The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Can't Kill Spam In Exim... Why???

Discussion in 'General Discussion' started by nitromax, Aug 22, 2003.

  1. nitromax

    nitromax Well-Known Member

    Joined:
    Feb 12, 2002
    Messages:
    189
    Likes Received:
    0
    Trophy Points:
    16
    I am seeing thousands of emails piling up in the mail queue that look something like this:

    nyboy631@aol.com
    bilbo269@aol.com
    mattkid04@aol.com
    jemarsh121@aol.com
    sd270@aol.com
    mizy007@aol.com
    slickd348@aol.com
    bleafrog@aol.com
    rfslo96@aol.com
    ttceh@aol.com
    nofear1523@aol.com
    sweetpetex@aol.com
    jparker532@aol.com
    mrjim2769@aol.com
    ghaguier@aol.com
    dawnleto36@aol.com
    nee1305@aol.com
    gelly1000@aol.com
    insanehippo21@aol.com
    singinkilikina@aol.com
    lukelewis20@aol.com
    hump007@aol.com
    merka@aol.com
    sdkjr@aol.com
    c29ah@aol.com
    labyrith@aol.com
    bktwo1999@aol.com
    sarakpieters@aol.com
    mollyskp@aol.com
    janiceken@aol.com
    nnellba@aol.com

    ## keeps going much longer than this, then at the end it show this:

    041F From: NortonsCompProtect268@zfree.com ()
    127 Subject: Norton's bestselling utilities in one package, save over 80% XYeUGx2 Bi8xemXQEsi
    8921* bcc: nyboy631@aol.com,bilbo269@aol.com,mattkid04@aol.com
    Mailer: The Bat! (v1.45) Personal


    If I'm reading it right, this is the domain name I want to block:mad:zfree.com, shown in the From address up there.


    I have tried to uncomment, in the exim.conf file: #sender_host_reject = +include_unknown:lsearch*;/etc/spammers

    But when I uncomment it and restart exim, exim fails. I would like to list a bunch of these domains that are spamming thru our server in the /etc/spammers file. But I can't get it work.

    Any suggestions?

    cPanel.net Support Ticket Number:
     
    #1 nitromax, Aug 22, 2003
    Last edited: Aug 22, 2003
  2. bdweb

    bdweb Registered

    Joined:
    Jun 12, 2003
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Ohio
    Are you also getting a bunch of bounceback emails with info about:
    Your details
    Thank you!
    Re: Thank you!
    Re: Details
    Re: Re: My details
    Re: Approved
    Re: Your application
    Re: Wicked screensaver
    Re: That movie

    Attachment:

    your_document.pif
    document_all.pif
    thank_you.pif
    your_details.pif
    details.pif
    document_9446.pif
    application.pif
    wicked_scr.scr
    movie0045.pif

    If so, its the SoBig virus on computers trying to email your clients. Check here for another thread on the subject


    http://forums.cpanel.net/showthread.php?s=&threadid=13699&highlight=i+found+in+exim

    Or it could be someone spamming through an unsecure formmail script.

    Jay
     
  3. nitromax

    nitromax Well-Known Member

    Joined:
    Feb 12, 2002
    Messages:
    189
    Likes Received:
    0
    Trophy Points:
    16
    I installed MailScanner successfully, but I am still seeing tons of those emails mentioned in my first post in the WHM mail queue.

    Now what?

    cPanel.net Support Ticket Number:
     
  4. FWC

    FWC Well-Known Member

    Joined:
    May 13, 2002
    Messages:
    354
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Ontario, Canada
    Set:

    Silently Discard all FormMail-clone requests with a bcc: header in the subject line

    at the bottom of Tweak Settings.
     
  5. nitromax

    nitromax Well-Known Member

    Joined:
    Feb 12, 2002
    Messages:
    189
    Likes Received:
    0
    Trophy Points:
    16
    Thanks for your reply. I checked the Silently Discard option you mentioned and restarted exim, but they are still accumlating in there. There were 1900+ message in there this morning, and each message has about 300 email addresses in it.

    Before I installed MailScanner (and the Silently Discard option was NOT checked) I could click on the message ID in the queue (19qcvR-00018H-OA) and I could see the BCC header, and it listed all of the email addresses in the header. But now the emails still show up in the queue, but when I look at the header info there is NO BCC info in there.

    The messages never seem to leave the queue, or am I wrong there? When I click the message ID, right at the top of the page it has this line in it:

    -frozen 1061662551

    If it's frozen does that mean that it will never be delivered? And if the answer is yes, could I possibly setup a cron that would delete them out periodically?

    cPanel.net Support Ticket Number:
     
Loading...

Share This Page