The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Is Our Server Being Used as a Relay?

Discussion in 'General Discussion' started by Jeff_Mash, Oct 1, 2006.

  1. Jeff_Mash

    Jeff_Mash Member

    Joined:
    Oct 1, 2006
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    151
    Hey Guys,

    More and more lately, we are getting the following bounced emails sent to us:

    -----------------------------------------


    From: Mail Delivery Subsystem < MAILER-DAEMON@f1.peterstar.net>
    To: lmcml@mjmmagic.com
    Subject: Returned mail: see transcript for details
    Date: Sat, 30 Sep 2006 07:01:06 +0400 (MSD)

    The original message was received at Sat, 30 Sep 2006 07:01:06 +0400
    (MSD)
    from mx.peterstar.ru [217.195.65.15]

    ----- The following addresses had permanent fatal errors -----
    /d/mail/vodopad
    (reason: Service unavailable)
    (expanded from: < vodopad@peterstar.ru> )

    ----- Transcript of session follows -----
    550 /d/mail/vodopad... User mailbox quota exceeded, please send this
    message later
    554 5.0.0 Service unavailable

    Date: Sat, 30 Sep 2006 12:00:54 +0900
    From: Jerome Oliver < lmcml@mjmmagic.com>
    To: vodopad@peterstar.ru
    Subject: prejudge

    -----------------------------------------

    It appears that this email was sent FROM a user named " Jerome Oliver < lmcml@mjmmagic.com> " , but that user doesn't exist on our server!

    Being a newbie when it comes to cPanel, is there any settings you can walk me through to Tweak in the root Control Panel which may prevent these from being sent out from non-existent users?

    Here is a screenshot of my current Mail settings under cPanel: http://www.mjmmagic.com/images/cPanelMailSettings.jpg
     
    #1 Jeff_Mash, Oct 1, 2006
  2. jayh38

    jayh38 Well-Known Member

    Joined:
    Mar 3, 2006
    Messages:
    1,215
    Likes Received:
    0
    Trophy Points:
    166
    Go to whm > service configuration > service manager
    enable the "antirelayd" service which will require pop authentication
    prior to use smtp.
     
    #2 jayh38, Oct 1, 2006
  3. Jeff_Mash

    Jeff_Mash Member

    Joined:
    Oct 1, 2006
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    151
    Sorry for the long delay in responding. I DO have the antirelayd enabled in my configuration. For some reason though, someone seems to still be sending SPAM out from our domain using fictional users.

    For example, our domain is mjmmagic.com

    We are getting bounced messages back to us, showing that some fictional user like hfsdhjks@mjmmagic.com is sending mail out to people.

    I don't know how to stop this, or determine the script that might be the culprit. Any ideas?
     
    #3 Jeff_Mash, Oct 16, 2006
  4. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    8
    Trophy Points:
    193
    In all probability, you probably just have a spammer out forging the return
    address on the emails as being from your server when it really isn't and
    that's fairly common and not something to overly worry about.

    The one thing you do want to rule out though and confirm is that your server
    is not being used for spam and that is mainly a matter of digging into your
    email and site logs, reviewing the mail queues, and auditing the relayers
    to find out who has been sending mail and where they have been sending
    those messages and that should give you a pretty good idea.

    In the worst case, someone is using your server for spam, there are things
    that can be done fairly easily to put a stop to that permanently.

    Your first step though is finding out what is really going on and finding out
    if you even have a real cause to be alarmed.
     
    #4 Spiral, Oct 18, 2006
(You must log in or sign up to post here.)
Loading...
Similar Threads - Server Being Used
  1. iPlex

    My Server is Being Used in a BruteForce Attack

    iPlex, Sep 9, 2015, in forum: Security
    Replies:
    7
    Views:
    784
    Axell35
    Sep 15, 2015
  2. Mugoma

    Prevent email from being send from server domain

    Mugoma, Apr 22, 2017, in forum: E-mail Discussions
    Replies:
    5
    Views:
    274
    Infopro
    Apr 23, 2017
  3. DennisMidjord

    Webserver using PHP 5.4 despite being set to 5.6

    DennisMidjord, Jan 10, 2017, in forum: CloudLinux
    Replies:
    18
    Views:
    453
    DennisMidjord
    Jan 11, 2017
  4. GreenQ

    Clients receiving spam from themselves, but not being sent from server?

    GreenQ, Sep 26, 2016, in forum: E-mail Discussions
    Replies:
    4
    Views:
    751
    phillbooth
    Oct 20, 2016
  5. ddaddy

    Mail being sent to mail@myserver

    ddaddy, Sep 12, 2016, in forum: E-mail Discussions
    Replies:
    4
    Views:
    321
    cPanelMichael
    Sep 21, 2016

Share This Page