I need help to stop this spam

NetX

Well-Known Member
Jun 18, 2003
177
0
166
Hello,

I really don't know what to do to stop spam from my server. I have checked "maximum mails per hour per domain" in 100, I have SMTP Tweak protection, I have Mailscanner installed, but nothing works to stop spam.

The problem is that I see my Mail queue with more than 6 000 messages (each one with 100 email addresses), and my server is delivering all !! :(

1) I don't know how the spammer is doing it.
2) If I use an external email address and send mail to other external emai, address using my server as smtp, the message is delivered!! Why?? (How can I secure my relayhosts file?)
3) The spammer is not a current client, is there any form to detect this type of messages and discard them?
4) What configuration do you recommend in order to mantain my server without spam abuse.

Please, I need your help


Example of the today's spam:

1AHSJc-0006DR-A1-H
root 0 0
<[email protected]>
1068056616 0
-helo_name unspecified.host
-host_address 200.63.143.238.2411
-interface_address 207.44.186.11.25
-received_protocol smtp
-body_linecount 21
-frozen 1068056675
-host_lookup_failed
YY [email protected]
YY [email protected]
YY [email protected]
NN [email protected]
YN [email protected]
NN [email protected]
YY [email protected]
YN [email protected]
NN [email protected]
YY [email protected]
NN [email protected]
NN [email protected]
YY [email protected]
YY [email protected]
YY [email protected]
NY [email protected]
NN [email protected]
NN [email protected]
YY [email protected]
NN [email protected]
NN [email protected]
YY [email protected]
YY [email protected]
YN [email protected]
NN [email protected]
NN [email protected]
YY [email protected]
NN [email protected]
NY [email protected]
NN [email protected]
49
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]

158P Received: from [200.63.143.238] (helo=unspecified.host)
by host.myserver.com with smtp (Exim 4.24)
id 1AHSJc-0006DR-A1; Wed, 05 Nov 2003 12:23:36 -0600
133 Received: from 200.165.217.218 ([200.165.217.218]) by 168.226.87.207 (WinRoute Pro 4.1.27) with SMTP; Mon, 3 Nov 2003 17:32:30 -0300
037F From: "NSW Bargains" <[email protected]>
048T To: "[email protected]" <[email protected]>
062 Subject: Re: Norton Antivirus intro sale - limited quantities
018 MIME-Version: 1.0
024 Content-Type: text/html
054I Message-Id: <[email protected]>
038 Date: Wed, 05 Nov 2003 12:23:36 -0600
080 X-yoursite-MailScanner-Information: Please contact the ISP for more information
042 X-yoursite-MailScanner: Found to be clean
 

tlas

Registered
May 27, 2004
4
0
151
I was with the same problem.
I configured the server to request smtp authentication and I did not have more problems.
i hope i did help you
 

efeito

Well-Known Member
PartnerNOC
Jul 24, 2003
141
0
166
.pt
If you wish we can check your server configurations and help you stoppgin that.

We have done to other users of this forum too, all of them with sucess.

Please PM me for details.


Best regards
 

Cash

Well-Known Member
Jun 9, 2004
47
0
156
Originally posted by tlas
I was with the same problem.
I configured the server to request smtp authentication and I did not have more problems.
i hope i did help you
may i know how you configured it?
 

tlas

Registered
May 27, 2004
4
0
151
in the WHM - exim configuration editor -> later begin acl he comments the following line:

#accept hosts = +auth_relay_hosts

all the users will need to authentication in the serving smtp to send e-mails
 

mr.wonderful

BANNED
Feb 1, 2004
344
1
166
It states in the msg that host lookup failed, so i dont think any messages are going to be sent to those receipients simply because they are stuck in the queue as undeliverable.