Emails Blocked

3 posts / 0 new
Last post
#1 Tue, 06/24/2014 - 14:12
JamesSimpson

Emails Blocked

Hi All,

Just had a major spam attack on the server, I am trying to find out the cause of what happened, but I can see the email address they have come from and disabled that.

Thing is now, that the server is now blocked on my main IP address, but we have 10 IP's, and clients aren't happy they cannot email to hotmail, yahoo, outlook, btinternet....

Is there a way I can change the IP address postfix uses so they can get back to sending out emails, as I would have to email all the IPS's to get the IP address un-blocked, which could take days.

Thanks

James

Tue, 06/24/2014 - 15:28
andreychek

Howdy,

If you have an alternate IP address on your server you want emails to go out on, you can configure Postfix to use that by editing /etc/postfix/main.cf, and set:

smtp_bind_address = x.x.x.x

Where "x.x.x.x" is your desired outgoing IP address.

Then restart Postfix.

Note though that if the problem isn't fully corrected, that other IP address will end up on a blocked list as well :-)

-Eric

Tue, 06/24/2014 - 15:39
JamesSimpson

I think I have resolved the issue of the spammer, some how managed to get a user password, but I have updated the password, flushed the Postfix Mail Queue.

Got the Users IP address (some server in Poland) and blocked that in CFS.

At first I thought it may have been a phpmailer issue, but looking deeper it looks as if this was the start of it:

Jun 20 18:46:19 ewd01 postfix/smtpd[30927]: connect from gku39.internetdsl.tpnet.pl[83.3.20.39]
Jun 20 18:46:20 ewd01 postfix/smtpd[30927]: CDE83CA0E1: client=gku39.internetdsl.tpnet.pl[83.3.20.39], sasl_method=LOGIN, sasl_username=info@espressowebdesign.co.uk
Jun 20 18:46:21 ewd01 postfix/smtpd[30927]: DD6D0CA0EA: client=gku39.internetdsl.tpnet.pl[83.3.20.39], sasl_method=LOGIN, sasl_username=info@espressowebdesign.co.uk
Jun 20 18:46:23 ewd01 postfix/smtpd[30927]: 09BFECA0E5: client=gku39.internetdsl.tpnet.pl[83.3.20.39], sasl_method=LOGIN, sasl_username=info@espressowebdesign.co.uk
Jun 20 18:46:24 ewd01 postfix/smtpd[30927]: 14404CA0E7: client=gku39.internetdsl.tpnet.pl[83.3.20.39], sasl_method=LOGIN, sasl_username=info@espressowebdesign.co.uk
Jun 20 18:46:25 ewd01 postfix/smtpd[30927]: 21112CA0E8: client=gku39.internetdsl.tpnet.pl[83.3.20.39], sasl_method=LOGIN, sasl_username=info@espressowebdesign.co.uk
Jun 20 18:46:26 ewd01 postfix/smtpd[30927]: 2DAE1CA0E1: client=gku39.internetdsl.tpnet.pl[83.3.20.39], sasl_method=LOGIN, sasl_username=info@espressowebdesign.co.uk
Jun 20 18:46:27 ewd01 postfix/smtpd[30927]: 3B0F2CA0F2: client=gku39.internetdsl.tpnet.pl[83.3.20.39], sasl_method=LOGIN, sasl_username=info@espressowebdesign.co.uk
Jun 20 18:46:28 ewd01 postfix/smtpd[30927]: 5397DCA0F1: client=gku39.internetdsl.tpnet.pl[83.3.20.39], sasl_method=LOGIN, sasl_username=info@espressowebdesign.co.uk
Jun 20 18:46:29 ewd01 postfix/smtpd[30927]: 5CBA6CA0F4: client=gku39.internetdsl.tpnet.pl[83.3.20.39], sasl_method=LOGIN, sasl_username=info@espressowebdesign.co.uk
Jun 20 18:46:30 ewd01 postfix/smtpd[30927]: 68209CA0E5: client=gku39.internetdsl.tpnet.pl[83.3.20.39], sasl_method=LOGIN, sasl_username=info@espressowebdesign.co.uk
Jun 20 18:46:31 ewd01 postfix/smtpd[30927]: 80BF5CA0F6: client=gku39.internetdsl.tpnet.pl[83.3.20.39], sasl_method=LOGIN, sasl_username=info@espressowebdesign.co.uk
Jun 20 18:46:32 ewd01 postfix/smtpd[30927]: 960E0CA0F8: client=gku39.internetdsl.tpnet.pl[83.3.20.39], sasl_method=LOGIN, sasl_username=info@espressowebdesign.co.uk
Jun 20 18:46:33 ewd01 postfix/smtpd[30927]: AD4ABCA0E7: client=gku39.internetdsl.tpnet.pl[83.3.20.39], sasl_method=LOGIN, sasl_username=info@espressowebdesign.co.uk
Jun 20 18:46:34 ewd01 postfix/smtpd[30927]: D4727CA0EF: client=gku39.internetdsl.tpnet.pl[83.3.20.39], sasl_method=LOGIN, sasl_username=info@espressowebdesign.co.uk
Topic locked