Spam attack - aiuto!

igiorgetti77
Posts: 1
Joined: Fri Feb 19, 2016 2:53 pm

Spam attack - aiuto!

Postby igiorgetti77 » Fri Feb 19, 2016 3:09 pm

Ciao ragazzi,
ho questo problema, da qualche giorno il server è piuttosto sovraccarico poiché
qualche maledetto ci stà mitragliando con richieste di invio:

Abbiamo centinaia di richieste di invio da [nome che cambia]@commercialistasanmarino.com
Il dominio commercialistasanmarino.com non è configurato in MailEnable,
ma solo su www come sito.

Abbiamo stoppata il relay senza autenticazione, ma comunque il server lavora per processare le richieste.
Possiamo risolvere in qualche modo?

Grazie mille

File SMTP Activity:

2/19/16 00:00:00 SMTP-IN CBC8F008EF2540BD959772963C19A37E.MAI 948 192.168.1.1 220 mx.studioag.info ESMTP MailEnable Service, Version: 7.55-7.55- ready at 02/19/16 00:00:00 0 0
02/19/16 00:00:00 SMTP-IN CBC8F008EF2540BD959772963C19A37E.MAI 948 192.168.1.1 EHLO EHLO mail.studioag.net 250-studioag.net [192.168.1.1], this server offers 2 extensions 94 24
02/19/16 00:00:00 SMTP-IN CBC8F008EF2540BD959772963C19A37E.MAI 948 192.168.1.1 MAIL MAIL FROM:<> SIZE=1973 250 Requested mail action okay, completed 43 24
02/19/16 00:00:00 SMTP-IN CBC8F008EF2540BD959772963C19A37E.MAI 948 192.168.1.1 RCPT RCPT TO:<robin_rowe@commercialistasanmarino.com> 503 This mail server requires authentication when attempting to send to a non-local e-mail address. Please check your mail client settings or contact your administrator to verify that the domain or address is defined for this server. 235 50
02/19/16 00:00:00 SMTP-IN CBC8F008EF2540BD959772963C19A37E.MAI 948 192.168.1.1 QUIT QUIT 221 Service closing transmission channel 42 6
02/19/16 00:00:01 SMTP-IN FDE0197C02174971B262E3AE60E8CA8A.MAI 1008 121.42.192.251 AUTH Z3Vlc3Q= 504 Invalid Username or Password 34 10 ftp
02/19/16 00:00:01 SMTP-IN D5714DADD05E4F549BC07C311BCC46C2.MAI 912 192.168.1.1 220 mx.studioag.info ESMTP MailEnable Service, Version: 7.55-7.55- ready at 02/19/16 00:00:01 0 0
02/19/16 00:00:01 SMTP-IN D5714DADD05E4F549BC07C311BCC46C2.MAI 912 192.168.1.1 EHLO EHLO mail.studioag.net 250-studioag.net [192.168.1.1], this server offers 2 extensions 94 24
02/19/16 00:00:01 SMTP-IN D5714DADD05E4F549BC07C311BCC46C2.MAI 912 192.168.1.1 MAIL MAIL FROM:<> SIZE=1358 250 Requested mail action okay, completed 43 24
02/19/16 00:00:01 SMTP-IN D5714DADD05E4F549BC07C311BCC46C2.MAI 912 192.168.1.1 RCPT RCPT TO:<marguerite_lee@commercialistasanmarino.com> 503 This mail server requires authentication when attempting to send to a non-local e-mail address. Please check your mail client settings or contact your administrator to verify that the domain or address is defined for this server. 235 54
02/19/16 00:00:01 SMTP-IN D5714DADD05E4F549BC07C311BCC46C2.MAI 912 192.168.1.1 QUIT QUIT 221 Service closing transmission channel 42 6

Nel file SMTP-Debug:

02/19/16 00:00:19 ME-I0018: [49AEB840FC8A484082EBFDF75BAE4182.MAI] Outbound message from ([SMTP:dawn_adams@commercialistasanmarino.com]) requeued as [D5E670E2A828450B89392C210F94EB39.MAI] to the target domain [gmail.com]
02/19/16 00:00:19 ME-I0123: Domain [gmail.com] has MX list [gmail-smtp-in.l.google.com,alt1.gmail-smtp-in.l.google.com,alt2.gmail-smtp-in.l.google.com,alt3.gmail-smtp-in.l.google.com,alt4.gmail-smtp-in.l.google.com]
02/19/16 00:00:19 ME-I0026: [D5E670E2A828450B89392C210F94EB39.MAI] Sending message
02/19/16 00:00:19 ME-IXXXX: [D5E670E2A828450B89392C210F94EB39.MAI] DNS resolved to the following record: IP Address=74.125.136.27, Family=2, Type=1, Protocol=6
02/19/16 00:00:20 ME-IXXXX: [D5E670E2A828450B89392C210F94EB39.MAI] Remote server returned a response indicating a permanent error. Server Response: (554 5.7.1 Studio AG Web Server**)
02/19/16 00:00:20 ME-I0148: [D5E670E2A828450B89392C210F94EB39.MAI] DATE (DATA Termination) command failed.
02/19/16 00:00:20 ME-E0146: [D5E670E2A828450B89392C210F94EB39.MAI] DATA Command Failed.
02/19/16 00:00:20 ME-I0009: [D5E670E2A828450B89392C210F94EB39.MAI] Remote server has closed connection after 0 milliseconds. Server Response: (-)
02/19/16 00:00:20 ME-E0033: [D5E670E2A828450B89392C210F94EB39.MAI] DATA Transmission failed.

MailEnable-Ian
Site Admin
Posts: 8773
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: Spam attack - aiuto!

Postby MailEnable-Ian » Sun Feb 21, 2016 10:52 pm

Hi,

From inspecting the SMTP activity log file the inbound connection is being denied relay rights from the local IP address. Therefore I would presume that no messages are being routed to the SMTP outbound queue. Since the inbound connections are deriving from a local IP address then you may have a web form that has been exploited. Check your IIS logs.
Regards,

Ian Margarone
MailEnable Support

Who is online

Users browsing this forum: No registered users and 24 guests