This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

one customer causing smtp spam
#1
one customer causing smtp spam
Guys,

I have one customer causing thousands of smtp request a minute. I had the same user with zpanel and did not have this issue. fresh install of CENTOS 7 and sentora now the customer is getting my server blacklisted.

They use google docs to control their mail so I do not know what my server is being hit for.

I will worry about getting everything off of blacklist as soon as I stop the issue.

Here is output from the maillog

Apr 14 21:11:14 web01 postfix/smtp[9955]: 93521A50CC4: host gmail-smtp-in.l.google.com[74.125.193.26] said: 550-5.7.1 [208.94.243.91 12] Our system has detected that this message is 550-5.7.1 likely unsolicited mail. To reduce the amount of spam sent to Gmail, 550-5.7.1 this message has been blocked. Please visit 550-5.7.1 http://support.google.com/mail/bin/answe...wer=188131 for 550 5.7.1 more information. ij10si3593711igb.59 - gsmtp (in reply to end of DATA command)
Apr 14 21:11:14 web01 postfix/smtp[8029]: 932CAA50CDC: host gmail-smtp-in.l.google.com[74.125.193.26] said: 550-5.7.1 [208.94.243.91 12] Our system has detected that this message is 550-5.7.1 likely unsolicited mail. To reduce the amount of spam sent to Gmail, 550-5.7.1 this message has been blocked. Please visit 550-5.7.1 http://support.google.com/mail/bin/answe...wer=188131 for 550 5.7.1 more information. a197si2636327ioe.23 - gsmtp (in reply to end of DATA command)
Apr 14 21:11:14 web01 postfix/smtp[8029]: 932CAA50CDC: to=<blackvampire96@gmail.com>, relay=alt1.gmail-smtp-in.l.google.com[64.233.171.26]:25, delay=1430, delays=687/713/30/0.22, dsn=4.7.1, status=SOFTBOUNCE (host alt1.gmail-smtp-in.l.google.com[64.233.171.26] said: 550-5.7.1 [208.94.243.91 12] Our system has detected that this message is 550-5.7.1 likely unsolicited mail. To reduce the amount of spam sent to Gmail, 550-5.7.1 this message has been blocked. Please visit 550-5.7.1 http://support.google.com/mail/bin/answe...wer=188131 for 550 5.7.1 more information. 142si3199177qhw.29 - gsmtp (in reply to end of DATA command))
Apr 14 21:11:14 web01 postfix/smtp[9920]: 96682A50889: to=<blacktyler3070@gmail.com>, relay=alt1.gmail-smtp-in.l.google.com[64.233.171.26]:25, delay=1471, delays=728/712/31/0.56, dsn=4.7.1, status=SOFTBOUNCE (host alt1.gmail-smtp-in.l.google.com[64.233.171.26] said: 550-5.7.1 [208.94.243.91 12] Our system has detected that this message is 550-5.7.1 likely unsolicited mail. To reduce the amount of spam sent to Gmail, 550-5.7.1 this message has been blocked. Please visit 550-5.7.1 http://support.google.com/mail/bin/answe...wer=188131 for 550 5.7.1 more information. c50si3175275qgf.105 - gsmtp (in reply to end of DATA command))
Apr 14 21:11:16 web01 postfix/smtp[9935]: connect to alt1.gmail-smtp-in.l.google.com[2607:f8b0:400d:c03::1b]:25: Connection timed out
Apr 14 21:11:16 web01 postfix/smtp[9923]: connect to gmail-smtp-in.l.google.com[2607:f8b0:4001:c05::1a]:25: Connection timed out
Apr 14 21:11:17 web01 postfix/smtp[9935]: D6370A50433: to=<auop336@gmail.com>, relay=alt1.gmail-smtp-in.l.google.com[64.233.171.26]:25, delay=1511, delays=765/685/61/0.56, dsn=4.7.1, status=SOFTBOUNCE (host alt1.gmail-smtp-in.l.google.com[64.233.171.26] said: 550-5.7.1 [208.94.243.91 12] Our system has detected that this message is 550-5.7.1 likely unsolicited mail. To reduce the amount of spam sent to Gmail, 550-5.7.1 this message has been blocked. Please visit 550-5.7.1 http://support.google.com/mail/bin/answe...wer=188131 for 550 5.7.1 more information. 7si3175178qhv.107 - gsmtp (in reply to end of DATA command))
Apr 14 21:11:18 web01 postfix/smtp[9948]: connect to alt1.gmail-smtp-in.l.google.com[2607:f8b0:400d:c03::1b]:25: Connection timed out
Apr 14 21:11:18 web01 postfix/smtp[9948]: D7160A4F789: to=<anilkumar25081989@gmail.com>, relay=alt1.gmail-smtp-in.l.google.com[64.233.171.26]:25, delay=1580, delays=832/682/65/0.22, dsn=4.7.1, status=SOFTBOUNCE (host alt1.gmail-smtp-in.l.google.com[64.233.171.26] said: 550-5.7.1 [208.94.243.91 12] Our system has detected that this message is 550-5.7.1 likely unsolicited mail. To reduce the amount of spam sent to Gmail, 550-5.7.1 this message has been blocked. Please visit 550-5.7.1 http://support.google.com/mail/bin/answe...wer=188131 for 550 5.7.1 more information. r9si3212694qca.13 - gsmtp (in reply to end of DATA command))
Reply
Thanks given by:
#2
RE: one customer causing smtp spam
Never mind it looks like that customers website was hacked since I switched to sentora
Reply
Thanks given by:
#3
RE: one customer causing smtp spam
Very interesting, could you share how the hack was done ?
Reply
Thanks given by:
#4
RE: one customer causing smtp spam
(04-15-2015, 02:24 PM)otbhosting Wrote: Never mind it looks like that customers website was hacked since I switched to  sentora

What was hacked? Was it a custom site or was it a CMS (wordpress, moodle, drupal, etc.) site?
-TGates - Project Council

SEARCH the Forums or read the DOCUMENTATION before posting!
Support Sentora and Donate: HERE

Find my support or modules useful? Donate to TGates HERE
Developers and code testers needed!
Contact TGates for more information
Reply
Thanks given by:


Possibly Related Threads…
Thread Author Replies Views Last Post
can not send email - SMTP error on roundcube wolvepy 9 31 ,758 01-03-2020, 08:37 AM
Last Post: Telepuzik
SMTP error after mariaDB upgrade mohamedh 4 12 ,621 02-08-2019, 01:07 AM
Last Post: mohamedh
SMTP Error every time i try to send an email wormsunited 7 21 ,252 12-22-2018, 08:02 AM
Last Post: TGates

Forum Jump:


Users browsing this thread: 1 Guest(s)