Current time: 10-24-2025, 04:47 PM Hello There, Guest! (LoginRegister)


Post Reply 
How to disable a user account that is spamming big time
Author Message
Tzvook Offline
Newbie
*

Posts: 7
Joined: Nov 2007
Reputation: 0
Post: #1
How to disable a user account that is spamming big time
Hello All
One account on my server is spamming (right as we speak) ... it may be an issue with his website, though I seem to got over that, spamming continues (10,000 mails @ 2 hours or so).
it is being sent as a user mail something like vu2038@my-main-domain.com (not the username@his-domain.com ) ?
I know there is a command-line for disabling this account from sending mail, but don't know ecsactly how to ...
Help is badly needed here ...
11-21-2007 08:01 PM
Find all posts by this user Quote this message in a reply
rbtux Offline
Moderator
*****
Moderators

Posts: 1,847
Joined: Feb 2007
Reputation: 33
Post: #2
RE: How to disable a user account that is spamming big time
1.
create a file:
/etc/postfix/spamblock.hash with following content:
vu2038@my-main-domain.com REJECT

2.
postmap /etc/postfix/spamblock.hash

3.
and insert the following in the smtpd_recipient_restrictions (of /etc/postfix/main.cf) as first entry:
check_recipient_access hash:/etc/postfix/spamblock.hash,

4.
postfix reload

5.
check logs...
(This post was last modified: 11-21-2007 08:05 PM by rbtux.)
11-21-2007 08:05 PM
Visit this user's website Find all posts by this user Quote this message in a reply
Tzvook Offline
Newbie
*

Posts: 7
Joined: Nov 2007
Reputation: 0
Post: #3
RE: How to disable a user account that is spamming big time
10x rbtux
I did what you wrote, since I still get the rejected mails, it's kinda hard to see if it helped, hope it does: you made my day: I had no clue what to do :-)

I'll be back to report in case somebody else will face that.
Again, thank you for the prompt reply.

Tzvook
11-21-2007 08:25 PM
Find all posts by this user Quote this message in a reply
rbtux Offline
Moderator
*****
Moderators

Posts: 1,847
Joined: Feb 2007
Reputation: 33
Post: #4
RE: How to disable a user account that is spamming big time
don't forget the reputation ;-)
11-21-2007 08:29 PM
Visit this user's website Find all posts by this user Quote this message in a reply
rbtux Offline
Moderator
*****
Moderators

Posts: 1,847
Joined: Feb 2007
Reputation: 33
Post: #5
RE: How to disable a user account that is spamming big time
you should search the source of the mails... maybe cronjob or website script gone mad...
11-21-2007 08:31 PM
Visit this user's website Find all posts by this user Quote this message in a reply
Tzvook Offline
Newbie
*

Posts: 7
Joined: Nov 2007
Reputation: 0
Post: #6
RE: How to disable a user account that is spamming big time
Yep, no more spam !!
11-21-2007 09:40 PM
Find all posts by this user Quote this message in a reply
pgentoo Offline
Member
*****
Dev Team

Posts: 326
Joined: Mar 2007
Reputation: 0
Post: #7
RE: How to disable a user account that is spamming big time
If it is coming from the vuXXXX account, it is likely that the website has some mailform exploit or something that is being exploited. I've had this happen on several sites in the past. At least since its running as the user, you have it narrowed down to what site is making the calls. Thats a lot better than where i have been stuck in the past, with apache sending out mails as itself. Sad

If they do have a mailform on their site, just a reminder that all the legitimate email that would have been sent from that (customers, etc) will now be dropped! You need to get to the real issue of what is being exploited.

-
Jesse
11-22-2007 03:45 AM
Find all posts by this user Quote this message in a reply
Tzvook Offline
Newbie
*

Posts: 7
Joined: Nov 2007
Reputation: 0
Post: #8
RE: How to disable a user account that is spamming big time
pasichnyk Wrote:If it is coming from the vuXXXX account, it is likely that the website has some mailform exploit or something that is being exploited. I've had this happen on several sites in the past. At least since its running as the user, you have it narrowed down to what site is making the calls. Thats a lot better than where i have been stuck in the past, with apache sending out mails as itself. Sad

If they do have a mailform on their site, just a reminder that all the legitimate email that would have been sent from that (customers, etc) will now be dropped! You need to get to the real issue of what is being exploited.

-
Jesse

10X for reply

I looked at their mailforms (they have 3 of them) and it wasn't checking http referer, so I added it to the forms processors.

The issue now is that my spool is full of junk and server is getting chunk.
Is there any way to empty the spool safely ?
I can simply delete, but I don't want to damage the server/postfix Rolleyes
11-29-2007 08:08 PM
Find all posts by this user Quote this message in a reply
BeNe Offline
Moderator
*****
Moderators

Posts: 5,899
Joined: Jan 2007
Reputation: 68
Post: #9
RE: How to disable a user account that is spamming big time
Code:
postsuper -d ALL

For more info
Code:
man postsuper

Greez BeNe
11-29-2007 08:10 PM
Visit this user's website Find all posts by this user Quote this message in a reply
Tzvook Offline
Newbie
*

Posts: 7
Joined: Nov 2007
Reputation: 0
Post: #10
RE: How to disable a user account that is spamming big time
BeNe Wrote:
Code:
postsuper -d ALL

For more info
Code:
man postsuper

Greez BeNe

10X BeNe
It did the Job :-)
Hope it solved all the problems
11-29-2007 08:50 PM
Find all posts by this user Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)