The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Am I being Spamed?

Discussion in 'General Discussion' started by Anveo, Feb 16, 2003.

  1. Anveo

    Anveo Registered

    Joined:
    Sep 18, 2002
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Hi everyone. My server has been generating thousands of emails with this message:


    ^^^^^^^^^^^^
    This message was created automatically by mail delivery software (Exim).

    A message that you sent could not be delivered to one or more of its
    recipients. This is a permanent error. The following address(es) failed:

    mroverclocker@yahoo.com
    SMTP error from remote mailer after end of data:
    host mx1.mail.yahoo.com [64.156.215.5]: 554 delivery error:
    dd Sorry, your message to mroverclocker@yahoo.com cannot be delivered. This account is over quota. - mta148.mail.scd.yahoo.com

    ------ This is a copy of the message, including all the headers. ------

    Return-path: &nobody@ns1.ipkonfig.com&
    Received: from nobody by ns1.ipkonfig.com with local (Exim 3.36 #1)
    id 18kUzR-0000FC-00
    for mroverclocker@yahoo.com; Sun, 16 Feb 2003 14:01:55 -0600
    To: mroverclocker@yahoo.com
    Subject: test
    MIME-Version: 1.0
    Content-type: text/html; charset=iso-8859-1
    From: Tubber &tube@tub.com&
    Message-Id: &E18kUzR-0000FC-00@ns1.ipkonfig.com&
    Date: Sun, 16 Feb 2003 14:01:55 -0600


    does this work?
    ^^^^^^^^^^^^^^^^^

    I am assuming my server is being used at some type of spam relay, but I am unsure how I should go about fixing this, and preventing it from happening in the future. Thanks for any help you can give!
     
  2. hostcp3

    hostcp3 Well-Known Member

    Joined:
    Jun 18, 2002
    Messages:
    156
    Likes Received:
    0
    Trophy Points:
    16
    do a

    locate bomb.php

    or even


    locate bomb | more


    on your server.

    I have had two customers run these in recent times.
     
  3. awsol

    awsol cPanel Test Bitch

    Joined:
    Feb 8, 2002
    Messages:
    591
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Boston MA
    It looks like somebody is either testing you for a open relay or trying to see if they can use your server to spam.

    One thing that most pop servers allow is anonymous sending. This is a big problem because all I need to know is your hostname and I can send as many emails through your server that I want.

    Recently I switched my servers to require for the person to login to send. This is the safest way to go and you won't regret it.
     
  4. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,578
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    Steve - What change has to made for this?
     
  5. awsol

    awsol cPanel Test Bitch

    Joined:
    Feb 8, 2002
    Messages:
    591
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Boston MA
    I completely forget the steps I did to accomplish this. If I remember I will let you guys/gals know.
     
  6. awsol

    awsol cPanel Test Bitch

    Joined:
    Feb 8, 2002
    Messages:
    591
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Boston MA
    It wasn't that way on my servers. I had to manually do it.
     
  7. awsol

    awsol cPanel Test Bitch

    Joined:
    Feb 8, 2002
    Messages:
    591
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Boston MA
    Go back to IRC punk :)
     
  8. steven

    steven Active Member

    Joined:
    Sep 9, 2001
    Messages:
    39
    Likes Received:
    0
    Trophy Points:
    6
    Anyone else have any suggestions, as this is happening to one of our servers as well?

    -Steven
     
  9. manokiss

    manokiss Well-Known Member

    Joined:
    Mar 31, 2002
    Messages:
    571
    Likes Received:
    0
    Trophy Points:
    16
    same here

    Hi, same here, we have same problem, we thought to restrict nobody@ but we cant, lot of clients use his forums to send mails.
    So we continue waiting a solution for this.

    Any help will be apreciated
     
  10. awsol

    awsol cPanel Test Bitch

    Joined:
    Feb 8, 2002
    Messages:
    591
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Boston MA
    Blocking nobody@ isn't needed. You need to block outgoing so the people need to verify. Since nobody@ is server based they still work.
     
  11. manokiss

    manokiss Well-Known Member

    Joined:
    Mar 31, 2002
    Messages:
    571
    Likes Received:
    0
    Trophy Points:
    16
    hi awsol, thanx

    Thanx awsol !

    Any step to do that ? is in the exim.conf ?

    TIA
     
Loading...

Share This Page