Receiving spam from myself
hi friends,
me and my customers are receiving spam from our accounts ....
example: if my email account is webmaster@abc.com .... i receive a lot of spam from webmaster@abc.com and others @abc.com accounts.
i have instaled on the server the ConfigServer Security & Firewall - csf v4.29 ... but i really don't know what additional action I must to do.
i will apreciate any step by step help
thx a lot
J
What version of cPanel are you on?
Fav cPlinks this week: Blog - cPanel & WHM 11.32 we love it! | cPanel University study for it! | Attracta is coming! we want this!
cPanel 11.24.4-R32470 - WHM 11.24.2 - X 3.9
CENTOS 4.7 i686 on standard
thx
Is your email server set to authenticate before SMTP? If not you may have an open relay, check your mailserver at http://www.mxtoolbox.com/
Other than that someone might have hijacked your email address, look at your headers and see where they are coming from. SPF records does help this somewhat.
Sorry but i don't know how verify if the server set to authenticate before SMTP......
one aditional note is some client's ISP must use the smtp ISP's configuration .... if you try to use the smtp configuration of my server (mail.MYDOMAIN.COM) the email can't be sent.
ok i made a SMTP diagnostics and return this (from : mxtoolbox.com)
Banner: -matrix.MYDOMAINh1.com ESMTP Exim 4.69 #1 Fri, 19 Dec 2008 09:39:54 -0430 [2266 ms]
Connect Time: 0.047 seconds - Good
Transaction Time: 2.531 seconds - Good
Relay Check: WARNING! Your server could be an open relay.
Rev DNS Check: OK - NN.NNN.NNN.NNN resolves to MYISP.com
GeoCode Info: Geocoding server is unavailable
Session Transcript: HELO please-read-policy.mxtoolbox.com
220-We do not authorize the use of this system to transport unsolicited, [0 ms]
MAIL FROM: <test@mxtoolbox.com>
220 and/or bulk e-mail. [0 ms]
RCPT TO: <test@mxtoolbox.com>
250 matrix.MYDOMAINh1.com Hello mxtb-pws1.mxtoolbox.com [64.20.227.131] [47 ms]
QUIT
250 OK [172 ms]
..... aditional.... THIS IS AN EXAMPLE OF HEADERS (the email was send from webmaster@MYDOMAIN.net to webmaster@MYDOMAIN.net........ additional webmaster@MYDOMAIN.net is a frowarder to webmaster@MYDOMAIN.com)
Microsoft Mail Internet Headers Version 2.0
Received: from mail pickup service by MYDOMAIN.com with Microsoft SMTPSVC; Fri, 19 Dec 2008 03:01:05 -0430
thread-index: Aclhq8B4hzbjTnodTkGSV9O6vNAu/g==
Return-Path: <webmaster@MYDOMAIN.net>
Cc:
Bcc:
Envelope-to: webmaster@MYDOMAIN.com
Delivery-date: Thu, 18 Dec 2008 23:15:54 -0800
Date: Fri, 19 Dec 2008 03:01:05 -0430
To: <webmaster@MYDOMAIN.net>
Subject: Re: Order status
From: <webmaster@MYDOMAIN.net>
MIME-Version: 1.0
Message-ID: <D85B730C837A4264A4BCDA51C8974618@MYDOMAIN.local>
Importance: High
Content-Transfer-Encoding: 7bit
Content-Type: text/html;
charset="iso-8859-1"
X-Interideas-MailScanner-Information: Please contact the ISP for more information
X-Interideas-MailScanner-ID: 1LDZaK-0004oD-DN
X-Interideas-MailScanner: Found to be clean
X-Mailer: Microsoft CDO for Exchange 2000
X-Interideas-MailScanner-SpamCheck: not spam (whitelisted),SpamAssassin (not cached, score=46.73, required 5, autolearn=spam,BAYES_99 5.00, DCC_CHECK 2.17, HTML_IMAGE_ONLY_04 2.04,HTML_MESSAGE 0.00, HTML_SHORT_LINK_IMG_1 0.00, MIME_HTML_ONLY 1.46,MISSING_DATE 0.00, MISSING_MID 0.00, RCVD_IN_BL_SPAMCOP_NET 1.96,RCVD_IN_SORBS_WEB 0.62, RCVD_IN_XBL 3.03, SARE_HTML_A_BODY 0.74,SARE_HTML_IMG_ONLY 1.67, URIBL_AB_SURBL 5.00, URIBL_BLACK 1.96,URIBL_JP_SURBL 5.00, URIBL_OB_SURBL 5.00, URIBL_RHS_DOB 1.08,URIBL_SBL 5.00, URIBL_WS_SURBL 5.00)
X-Interideas-MailScanner-From: webmaster@MYDOMAIN.net
X-Spam-Status: No
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - matrix.MYDOMAINh1.com
X-AntiAbuse: Original Domain - MYDOMAIN.net
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
Content-Class: urn:content-classes:message
Priority: normal
X-AntiAbuse: Sender Address Domain - MYDOMAIN.net
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.4325
X-OriginalArrivalTime: 19 Dec 2008 07:31:05.0523 (UTC) FILETIME=[C0979030:01C961AB]
.... thanks
any idea ???????
some body ? please ?
Many ISP's block port 25 which is most likely the reason the customer has to use thier ISP's SMTP. Open an alternate port to Exim.
This could be caused by not having SMTP authentication set as stated above.Originally Posted by jotay
Sorry but i don't know how verify if the server set to authenticate before SMTP
Relay Check: WARNING! Your server could be an open relay.
It is supposed to be enabled by default, not sure how it was turned off. You might drop a support ticket to cPanel support.
Last edited by rhenderson; 12-22-2008 at 09:01 AM.
Our customers are receiving same emails.
I checked our server and it doesn't permit relaying, but there emails are still comming.
You can find the relay check below:
But mxtoolbox.com says "Relay Check: WARNING! Your server could be an open relay. ". I don't know why it is saying this. I tried to send relay mails from different locations and i couln't send mails, system always refsed relaying.Code:u@www:~$ telnet xx.xx.xx.xx 25 Trying xx.xx.xx.xx... Connected to xx.xx.xx.xx. Escape character is '^]'. 220-xxx.xxxxxxxx.xxx ESMTP Exim 4.69 #1 Wed, 24 Dec 2008 20:35:16 +0200 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail. helo www.xxx.xxxxxxxx.xxx 250 xxx.xxxxxxxx.xxx Hello xxx.xxxxxxxx.xxx [xx.xx.xx.xx] mail from: uasdf@yahoo.com 250 OK rcpt to: vasdf@hotmail.com 550-xxx.xxxxxxxx.xxx (www.xxx.xxxxxxxx.xxx) [xx.xx.xx.xx] is currently not 550-permitted to relay through this server. Perhaps you have not logged into 550-the pop/imap server in the last 30 minutes or do not have SMTP 550 Authentication turned on in your email client.
any idea?
LinkBack URL
About LinkBacks
Reply With Quote