The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Is Our Server Being Used as a Relay?

Discussion in 'General Discussion' started by Jeff_Mash, Oct 1, 2006.

  1. Jeff_Mash

    Jeff_Mash Member

    Joined:
    Oct 1, 2006
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    Hey Guys,

    More and more lately, we are getting the following bounced emails sent to us:

    -----------------------------------------


    From: Mail Delivery Subsystem < MAILER-DAEMON@f1.peterstar.net>
    To: lmcml@mjmmagic.com
    Subject: Returned mail: see transcript for details
    Date: Sat, 30 Sep 2006 07:01:06 +0400 (MSD)

    The original message was received at Sat, 30 Sep 2006 07:01:06 +0400
    (MSD)
    from mx.peterstar.ru [217.195.65.15]

    ----- The following addresses had permanent fatal errors -----
    /d/mail/vodopad
    (reason: Service unavailable)
    (expanded from: < vodopad@peterstar.ru> )

    ----- Transcript of session follows -----
    550 /d/mail/vodopad... User mailbox quota exceeded, please send this
    message later
    554 5.0.0 Service unavailable

    Date: Sat, 30 Sep 2006 12:00:54 +0900
    From: Jerome Oliver < lmcml@mjmmagic.com>
    To: vodopad@peterstar.ru
    Subject: prejudge

    -----------------------------------------

    It appears that this email was sent FROM a user named " Jerome Oliver < lmcml@mjmmagic.com> " , but that user doesn't exist on our server!

    Being a newbie when it comes to cPanel, is there any settings you can walk me through to Tweak in the root Control Panel which may prevent these from being sent out from non-existent users?

    Here is a screenshot of my current Mail settings under cPanel: http://www.mjmmagic.com/images/cPanelMailSettings.jpg
     
  2. jayh38

    jayh38 Well-Known Member

    Joined:
    Mar 3, 2006
    Messages:
    1,215
    Likes Received:
    0
    Trophy Points:
    36
    Go to whm > service configuration > service manager
    enable the "antirelayd" service which will require pop authentication
    prior to use smtp.
     
  3. Jeff_Mash

    Jeff_Mash Member

    Joined:
    Oct 1, 2006
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    Sorry for the long delay in responding. I DO have the antirelayd enabled in my configuration. For some reason though, someone seems to still be sending SPAM out from our domain using fictional users.

    For example, our domain is mjmmagic.com

    We are getting bounced messages back to us, showing that some fictional user like hfsdhjks@mjmmagic.com is sending mail out to people.

    I don't know how to stop this, or determine the script that might be the culprit. Any ideas?
     
  4. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    In all probability, you probably just have a spammer out forging the return
    address on the emails as being from your server when it really isn't and
    that's fairly common and not something to overly worry about.

    The one thing you do want to rule out though and confirm is that your server
    is not being used for spam and that is mainly a matter of digging into your
    email and site logs, reviewing the mail queues, and auditing the relayers
    to find out who has been sending mail and where they have been sending
    those messages and that should give you a pretty good idea.

    In the worst case, someone is using your server for spam, there are things
    that can be done fairly easily to put a stop to that permanently.

    Your first step though is finding out what is really going on and finding out
    if you even have a real cause to be alarmed.
     
Loading...

Share This Page