Quoting Jaromil (jaromil@???):
> On the 16 of September, after a long term bruteforcing attack operated
> from a botnet of almost 2k notes against our imaps accounts, someone
> got hold of the weak password of a community domain we host and used
> it during the weekend between the 20 and the 23 September to send a
> considerable amount of spam from our mail server.
[...]
> A full dossier on the accident has been made available to our uplink
> as well to SORBS and other spam blocklist operators requesting it.
Jaromil:
Sorry to hear about the breach, and my thanks to the responsible
Dyne.org parties for the quick and effective remedial action. Bravo.
A resource that I think the admins will find very handy (but please note
tips that follow):
http://multirbl.valli.org/
Specifically, I recommend picking 'DNSBL lookups' (non-default) from the
left-side 'Test' picklist, typing in one's SMTP smarthost IP address
into the 'IPv4/IPv6 address or domainname' fill-in field, and hitting
the Send button. Important notes about the results:
1. About one run out of two, you will see a massive sea of red results.
Don't panic. This does _not_ mean that hundreds of DNS blocklists have
red-flagged your IP; it means that the multirbl.valli.org CGI has
mostly failed to connect to the remote DNSBLs it's intended to query.
Hit the Send button to try again.
2. At any given time, even on a generally successful test run, it is
normal for there to be about 8-10 red ('Failed') results, i.e., the
query _to_ the DNSBL failed. Don't worry about red. Worry about any
black or brown or yellow results. _Those_ are substantive claims about
your IP.
For any such interesting result, you can and should then see the details
link to find out more.
https://www.dnsbl.info/ is a similar multi-DNSBL checker site, but one
I haven't used in a long time.
--
Cheers, "I am a member of a civilization (IAAMOAC). Step back
Rick Moen from anger. Study how awful our ancestors had it, yet
rick@??? they struggled to get you here. Repay them by appreciating
McQ! (4x80) the civilization you inherited." -- David Brin