Monto

Member
Jul 5, 2017
16
2
3
Australia
cPanel Access Level
Root Administrator
In my Mail Delivery Reports I have an email address (From address) that has nothing to do with any account on my VPS sending 3 to 6 emails a day to the same hotmail address. The Result shows 'Rejected relay attempt:' with the ip. Ips are various but all on the same subnet, only the last quad is different.

In the 'Filter Incoming Emails by Domain' I have listed the spamming domain as *.spamdomain.com but they still keep coming.

Firstly, does 'Rejected relay attempt' mean my server blocked it, or has it got to hotmail and they rejected it?

Second, is there another way to stop the spamming domain from contacting my server?

Any advice appreciated!
 

keat63

Well-Known Member
Nov 20, 2014
1,840
220
93
cPanel Access Level
Root Administrator
Whilst we wait for a tech to come along, could you provide the output from one of those messages /var/log/exim_mainlog .


Code:
exigrep message_id_here /var/log/exim_mainlog
If you have CSF firewall installed you could add the following to the IP deny list. (using the correct IP of course)

123.456.789.0/24 # do not delete - relay spammer
 

keat63

Well-Known Member
Nov 20, 2014
1,840
220
93
cPanel Access Level
Root Administrator
123.456.789.0/24 would block everything coming from 123.456.789.###

However, it would be good to learn what's causing these.
Has the log rotated maybe ?
 

keat63

Well-Known Member
Nov 20, 2014
1,840
220
93
cPanel Access Level
Root Administrator
I have a few of these types of rules.
I work on the basis that there are potentially 4 billion IP4 addresses, so blocking just 256 of them is a drop in the ocean.

If you are really concerned about dropping all 255, maybe consider researching which country they originate.
If you've absolutely no dealings with Timbuktoo, then don't be afraid the block them.

I apply these types of rules, then i'll remove them again in a few months time.
They've usually gone by then.
 

Monto

Member
Jul 5, 2017
16
2
3
Australia
cPanel Access Level
Root Administrator
Although I get no output from the command you gave, I searched the exim mainlog file via cfs, and got the following, which doesn't shed much light?

redacted
 
Last edited:

keat63

Well-Known Member
Nov 20, 2014
1,840
220
93
cPanel Access Level
Root Administrator
if any of this info is unique to you, ie email address or IP address, it would be wise to obfuscate some of it.
Do you have SPF and DKIM set up on your domain
 
Last edited: