I need help to stop this spam

[NetX]

Hello,

I really don't know what to do to stop spam from my server. I have checked "maximum mails per hour per domain" in 100, I have SMTP Tweak protection, I have Mailscanner installed, but nothing works to stop spam.

The problem is that I see my Mail queue with more than 6 000 messages (each one with 100 email addresses), and my server is delivering all !!

1) I don't know how the spammer is doing it.
2) If I use an external email address and send mail to other external emai, address using my server as smtp, the message is delivered!! Why?? (How can I secure my relayhosts file?)
3) The spammer is not a current client, is there any form to detect this type of messages and discard them?
4) What configuration do you recommend in order to mantain my server without spam abuse.

Please, I need your help


Example of the today's spam:

1AHSJc-0006DR-A1-H
root 0 0
<o17587@ice.is>
1068056616 0
-helo_name unspecified.host
-host_address 200.63.143.238.2411
-interface_address 207.44.186.11.25
-received_protocol smtp
-body_linecount 21
-frozen 1068056675
-host_lookup_failed
YY gunpilot@adelphia.net
YY colinj@cox.net
YY aspagnol@adelphia.net
NN alpha0102@btopenworld.com
YN case1@adelphia.net
NN boyun@21cn.com
YY dooley44@adelphia.net
YN dbrinker@adelphia.net
NN daisyworld@btinternet.com
YY elaineann@adelphia.net
NN eddiee@optonline.net
NN flapara@optonline.net
YY owc@neo.rr.com
YY mboyce1@optonline.net
YY lab02@cox.net
NY jehannah@optonline.net
NN jimmyle@21cn.com
NN leggitt@btinternet.com
YY mpinkert@optonline.net
NN mferren@optonline.net
NN mrwindow@adelphia.net
YY silkroad@cox.net
YY scrotem@optonline.net
YN ptacek@neo.rr.com
NN paulharrison@btopenworld.com
NN shenbin0065@sina.com
YY tyt2000liu@sina.com
NN ssmith9@adelphia.net
NY wmzimmer@adelphia.net
NN yesliyesli@21cn.com
49
ptacek@neo.rr.com
lab02@cox.net
jimmyle@21cn.com
gunpilot@adelphia.net
tyt2000liu@sina.com
daisyworld@btinternet.com
mpinkert@optonline.net
ssmith9@adelphia.net
dooley44@adelphia.net
alpha0102@btopenworld.com
boyun@21cn.com
owc@neo.rr.com
scrotem@optonline.net
zbang@eudoramail.com
philbailey@juno.com
knightkap.ok@gte.net
jehannah@optonline.net
hicham-1978dz@maktoob.com
tommysims@earthlink.net
colinj@cox.net
mboyce1@optonline.net
sookie@ix.netcom.com
eddiee@optonline.net
a99@earthlink.net
broder@aculink.net
mrwindow@adelphia.net
ron5652@net.com
wmzimmer@adelphia.net
rbrownrigg@juno.com
lfell@mindspring.com
johnsw3@pfizer.com
ikg@aculink.net
vivianmitchell@juno.com
d_d_palmer@demon.net
markafreeman@eudoramail.com
silkroad@cox.net
elaineann@adelphia.net
aspagnol@adelphia.net
case1@adelphia.net
paulharrison@btopenworld.com
shenbin0065@sina.com
yesliyesli@21cn.com
ramos85@gte.net
leggitt@btinternet.com
jsav@atl.mindspring.com
flapara@optonline.net
traveln@swbell.net
dbrinker@adelphia.net
mferren@optonline.net

158P Received: from [200.63.143.238] (helo=unspecified.host)
by host.myserver.com with smtp (Exim 4.24)
id 1AHSJc-0006DR-A1; Wed, 05 Nov 2003 12:23:36 -0600
133 Received: from 200.165.217.218 ([200.165.217.218]) by 168.226.87.207 (WinRoute Pro 4.1.27) with SMTP; Mon, 3 Nov 2003 17:32:30 -0300
037F From: "NSW Bargains" <o17587@ice.is>
048T To: "jwgeioqggiq@idi.net" <jwgeioqggiq@idi.net>
062 Subject: Re: Norton Antivirus intro sale - limited quantities
018 MIME-Version: 1.0
024 Content-Type: text/html
054I Message-Id: <E1AHSJc-0006DR-A1@host.myserver.com>
038 Date: Wed, 05 Nov 2003 12:23:36 -0600
080 X-yoursite-MailScanner-Information: Please contact the ISP for more information
042 X-yoursite-MailScanner: Found to be clean

[Cash]

i am also facing same problem >_<

[sawbuck]

Have you checked for open relay?
http://www.abuse.net/relay.html

[sawbuck]

Do you have verify sender checked in "Exim Configuration Editor" in WHM?

[tlas]

I was with the same problem.
I configured the server to request smtp authentication and I did not have more problems.
i hope i did help you

[efeito]

If you wish we can check your server configurations and help you stoppgin that.

We have done to other users of this forum too, all of them with sucess.

Please PM me for details.


Best regards

[Cash]

Originally posted by tlas
I was with the same problem.
I configured the server to request smtp authentication and I did not have more problems.
i hope i did help you

may i know how you configured it?

[tlas]

in the WHM - exim configuration editor -> later begin acl he comments the following line:

#accept hosts = +auth_relay_hosts

all the users will need to authentication in the serving smtp to send e-mails

[mr.wonderful]

It states in the msg that host lookup failed, so i dont think any messages are going to be sent to those receipients simply because they are stuck in the queue as undeliverable.