The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Lots of spam to genuine email accounts

Discussion in 'E-mail Discussions' started by MrL22, Oct 20, 2015.

  1. MrL22

    MrL22 Active Member

    Joined:
    Jul 11, 2003
    Messages:
    34
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Tamworth, United Kingdom
    Hello,

    Every couple of days we get get a burst of spam to our servers which last around 4 hours, the email is different for each burst but when it starts we usually get thousands of identical emails sent to our servers but sent to hundreds of different email accounts. The strange thing about this is that all the emails seem to go to genuine email accounts that exist and even accounts that are hardly/never used for example; fredb@somedomain.com but FredB never used his account because he was setup on the system but never started at the company in the end...

    The most recent email is this sanesecurity.blogspot.co.uk/2015/10/shaun-buzzard-order-lp2220151013164535d.html

    Because all the spam seems to go to specific accounts that exist and very rarely sales@ support@ It makes me believe that some how the spammers/spam are getting a list of genuine accounts from my servers but I am not sure how they would do this other than working out from bounce mails. When setting up new servers I generally follow a guide on how to make the servers more secure, such as :blackhole: mail etc.

    Does anyone have any ideas?

    Thanks in advance.
     
    #1 MrL22, Oct 20, 2015
    Last edited by a moderator: Oct 20, 2015
  2. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    I once had a similar fear, so configured an email account purely and simply as a honeytrap.
    In almost 12 months, the honey trap (which has never been advertised) has not had a single email.
     
  3. MrL22

    MrL22 Active Member

    Joined:
    Jul 11, 2003
    Messages:
    34
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Tamworth, United Kingdom
    That is a very good idea, spam is so clever now and some of their spam patterns make you think twice.
     
  4. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    I also get a few which try to go to email addresses that never existed.... ever
    However, the pattern is consistant.

    eg: parrin@, whitton@, cal.rattlidge@

    None of these are remotely similar to anything or anyone within our organisation, so whoever made these emails up to spam us, have no doubt sold it on, as i see failed emails to these recipients many times daily.
     
  5. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    SPF, DKIM, GreyListing and SpamAssasin should help to reduce these.
    Also you could consider adding addition RBL's to EXIM config.

    If you have CSF installed, there is a feature 'LFD Block Lists'.
    I'm not sure if this helps towards cutting spam though.

    If all else fails, CSF have a paid solution called 'Mail Scanner'
    I've yet to clarify if this helps root out incoming spam.
     
  6. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,448
    Likes Received:
    194
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Best money I ever spent, been using it on many servers since its inception.
     
Loading...

Share This Page