Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Is Our Server Being Used as a Relay?

Discussion in 'General Discussion' started by Jeff_Mash, Oct 1, 2006.

  1. Jeff_Mash

    Jeff_Mash Member

    Joined:
    Oct 1, 2006
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    151
    Hey Guys,

    More and more lately, we are getting the following bounced emails sent to us:

    -----------------------------------------


    From: Mail Delivery Subsystem < MAILER-DAEMON@f1.peterstar.net>
    To: lmcml@mjmmagic.com
    Subject: Returned mail: see transcript for details
    Date: Sat, 30 Sep 2006 07:01:06 +0400 (MSD)

    The original message was received at Sat, 30 Sep 2006 07:01:06 +0400
    (MSD)
    from mx.peterstar.ru [217.195.65.15]

    ----- The following addresses had permanent fatal errors -----
    /d/mail/vodopad
    (reason: Service unavailable)
    (expanded from: < vodopad@peterstar.ru> )

    ----- Transcript of session follows -----
    550 /d/mail/vodopad... User mailbox quota exceeded, please send this
    message later
    554 5.0.0 Service unavailable

    Date: Sat, 30 Sep 2006 12:00:54 +0900
    From: Jerome Oliver < lmcml@mjmmagic.com>
    To: vodopad@peterstar.ru
    Subject: prejudge

    -----------------------------------------

    It appears that this email was sent FROM a user named " Jerome Oliver < lmcml@mjmmagic.com> " , but that user doesn't exist on our server!

    Being a newbie when it comes to cPanel, is there any settings you can walk me through to Tweak in the root Control Panel which may prevent these from being sent out from non-existent users?

    Here is a screenshot of my current Mail settings under cPanel: http://www.mjmmagic.com/images/cPanelMailSettings.jpg
     
    #1 Jeff_Mash, Oct 1, 2006
  2. jayh38

    jayh38 Well-Known Member

    Joined:
    Mar 3, 2006
    Messages:
    1,215
    Likes Received:
    0
    Trophy Points:
    166
    Go to whm > service configuration > service manager
    enable the "antirelayd" service which will require pop authentication
    prior to use smtp.
     
    #2 jayh38, Oct 1, 2006
  3. Jeff_Mash

    Jeff_Mash Member

    Joined:
    Oct 1, 2006
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    151
    Sorry for the long delay in responding. I DO have the antirelayd enabled in my configuration. For some reason though, someone seems to still be sending SPAM out from our domain using fictional users.

    For example, our domain is mjmmagic.com

    We are getting bounced messages back to us, showing that some fictional user like hfsdhjks@mjmmagic.com is sending mail out to people.

    I don't know how to stop this, or determine the script that might be the culprit. Any ideas?
     
    #3 Jeff_Mash, Oct 16, 2006
  4. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    8
    Trophy Points:
    193
    In all probability, you probably just have a spammer out forging the return
    address on the emails as being from your server when it really isn't and
    that's fairly common and not something to overly worry about.

    The one thing you do want to rule out though and confirm is that your server
    is not being used for spam and that is mainly a matter of digging into your
    email and site logs, reviewing the mail queues, and auditing the relayers
    to find out who has been sending mail and where they have been sending
    those messages and that should give you a pretty good idea.

    In the worst case, someone is using your server for spam, there are things
    that can be done fairly easily to put a stop to that permanently.

    Your first step though is finding out what is really going on and finding out
    if you even have a real cause to be alarmed.
     
    #4 Spiral, Oct 18, 2006
(You must log in or sign up to post here.)
Loading...
Similar Threads - Server Being Used
  1. Wesley Brian Lachenal

    Nameserver settings being overwritten

    Wesley Brian Lachenal, Nov 15, 2017, in forum: Bind/DNS/Nameserver
    Replies:
    3
    Views:
    605
    Infopro
    Nov 15, 2017
  2. Mugoma

    Prevent email from being send from server domain

    Mugoma, Apr 22, 2017, in forum: E-mail Discussion
    Replies:
    6
    Views:
    2,218
    postcd
    Mar 20, 2018
  3. DennisMidjord

    Webserver using PHP 5.4 despite being set to 5.6

    DennisMidjord, Jan 10, 2017, in forum: CloudLinux
    Replies:
    18
    Views:
    1,148
    DennisMidjord
    Jan 11, 2017
  4. Human_bieng

    New Thread Authentication failed for all email accounts after server reload

    Human_bieng, Dec 15, 2018 at 9:31 AM, in forum: E-mail Discussion
    Replies:
    1
    Views:
    94
    Infopro
    Dec 15, 2018 at 1:12 PM
  5. Terrence McGinnis

    New Thread How to Setup Custom NameServer in Azure?

    Terrence McGinnis, Dec 15, 2018 at 4:06 AM, in forum: Bind/DNS/Nameserver
    Replies:
    1
    Views:
    41
    dalem
    Dec 15, 2018 at 5:34 AM

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice