Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Last month's repeatedly SMTP spam attacks
  •  
Wilco

Messages: 73
Karma: -1
Send a private message to this user
I have since several month's every 6 minute a SMTP Spam attack from the same IP address.
Quote:
[17/Sep/2017 00:25:55] SMTP Spam attack detected from 89.215.179.99, client closed connection before SMTP greeting
[17/Sep/2017 00:32:08] SMTP Spam attack detected from 89.215.179.99, client closed connection before SMTP greeting
[17/Sep/2017 00:38:21] SMTP Spam attack detected from 89.215.179.99, client closed connection before SMTP greeting
[17/Sep/2017 00:44:34] SMTP Spam attack detected from 89.215.179.99, client closed connection before SMTP greeting
[17/Sep/2017 00:50:46] SMTP Spam attack detected from 89.215.179.99, client closed connection before SMTP greeting
[17/Sep/2017 00:56:58] SMTP Spam attack detected from 89.215.179.99, client closed connection before SMTP greeting
[17/Sep/2017 01:03:16] SMTP Spam attack detected from 89.215.179.99, client closed connection before SMTP greeting
[17/Sep/2017 01:09:31] SMTP Spam attack detected from 89.215.179.99, client closed connection before SMTP greeting


I have send a email to the abuse mailaddres from the provider of this IP address. But got a reject
Quote:
abuse<_at_>ekk.bg op 15-9-2017 08:14
smtp.ekk.bg: Cannot connect to host

abuse<_at_>interbgc.com op 15-9-2017 08:14
mail.interbgc.com: 450 4.1.1 <abuse<_at_>interbgc.com>: Recipient address rejected: User unknown in virtual mailbox table

What more can I do to shut down that IP address?
Any help is appreciated.

Wilco

Kerio Connect 9.2.3 on Windows Server 2012 R2 (dutch)
  •  
Hartz

Messages: 10
Karma: 0
Send a private message to this user
Block the IP or subnet at your firewall. Ideally your firewall will have the ability to detect and mitigate these kinds of attacks automatically.
  •  
Wilco

Messages: 73
Karma: -1
Send a private message to this user
Thanks.
Stupid that I didn't thought of this before. Sad

Kerio Connect 9.2.3 on Windows Server 2012 R2 (dutch)
  •  
clan

Messages: 236
Karma: 22
Send a private message to this user
nslookup 89.215.179.99 returns a name containing ddns, so it seems to be dynamic ip address, which should be blocked for incoming connections on port 25 anyway. On another mail server I use the spamhaus pbl and fail2ban to block them. I am not sure if Kerio can do this.

Are you sure you used the corrct abuse address? whois with the IP address returns

Abuse contact for '89.215.176.0 - 89.215.183.0' is 'RIPE.Abuse<_at_>mobiltel.bg'

ekk.bg seems to be registered by someone at mobiltel.bg, so this may be a better address, especially as smtp.ekk.bg is not reachable

Previous Topic: Integration link
Next Topic: Shared Contacts not showing in Apple Contacts
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Oct 22 11:57:48 CEST 2017

Total time taken to generate the page: 0.00410 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.