For several days now, my server is throwing more than a thousand spam emails with different accounts using an ip and validating itself as if it were my IP, I already have that IP blocked inbound and outbound, even in firewall and still sending spam. The bad IP is: 1624 173.194.208.28
SMTP Activity
03/01/19 08:49:48 SMTP-OU 6C18B097359E4DE7961B234CC50BF7CD.MAI 1624 173.194.208.28 EHLO EHLO mail.publi-server2.com 250-smtp-relay.gmail.com at your service, [107.XXX.XXX.XXX] 29 177
03/01/19 08:49:48 SMTP-OU 6C18B097359E4DE7961B234CC50BF7CD.MAI 1624 173.194.208.28 MAIL MAIL FROM:<ventas@midominio.com> SIZE=1812 250 2.1.0 OK a5sm1968860otl.1 - gsmtp 46 39
03/01/19 08:49:48 SMTP-OU 6C18B097359E4DE7961B234CC50BF7CD.MAI 1624 173.194.208.28 RCPT RCPT TO:<191512767@qq.com> 250 2.1.5 OK a5sm1968860otl.1 - gsmtp 28 39
03/01/19 08:49:48 SMTP-OU 6C18B097359E4DE7961B234CC50BF7CD.MAI 1624 173.194.208.28 DATA DATA 550-5.7.1 Daily SMTP relay limit exceeded for customer. For more information on 6 253
03/01/19 08:49:48 SMTP-OU 6C18B097359E4DE7961B234CC50BF7CD.MAI 1624 173.194.208.28 QUIT QUIT 221 2.0.0 closing connection a5sm1968810otl.1 - gsmtp 6 55
I do not know how I can block this.
SMTP Debug
03/01/19 08:37:27 ME-IXXXX: [D5D088DC9AAA490A93190B254373C4FE.MAI] DNS resolved to the following record: IP Address=74.125.197.28, Family=2, Type=1, Protocol=6
Please Help me!!!
My server is sending spam with an IP address that emulates that of my server
-
menteinfinita
- Posts: 18
- Joined: Fri Mar 01, 2019 4:03 pm
-
MailEnable-Ian
- Site Admin
- Posts: 9738
- Joined: Mon Mar 22, 2004 4:44 am
- Location: Melbourne, Victoria, Australia
Re: My server is sending spam with an IP address that emulates that of my server
Hi,
The log snippet reports SMTP-OU and therefore the IP address listed is the remote mail server your sending to. You need to search further up in that log file for the associated SMTP-IN and block the incoming IP listed there. Add the IP address to the SMTP "Access control" list under the option for "Granted all expect those in the list".
The log snippet reports SMTP-OU and therefore the IP address listed is the remote mail server your sending to. You need to search further up in that log file for the associated SMTP-IN and block the incoming IP listed there. Add the IP address to the SMTP "Access control" list under the option for "Granted all expect those in the list".
Regards,
Ian Margarone
MailEnable Support
Ian Margarone
MailEnable Support
-
menteinfinita
- Posts: 18
- Joined: Fri Mar 01, 2019 4:03 pm
Re: My server is sending spam with an IP address that emulates that of my server
Thank you very much for the track. In the end I could finally find the account, just enter the inbound connections and outbound connections and there I could see who was the guilt of spam. Thanks so much. 
