Spam Spam Spam

[cancer10]

Hello,

Some spammer is constantly sending spams from my server but i am not able to trace him.

I have Checked the "Disallow nobody to send emails..." options under WHM > Tweak Settings.. even the exim logs does not tell me anythign about this.

But still cannot trace the spam with its headers...

herez what that spam looks like

Return-Path: <$munged$@$munged$>
Received: from rs25s8.datacenter.cha.cantv.net (rs25s8.ric.cantv.net [10.128.131.130])
by rs26s14.datacenter.cha.cantv.net (8.14.3/8.14.3/1.0) with ESMTP id n191rYcu000579
for <$munged$@$munged$>; Sun, 8 Feb 2009 21:23:34 -0430
Received: from [My IP Address]-static.reverse.[My domain name] ([My IP Address]-static.reverse.[My domain name] [[My IP Address]] (may be forged))
by rs25s8.datacenter.cha.cantv.net (8.14.3/8.14.3/3.0) with SMTP id n191rUKA013416
for <$munged$@$munged$>; Sun, 8 Feb 2009 21:23:33 -0430
X-Matched-Lists: []
From: <$munged$@$munged$>
Subject: Wish to impress and please your lady tonight?
To: <$munged$@$munged$>
Date: Mon, 9 Feb 2009 02:00:11 +0300
Reply-To: <$munged$@$munged$>
X-Priority: 1 (High)
Message-ID: <$munged$@$munged$>
X-Mailer: Sendmail 3.84/3.84
Content-Type: multipart/alternative;
boundary="----01C98A732B43209C"
X-Virus-Scanned: ClamAV version 0.94.2, clamav-milter version 0.94.2 on 10.128.1.89
X-Virus-Status: Clean
X-SPF-Scan-By: smf-spf v2.0.2 - http://smfs.sf.net/
Received-SPF: SoftFail (rs25s8.datacenter.cha.cantv.net: transitioning domain of $munged$@$munged$
does not designate [My IP Address] as permitted sender)
receiver=rs25s8.datacenter.cha.cantv.net; client-ip=[My IP Address];
envelope-from=<$munged$@$munged$>; helo=[My IP Address]-static.reverse.[My domain name];

gvecjjqxn byoct nejfwa cjzrhusshl
Your link!
pwqbc soqopw
Your discount code #smbhyvf.

Can someone please please suggest me how to stop it and trace this spammer?

The Datacenter has blocked our IP due to this.



Thanx in advance.

[cancer10]

Question: is it possible for someone to send email NOT using any scripts and NOT using any webmail/outlook?

Thanx

[JawadArshad]

Hello,

Some spammer is constantly sending spams from my server but i am not able to trace him.

I have Checked the "Disallow nobody to send emails..." options under WHM > Tweak Settings.. even the exim logs does not tell me anythign about this.

But still cannot trace the spam with its headers...

herez what that spam looks like

Can someone please please suggest me how to stop it and trace this spammer?

The Datacenter has blocked our IP due to this.

Thanx in advance.

Usually this calls for a thorough audit of the server and security overhaul if the server isn't already secure.

1- Perform a thorough audit of scripts running on your server. Change passwords, install firewall like CSF, APF etc.
2- Enable SMTP Tweak from "WHM >> Security >> Security Center".
3- Monitor your server constantly for any rogue scripts that you do not think should be running.
4- tail -f /var/log/exim_mainlog and monitor.

Best of Luck.

[cancer10]

Question: is it possible for someone to send email NOT using any scripts and NOT using any webmail/outlook?

Thanx