Hiya all,
I'm running Wheezy and use log-watch. Every morning I receive the log-watch report and see over 10,000 domain not found errors. I can't seem to find what IP is trying to send these emails.
I've done a search in /var/log/mail.log for them and only find old entries dated form 2 March. Nothing new. Is there anywhere else I can check who is trying to send these emails?
Recipient address rejected: Domain not found (total: 11930)
596 benimar@benimar.biz
596 info@carabaza.com
596 emiliobolado@emiliobolado.com
596 faeb@faebsl.com
596 fundacion@fundacionnaturalezayhombre.com
596 info@hotelesflorbelt.com
596 abuela@laabuelaamelia.com
596 info@noriegaehijos.com
596 info@perdigonbus.com
596 info@vallehogar.com
596 dosmundos@vetconsulta.com
596 aranoa@et.es
596 info@labusta.es
596 arruza@mundovia.es
596 info@promocionesrebijones.es
596 info@tc-m.es
596 consultas@isabelhotel.html
595 jyp@inmobiliaria.jyp.com
595 llatac@besaya.unican.es
594 miguel@ejecant.com
1 tsoneira@antimelogistica.com
1 angel@asrepresentaciones.com
1 Fernando.delaiglesia@es.dsu.com
1 koldo@erandiobidaia.com
1 argade@lelepolis.com
1 victoreig@mosquitoenalasca.com
1 eperez@salesianusdusto.com
1 munoza@anakis.es
1 elenambe@educastur.puincast.es
1 anaisabel-quintanilla@ups.es
1 aitor.zorriketa@bizcaia.eu
1 aespada@euskaltel.net
1 keluis@euskaltel.net
1 unaxa@euskaltel.net
Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
Blocking IPS
-
dilberts_left_nut
- Administrator
- Posts: 5346
- Joined: 2009-10-05 07:54
- Location: enzed
- Has thanked: 13 times
- Been thanked: 66 times
Re: Blocking IPS
So, you are running a mail server?
AdrianTM wrote:There's no hacker in my grandma...
Re: Blocking IPS
Yes, I use I-MSCP virtual hosting for a few clients. The last log entry for these addresses where from one client. I've checked and there are no more after 2 march but log-watch show there are.
-
dilberts_left_nut
- Administrator
- Posts: 5346
- Joined: 2009-10-05 07:54
- Location: enzed
- Has thanked: 13 times
- Been thanked: 66 times
Re: Blocking IPS
So are these incoming or outgoing?
AdrianTM wrote:There's no hacker in my grandma...
Re: Blocking IPS
From where the mail.log stops they are outgoing from one of my clientes but as I said the strange thing is the last entry is 2 March and log-watch show last night.
From what I understand is log-watch gather all the info from the logs in /var/log right?
I wanted to check if this client is still sending these emails as I've helped him scan and clean his PC for virus.
Thanks,
From what I understand is log-watch gather all the info from the logs in /var/log right?
I wanted to check if this client is still sending these emails as I've helped him scan and clean his PC for virus.
Thanks,
-
dilberts_left_nut
- Administrator
- Posts: 5346
- Joined: 2009-10-05 07:54
- Location: enzed
- Has thanked: 13 times
- Been thanked: 66 times
Re: Blocking IPS
Well that, along with the period covered, depends on your logwatch configuration.robbo007 wrote:From where the mail.log stops they are outgoing from one of my clientes but as I said the strange thing is the last entry is 2 March and log-watch show last night.
From what I understand is log-watch gather all the info from the logs in /var/log right?
As with your posts last year, you supply very limited snippets of evidence and much misguided conjecture.I wanted to check if this client is still sending these emails as I've helped him scan and clean his PC for virus.
Thanks,
Your mail logs tell you everything you need to know - read them.
AdrianTM wrote:There's no hacker in my grandma...