The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Huge SPamming on server

Discussion in 'General Discussion' started by SACHIN, Jan 16, 2007.

  1. SACHIN

    SACHIN Guest

    Hello,

    Currently we are facing many mail issues and spamming issues on server.
    there is continueous scrolling of exim logs and getting logs like this -

    ----------------------------------
    007-01-12 17:55:02 SMTP connection from gdcout624.bakernet.com (bmgdcnt624.bakernet.com) [208.193.53.124]:18548 I=[IP.IP.IP.IP]:25 closed by QUIT
    2007-01-12 17:55:02 DNS list lookup defer (probably timeout) for 171.28.216.68.relays.ordb.org: assumed not in list
    2007-01-12 17:55:02 H=mail.traeger.com (exchsrvr.TBDOMAIN.LOCAL) [68.216.28.171]:32926 I=[IP.IP.IP.IP]:25 F=<> rejected RCPT <erfmigrant@domain.com>: No Such User Here
    2007-01-12 17:55:02 DNS list lookup defer (probably timeout) for 3.160.90.212.relays.ordb.org: assumed not in list
    2007-01-12 17:55:02 SMTP connection from mail.traeger.com (exchsrvr.TBDOMAIN.LOCAL) [68.216.28.171]:32926 I=[IP.IP.IP.IP]:25 closed by QUIT
    2007-01-12 17:55:02 H=relay.ukrhub.net [212.90.160.3]:55811 I=[IP.IP.IP.IP]:25 F=<> rejected RCPT <qnreprise@domain.com>: No Such User Here
    2007-01-12 17:55:03 SMTP connection from [216.220.37.22]:57848 I=[IP.IP.IP.IP]:25 (TCP/IP connection count = 46)
    2007-01-12 17:55:03 SMTP connection from relay.ukrhub.net [212.90.160.3]:55811 I=[IP.IP.IP.IP]:25 closed by QUIT
    2007-01-12 17:55:03 SMTP connection from [202.161.146.2]:34470 I=[IP.IP.IP.IP]:25 (TCP/IP connection count = 46)
    2007-01-12 17:55:03 DNS list lookup defer (probably timeout) for 141.252.46.206.relays.ordb.org: assumed not in list
    2007-01-12 17:55:03 SMTP connection from [65.254.50.114]:59806 I=[IP.IP.IP.IP]:25 (TCP/IP connection count = 47)
    2007-01-12 17:55:03 H=sv5pub.verizon.net [206.46.252.141]:47915 I=[IP.IP.IP.IP]:25 F=<> rejected RCPT <shccapstan@domain.com>: No Such User Here
    2007-01-12 17:55:03 SMTP connection from [200.120.62.11]:48443 I=[IP.IP.IP.IP]:25 (TCP/IP connection count = 4Cool
    ----------------------------------------------------------------------------
    007-01-12 17:55:16 1H5Y6X-0000a2-P9 == liquinox@server.name.com R=localuser T=local_delivery defer (-9): failed to lock mailbox /home/liquinox/mail/inbox (lock file)
    2007-01-12 17:55:16 1H5T3e-0003fw-2A == jmsosa@domain.com R=virtual_user T=virtual_userdelivery defer (-52): Retry time not yet reached
    2007-01-12 17:55:16 SMTP connection from [202.231.205.11]:49486 I=[IP.IP.IP.IP]:25 (TCP/IP connection count = 44)
    2007-01-12 17:55:16 1H5PNe-0005j2-Mz == ballroom@server.name.com <advertising@domain.com> R=localuser T=local_delivery defer (-52): Retry time not yet reached
    2007-01-12 17:55:16 no IP address found for host 91767-app1.link2me.com (during SMTP connection from (91767-app1.link2me.com) [83.138.152.13]:49795 I=[IP.IP.IP.IP]:25)
    2007-01-12 17:55:16 1H5P8e-0006PX-QE == chapalit@server.name.com <mail@domain.com> R=localuser T=local_delivery defer (-52): Retry time not yet reached
    2007-01-12 17:55:16 1H53te-0003Jb-MN == fomentar@server.name.com <artemex@domain.com> R=localuser T=local_delivery defer (-52): Retry time not yet reached
    2007-01-12 17:55:17 1H4kpe-00052L-Tz == shari@domain.com R=virtual_user T=virtual_userdelivery defer (-52): Retry time not yet reached
    2007-01-12 17:55:17 1H5NGN-0000vZ-FP == younmone@server.name.com <minb@domain.com> R=localuser T=local_delivery defer (-52): Retry time not yet reached
    2007-01-12 17:55:17 1H4ybN-0008Rs-9s == fomentar@server.name.com <gzwhverd@domain.com> R=localuser T=local_delivery defer (-52): Retry time not yet reached
    2007-01-12 17:55:17 1H5PgN-0001Xo-Nd == elzahir@domain.com R=virtual_user T=virtual_userdelivery defer (-52): Retry time not yet reached
    2007-01-12 17:55:17 DNS list lookup defer (probably timeout) for 34.36.115.207.relays.ordb.org: assumed not in list
    2007-01-12 17:55:17 H=nlpi005.sbcis.sbc.com [207.115.36.34]:49566 I=[IP.IP.IP.IP]:25 F=<> rejected RCPT <xkmquicken@domain.com>: No Such User Here
    2007-01-12 17:55:17 SMTP connection from [64.240.177.61]:13691 I=[IP.IP.IP.IP]:25 (TCP/IP connection count = 45)
    2007-01-12 17:55:17 DNS list lookup defer (probably timeout) for 185.4.162.203.relays.ordb.org: assumed not in list
    2007-01-12 17:55:18 H=hcm-ms-185.vnn.vn [203.162.4.185]:50713 I=[IP.IP.IP.IP]:25 F=<> rejected RCPT <giwobfuscate@fra-designs.com>:
    2007-01-12 17:55:18 SMTP connection from [196.211.1.226]:53678 I=[IP.IP.IP.IP]:25 (TCP/IP connection count = 46)
    2007-01-12 17:55:18 1H5TnN-0000Ij-NC == tom@domain5.com <home@domain.com> R=virtual_user T=virtual_userdelivery defer (-52): Retry time not yet reached
    2007-01-12 17:55:18 1H5UbN-0005K2-8g == asrtcont@server.name.com <support@domain1.com> R=localuser T=local_delivery defer (-52): Retry time not yet reached
    2007-01-12 17:55:18 1H4tfN-0001Je-Aa == arte@domain3.com R=virtual_user T=virtual_userdelivery defer (-52): Retry time not yet reached
    2007-01-12 17:55:18 1H5C3N-00051l-76 == ivethclaros@domain2.com R=virtual_user T=virtual_userdelivery defer (-52): Retry time not yet reached
    2007-01-12 17:55:18 1H5Y73-0000YV-7U <= sztfyug@163.com H=(163.com) [121.34.192.175]:4152 I=[IP.IP.IP.IP]:25 P=esmtp S=1332 T="\264\372\300\355\322\265\316\361\243\241" from <sztfyug@163.com> for kassem@domain4.com
    --------------------------------------------------------------------------------
    IP.IP.IP.IP = Server IP
    server.name.com = Server Name.
    ---------------------------------------------------------------------------------

    Please update us exact solution for spamming.

    Thank you.



    Regards,
    Sachin
     
    #1 SACHIN, Jan 16, 2007
    Last edited by a moderator: Jan 16, 2007
  2. Cristi4n

    Cristi4n Well-Known Member
    PartnerNOC

    Joined:
    Jul 2, 2006
    Messages:
    73
    Likes Received:
    0
    Trophy Points:
    6
    Hy,
    You can remove relays.ordb.org from your blacklists as it does not work anymore and add others

    I currently have TCP/IP connection count =~ 100 and it started a couple of weeks ago ! I don't know yet if this is a problem or not
     
    #2 Cristi4n, Jan 16, 2007
    Last edited: Jan 16, 2007
Loading...

Share This Page