Go Back   cPanel Forums > cPanel® and WHM® (for Linux® and FreeBSD® Servers) > cPanel and WHM Discussions
stop mail spam? stop mail spam?
Register FAQ Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 05-22-2003, 04:03 PM
Registered User
  
Join Date: Jul 2002
Posts: 88
Final-Solution
stop mail spam?
I got an email in my box today that is supposed to be from myself, but it has a virus on it . . I didnt send it, does it look like someones using my box to send it 'cuz it does to me . . how would i fix it up?

>>>>>
Return-path: <user@domain.com>
Received: from qn-212-127-196-189.quicknet.nl ([212.127.196.189] helo=mail.domain.com)
by server1.domain.com with smtp (Exim 3.36 #1)
id 19Is58-0001wO-00
for user@domain.com; Thu, 22 May 2003 11:34:14 -0400
From: User<user@domain.com>
To: User@domain.com
<<<<<

I seem to remember helo being a command when relaying mail, how would i go about turning off a relay option if thats the case?

thanks!

cPanel.net Support Ticket Number:
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 05-22-2003, 04:17 PM
Registered User
  
Join Date: Mar 2003
Location: London, UK.
Posts: 68
loststryk
smtp authentication is required.

what this person may have done is the following ( this is a telnet example)

telneted to port 25 on your server and typed the following commands.

helo abuse.net
mail from: root@yourdomain.com
rcpt to: your@emailaddress.com
data
whatever they wanted to write in your email.
.

easy stuff, now why isn't there a fix for this frigging problem ?

i don't know enough about exim, i have read the exim web site quite a few times now, and i still can't stop this problem.

all mail should be authenticated, but it don't =o(

cPanel.net Support Ticket Number: 0800-R-U-Legit
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 05-22-2003, 04:52 PM
Registered User
  
Join Date: May 2003
Posts: 5
loafer
It's likely to be this...

1) Someone (now to be know as clueless) else has you in their address book without any AV.
2) Clueless gets infected with a virus that randomly chooses from and to addresses and sends it's self out. But uses clueless's address as the envelope from so every dam locally configured relay will process the mail.
3) Clueless's virus pick you for both the (fake)sender and the recipient.
4) you get the virus, and your av catches it.

Simple innit' ?

cPanel.net Support Ticket Number:
__________________
When there is noting to do, look busy.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 05-22-2003, 07:07 PM
Registered User
  
Join Date: Jul 2002
Posts: 88
Final-Solution
Yea i kinda figured someone was sending me an infected file . . I'm just concerned if they sent it to me through our server, if its someone elses server spamming out virii it's not my concern, though just now i realize thats not my IP in the from address.

thanks for the replies!

cPanel.net Support Ticket Number:
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

« How to setup cronjob in cpanel for daily bandwidth status..? | php mail - html format and not abuse headers »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT -5. The time now is 03:09 PM.


Powered by vBulletin® Version 3.8.2
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
© cPanel Inc