Dangerous spam attack with google.com accounts

mnavas

Member
Jan 19, 2008
5
0
51
Hi,

I can see my cpanel is affected severe spam attack ..i can see many fake mails log as follows:-

Code:
-RSA-AES128-GCM-SHA256:128 C="250 2.0.0 OK 1387264961 s20si13325349igd.32 - gsmtp"
2013-12-17 02:22:55 H=228-26.thezone.bg [85.217.228.26]:46653 F=<[email protected]> rejected RCPT <[email protected]>: No Such User Here"
2013-12-17 02:22:55 H=228-26.thezone.bg [85.217.228.26]:46654 F=<[email protected]> rejected RCPT <[email protected]>: No Such User Here"
2013-12-17 02:22:55 H=228-26.thezone.bg [85.217.228.26]:46653 F=<[email protected]> rejected RCPT <[email protected]>: No Such User Here"
2013-12-17 02:22:55 H=228-26.thezone.bg [85.217.228.26]:46654 F=<[email protected]> rejected RCPT <[email protected]>: No Such User Here"
2013-12-17 02:22:55 H=228-26.thezone.bg [85.217.228.26]:46653 F=<[email protected]> rejected RCPT <[email protected]>: No Such User Here"
2013-12-17 02:22:56 H=228-26.thezone.bg [85.217.228.26]:46654 F=<[email protected]> rejected RCPT <[email protected]>: No Such User Here"
2013-12-17 02:22:56 H=228-26.thezone.bg [85.217.228.26]:46653 F=<[email protected]> rejected RCPT <[email protected]>: No Such User Here"
2013-12-17 02:22:56 H=228-26.thezone.bg [85.217.228.26]:46654 F=<[email protected]> rejected RCPT <[email protected]>: No Such User Here"
2013-12-17 02:22:56 H=228-26.thezone.bg [85.217.228.26]:46653 F=<[email protected]> rejected RCPT <[email protected]>: No Such User Here"
2013-12-17 02:22:56 H=228-26.thezone.bg [85.217.228.26]:46654 F=<[email protected]> rejected RCPT <[email protected]>: No Such User Here"
2013-12-17 02:22:56 H=228-26.thezone.bg [85.217.228.26]:46653 F=<[email protected]> rejected RCPT <[email protected]>: No Such User Here"
2013-12-17 02:22:57 H=228-26.thezone.bg [85.217.228.26]:46654 F=<[email protected]> rejected RCPT <[email protected]>: No Such User Here"
2013-12-17 02:22:57 H=228-26.thezone.bg [85.217.228.26]:46653 F=<[email protected]> rejected RCPT <[email protected]>: No Such User Here"
2013-12-17 02:22:57 H=228-26.thezone.bg [85.217.228.26]:46654 F=<[email protected]> rejected RCPT <[email protected]>: No Such User Here"
2013-12-17 02:22:57 H=228-26.thezone.bg [85.217.228.26]:46653 F=<[email protected]> rejected RCPT <[email protected]>: No Such User Here"
2013-12-17 02:22:57 H=228-26.thezone.bg [85.217.228.26]:46654 F=<[email protected]> rejected RCPT <[email protected]>: No Such User Here"
2013-12-17 02:22:58 H=228-26.thezone.bg [85.217.228.26]:46653 F=<[email protected]> rejected RCPT <[email protected]>: No Such User Here"
2013-12-17 02:22:58 H=228-26.thezone.bg [85.217.228.26]:46654 F=<[email protected]> rejected RCPT <[email protected]>: No Such User Here"
2013-12-17 02:22:58 H=228-26.thezone.bg [85.217.228.26]:46653 F=<[email protected]> rejected RCPT <[email protected]>: No Such User Here"
2013-12-17 02:22:58 H=228-26.thezone.bg [85.217.228.26]:46654 F=<[email protected]> rejected RCPT <[email protected]>: No Such User Here"
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,201
363
Hello :)

The "rejected RCPT" message indicates the emails were rejected and bounced to the original sender. Were you seeking some other additional action, or were you looking to enable additional measures to prevent outgoing SPAM from your server? This document may be of use:

cPanel - Prevent Email Abuse

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,201
363
The message getting bounced to the sender ensures it's not delivered to the email account. Could you elaborate on the additional action you would like to see?

Thank you.
 

mnavas

Member
Jan 19, 2008
5
0
51
Hi,
All these google.com email IDs re not real... its SMTP attack. Also some of the mails delivered by this IDs are getting in outlook as the mails from their own IDs. So its not the issue of not delivering,but need to get any remedy for blocking such big attack mailnly from *.google.com mail ids
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,201
363
You may want to utilize the "Account Level Filtering" option in cPanel for the accounts that you want to block all google.com mail addresses. Also, review the options in:

"WHM Home » Service Configuration » Exim Configuration Manager"

There are several options here that can help block SPAM. It's up to you how agressive you want to be in blocking the messages.

Thank you.