The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

60,000 + emails from Root !

Discussion in 'E-mail Discussions' started by GovGuides, Mar 6, 2004.

  1. GovGuides

    GovGuides Registered

    Joined:
    Jan 4, 2004
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    San Diego
    Anyone,

    I have a very serious root mail problem, I have setup the roots email in the mail manger of WHM to forward to one of my accounts, recently I just received somewhere in the neighbor hood of about 60,000 + emails saying
    --------------------------------------------
    This message was created automatically by mail delivery software.

    A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:

    =-=-=-=-=-=-=-=-=-=-=-= Fri Mar 5 15:57:45 2004 =-=-=-=-=-=-=-=-=-=-=-=
    ** psad: Suspicious traffic detected against your server

    ---- tcp scan signatures ----
    "SCAN-NULL" dp=46050 flags=[NULL] packets=1 No server on tcp port: 46050 "SCAN-NULL" dp=28551 flags=[NULL] packets=1 No server on tcp port: 28551 "SCAN-NULL" dp=41228 flags=[NULL] packets=1 No server on tcp port: 41228 "SCAN-NULL" dp=27786
    ------------------------------------------

    then it goes on to show who it came from

    -----------
    inetnum: 202.38.126.0 - 202.38.127.255
    netname: CERMIRROR-CN
    descr: 211~{Q'?F=(Ih>5Oq5c~}
    descr: China Education And Research Network Center
    descr: Tsinghua University
    country: CN
    admin-c: XL1-CN
    tech-c: XL1-CN
    tech-c: CER-AP
    remarks: origin AS4538
    changed: hm-changed@net.edu.cn 19991012
    mnt-by: MAINT-CERNET-AP
    status: ASSIGNED NON-PORTABLE
    source: APNIC
    -----------------

    the problem is I enjoy having the logs forwarded from the root acocunt so that I can read the daily logs and know when something is wrong with the server etc, but how in the world do i prevent such things as this? I mean I have 60K+ sitting in the horde Mailbox and no clue as to what to do with them, or how to prevent whatever this is that has happened.

    any help would be more than appreciated.


    Chris
     
  2. Website Rob

    Website Rob Well-Known Member

    Joined:
    Mar 23, 2002
    Messages:
    1,506
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    Alberta, Canada
    cPanel Access Level:
    Root Administrator
    Off-hand, it looks like someone tried to relay some Spam through your Server without first checking if it could be done -or- they are scanning your Server for an entry port to crack in through.
     
  3. GovGuides

    GovGuides Registered

    Joined:
    Jan 4, 2004
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    San Diego
    Port scan

    yeah it is some kind of a port scan through China Uiversity, do you have any idea how to prevent receiving 60K emails from the root account in the mail manager other than disabling it? i woudl still like to receive my logs and notices.

    thanks for the reply

    Chris
     
Loading...

Share This Page