Facebook
TwitterHi,
There is a mail account where the mail limit is set to 30/hour in the settings
The limit for the domain of this mailbox is set to 100/hour
I double checked everywhere regarding this mail account, it says nowhere "unlimited"
This mailbox just sent 694 mails in less than an hour (password cracked by virus on client host)
That's a portion of the syslog halfway through the spamming process, at some point i can find some of these :
So i'm guessing that the quota system is active, but only on sendmail, not monitoring on postfix?
Also I was wondering maybe if the quota is updated every hour, which would explain why it did not detect the hundreds of outgoing mails, but as you can see here, the system did not detect any attempts to surpass the quota:
I have no idea how this quota system works, any help on the matter would be appreciated. (where to look, what to change...)
Thanks
There is a mail account where the mail limit is set to 30/hour in the settings
The limit for the domain of this mailbox is set to 100/hour
I double checked everywhere regarding this mail account, it says nowhere "unlimited"
This mailbox just sent 694 mails in less than an hour (password cracked by virus on client host)
Code:
Nov 20 14:56:35 srv02 postfix/qmgr[3353]: 0C2F8C0C03: from=<l******@******associes.com>, size=706, nrcpt=5 (queue active)
Nov 20 14:56:35 srv02 postfix/smtp[28895]: 0C2F8C0C03: to=<************@gmail.com>, relay=gmail-smtp-in.l.google.com[74.125.206.26]:25, delay=4.1, delays=3.7/0/0.11/0.29, dsn=2.0.0, status=sent (250 2.0.0 OK 1448027790 i26si4321884wmc.111 - gsmtp)
Nov 20 14:56:37 srv02 postfix/smtp[29914]: 0C2F8C0C03: to=<********@yahoo.com>, relay=mta6.am0.yahoodns.net[98.138.112.33]:25, delay=5.5, delays=3.7/0/0.83/0.97, dsn=2.0.0, status=sent (250 ok dirdel 1/1)
Nov 20 14:56:37 srv02 postfix/smtp[29914]: 0C2F8C0C03: to=<c*********@yahoo.com>, relay=mta6.am0.yahoodns.net[98.138.112.33]:25, delay=5.5, delays=3.7/0/0.83/0.97, dsn=2.0.0, status=sent (250 ok dirdel 1/1)
Nov 20 14:56:37 srv02 postfix/smtpd[28583]: 1BE6CC0BF8: client=unknown[191.5.149.46], sasl_method=LOGIN, sasl_username=l******@******associes.com
Nov 20 14:56:37 srv02 postfix/smtp[29915]: 0C2F8C0C03: to=<c***********@aol.com>, relay=mailin-02.mx.aol.com[152.163.0.68]:25, delay=5.7, delays=3.7/0/0.59/1.4, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 5516C700000A4)
Nov 20 14:56:37 srv02 postfix/smtp[28883]: 0C2F8C0C03: to=<c************@live.co.uk>, relay=mx3.hotmail.com[65.54.188.126]:25, delay=6.2, delays=3.7/0/1.9/0.67, dsn=2.0.0, status=sent (250 <BAY004-*******@BAY004-******.hotmail.com> Queued mail for delivery)
Nov 20 14:56:37 srv02 postfix/qmgr[3353]: 0C2F8C0C03: removedThat's a portion of the syslog halfway through the spamming process, at some point i can find some of these :
Code:
Nov 20 15:12:37 srv02 plesk sendmail[32426]: handlers_stderr: PASS
Nov 20 15:12:37 srv02 plesk sendmail[32426]: PASS during call 'limit-out' handler
Nov 20 15:12:37 srv02 plesk sendmail[32426]: handlers_stderr: SKIP
Nov 20 15:12:37 srv02 plesk sendmail[32426]: SKIP during call 'check-quota' handlerAlso I was wondering maybe if the quota is updated every hour, which would explain why it did not detect the hundreds of outgoing mails, but as you can see here, the system did not detect any attempts to surpass the quota:
I have no idea how this quota system works, any help on the matter would be appreciated. (where to look, what to change...)
Thanks
Last edited:
