Blocking IPS

Here you can discuss every aspect of Debian. Note: not for support requests!

Blocking IPS

Postby robbo007 » 2016-03-14 07:43

Hiya all,
I'm running Wheezy and use log-watch. Every morning I receive the log-watch report and see over 10,000 domain not found errors. I can't seem to find what IP is trying to send these emails.

I've done a search in /var/log/mail.log for them and only find old entries dated form 2 March. Nothing new. Is there anywhere else I can check who is trying to send these emails?

Recipient address rejected: Domain not found (total: 11930)
596 benimar@benimar.biz
596 info@carabaza.com
596 emiliobolado@emiliobolado.com
596 faeb@faebsl.com
596 fundacion@fundacionnaturalezayhombre.com
596 info@hotelesflorbelt.com
596 abuela@laabuelaamelia.com
596 info@noriegaehijos.com
596 info@perdigonbus.com
596 info@vallehogar.com
596 dosmundos@vetconsulta.com
596 aranoa@et.es
596 info@labusta.es
596 arruza@mundovia.es
596 info@promocionesrebijones.es
596 info@tc-m.es
596 consultas@isabelhotel.html
595 jyp@inmobiliaria.jyp.com
595 llatac@besaya.unican.es
594 miguel@ejecant.com
1 tsoneira@antimelogistica.com
1 angel@asrepresentaciones.com
1 Fernando.delaiglesia@es.dsu.com
1 koldo@erandiobidaia.com
1 argade@lelepolis.com
1 victoreig@mosquitoenalasca.com
1 eperez@salesianusdusto.com
1 munoza@anakis.es
1 elenambe@educastur.puincast.es
1 anaisabel-quintanilla@ups.es
1 aitor.zorriketa@bizcaia.eu
1 aespada@euskaltel.net
1 keluis@euskaltel.net
1 unaxa@euskaltel.net
User avatar
robbo007
 
Posts: 92
Joined: 2009-05-18 11:24
Location: Spain

Re: Blocking IPS

Postby dilberts_left_nut » 2016-03-14 08:16

So, you are running a mail server?
AdrianTM wrote:There's no hacker in my grandma...
User avatar
dilberts_left_nut
 
Posts: 5077
Joined: 2009-10-05 07:54
Location: enzed

Re: Blocking IPS

Postby robbo007 » 2016-03-14 08:21

Yes, I use I-MSCP virtual hosting for a few clients. The last log entry for these addresses where from one client. I've checked and there are no more after 2 march but log-watch show there are.
User avatar
robbo007
 
Posts: 92
Joined: 2009-05-18 11:24
Location: Spain

Re: Blocking IPS

Postby dilberts_left_nut » 2016-03-14 08:38

So are these incoming or outgoing?
AdrianTM wrote:There's no hacker in my grandma...
User avatar
dilberts_left_nut
 
Posts: 5077
Joined: 2009-10-05 07:54
Location: enzed

Re: Blocking IPS

Postby robbo007 » 2016-03-14 08:44

From where the mail.log stops they are outgoing from one of my clientes but as I said the strange thing is the last entry is 2 March and log-watch show last night.

From what I understand is log-watch gather all the info from the logs in /var/log right?

I wanted to check if this client is still sending these emails as I've helped him scan and clean his PC for virus.

Thanks,
User avatar
robbo007
 
Posts: 92
Joined: 2009-05-18 11:24
Location: Spain

Re: Blocking IPS

Postby dilberts_left_nut » 2016-03-14 08:57

robbo007 wrote:From where the mail.log stops they are outgoing from one of my clientes but as I said the strange thing is the last entry is 2 March and log-watch show last night.

From what I understand is log-watch gather all the info from the logs in /var/log right?
Well that, along with the period covered, depends on your logwatch configuration.
I wanted to check if this client is still sending these emails as I've helped him scan and clean his PC for virus.

Thanks,


As with your posts last year, you supply very limited snippets of evidence and much misguided conjecture.
Your mail logs tell you everything you need to know - read them.
AdrianTM wrote:There's no hacker in my grandma...
User avatar
dilberts_left_nut
 
Posts: 5077
Joined: 2009-10-05 07:54
Location: enzed


Return to General Discussion

Who is online

Users browsing this forum: No registered users and 7 guests

fashionable