[SPAM] [Lug-bg] [SPAM] Атакуваха ме; за сега положението е овладяно!
- Subject: [SPAM] [Lug-bg] [SPAM] Атакуваха ме; за сега положението е овладяно!
- From: "Ivan Adams" <ivancho.b@xxxxxxxxx>
- Date: Thu, 23 Nov 2006 10:49:21 +0200
Днес сутринта забелязвам, че от снощи mail server-а е получавал много
заявки, сега като го заварих е на load average 99. и нещо, и буквално
си е умрял. Мисля че са ми направили DOS. Преди малко, когато го пусна и
веднага започват да идват от различни и хиляди ИП-та писма с прикачени
файлове, към поща с някакъв случаен стринг и домейн, който обслужва
qmail-а. Лично аз съм го настройвал. Ползвам
qmail+...+clamav+spamassasin. След като пристигне писмото, се
проверява от clamav и спамасасин. Като най-вече антивирусната
(обновена е вчера), просто заемаше много ресурси, и се нареждат все
повече задачи в sleep режим, докато не издъхне щайгата. След като го
сканира, понеже, няма такава пощенска кутия, праща писмо на
постмастер, и започва да се опитва да върне писмо от сендера и да
каже, че такава пощенска кутия няма. Което също тормози машинката,
защото адресите са фиктивни.
Това което се сещам като решение, беше патч, който проверява
изпращача, и ИП-то от където пристига, и ако не съвпадат (даже някой
като mail.bg проверяват и обратния запис за съвпадение), и ако не
отговарят, reject-ват писмото.
В момента съм изключил clamav и spamassasin за атакувания domain, и
нещата се нормализираха.
Също забелязвам, че писмата всичките които пристигат са от postmaster@NESHTOSI
И си мисля да измисля начин да ги спирам още по FROM, но в момента още
не мога да измисля от къде. Мисля че от spamassasin-a ще да е ...
Ще съм ти много благодарен на всякакви съвети и предложения!
-----------------------------------------------
Прикачвам и писмото:
i. This is the qmail-send program at HOSTNAME.
I tried to deliver a bounce message to this address, but the bounce bounced!
<bcjiwo@HOSTNAME>:
Sorry, no mailbox here by that name. vpopmail (#5.1.1)
--- Below this line is the original bounce.
Return-Path: <>
Received: (qmail 12927 invoked by uid 1001); 22 Nov 2006 17:38:40 -0000
Received: from 65.205.149.154 by debmail (envelope-from <>, uid 92) with
qmail-scanner-1.25-st-qms
(spamassassin: 3.0.3. perlscan: 1.25-st-qms.
Clear:RC:0(65.205.149.154):SA:0(?/?):.
Processed in 511.241492 secs); 22 Nov 2006 17:38:40 -0000
X-Spam-Status: No, hits=? required=?
X-Antivirus-ecranbleu-Mail-From: via debmail
X-Antivirus-ecranbleu: 1.25-st-qms
(Clear:RC:0(65.205.149.154):SA:0(?/?):. Processed
in 511.241492 secs Process 12150)
Received: from mail.ditekcorp.com (65.205.149.154)
by HOSTNAMEIP with SMTP; 22 Nov 2006 17:28:50 -0000
From: postmaster@xxxxxxxxxxxxx
To: bcjiwo@HOSTNAME
Date: Wed, 22 Nov 2006 12:28:26 -0500
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="9B095B5ADSN=_01C70987D3EC4E240001696Amail.ditekcorp.c"
X-DSNContext: 335a7efd - 4523 - 00000001 - 80040546
Message-ID: <WVlH7DNgN00008711@xxxxxxxxxxxxxxxxxx>
Subject: Delivery Status Notification (Failure)
This is a MIME-formatted message.
Portions of this message may be unreadable without a MIME-capable mail program.
--9B095B5ADSN=_01C70987D3EC4E240001696Amail.ditekcorp.c
Content-Type: text/plain; charset=unicode-1-1-utf-7
This is an automatically generated Delivery Status Notification.
Delivery to the following recipients failed.
butlern@xxxxxxxxxxxxx
--9B095B5ADSN=_01C70987D3EC4E240001696Amail.ditekcorp.c
Content-Type: message/delivery-status
Reporting-MTA: dns;mail.ditekcorp.com
Received-From-MTA: dns;S0106000f3d5e1cd5.cg.shawcable.net
Arrival-Date: Wed, 22 Nov 2006 12:28:26 -0500
Final-Recipient: rfc822;butlern@xxxxxxxxxxxxx
Action: failed
Status: 5.1.1
--9B095B5ADSN=_01C70987D3EC4E240001696Amail.ditekcorp.c
Content-Type: message/rfc822
Received: from S0106000f3d5e1cd5.cg.shawcable.net ([68.145.43.229]) by
mail.ditekcorp.com with Microsoft SMTPSVC(6.0.3790.1830);
Wed, 22 Nov 2006 12:28:26 -0500
Received: from mail.HOSTNAME (mail.HOSTNAME [HOSTNAMEIP])
by S0106000f3d5e1cd5.cg.shawcable.net (Postfix) with ESMTP id 0F9EA787A4
for <butlern@xxxxxxxxxxxxx>; Wed, 22 Nov 2006 11:28:54 -0600
Received: from [148.223.181.72]
by mail.HOSTNAME with ESMTP (Exim 4.05) id BqU9Xksv6YMI
for <butlern@xxxxxxxxxxxxx>; Wed, 22 Nov 2006 11:28:54 -0600
From: "Lenny Herrera" <bcjiwo@HOSTNAME>
Reply-To: "Lenny Herrera" <bcjiwo@HOSTNAME>
Message-ID: <4403493452.3096424063@HOSTNAME>
Date: Wed, 22 Nov 2006 11:28:54 -0600
To: <butlern@xxxxxxxxxxxxx>
Subject: ERIK HAS UPLOADED NEW SOFTWARE, AUTOCAD 2007 $129.95!
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Return-Path: bcjiwo@HOSTNAME
X-OriginalArrivalTime: 22 Nov 2006 17:28:26.0232 (UTC)
FILETIME=[9E333F80:01C70E5B]
Adobe Creative Suite 2 Premium for Windows
Retail Price $1199.00
Our Price $149.95
You save $1049.05
Autodesk AutoCAD 2007
Retail Price $3995.00
Our Price $129.95
You save $3865.05
MS Windows XP Professional with SP2
Retail Price $269.99
Our Price $49.95
You save $220.04
Adobe Photoshop CS2 V 9.0
Retail Price $599.00
Our Price $69.95
You save $529.05
Microsoft Office 2003 Professional with Business Contact Manager for Outlook
Retail Price $550.00
Our Price $69.95
You save $480.05
Adobe Acrobat 7.0 Professional
Retail Price $449.90
Our Price $69.95
You save $379.95
Macromedia Dreamweaver 8
Retail Price $399.99
Our Price $49.95
You save $350.04
Q: Why is the software so inexpensive?
A: We offer the software for downloading only, it means that you do
not receive a
fancy package, a printed manual and license that actually aggregate
the largest part
of the retail price. In this situation we are restricted in selling
the products for
private purposes only! You will not be able to get a technical support
and different
rebates from the manufacturer. Updates are available for the most of
our products
(you may ask our support staff for the exceptions) that make them
fully functional
and operating. Additionally you save the delivery cost.
Q: Is OEM as functional as a retail version?
A: Yes. OEM software is exactly the same as retail software except there is no
cardboard box.
http://yogogan.com
Regards, DS Team.
--9B095B5ADSN=_01C70987D3EC4E240001696Amail.ditekcorp.c--
_______________________________________________
Lug-bg mailing list
Lug-bg@xxxxxxxxxxxxxxxxxx
http://linux-bulgaria.org/mailman/listinfo/lug-bg
|