• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Question Ip address spam emails sending suspicious

Tize

Tize

Basic Pleskian
Hello everyone, I added this command to the server and throws me an IP address listed as spam 80.82.64.102 Not my iP address.

Code: 
tail -f /usr/local/psa/var/log/maillog

I would like to know how I can delete the server address please.

Captura de pantalla 2016-10-27 a las 21.18.59.png
 
Excuse me, but I did not understand your problem, the ip that you reported in the log is connected via POP3, regular access, you can give me some more details?
 
Alberto Pizzarelli said:
Excuse me, but I did not understand your problem, the ip that you reported in the log is connected via POP3, regular access, you can give me some more details?
Click to expand...
Hello, some time ago my server was sending spam emails massively.
I solved and yesterday to put that code could see that it appeared that IP address to a particular domain.
Code: 
tail -f /usr/local/psa/var/log/maillog
But as I can not give you more details, if you tell me I'll gladly send you more information.
Thank you very much for your help.
 
but from the logs that you have shown, there is no evidence of massive mailings, the IP server connected to the courier, shows this ip disconnect after downloading the mail (I suppose), but there is no evidence or connection with the attack earlier received, doing a whois ip of this turns out to be:

80.82.64.102

organization: ORG-QNL3-RIPE
org-name: Almost Networks LTD.
org-type: OTHER
Address: Suite 1, Second Floor
address: Sound & Vision House, Francis Rachel Street
Address: Victoria, Mahe, Seychelles

as you have connected this ip with the previous attack?
 
Alberto Pizzarelli said:
but from the logs that you have shown, there is no evidence of massive mailings, the IP server connected to the courier, shows this ip disconnect after downloading the mail (I suppose), but there is no evidence or connection with the attack earlier received, doing a whois ip of this turns out to be:

80.82.64.102

organization: ORG-QNL3-RIPE
org-name: Almost Networks LTD.
org-type: OTHER
Address: Suite 1, Second Floor
address: Sound & Vision House, Francis Rachel Street
Address: Victoria, Mahe, Seychelles

as you have connected this ip with the previous attack?
Click to expand...


Hi, thanks for your message.
Maybe I did not explain well sorry for I speak Spanish and I can hardly express the same words in English.

Long ago my server sending spam and fixed it, for about a year and a half.

Now the problem is I looked and I find that IP address appears within my server and not know why.
Nor as I can erase it from there, it appears only when I enter that code I put above.

Thank you very much.
 
appears there because someone wants to connect to your server via pop3, you just have to figure out if the connection is allowed (that is, someone who is downloading mail), or unauthorized (some bots that try to make bruteforce), if your server must don't have connections because it is locked, then you can insert a rule in the firewall and make sure the ip reported, is blocked
 
Alberto Pizzarelli said:
appears there because someone wants to connect to your server via pop3, you just have to figure out if the connection is allowed (that is, someone who is downloading mail), or unauthorized (some bots that try to make bruteforce), if your server must don't have connections because it is locked, then you can insert a rule in the firewall and make sure the ip reported, is blocked
Click to expand...


Hello, yesterday added in the Firewall CSF entire range of those IP addresses.

I put a lock on the IP address and the country to full seychels.

Do you think that this is enough?

I was a little scared because he does not know the IP address of single Suddenly there.

Thank you very much.
 
ooo, we finally figured out the problem, then you have entered in the firewall ip but continues to connect right?

Try to give this command to the server, and then check the logs if it appears again:

Code: 
iptables -A INPUT -p tcp -m tcp --dport 110 -s 80.82.64.102 -j DROP

or

Code: 
iptables -A INPUT -p tcp -m tcp --dport 110 -s 80.82.64.0/24 -j DROP

you have already tried to give this command ??


This block only port 110 (pop3), for all port you can try whit:

Code: 
iptables -A INPUT  -s 80.82.64.0/24 -j DROP
 
Hi, thanks for your help.
I just realized this command and do nothing, is added and is already :p.
Maybe they're doing something behind without knowing it.

Captura de pantalla 2016-10-28 a las 11.34.29.png

I have CentOS release 6.5 (Final) :rolleyes::rolleyes:
 
Now I remember, I used the iptables start.
But I stopped using it to go to CSF because the latter can block countries.

Code: 
nano /etc/csf/csf.conf

Thank you very much.
 
A million thanks for your help.

Here you can see I did what you told me yesterday from CSF

I will give as accepted your help, thank you very much friend.

Captura de pantalla 2016-10-28 a las 11.53.15.png
 
You must log in or register to reply here.

Similar threads

I
Issue Emails to Outlook are going to spam.
Replies
2
Views
670
scsa20
scsa20
S
Question Sending emails to bounced addresses
Replies
2
Views
542
spg_nueve
S
T
Question DNS error for all domains after adding an IP
Replies
2
Views
324
teds
T
T
Issue Unbanning some IP addresses causes the server to be unresponsive
Replies
4
Views
958
TurabG
T
R
Issue Unable to send emails using SMTP
Replies
9
Views
1K
Robin McDermott
R
Back
Top