by a person who is not color blind.

This bit of reasoning could be construed to show how an object can possess more than one color depending on your definition of what possessing means and what we have been discussing all along is a philosophical answer. Can't remember the grad I got on the paper but this BS got me at least a grade of C or better and of course I passed the course. To show you how BS this class was the only thing we had to do to pass the course was write this one five page Final paper and I wrote about 3.5 pages of actual paper (so to speak) and 1.5 pages of BS conclusions. And to top it off the students (meaning me in this case) got to decide on what they wanted the subject of the paper to be and there was no limit on what the subject could be.

SorenR,

After cluing in on to the reference to computing on the Oct 31 = Dec 25, I immediately understood the joke.

You got me on the You Tube Video clips.

EBCDIC = Extended Binary Coded Decimal Interchange Code (used primarily in IBM Mainframe OS) and I forgot to ask if you knew what IBM stood for which is International Business Machine.
ASCII = American Standard Code for Information Interchange
COBOL = Common Business Oriented Language
Fortran = Formula Translation
Bit = Binary Integer
Byte = Stands for nothing (not made up from other words as above). Used to avoid confusion with other terms.
URL = Uniform Resource Locator (otherwise known as the address line information on a web browser).

Hexadecimal (meaning base 16) is made up from Hexa (6) and decimal (10) where 10 + 6 = 16 or in other words Base 16.
The Arpanet was the starting of the Internet (or very near the starting) and essentially became (evolved into) the Internet. Arpanet was significant because a US Presidential candidate tried to lay claim to starting the Internet which he did not as the Arpanet was in existence long before he was in the picture.
WWW = World Wide Web (significance of this is because AT&T in one of its commercials claimed the World Wide Web was the Internet. I wrote them and informed them of their lack of knowledge and advised them the World
Wide Web was a set of Hyper Text Documents accessed via the Internet. Hence the World Wide Web was not the Internet. A couple of days later without giving me credit they pulled their commercials stating the World
Wide Web was the Internet.

User avatar
jim.bus
Senior user
Senior user
Posts: 357
Joined: 2011-05-28 11:49
Location: US

Re: Spam attacks? Do you think you are hard done to?

Post by jim.bus » 2016-11-16 10:11

MattG & SorenR,

Forgot one reference in regards to the philosophical aspect of the Two Types of people understanding or not understanding Binary. It's one of my favorite jokes.

In a job interview for a person applying for an accountant's position, the applicant is asked to answer the question 'What does 2 + 2 equal' to see if he is qualified for the position.
The applicant's answer is 'What do you want it to be'.

User avatar
jimimaseye
Moderator
Moderator
Posts: 8587
Joined: 2011-09-08 17:48

Re: Spam attacks? Do you think you are hard done to?

Post by jimimaseye » 2016-11-16 11:00

So what was it he wanted it to be? What did they agree?
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
jim.bus
Senior user
Senior user
Posts: 357
Joined: 2011-05-28 11:49
Location: US

Re: Spam attacks? Do you think you are hard done to?

Post by jim.bus » 2016-11-18 06:15

jimimaseye,

The point of the joke was it did not matter what the interviewer wanted it to be. The applicant/prospective accountant would make it whatever the employer wanted it to be. In the accounting world it might be called 'creative accounting' meaning it was the accountant's job to make the books come out to whatever the employer needed the books to reflect in order to be the most beneficial to the employer. By answering 'What do you want it to be' the applicant was demonstrating his cooperativeness and ability to make the books look like whatever the situation might need the books to be that would be most favorable to the employer (this could mean that the 'doctored' books might not be an accurate reflection of the state of the business either). By answering 'What do you want it to be?', the applicant/accountant showed he would look at what the employer needed the end result to be not just what the numbers actually were and come up with a way to make the books look like what the desired end result needed to be from the eimployer's/business' perspective.

User avatar
jimimaseye
Moderator
Moderator
Posts: 8587
Joined: 2011-09-08 17:48

Re: Spam attacks? Do you think you are hard done to?

Post by jimimaseye » 2016-11-18 12:09

Yes, I understand the joke and the point of it. I just thought I would ask as spoiling a joke and challenging its statements to be factual and explaining with followups is what you wanted.
SorenR wrote:there are 10 types of people in this world, those who understand binary and those who dont
jim.bus wrote:If you understand Binary this is one type of person and if you don't understand Binary then this is the second type of person. However the sentence in itself is a false statement as there are more than Two Types of people in this world unless you are close minded and don't believe any other type of person could exist.
Two nuns in a bath. One says, "Where's the soap?". The other replies, "Yes it does, doesnt it."

Two nuns went out on a bike ride and one says to the other "I've never come this way before!" And the other replies "yes! It's the cobblestones!"

(and Im not explaining either of them!)

Enjoy.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
SorenR
Senior user
Senior user
Posts: 3582
Joined: 2006-08-21 15:38
Location: Denmark

Re: Spam attacks? Do you think you are hard done to?

Post by SorenR » 2016-11-18 15:39

jimimaseye wrote:Two nuns in a bath. One says, "Where's the soap?". The other replies, "Yes it does, doesnt it."

Two nuns went out on a bike ride and one says to the other "I've never come this way before!" And the other replies "yes! It's the cobblestones!"
Oh, that's mean... It does require an advanced knowledge of english... Naughty though... :mrgreen:
SørenR.

“Those who don't know history are doomed to repeat it.”
― Edmund Burke

User avatar
jim.bus
Senior user
Senior user
Posts: 357
Joined: 2011-05-28 11:49
Location: US

Re: Spam attacks? Do you think you are hard done to?

Post by jim.bus » 2016-11-28 00:06

jimimaseye & SoreR,

As regards the nun jokes.

Requires and advanced knowledge of spelling mistakes and homonyms along with a dirty mind.

User avatar
jimimaseye
Moderator
Moderator
Posts: 8587
Joined: 2011-09-08 17:48

Re: Spam attacks? Do you think you are hard done to?

Post by jimimaseye » 2017-03-14 11:42

viewtopic.php?p=194225#p194225
SorenR wrote: Another probe/bot countermeasure is a 20 second pause on port 25... in Sub OnClientConnect(oClient)
Looks like a new bot got activated last night:
[code]"SMTPD" 4700 952 "2017-03-14 00:41:17.151" "184.68.15.58" "SENT: 220 Northcote SMTP"
"SMTPD" 4700 952 "2017-03-14 00:41:17.151" "184.68.15.58" "RECEIVED: QUIT"
"SMTPD" 4700 952 "2017-03-14 00:41:17.151" "184.68.15.58" "SENT: 221 goodbye"
"SMTPD" 4700 1015 "2017-03-14 00:58:57.173" "210.239.210.80" "SENT: 220 Northcote SMTP"
"SMTPD" 4700 1015 "2017-03-14 00:58:57.173" "210.239.210.80" "RECEIVED: QUIT"
"SMTPD" 4700 1015 "2017-03-14 00:58:57.173" "210.239.210.80" "SENT: 221 goodbye"
"SMTPD" 4792 1066 "2017-03-14 01:16:33.150" "201.190.192.24" "SENT: 220 Northcote SMTP"
"SMTPD" 4792 1066 "2017-03-14 01:16:33.150" "201.190.192.24" "RECEIVED: QUIT"
"SMTPD" 4792 1066 "2017-03-14 01:16:33.150" "201.190.192.24" "SENT: 221 goodbye"
"SMTPD" 4792 1098 "2017-03-14 01:26:38.119" "201.190.192.24" "SENT: 220 Northcote SMTP"
"SMTPD" 4792 1098 "2017-03-14 01:26:38.119" "201.190.192.24" "RECEIVED: QUIT"
"SMTPD" 4792 1098 "2017-03-14 01:26:38.119" "201.190.192.24" "SENT: 221 goodbye"
"SMTPD" 4792 1129 "2017-03-14 01:33:35.123" "197.245.94.133" "SENT: 220 Northcote SMTP"
"SMTPD" 4792 1134 "2017-03-14 01:40:23.157" "201.190.192.24" "SENT: 220 Northcote SMTP"
"SMTPD" 4792 1134 "2017-03-14 01:40:23.157" "201.190.192.24" "RECEIVED: QUIT"
"SMTPD" 4792 1134 "2017-03-14 01:40:23.157" "201.190.192.24" "SENT: 221 goodbye"
"SMTPD" 4792 1158 "2017-03-14 01:43:46.114" "68.191.218.91" "SENT: 220 Northcote SMTP"
"SMTPD" 1840 1158 "2017-03-14 01:43:46.114" "68.191.218.91" "RECEIVED: QUIT"
"SMTPD" 1840 1158 "2017-03-14 01:43:46.114" "68.191.218.91" "SENT: 221 goodbye"
"SMTPD" 4792 1172 "2017-03-14 01:47:07.151" "210.239.210.80" "SENT: 220 Northcote SMTP"
"SMTPD" 4792 1172 "2017-03-14 01:47:07.151" "210.239.210.80" "RECEIVED: QUIT"
"SMTPD" 4792 1172 "2017-03-14 01:47:07.151" "210.239.210.80" "SENT: 221 goodbye"
"SMTPD" 4792 1211 "2017-03-14 01:57:00.186" "74.92.105.233" "SENT: 220 Northcote SMTP"
"SMTPD" 3540 1211 "2017-03-14 01:57:00.186" "74.92.105.233" "RECEIVED: QUIT"
"SMTPD" 3540 1211 "2017-03-14 01:57:00.186" "74.92.105.233" "SENT: 221 goodbye"
"SMTPD" 4792 1257 "2017-03-14 02:13:59.201" "2.137.100.108" "SENT: 220 Northcote SMTP"
"SMTPD" 4568 1257 "2017-03-14 02:13:59.201" "2.137.100.108" "RECEIVED: QUIT"
"SMTPD" 4568 1257 "2017-03-14 02:13:59.201" "2.137.100.108" "SENT: 221 goodbye"
"SMTPD" 4792 1278 "2017-03-14 02:20:43.210" "2.137.100.108" "SENT: 220 Northcote SMTP"
"SMTPD" 4568 1278 "2017-03-14 02:20:43.210" "2.137.100.108" "RECEIVED: QUIT"
"SMTPD" 4568 1278 "2017-03-14 02:20:43.210" "2.137.100.108" "SENT: 221 goodbye"
"SMTPD" 4792 1299 "2017-03-14 02:24:10.129" "97.101.54.96" "SENT: 220 Northcote SMTP"
"SMTPD" 4792 1299 "2017-03-14 02:24:10.129" "97.101.54.96" "RECEIVED: QUIT"
"SMTPD" 4792 1299 "2017-03-14 02:24:10.129" "97.101.54.96" "SENT: 221 goodbye"
"SMTPD" 4792 1304 "2017-03-14 02:27:39.138" "201.190.192.24" "SENT: 220 Northcote SMTP"
"SMTPD" 4792 1304 "2017-03-14 02:27:39.138" "201.190.192.24" "RECEIVED: QUIT"
"SMTPD" 4792 1304 "2017-03-14 02:27:39.138" "201.190.192.24" "SENT: 221 goodbye"
"SMTPD" 4792 1345 "2017-03-14 02:41:28.155" "184.68.15.58" "SENT: 220 Northcote SMTP"
"SMTPD" 4792 1402 "2017-03-14 02:58:24.170" "201.190.192.24" "SENT: 220 Northcote SMTP"
"SMTPD" 3916 1402 "2017-03-14 02:58:24.170" "201.190.192.24" "RECEIVED: QUIT"
"SMTPD" 3916 1402 "2017-03-14 02:58:24.170" "201.190.192.24" "SENT: 221 goodbye"
"SMTPD" 4792 1422 "2017-03-14 03:01:45.147" "96.57.19.234" "SENT: 220 Northcote SMTP"
"SMTPD" 4792 1422 "2017-03-14 03:01:45.147" "96.57.19.234" "RECEIVED: QUIT"
"SMTPD" 4792 1422 "2017-03-14 03:01:45.148" "96.57.19.234" "SENT: 221 goodbye"
"SMTPD" 4792 1472 "2017-03-14 03:19:36.200" "178.59.97.44" "SENT: 220 Northcote SMTP"
"SMTPD" 3352 1472 "2017-03-14 03:19:36.200" "178.59.97.44" "RECEIVED: QUIT"
"SMTPD" 3352 1472 "2017-03-14 03:19:36.200" "178.59.97.44" "SENT: 221 goodbye"
"SMTPD" 4792 1510 "2017-03-14 03:28:28.130" "59.60.28.232" "SENT: 220 Northcote SMTP"
"SMTPD" 4792 1515 "2017-03-14 03:30:54.146" "201.190.192.24" "SENT: 220 Northcote SMTP"
"SMTPD" 3752 1515 "2017-03-14 03:30:54.146" "201.190.192.24" "RECEIVED: QUIT"
"SMTPD" 3752 1515 "2017-03-14 03:30:54.146" "201.190.192.24" "SENT: 221 goodbye"
"SMTPD" 4792 1559 "2017-03-14 03:45:19.199" "183.136.237.112" "SENT: 220 Northcote SMTP"
"SMTPD" 3752 1559 "2017-03-14 03:45:19.199" "183.136.237.112" "RECEIVED: QUIT"
"SMTPD" 3752 1559 "2017-03-14 03:45:19.199" "183.136.237.112" "SENT: 221 goodbye"
"SMTPD" 4792 1569 "2017-03-14 03:48:48.131" "210.239.210.80" "SENT: 220 Northcote SMTP"
"SMTPD" 4792 1569 "2017-03-14 03:48:48.131" "210.239.210.80" "RECEIVED: QUIT"
"SMTPD" 4792 1569 "2017-03-14 03:48:48.131" "210.239.210.80" "SENT: 221 goodbye"
"SMTPD" 4792 1595 "2017-03-14 03:55:58.208" "210.239.210.80" "SENT: 220 Northcote SMTP"
"SMTPD" 3376 1595 "2017-03-14 03:55:58.208" "210.239.210.80" "RECEIVED: QUIT"
"SMTPD" 3376 1595 "2017-03-14 03:55:58.208" "210.239.210.80" "SENT: 221 goodbye"
"SMTPD" 4792 1648 "2017-03-14 04:14:01.192" "210.239.210.80" "SENT: 220 Northcote SMTP"
"SMTPD" 4792 1648 "2017-03-14 04:14:01.192" "210.239.210.80" "RECEIVED: QUIT"
"SMTPD" 4792 1648 "2017-03-14 04:14:01.192" "210.239.210.80" "SENT: 221 goodbye"
"SMTPD" 4792 1667 "2017-03-14 04:17:44.147" "178.59.97.44" "SENT: 220 Northcote SMTP"
"SMTPD" 4792 1667 "2017-03-14 04:17:44.147" "178.59.97.44" "RECEIVED: QUIT"
"SMTPD" 4792 1667 "2017-03-14 04:17:44.147" "178.59.97.44" "SENT: 221 goodbye"
"SMTPD" 4792 1726 "2017-03-14 04:39:35.128" "97.101.54.96" "SENT: 220 Northcote SMTP"
"SMTPD" 4792 1726 "2017-03-14 04:39:35.128" "97.101.54.96" "RECEIVED: QUIT"
"SMTPD" 4792 1726 "2017-03-14 04:39:35.128" "97.101.54.96" "SENT: 221 goodbye"
"SMTPD" 4792 1786 "2017-03-14 04:54:23.206" "2.137.100.108" "SENT: 220 Northcote SMTP"
"SMTPD" 3916 1786 "2017-03-14 04:54:23.206" "2.137.100.108" "RECEIVED: QUIT"
"SMTPD" 3916 1786 "2017-03-14 04:54:23.206" "2.137.100.108" "SENT: 221 goodbye"
"SMTPD" 4792 1800 "2017-03-14 05:01:48.110" "178.59.97.44" "SENT: 220 Northcote SMTP"
"SMTPD" 4792 1800 "2017-03-14 05:01:48.110" "178.59.97.44" "RECEIVED: QUIT"
"SMTPD" 4792 1800 "2017-03-14 05:01:48.110" "178.59.97.44" "SENT: 221 goodbye"
"SMTPD" 4792 1811 "2017-03-14 05:05:40.176" "183.136.237.112" "SENT: 220 Northcote SMTP"
"SMTPD" 3528 1811 "2017-03-14 05:05:40.176" "183.136.237.112" "RECEIVED: QUIT"
"SMTPD" 3528 1811 "2017-03-14 05:05:40.176" "183.136.237.112" "SENT: 221 goodbye"
"SMTPD" 4792 1849 "2017-03-14 05:16:55.158" "210.239.210.80" "SENT: 220 Northcote SMTP"
"SMTPD" 4032 1849 "2017-03-14 05:16:55.158" "210.239.210.80" "RECEIVED: QUIT"
"SMTPD" 4032 1849 "2017-03-14 05:16:55.158" "210.239.210.80" "SENT: 221 goodbye"
"SMTPD" 4792 1867 "2017-03-14 05:20:47.208" "183.136.237.112" "SENT: 220 Northcote SMTP"
"SMTPD" 4400 1867 "2017-03-14 05:20:47.208" "183.136.237.112" "RECEIVED: QUIT"
"SMTPD" 4400 1867 "2017-03-14 05:20:47.208" "183.136.237.112" "SENT: 221 goodbye"
"SMTPD" 4792 1897 "2017-03-14 05:31:06.171" "94.183.4.136" "SENT: 220 Northcote SMTP"
"SMTPD" 4792 1897 "2017-03-14 05:31:06.171" "94.183.4.136" "RECEIVED: QUIT"
"SMTPD" 4792 1897 "2017-03-14 05:31:06.171" "94.183.4.136" "SENT: 221 goodbye"
"SMTPD" 4792 1929 "2017-03-14 05:41:11.140" "96.57.19.234" "SENT: 220 Northcote SMTP"
"SMTPD" 1992 1929 "2017-03-14 05:41:11.140" "96.57.19.234" "RECEIVED: QUIT"
"SMTPD" 1992 1929 "2017-03-14 05:41:11.140" "96.57.19.234" "SENT: 221 goodbye"
"SMTPD" 4792 1989 "2017-03-14 05:58:17.123" "210.239.210.80" "SENT: 220 Northcote SMTP"
"SMTPD" 3996 1989 "2017-03-14 05:58:17.123" "210.239.210.80" "RECEIVED: QUIT"
"SMTPD" 3996 1989 "2017-03-14 05:58:17.123" "210.239.210.80" "SENT: 221 goodbye"
"SMTPD" 4792 1992 "2017-03-14 06:03:57.184" "59.60.28.232" "SENT: 220 Northcote SMTP"
"SMTPD" 4792 2019 "2017-03-14 06:08:42.212" "201.190.192.24" "SENT: 220 Northcote SMTP"
"SMTPD" 4792 2019 "2017-03-14 06:08:42.212" "201.190.192.24" "RECEIVED: QUIT"
"SMTPD" 4792 2019 "2017-03-14 06:08:42.212" "201.190.192.24" "SENT: 221 goodbye"
"SMTPD" 4792 2073 "2017-03-14 06:22:29.139" "197.14.14.150" "SENT: 220 Northcote SMTP"
"SMTPD" 4032 2073 "2017-03-14 06:22:29.139" "197.14.14.150" "RECEIVED: QUIT"
"SMTPD" 4032 2073 "2017-03-14 06:22:29.139" "197.14.14.150" "SENT: 221 goodbye"
"SMTPD" 4792 2074 "2017-03-14 06:25:52.189" "78.131.87.207" "SENT: 220 Northcote SMTP"
"SMTPD" 4792 2074 "2017-03-14 06:25:52.189" "78.131.87.207" "RECEIVED: QUIT"
"SMTPD" 4792 2074 "2017-03-14 06:25:52.189" "78.131.87.207" "SENT: 221 goodbye"
"SMTPD" 4792 2166 "2017-03-14 06:49:59.170" "97.101.54.96" "SENT: 220 Northcote SMTP"
"SMTPD" 2564 2166 "2017-03-14 06:49:59.170" "97.101.54.96" "RECEIVED: QUIT"
"SMTPD" 2564 2166 "2017-03-14 06:49:59.170" "97.101.54.96" "SENT: 221 goodbye"
"SMTPD" 4792 2174 "2017-03-14 06:53:25.121" "97.101.54.96" "SENT: 220 Northcote SMTP"
"SMTPD" 2944 2174 "2017-03-14 06:53:25.121" "97.101.54.96" "RECEIVED: QUIT"
"SMTPD" 2944 2174 "2017-03-14 06:53:25.121" "97.101.54.96" "SENT: 221 goodbye"
"SMTPD" 4792 2188 "2017-03-14 06:57:12.148" "183.136.237.112" "SENT: 220 Northcote SMTP"
"SMTPD" 2564 2188 "2017-03-14 06:57:12.148" "183.136.237.112" "RECEIVED: QUIT"
"SMTPD" 2564 2188 "2017-03-14 06:57:12.148" "183.136.237.112" "SENT: 221 goodbye"
"SMTPD" 4792 2208 "2017-03-14 07:00:21.179" "178.59.97.44" "SENT: 220 Northcote SMTP"
"SMTPD" 4792 2208 "2017-03-14 07:00:21.180" "178.59.97.44" "RECEIVED: QUIT"
"SMTPD" 4792 2208 "2017-03-14 07:00:21.180" "178.59.97.44" "SENT: 221 goodbye"
"SMTPD" 4792 2227 "2017-03-14 07:07:57.151" "183.136.237.112" "SENT: 220 Northcote SMTP"
"SMTPD" 3352 2227 "2017-03-14 07:07:57.151" "183.136.237.112" "RECEIVED: QUIT"
"SMTPD" 3352 2227 "2017-03-14 07:07:57.151" "183.136.237.112" "SENT: 221 goodbye"
"SMTPD" 4792 2314 "2017-03-14 07:31:33.120" "210.239.210.80" "SENT: 220 Northcote SMTP"
"SMTPD" 4792 2314 "2017-03-14 07:31:33.120" "210.239.210.80" "RECEIVED: QUIT"
"SMTPD" 4792 2314 "2017-03-14 07:31:33.120" "210.239.210.80" "SENT: 221 goodbye"
"SMTPD" 4792 2328 "2017-03-14 07:38:32.215" "197.14.14.150" "SENT: 220 Northcote SMTP"
"SMTPD" 1992 2328 "2017-03-14 07:38:32.215" "197.14.14.150" "RECEIVED: QUIT"
"SMTPD" 1992 2328 "2017-03-14 07:38:32.215" "197.14.14.150" "SENT: 221 goodbye"
"SMTPD" 4792 2346 "2017-03-14 07:42:15.170" "184.68.15.58" "SENT: 220 Northcote SMTP"
"SMTPD" 4792 2346 "2017-03-14 07:42:15.170" "184.68.15.58" "RECEIVED: HELO *.*"
"SMTPD" 4792 2346 "2017-03-14 07:42:15.170" "184.68.15.58" "SENT: 250 Hello."
"SMTPD" 3376 2346 "2017-03-14 07:42:15.170" "184.68.15.58" "RECEIVED: QUIT"
"SMTPD" 3376 2346 "2017-03-14 07:42:15.170" "184.68.15.58" "SENT: 221 goodbye"
"SMTPD" 4792 2371 "2017-03-14 07:49:05.170" "94.183.4.136" "SENT: 220 Northcote SMTP"
"SMTPD" 3540 2371 "2017-03-14 07:49:05.170" "94.183.4.136" "RECEIVED: QUIT"
"SMTPD" 3540 2371 "2017-03-14 07:49:05.170" "94.183.4.136" "SENT: 221 goodbye"
"SMTPD" 4792 2378 "2017-03-14 07:52:33.181" "183.136.237.112" "SENT: 220 Northcote SMTP"
"SMTPD" 4792 2378 "2017-03-14 07:52:33.181" "183.136.237.112" "RECEIVED: QUIT"
"SMTPD" 4792 2378 "2017-03-14 07:52:33.181" "183.136.237.112" "SENT: 221 goodbye"
"SMTPD" 4792 2404 "2017-03-14 07:59:22.120" "222.255.167.137" "SENT: 220 Northcote SMTP"
"SMTPD" 3352 2404 "2017-03-14 07:59:22.120" "222.255.167.137" "RECEIVED: QUIT"
"SMTPD" 3352 2404 "2017-03-14 07:59:22.120" "222.255.167.137" "SENT: 221 goodbye"
"SMTPD" 4792 2412 "2017-03-14 08:02:43.137" "68.191.218.91" "SENT: 220 Northcote SMTP"
"SMTPD" 4792 2412 "2017-03-14 08:02:43.137" "68.191.218.91" "RECEIVED: QUIT"
"SMTPD" 4792 2412 "2017-03-14 08:02:43.137" "68.191.218.91" "SENT: 221 goodbye"
"SMTPD" 4792 2470 "2017-03-14 08:17:19.127" "197.14.14.150" "SENT: 220 Northcote SMTP"
"SMTPD" 4792 2470 "2017-03-14 08:17:19.127" "197.14.14.150" "RECEIVED: QUIT"
"SMTPD" 4792 2470 "2017-03-14 08:17:19.127" "197.14.14.150" "SENT: 221 goodbye"
"SMTPD" 4792 2476 "2017-03-14 08:21:05.156" "78.131.87.207" "SENT: 220 Northcote SMTP"
"SMTPD" 3352 2476 "2017-03-14 08:21:05.156" "78.131.87.207" "RECEIVED: QUIT"
"SMTPD" 3352 2476 "2017-03-14 08:21:05.156" "78.131.87.207" "SENT: 221 goodbye"
"SMTPD" 4792 2487 "2017-03-14 08:24:48.142" "210.239.210.80" "SENT: 220 Northcote SMTP"
"SMTPD" 3540 2487 "2017-03-14 08:24:48.142" "210.239.210.80" "RECEIVED: QUIT"
"SMTPD" 3540 2487 "2017-03-14 08:24:48.142" "210.239.210.80" "SENT: 221 goodbye"
"SMTPD" 4792 3527 "2017-03-14 08:43:46.211" "59.60.28.232" "SENT: 220 Northcote SMTP"
"SMTPD" 4792 3544 "2017-03-14 08:49:54.200" "94.183.4.136" "SENT: 220 Northcote SMTP"
"SMTPD" 4792 3544 "2017-03-14 08:49:54.200" "94.183.4.136" "RECEIVED: QUIT"
"SMTPD" 4792 3544 "2017-03-14 08:49:54.200" "94.183.4.136" "SENT: 221 goodbye"
"SMTPD" 4792 3579 "2017-03-14 09:03:30.210" "210.239.210.80" "SENT: 220 Northcote SMTP"
"SMTPD" 3352 3579 "2017-03-14 09:03:30.210" "210.239.210.80" "RECEIVED: QUIT"
"SMTPD" 3352 3579 "2017-03-14 09:03:30.210" "210.239.210.80" "SENT: 221 goodbye"
"SMTPD" 4792 3587 "2017-03-14 09:07:04.211" "96.57.19.234" "SENT: 220 Northcote SMTP"
"SMTPD" 4792 3587 "2017-03-14 09:07:04.211" "96.57.19.234" "RECEIVED: QUIT"
"SMTPD" 4792 3587 "2017-03-14 09:07:04.211" "96.57.19.234" "SENT: 221 goodbye"
"SMTPD" 4792 3634 "2017-03-14 09:21:12.213" "58.185.138.18" "SENT: 220 Northcote SMTP"
"SMTPD" 4792 3634 "2017-03-14 09:21:12.213" "58.185.138.18" "RECEIVED: QUIT"
"SMTPD" 4792 3634 "2017-03-14 09:21:12.213" "58.185.138.18" "SENT: 221 goodbye"
"SMTPD" 4792 3653 "2017-03-14 09:24:46.214" "68.191.218.91" "SENT: 220 Northcote SMTP"
"SMTPD" 4792 3653 "2017-03-14 09:24:46.214" "68.191.218.91" "RECEIVED: QUIT"
"SMTPD" 4792 3653 "2017-03-14 09:24:46.214" "68.191.218.91" "SENT: 221 goodbye"[/code]


Only 17 separate IP addresses so far (so 17 out of how many potential millions around the world) but none-the-less they are active and seemingly 'dearching' for something. Possiblybuilding a target list of addresses?

By the way, this is with the 20 second delay on connection (implemented as quoted by Soren).
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
SorenR
Senior user
Senior user
Posts: 3582
Joined: 2006-08-21 15:38
Location: Denmark

Re: Spam attacks? Do you think you are hard done to?

Post by SorenR » 2017-03-14 12:57

jimimaseye wrote:viewtopic.php?p=194225#p194225
SorenR wrote: Another probe/bot countermeasure is a 20 second pause on port 25... in Sub OnClientConnect(oClient)
Looks like a new bot got activated last night:

Only 17 separate IP addresses so far (so 17 out of how many potential millions around the world) but none-the-less they are active and seemingly 'dearching' for something. Possiblybuilding a target list of addresses?

By the way, this is with the 20 second delay on connection (implemented as quoted by Soren).
Ah, the 20 second wait will not kill that one.

A clear sign that the 20 second wait works is that you never get more than "SENT: 220 Northcote SMTP" in the log from that IP Address.

The one you saw, I get too... I'm still working out how to deal with that without having to implement a heavy SQL object. I may end up with a SQLite solution of some sort based on some fancy IDS algorithm.

And yes, they ARE probing your defenses :mrgreen:
SørenR.

“Those who don't know history are doomed to repeat it.”
― Edmund Burke

Post Reply