[afnog] HOW can I stop outgoing spam
Frank Habicht
geier at geier.ne.tz
Wed Sep 28 05:17:44 UTC 2011
Hi,
On 9/27/2011 3:28 PM, Stephane Bortzmeyer wrote:
> On Tue, Sep 27, 2011 at 03:16:39PM +0300,
>> Received: from 82.128.14.236 ([82.128.14.236])
>
> That's the important info which was *not* in your logs (fix your logs
> urgently: you cannot manage a system which does not log the IP
> addresses of the clients). Is 82.128.14.236 one of your legitimate
> users? Afrinic's database tells us it is Multilinks
> Telecommunications, in Nigeria, at the other end of Africa. Do you
> know them?
I know them for spamming.
Including authenticating as real users (with weak passwords) before
sending spam on remote (from them) servers.
> Anyway, you now know the origin of the spam: talk to them, fire them,
> block them in the firewall, lecture them, etc, depending on your
> relationship with them.
if the spammers authenticated as real users on your server
(who has user ID 539 ???),
then change passwords and try to enforce password strength.
Greetings,
Frank
More information about the afnog
mailing list