Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Mailer-daemon@

Discussion in 'E-mail Discussion' started by flash_me, Jul 18, 2004.

  1. flash_me

    flash_me Member

    Joined:
    Sep 30, 2003
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    151
    Hello everyone,

    I'm receving thousand of these e-mails...i've have added
    filters on my cpanel but seems these kind of
    e-mails bypass the cpanel filters....

    Some ideas on how to solve this

    Thanks



    From: MAILER-DAEMON@mail.theserverbiz.com



    Return-path: <>
    Envelope-to: info@MYDOMAIN.com
    Delivery-date: Sun, 18 Jul 2004 11:20:36 -0500
    Received: from [203.107.133.45] (helo=mail.theserverbiz.com)
    by myserver.com with smtp (Exim 4.34)
    id 1BmEOw-0006lV-IJ
    for info@MYDOMAIN.com; Sun, 18 Jul 2004 11:20:35 -0500
    Received: (qmail 79913 invoked for bounce); 18 Jul 2004 16:07:14 -0000
    Date: 18 Jul 2004 16:07:14 -0000
    From: MAILER-DAEMON@mail.theserverbiz.com
    To: info@MYDOMAIN.com
    Subject: failure notice

    Hi. This is the qmail-send program at mail.theserverbiz.com.
    I'm afraid I wasn't able to deliver your message to the following addresses.
    This is a permanent error; I've given up. Sorry it didn't work out.

    <jaloja@piercingexports.com>:
    Sorry, no mailbox here by that name. vpopmail (#5.1.1)

    --- Below this line is a copy of the message.

    Return-Path: <info@MYDOMAIN.com>
    Received: (qmail 79107 invoked from network); 18 Jul 2004 16:05:50 -0000
    Received: from host16-102.pool80116.interbusiness.it (HELO mail.piercingexports.com) (80.116.xxx.xx)
    by 0 with SMTP; 18 Jul 2004 16:05:50 -0000
    Message-ID: <x737259001.3914723911236841938@grqldlduj>
    From: jpeg <info@MYDOMAIN.com>
    To: <jaloja@piercingexports.com>
    Subject: jpeg
    Date: dom, 18 lug 2004
    MIME-Version: 1.0
    Content-Type: multipart/mixed;
    boundary="----=_Part_16461_4414287.7418427666853"
    X-Priority: 3
    Microsoft Outlook Express 5.00.2314.1300

    ------=_Part_16461_4414287.7418427666853
    Content-Type: text/plain;
    charset="iso-8859-2"
    Content-Transfer-Encoding: quoted-printable

    Surprise!

    ------=_Part_16461_4414287.7418427666853
    Content-Type: application/octet-stream;
    name="Surprise.com"
    Content-Transfer-Encoding: base64
    Content-Disposition: attachment;
    filename="Surprise.com"
     
  2. flash_me

    flash_me Member

    Joined:
    Sep 30, 2003
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    151
    up...some ideas?
     
  3. Sheldon

    Sheldon Well-Known Member

    Joined:
    Jun 7, 2004
    Messages:
    378
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Canada
    your server is either

    1. infected by a trojan
    2. rooted
    3. one of your clients or someone is spamming!

    those are likely situations
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. flash_me

    flash_me Member

    Joined:
    Sep 30, 2003
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    151
    the problem is how are these e-mail bypassing cpanels filters?
     
  5. Sheldon

    Sheldon Well-Known Member

    Joined:
    Jun 7, 2004
    Messages:
    378
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Canada
    possibilities

    1. youve been rooted
    2. mailerdaemons always bypass filters :P

    you should never use filters on them anyways.. you should always recieve them
    how else do you know if there is a problem if you never recieve them... they are not a
    simple annoyance problem. they are there for a reason... :P

    Sheldon
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. flash_me

    flash_me Member

    Joined:
    Sep 30, 2003
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    151
    i agree with you but i'm receiving thousand of e-mails just like the one i post, no way to block it ?
     
  7. Sheldon

    Sheldon Well-Known Member

    Joined:
    Jun 7, 2004
    Messages:
    378
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Canada
    use your mail client filters to delete the emails!

    and .. then id suggest forking over lotsa $$ to have your server fixed...

    either that backup personal files only and format!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. Leandro

    Leandro Well-Known Member

    Joined:
    Sep 23, 2003
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    156
    Location:
    Argentin
    cPanel Access Level:
    DataCenter Provider
    Hello:

    I have the same problem and fix it renaming the senmail link

    I hope it helps you !!!
     
  9. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,460
    Likes Received:
    21
    Trophy Points:
    463
    Location:
    Go on, have a guess
    Nope, that's wrong.

    If you look at the bounced email header you'll see that the last received header record (the only one you can trust) comes from host16-102.pool80116.interbusiness.it - a dialup port.

    What you're suffering from is spam bounces where you are the innocent party in a forged header that has your email address in the from field.

    Unfortunately, there's little you can do about this other than ride it out. You ought not filter out mailer-daemon emails as they are the last resort for delivery failure notification and are essential for tracking down mailing issues.

    these things usually blow over after 24-48 hours.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. Leandro

    Leandro Well-Known Member

    Joined:
    Sep 23, 2003
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    156
    Location:
    Argentin
    cPanel Access Level:
    DataCenter Provider
    Are there any way to fix it finaly?

    renaming sendmail some local delivery fails... but doing it for a few minutes, the sent stops...

    How can we stop this fucking spammers ???

    thanks a lot !!!
     
  11. geeshock

    geeshock Registered

    Joined:
    Sep 3, 2004
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    151
    Solution, re-install and restore a backup. PPL think I'm insane for backing up everynight, sometimes twice a day but issues like this are exactly why I do them. rsync -azv -H -e has always did me right :)
     
  12. flash_me

    flash_me Member

    Joined:
    Sep 30, 2003
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    151
    Chirpy you where right, actually after 20 days with thousand and thousand of e-mails things got fixed . :) :)
     
  13. tandyuk

    tandyuk Active Member

    Joined:
    Dec 18, 2003
    Messages:
    33
    Likes Received:
    1
    Trophy Points:
    158
    Roll on SPF!

    Im having the same problem, but with 600,000 mails in the queue.

    Does anyone know a quick way a clearing exims queue?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  14. webits

    webits Well-Known Member

    Joined:
    May 15, 2004
    Messages:
    114
    Likes Received:
    0
    Trophy Points:
    166
    Easy go to your WHM ROOT go to exim and discard :)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  15. Sash

    Sash Well-Known Member

    Joined:
    Feb 18, 2003
    Messages:
    252
    Likes Received:
    0
    Trophy Points:
    166
    What do you mean by "renaming the sendmail link"?

    Thanks
    Mike
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice