[postfix-es] Roundcube me convirtio en openrelay :(

David Gonzalez david en delpozo.org
Vie Mayo 22 23:54:59 CEST 2009 

Se me ha ocurrido buscar en internet esa ip y he llegado a esta web:
http://www.projecthoneypot.org/ip_75.126.32.187

donde comenta:
The Project Honey Pot system has detected behavior from the IP address 
consistent with that of a mail server and dictionary attacker. Below we've 
reported some other data associated with this IP. This interrelated data 
helps map spammers' networks and aids in law enforcement efforts. If you know 
something about this IP, please leave a comment.

Por si te sirve de interes...


On Friday 22 May 2009 15:25:25 kazabe wrote:
> Holas.
>
> Hace unos dias comence a notar que los correos de mi servidor estaban
> tardando demasiado en entregarse.  Al revisar las colas, encuentro que
> hay demasiados mensajes acumulados, de los cuales el 100% no provienen
> de mis usuarios.
>
> Miro los logs de roundcube y encuentro esto:
>
> [21-May-2009 08:37:54 -0500]: User valid.user en localhost
> [75.126.32.187]; Message for undisclosed-recipients:;; 250: 2.0.0 Ok:
> queued as C8E55A4844B
> [21-May-2009 08:39:57 -0500]: User valid.user en localhost
> [75.126.32.187]; Message for undisclosed-recipients:;; 250: 2.0.0 Ok:
> queued as 6E164A4844B
> [21-May-2009 08:41:50 -0500]: User valid.user en localhost
> [75.126.32.187]; Message for undisclosed-recipients:;; 250: 2.0.0 Ok:
> queued as 10310A48445
> [21-May-2009 08:43:28 -0500]: User valid.user en localhost
> [75.126.32.187]; Message for undisclosed-recipients:;; 250: 2.0.0 Ok:
> queued as 5802DA4844B
> [21-May-2009 08:45:13 -0500]: User valid.user en localhost
> [75.126.32.187]; Message for undisclosed-recipients:;; 250: 2.0.0 Ok:
> queued as 116F8A4844D
> [21-May-2009 08:46:57 -0500]: User valid.user en localhost
> [75.126.32.187]; Message for undisclosed-recipients:;; 250: 2.0.0 Ok:
> queued as DCCA5A4844D
> [21-May-2009 08:47:57 -0500]: User valid.user en localhost
> [75.126.32.187]; Message for undisclosed-recipients:;; 250: 2.0.0 Ok:
> queued as B4C10A4844C
>
>
> He bloqueado esa IP 75.126.32.187, pero esa no es una solucion real.
> Como puedo evitar que me usen el roundcube para enviar spam?  tengo la
> ultima version y el postfix configurado para no permitir el relay.
>
>
> saludos



-- 
David Gonzalez
 
david en delpozo.org 
Http://www.guadawireless.net 
GNU/Linux registered user #139902 
jabber: david en jabber.guadawireless.org 
 
Enlace a un proyecto que tengo en marcha: 
 
http://detiendaspor.biz

More information about the postfix-es mailing list