Facebook
TwitterMick Froggatt
New Pleskian
Hi
Odd one, I've checked the server on mxtoolbox for it being a open relay, and it reports that it isn't, but I'm having issues with the server 'sending' spam.
The spam is coming from logins which show in the maillog as
Sep 30 16:10:43 myserver postfix/smtpd[18348]: 3E944BE0A0D: client=unknown[187.213.216.53], sasl_method=PLAIN, [email protected]
Sep 30 16:11:09 myserverpostfix/smtpd[18348]: 4392DBE09F6: client=unknown[187.213.216.53], sasl_method=PLAIN, [email protected]
Sep 30 16:11:23 myserverpostfix/smtpd[18348]: 8F668BE0A0D: client=unknown[187.213.216.53], sasl_method=PLAIN, [email protected]
Sep 30 16:11:38 myserverpostfix/smtpd[18348]: A9964BE0A25: client=unknown[187.213.216.53], sasl_method=PLAIN, [email protected]
Sep 30 16:11:58 myserverpostfix/smtpd[18348]: E0F7FBE0A3A: client=unknown[187.213.216.53], sasl_method=PLAIN, [email protected]
etc etc (various IP addresses)
[email protected] is a genuine user on the server, however, I have reset the password on the account (but not told anyone) and the logins still appear. This is doing my nut
Whats the difference between sasl_method=PLAIN and sasl_method=LOGIN, as I can see the LOGIN method for most genuine emails passing though the logs.
Mick
Odd one, I've checked the server on mxtoolbox for it being a open relay, and it reports that it isn't, but I'm having issues with the server 'sending' spam.
The spam is coming from logins which show in the maillog as
Sep 30 16:10:43 myserver postfix/smtpd[18348]: 3E944BE0A0D: client=unknown[187.213.216.53], sasl_method=PLAIN, [email protected]
Sep 30 16:11:09 myserverpostfix/smtpd[18348]: 4392DBE09F6: client=unknown[187.213.216.53], sasl_method=PLAIN, [email protected]
Sep 30 16:11:23 myserverpostfix/smtpd[18348]: 8F668BE0A0D: client=unknown[187.213.216.53], sasl_method=PLAIN, [email protected]
Sep 30 16:11:38 myserverpostfix/smtpd[18348]: A9964BE0A25: client=unknown[187.213.216.53], sasl_method=PLAIN, [email protected]
Sep 30 16:11:58 myserverpostfix/smtpd[18348]: E0F7FBE0A3A: client=unknown[187.213.216.53], sasl_method=PLAIN, [email protected]
etc etc (various IP addresses)
[email protected] is a genuine user on the server, however, I have reset the password on the account (but not told anyone) and the logins still appear. This is doing my nut
Whats the difference between sasl_method=PLAIN and sasl_method=LOGIN, as I can see the LOGIN method for most genuine emails passing though the logs.
Mick
