Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » attack external
  •  
wrobys

Messages: 5

Karma: 0
Send a private message to this user
I have external attacks to the server ejem

Attempt to deliver to unknown recipient <ctms<_a.t_>mi.dominio.com>, from <>, IP address 63.236.240.134


sometimes repels the attack but sometimes the server starts to send several messages without there being the mailbox

  • Attachment: ataack.JPG
    (Size: 111.33KB, Downloaded 423 times)

[Updated on: Wed, 02 July 2008 18:08]

  •  
wrobys

Messages: 5

Karma: 0
Send a private message to this user
I relay closed and the configuration of the addresses private autenficicaion
  •  
wrobys

Messages: 5

Karma: 0
Send a private message to this user
  •  
My IT Indy

Messages: 1262
Karma: 40
Send a private message to this user
Why not have the firewall ban that IP address?

-
My IT Indy
Kerio Certified Reseller and Hosted Provider
http://www.myitindy.com
  •  
rigo

Messages: 123
Karma: -3
Send a private message to this user
there is no reference on that log image about IP address 63.236.240.134

there will be emails coming to email accounts that are NOT there and kms will NOT deliver them--they are just trying to find a good one.

on the other hand if email from accounts NOT crated are being collected by an active email box account, then you probably have CATCH ALL being funneled there--check your filters, just make sure you do not have a "nobody" alias
  •  
freakinvibe

Messages: 1542
Karma: 62
Send a private message to this user
If I look at your log file, I don't see a problem.

In line 2, a relay attempt from an internal IP address is blocked. Then you have two failed POP3 logins from an internal IP address in line 3+4. The last 3 lines show blocked IP addresses by blacklists.

This seems all pretty normal to me, no attack.

To be sure, an attacker doesn't try to guess your "good" addresses, I would switch "Detect directory harvest attack" on.

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
wrobys

Messages: 5

Karma: 0
Send a private message to this user

what happens sighuoiente shown in the picture, I almost always the same thing happens to be this:

  •  
wrobys

Messages: 5

Karma: 0
Send a private message to this user

I also happens that this is the detail of the foregoing, the last lines are those that affect me,
but these addresses do not exist in my server

[Updated on: Fri, 04 July 2008 01:30]

  •  
freakinvibe

Messages: 1542
Karma: 62
Send a private message to this user
It looks like someone from inside your network with IP address

192.168.5.3

is spamming mails to the outside. The computer with this IP address is probably infected with malware. You have to clean this machine and then clear the KMS queue.

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
Previous Topic: Nokia E61, Activesync, MailForExchange, RoadSync and Sent Items
Next Topic: Primary Email Address needs to change
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Oct 23 06:24:48 CEST 2017

Total time taken to generate the page: 0.00496 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.