[MASOCH-L] Webmail x Spammers

Marcelo da Silva marcelo at mginformatica.com
Mon Apr 4 11:49:08 -03 2011 

 Ola pessoal...

 Volta e meia, tentam ultilizar meu servidor para fazer spam..
 isso acontece da seguinte forma: sisteme de webmail é usado para fazer 
 o spam..

 o script/spammer conecta no webmail, usando usuario e senha valido e a 
 partir daí comeca...

 to usando squirrelmaill, mas acontece tambem com roundcube.. intaum num 
 é uma falha de webmail..

 isso é o que tem no webmail..

 115.132.104.87 - - [04/Apr/2011:06:38:52 -0300] "GET 
 /src/right_main.php?mailbox=INBOX&sort=2&startMessage=1 HTTP/1.1" 200 
 66345 
 "http://mail.dominio.com.br/src/compose.php?mailbox=INBOX&startMessage=1" 
 "Opera/9.80 (Windows NT 6.1; U; en) Presto/2.7.62 Version/11.01"
 115.132.104.87 - - [04/Apr/2011:06:38:58 -0300] "POST /src/compose.php 
 HTTP/1.1" 302 - 
 "http://mail.dominio.com.br/src/compose.php?mailbox=INBOX&startMessage=1" 
 "Opera/9.80 (Windows NT 6.1; U; en) Presto/2.7.62 Version/11.01"
 115.132.104.87 - - [04/Apr/2011:06:39:01 -0300] "GET 
 /src/right_main.php?mailbox=INBOX&sort=2&startMessage=1 HTTP/1.1" 200 
 66345 
 "http://mail.dominio.com.br/src/compose.php?mailbox=INBOX&startMessage=1" 
 "Opera/9.80 (Windows NT 6.1; U; en) Presto/2.7.62 Version/11.01"
 115.132.104.87 - - [04/Apr/2011:06:39:05 -0300] "POST /src/compose.php 
 HTTP/1.1" 302 - 
 "http://mail.dominio.com.br/src/compose.php?mailbox=INBOX&startMessage=1" 
 "Opera/9.80 (Windows NT 6.1; U; en) Presto/2.7.62 Version/11.01"
 115.132.104.87 - - [04/Apr/2011:06:39:14 -0300] "POST /src/compose.php 
 HTTP/1.1" 302 - 
 "http://mail.dominio.com.br/src/compose.php?mailbox=INBOX&startMessage=1" 
 "Opera/9.80 (Windows NT 6.1; U; en) Presto/2.7.62 Version/11.01"
 115.132.104.87 - - [04/Apr/2011:06:39:18 -0300] "GET 
 /src/right_main.php?mailbox=INBOX&sort=2&startMessage=1 HTTP/1.1" 200 
 66345 
 "http://mail.dominio.com.br/src/compose.php?mailbox=INBOX&startMessage=1" 
 "Opera/9.80 (Windows NT 6.1; U; en) Presto/2.7.62 Version/11.01"



 isso é o que aparece no meu log, no servidor de email.

 @400000004d998f211b2e177c CHKUSER relaying rcpt: from 
 <info at yahoo.com:usuario at dominio.com.br:> remote 
 <mail.dominio.com.br:unknown:127.0.0.1> rcpt 
 <tabatha.denney at hotmail.com> : client allowed to relay
 @400000004d998f211b2f30bc CHKUSER relaying rcpt: from 
 <info at yahoo.com:usuario at dominio.com.br:> remote 
 <mail.dominio.com.br:unknown:127.0.0.1> rcpt <tabathahi at hotmail.com    > 
 : client allowed to relay
 @400000004d998f211b30599c CHKUSER relaying rcpt: from 
 <info at yahoo.com:usuario at dominio.com.br:> remote 
 <mail.dominio.com.br:unknown:127.0.0.1> rcpt <tabathaparks at hotmail.com> 
 : client allowed to relay
 @400000004d998f211b31f7ac CHKUSER relaying rcpt: from 
 <info at yahoo.com:usuario at dominio.com.br:> remote 
 <mail.dominio.com.br:unknown:127.0.0.1> rcpt 
 <tabathawalters23 at hotmail.com> : client allowed to relay
 @400000004d998f211b338dec CHKUSER relaying rcpt: from 
 <info at yahoo.com:usuario at dominio.com.br:> remote 
 <mail.dominio.com.br:unknown:127.0.0.1> rcpt <tabbicat101 at hotmail.com> : 
 client allowed to relay

 algumas vezes aonteceu com usuarios que tinha senha muito  fraquinha, 
 senhas obvias, estes eu resolvi..
 agora aconteceu com um usuario que tem a senha mais complexa..

 Alguem tem uma ideia de como ajudar a minimizar ou acabar com este 
 problema..
 Abracosss a  todos..

More information about the masoch-l mailing list