Dangerous spam attack with google.com accounts

mnavas · Dec 17, 2013

Hi,

I can see my cpanel is affected severe spam attack ..i can see many fake mails log as follows:-

Code:

-RSA-AES128-GCM-SHA256:128 C="250 2.0.0 OK 1387264961 s20si13325349igd.32 - gsmtp"
2013-12-17 02:22:55 H=228-26.thezone.bg [85.217.228.26]:46653 F=<[email protected]> rejected RCPT <[email protected]>: No Such User Here"
2013-12-17 02:22:55 H=228-26.thezone.bg [85.217.228.26]:46654 F=<[email protected]> rejected RCPT <[email protected]>: No Such User Here"
2013-12-17 02:22:55 H=228-26.thezone.bg [85.217.228.26]:46653 F=<[email protected]> rejected RCPT <[email protected]>: No Such User Here"
2013-12-17 02:22:55 H=228-26.thezone.bg [85.217.228.26]:46654 F=<[email protected]> rejected RCPT <[email protected]>: No Such User Here"
2013-12-17 02:22:55 H=228-26.thezone.bg [85.217.228.26]:46653 F=<[email protected]> rejected RCPT <[email protected]>: No Such User Here"
2013-12-17 02:22:56 H=228-26.thezone.bg [85.217.228.26]:46654 F=<[email protected]> rejected RCPT <[email protected]>: No Such User Here"
2013-12-17 02:22:56 H=228-26.thezone.bg [85.217.228.26]:46653 F=<[email protected]> rejected RCPT <[email protected]>: No Such User Here"
2013-12-17 02:22:56 H=228-26.thezone.bg [85.217.228.26]:46654 F=<[email protected]> rejected RCPT <[email protected]>: No Such User Here"
2013-12-17 02:22:56 H=228-26.thezone.bg [85.217.228.26]:46653 F=<[email protected]> rejected RCPT <[email protected]>: No Such User Here"
2013-12-17 02:22:56 H=228-26.thezone.bg [85.217.228.26]:46654 F=<[email protected]> rejected RCPT <[email protected]>: No Such User Here"
2013-12-17 02:22:56 H=228-26.thezone.bg [85.217.228.26]:46653 F=<[email protected]> rejected RCPT <[email protected]>: No Such User Here"
2013-12-17 02:22:57 H=228-26.thezone.bg [85.217.228.26]:46654 F=<[email protected]> rejected RCPT <[email protected]>: No Such User Here"
2013-12-17 02:22:57 H=228-26.thezone.bg [85.217.228.26]:46653 F=<[email protected]> rejected RCPT <[email protected]>: No Such User Here"
2013-12-17 02:22:57 H=228-26.thezone.bg [85.217.228.26]:46654 F=<[email protected]> rejected RCPT <[email protected]>: No Such User Here"
2013-12-17 02:22:57 H=228-26.thezone.bg [85.217.228.26]:46653 F=<[email protected]> rejected RCPT <[email protected]>: No Such User Here"
2013-12-17 02:22:57 H=228-26.thezone.bg [85.217.228.26]:46654 F=<[email protected]> rejected RCPT <[email protected]>: No Such User Here"
2013-12-17 02:22:58 H=228-26.thezone.bg [85.217.228.26]:46653 F=<[email protected]> rejected RCPT <[email protected]>: No Such User Here"
2013-12-17 02:22:58 H=228-26.thezone.bg [85.217.228.26]:46654 F=<[email protected]> rejected RCPT <[email protected]>: No Such User Here"
2013-12-17 02:22:58 H=228-26.thezone.bg [85.217.228.26]:46653 F=<[email protected]> rejected RCPT <[email protected]>: No Such User Here"
2013-12-17 02:22:58 H=228-26.thezone.bg [85.217.228.26]:46654 F=<[email protected]> rejected RCPT <[email protected]>: No Such User Here"

cPanelMichael · Dec 17, 2013

Hello

The "rejected RCPT" message indicates the emails were rejected and bounced to the original sender. Were you seeking some other additional action, or were you looking to enable additional measures to prevent outgoing SPAM from your server? This document may be of use:

cPanel - Prevent Email Abuse

Thank you.

mnavas · Dec 17, 2013

All those steps done ...

mainly its as below, also getting it from the same email ID

Code:

2013-12-17 23:47:12 1Vt92L-0003O0-AG <= [email protected] H=190-76-80-114.dyn.movilnet.com.ve [190.76.80.114]:43489 P=esmtp S=3930 [email protected] T="Clean energy firm recruiting agents worldwide." for [email protected]

cPanelMichael · Dec 18, 2013

The message getting bounced to the sender ensures it's not delivered to the email account. Could you elaborate on the additional action you would like to see?

Thank you.

mnavas · Dec 18, 2013

Hi,
All these google.com email IDs re not real... its SMTP attack. Also some of the mails delivered by this IDs are getting in outlook as the mails from their own IDs. So its not the issue of not delivering,but need to get any remedy for blocking such big attack mailnly from *.google.com mail ids

cPanelMichael · Dec 19, 2013

You may want to utilize the "Account Level Filtering" option in cPanel for the accounts that you want to block all google.com mail addresses. Also, review the options in:

"WHM Home » Service Configuration » Exim Configuration Manager"

There are several options here that can help block SPAM. It's up to you how agressive you want to be in blocking the messages.

Thank you.

Thread starter	Similar threads	Forum	Replies	Date
	loaded failed failed for some service, is dangerous/bad situation ?	Email	1	Mar 22, 2021
H	Filter All Dangerous Attachments?	Email	2	Sep 30, 2019
	Attachments: Filter messages with dangerous attachments	Email	5	Feb 23, 2017
I	Function .cpanel/mailloopprotect ? Is it dangerous ? (Need Help)	Email	1	Jan 11, 2013
G	What's considered a "dangerous attachment"?	Email	5	Nov 5, 2008

Search

Search

Dangerous spam attack with google.com accounts

mnavas

Member

cPanelMichael

Administrator

mnavas

Member

cPanelMichael

Administrator

mnavas

Member

cPanelMichael

Administrator