Am I being Spamed?

Anveo · Feb 16, 2003

Hi everyone. My server has been generating thousands of emails with this message:

^^^^^^^^^^^^
This message was created automatically by mail delivery software (Exim).

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

[email protected]
SMTP error from remote mailer after end of data:
host mx1.mail.yahoo.com [64.156.215.5]: 554 delivery error:
dd Sorry, your message to [email protected] cannot be delivered. This account is over quota. - mta148.mail.scd.yahoo.com

------ This is a copy of the message, including all the headers. ------

Return-path: &[email protected]&
Received: from nobody by ns1.ipkonfig.com with local (Exim 3.36 #1)
id 18kUzR-0000FC-00
for [email protected]; Sun, 16 Feb 2003 14:01:55 -0600
To: [email protected]
Subject: test
MIME-Version: 1.0
Content-type: text/html; charset=iso-8859-1
From: Tubber &[email protected]&
Message-Id: &[email protected]&
Date: Sun, 16 Feb 2003 14:01:55 -0600

does this work?
^^^^^^^^^^^^^^^^^

I am assuming my server is being used at some type of spam relay, but I am unsure how I should go about fixing this, and preventing it from happening in the future. Thanks for any help you can give!

hostcp3 · Feb 17, 2003

do a

locate bomb.php

or even

locate bomb | more

on your server.

I have had two customers run these in recent times.

awsol · Feb 18, 2003

It looks like somebody is either testing you for a open relay or trying to see if they can use your server to spam.

One thing that most pop servers allow is anonymous sending. This is a big problem because all I need to know is your hostname and I can send as many emails through your server that I want.

Recently I switched my servers to require for the person to login to send. This is the safest way to go and you won't regret it.

dgbaker · Feb 18, 2003

Steve - What change has to made for this?

awsol · Feb 18, 2003

I completely forget the steps I did to accomplish this. If I remember I will let you guys/gals know.

awsol · Feb 18, 2003

Originally posted by thaphantom
its setup this way by default . its in exim.conf

It wasn't that way on my servers. I had to manually do it.

awsol · Feb 18, 2003

Originally posted by thaphantom
hmm /me shrugs

Go back to IRC punk

steven · Feb 18, 2003

Anyone else have any suggestions, as this is happening to one of our servers as well?

-Steven

manokiss · Feb 18, 2003

same here

Hi, same here, we have same problem, we thought to restrict [email protected] but we cant, lot of clients use his forums to send mails.
So we continue waiting a solution for this.

Any help will be apreciated

awsol · Feb 19, 2003

Blocking [email protected] isn't needed. You need to block outgoing so the people need to verify. Since [email protected] is server based they still work.

manokiss · Feb 19, 2003

hi awsol, thanx

Thanx awsol !

Any step to do that ? is in the exim.conf ?

TIA

Thread starter	Similar threads	Forum	Replies	Date
R	Issue with email forwardings being deleted in cPanel	Email	5	May 24, 2023
M	Emails not being received	Email	1	Apr 28, 2023
	emails are being delivered but don't show up	Email	6	Apr 26, 2023
P	System Emails Not Being Sent	Email	9	Apr 13, 2023
A	whm alert emails not being delivered	Email	2	Jan 22, 2023

Search

Search

Am I being Spamed?

Anveo

Registered

hostcp3

Well-Known Member

awsol

Well-Known Member

dgbaker

Well-Known Member

awsol

Well-Known Member

awsol

Well-Known Member

awsol

Well-Known Member

steven

Active Member

manokiss

Well-Known Member

awsol

Well-Known Member

manokiss

Well-Known Member