The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

is our server being used to spam, how to fix

Discussion in 'Security' started by actived, Nov 6, 2012.

  1. actived

    actived Well-Known Member

    Joined:
    Mar 30, 2012
    Messages:
    51
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Website Owner
    Hi,
    I got several emails from csf+lfd like this yesterday.

    Code:
    Time:  Tue Nov  6 15:09:19 2012 +0800
    Type:  RELAY, Remote IP - 66.135.63.177 (US/United States/txserver1.geoestimator.com)
    Count: 101 emails relayed
    Blocked: No
    
    Sample of the first 10 emails:
    
    2012-11-06 15:00:31 1TVd9B-0002Gd-FQ <= <> H=txserver1.geoestimator.com (server.networkservicesindia.com) [66.135.63.177]:52758 P=esmtps X=TLSv1:AES256-SHA:256 S=15014 id=E1TVd99-0005D0-LR@server.networkservicesindia.com T="Mail delivery failed: returning message to sender" for noreply@ourdomain.com
    2012-11-06 15:00:47 1TVd9R-0002I0-52 <= <> H=txserver1.geoestimator.com (server.networkservicesindia.com) [66.135.63.177]:52767 P=esmtps X=TLSv1:AES256-SHA:256 S=15000 id=E1TVd9P-0005U9-Ez@server.networkservicesindia.com T="Mail delivery failed: returning message to sender" for noreply@ourdomain.com
    2012-11-06 15:01:05 1TVd9j-0002Ih-Sq <= <> H=txserver1.geoestimator.com (server.networkservicesindia.com) [66.135.63.177]:52782 P=esmtps X=TLSv1:AES256-SHA:256 S=14978 id=E1TVd9i-0005na-4e@server.networkservicesindia.com T="Mail delivery failed: returning message to sender" for noreply@ourdomain.com
    2012-11-06 15:01:09 1TVd9k-0002Ij-BB <= <> H=txserver1.geoestimator.com (server.networkservicesindia.com) [66.135.63.177]:52783 P=esmtps X=TLSv1:AES256-SHA:256 S=14856 id=E1TVd9i-0005ob-LU@server.networkservicesindia.com T="Mail delivery failed: returning message to sender" for noreply@ourdomain.com
    ...
    
    where "ourdomain.com" is my server's domain.

    I'm not sure what to make of this.

    Is there some tool to verify or trace the source of emails?

    Thanks in advance,
    Regards,
    Dave.
     
Loading...

Share This Page