The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

I need help to stop this spam

Discussion in 'General Discussion' started by NetX, Nov 5, 2003.

  1. NetX

    NetX Well-Known Member

    Joined:
    Jun 18, 2003
    Messages:
    177
    Likes Received:
    0
    Trophy Points:
    16
    Hello,

    I really don't know what to do to stop spam from my server. I have checked "maximum mails per hour per domain" in 100, I have SMTP Tweak protection, I have Mailscanner installed, but nothing works to stop spam.

    The problem is that I see my Mail queue with more than 6 000 messages (each one with 100 email addresses), and my server is delivering all !! :(

    1) I don't know how the spammer is doing it.
    2) If I use an external email address and send mail to other external emai, address using my server as smtp, the message is delivered!! Why?? (How can I secure my relayhosts file?)
    3) The spammer is not a current client, is there any form to detect this type of messages and discard them?
    4) What configuration do you recommend in order to mantain my server without spam abuse.

    Please, I need your help


    Example of the today's spam:

    1AHSJc-0006DR-A1-H
    root 0 0
    <o17587@ice.is>
    1068056616 0
    -helo_name unspecified.host
    -host_address 200.63.143.238.2411
    -interface_address 207.44.186.11.25
    -received_protocol smtp
    -body_linecount 21
    -frozen 1068056675
    -host_lookup_failed
    YY gunpilot@adelphia.net
    YY colinj@cox.net
    YY aspagnol@adelphia.net
    NN alpha0102@btopenworld.com
    YN case1@adelphia.net
    NN boyun@21cn.com
    YY dooley44@adelphia.net
    YN dbrinker@adelphia.net
    NN daisyworld@btinternet.com
    YY elaineann@adelphia.net
    NN eddiee@optonline.net
    NN flapara@optonline.net
    YY owc@neo.rr.com
    YY mboyce1@optonline.net
    YY lab02@cox.net
    NY jehannah@optonline.net
    NN jimmyle@21cn.com
    NN leggitt@btinternet.com
    YY mpinkert@optonline.net
    NN mferren@optonline.net
    NN mrwindow@adelphia.net
    YY silkroad@cox.net
    YY scrotem@optonline.net
    YN ptacek@neo.rr.com
    NN paulharrison@btopenworld.com
    NN shenbin0065@sina.com
    YY tyt2000liu@sina.com
    NN ssmith9@adelphia.net
    NY wmzimmer@adelphia.net
    NN yesliyesli@21cn.com
    49
    ptacek@neo.rr.com
    lab02@cox.net
    jimmyle@21cn.com
    gunpilot@adelphia.net
    tyt2000liu@sina.com
    daisyworld@btinternet.com
    mpinkert@optonline.net
    ssmith9@adelphia.net
    dooley44@adelphia.net
    alpha0102@btopenworld.com
    boyun@21cn.com
    owc@neo.rr.com
    scrotem@optonline.net
    zbang@eudoramail.com
    philbailey@juno.com
    knightkap.ok@gte.net
    jehannah@optonline.net
    hicham-1978dz@maktoob.com
    tommysims@earthlink.net
    colinj@cox.net
    mboyce1@optonline.net
    sookie@ix.netcom.com
    eddiee@optonline.net
    a99@earthlink.net
    broder@aculink.net
    mrwindow@adelphia.net
    ron5652@net.com
    wmzimmer@adelphia.net
    rbrownrigg@juno.com
    lfell@mindspring.com
    johnsw3@pfizer.com
    ikg@aculink.net
    vivianmitchell@juno.com
    d_d_palmer@demon.net
    markafreeman@eudoramail.com
    silkroad@cox.net
    elaineann@adelphia.net
    aspagnol@adelphia.net
    case1@adelphia.net
    paulharrison@btopenworld.com
    shenbin0065@sina.com
    yesliyesli@21cn.com
    ramos85@gte.net
    leggitt@btinternet.com
    jsav@atl.mindspring.com
    flapara@optonline.net
    traveln@swbell.net
    dbrinker@adelphia.net
    mferren@optonline.net

    158P Received: from [200.63.143.238] (helo=unspecified.host)
    by host.myserver.com with smtp (Exim 4.24)
    id 1AHSJc-0006DR-A1; Wed, 05 Nov 2003 12:23:36 -0600
    133 Received: from 200.165.217.218 ([200.165.217.218]) by 168.226.87.207 (WinRoute Pro 4.1.27) with SMTP; Mon, 3 Nov 2003 17:32:30 -0300
    037F From: "NSW Bargains" <o17587@ice.is>
    048T To: "jwgeioqggiq@idi.net" <jwgeioqggiq@idi.net>
    062 Subject: Re: Norton Antivirus intro sale - limited quantities
    018 MIME-Version: 1.0
    024 Content-Type: text/html
    054I Message-Id: <E1AHSJc-0006DR-A1@host.myserver.com>
    038 Date: Wed, 05 Nov 2003 12:23:36 -0600
    080 X-yoursite-MailScanner-Information: Please contact the ISP for more information
    042 X-yoursite-MailScanner: Found to be clean
     
  2. Cash

    Cash Well-Known Member

    Joined:
    Jun 9, 2004
    Messages:
    47
    Likes Received:
    0
    Trophy Points:
    6
    i am also facing same problem >_<
     
  3. sawbuck

    sawbuck Well-Known Member

    Joined:
    Jan 18, 2004
    Messages:
    1,367
    Likes Received:
    5
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    #3 sawbuck, Jun 9, 2004
    Last edited: Jun 9, 2004
  4. sawbuck

    sawbuck Well-Known Member

    Joined:
    Jan 18, 2004
    Messages:
    1,367
    Likes Received:
    5
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Do you have verify sender checked in "Exim Configuration Editor" in WHM?
     
  5. tlas

    tlas Registered

    Joined:
    May 27, 2004
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    I was with the same problem.
    I configured the server to request smtp authentication and I did not have more problems.
    i hope i did help you
     
  6. efeito

    efeito Well-Known Member
    PartnerNOC

    Joined:
    Jul 24, 2003
    Messages:
    141
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    .pt
    If you wish we can check your server configurations and help you stoppgin that.

    We have done to other users of this forum too, all of them with sucess.

    Please PM me for details.


    Best regards
     
  7. Cash

    Cash Well-Known Member

    Joined:
    Jun 9, 2004
    Messages:
    47
    Likes Received:
    0
    Trophy Points:
    6
    may i know how you configured it?
     
  8. tlas

    tlas Registered

    Joined:
    May 27, 2004
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    in the WHM - exim configuration editor -> later begin acl he comments the following line:

    #accept hosts = +auth_relay_hosts

    all the users will need to authentication in the serving smtp to send e-mails
     
  9. mr.wonderful

    mr.wonderful BANNED

    Joined:
    Feb 1, 2004
    Messages:
    345
    Likes Received:
    0
    Trophy Points:
    0
    It states in the msg that host lookup failed, so i dont think any messages are going to be sent to those receipients simply because they are stuck in the queue as undeliverable.
     
Loading...

Share This Page