Page 1 of 1

Blocking IPS

PostPosted: 2016-03-14 07:43
by robbo007
Hiya all,
I'm running Wheezy and use log-watch. Every morning I receive the log-watch report and see over 10,000 domain not found errors. I can't seem to find what IP is trying to send these emails.

I've done a search in /var/log/mail.log for them and only find old entries dated form 2 March. Nothing new. Is there anywhere else I can check who is trying to send these emails?

Recipient address rejected: Domain not found (total: 11930)
596 benimar@benimar.biz
596 info@carabaza.com
596 emiliobolado@emiliobolado.com
596 faeb@faebsl.com
596 fundacion@fundacionnaturalezayhombre.com
596 info@hotelesflorbelt.com
596 abuela@laabuelaamelia.com
596 info@noriegaehijos.com
596 info@perdigonbus.com
596 info@vallehogar.com
596 dosmundos@vetconsulta.com
596 aranoa@et.es
596 info@labusta.es
596 arruza@mundovia.es
596 info@promocionesrebijones.es
596 info@tc-m.es
596 consultas@isabelhotel.html
595 jyp@inmobiliaria.jyp.com
595 llatac@besaya.unican.es
594 miguel@ejecant.com
1 tsoneira@antimelogistica.com
1 angel@asrepresentaciones.com
1 Fernando.delaiglesia@es.dsu.com
1 koldo@erandiobidaia.com
1 argade@lelepolis.com
1 victoreig@mosquitoenalasca.com
1 eperez@salesianusdusto.com
1 munoza@anakis.es
1 elenambe@educastur.puincast.es
1 anaisabel-quintanilla@ups.es
1 aitor.zorriketa@bizcaia.eu
1 aespada@euskaltel.net
1 keluis@euskaltel.net
1 unaxa@euskaltel.net

Re: Blocking IPS

PostPosted: 2016-03-14 08:16
by dilberts_left_nut
So, you are running a mail server?

Re: Blocking IPS

PostPosted: 2016-03-14 08:21
by robbo007
Yes, I use I-MSCP virtual hosting for a few clients. The last log entry for these addresses where from one client. I've checked and there are no more after 2 march but log-watch show there are.

Re: Blocking IPS

PostPosted: 2016-03-14 08:38
by dilberts_left_nut
So are these incoming or outgoing?

Re: Blocking IPS

PostPosted: 2016-03-14 08:44
by robbo007
From where the mail.log stops they are outgoing from one of my clientes but as I said the strange thing is the last entry is 2 March and log-watch show last night.

From what I understand is log-watch gather all the info from the logs in /var/log right?

I wanted to check if this client is still sending these emails as I've helped him scan and clean his PC for virus.

Thanks,

Re: Blocking IPS

PostPosted: 2016-03-14 08:57
by dilberts_left_nut
robbo007 wrote:From where the mail.log stops they are outgoing from one of my clientes but as I said the strange thing is the last entry is 2 March and log-watch show last night.

From what I understand is log-watch gather all the info from the logs in /var/log right?
Well that, along with the period covered, depends on your logwatch configuration.
I wanted to check if this client is still sending these emails as I've helped him scan and clean his PC for virus.

Thanks,


As with your posts last year, you supply very limited snippets of evidence and much misguided conjecture.
Your mail logs tell you everything you need to know - read them.