flash_me

Member
Sep 30, 2003
11
0
151
Hello everyone,

I'm receving thousand of these e-mails...i've have added
filters on my cpanel but seems these kind of
e-mails bypass the cpanel filters....

Some ideas on how to solve this

Thanks



From: [email protected]



Return-path: <>
Envelope-to: [email protected]
Delivery-date: Sun, 18 Jul 2004 11:20:36 -0500
Received: from [203.107.133.45] (helo=mail.theserverbiz.com)
by myserver.com with smtp (Exim 4.34)
id 1BmEOw-0006lV-IJ
for [email protected]; Sun, 18 Jul 2004 11:20:35 -0500
Received: (qmail 79913 invoked for bounce); 18 Jul 2004 16:07:14 -0000
Date: 18 Jul 2004 16:07:14 -0000
From: [email protected]
To: [email protected]
Subject: failure notice

Hi. This is the qmail-send program at mail.theserverbiz.com.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<[email protected]>:
Sorry, no mailbox here by that name. vpopmail (#5.1.1)

--- Below this line is a copy of the message.

Return-Path: <[email protected]>
Received: (qmail 79107 invoked from network); 18 Jul 2004 16:05:50 -0000
Received: from host16-102.pool80116.interbusiness.it (HELO mail.piercingexports.com) (80.116.xxx.xx)
by 0 with SMTP; 18 Jul 2004 16:05:50 -0000
Message-ID: <[email protected]>
From: jpeg <[email protected]>
To: <[email protected]>
Subject: jpeg
Date: dom, 18 lug 2004
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_Part_16461_4414287.7418427666853"
X-Priority: 3
Microsoft Outlook Express 5.00.2314.1300

------=_Part_16461_4414287.7418427666853
Content-Type: text/plain;
charset="iso-8859-2"
Content-Transfer-Encoding: quoted-printable

Surprise!

------=_Part_16461_4414287.7418427666853
Content-Type: application/octet-stream;
name="Surprise.com"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="Surprise.com"
 

Sheldon

Well-Known Member
Jun 7, 2004
378
0
166
Canada
possibilities

1. youve been rooted
2. mailerdaemons always bypass filters :P

you should never use filters on them anyways.. you should always recieve them
how else do you know if there is a problem if you never recieve them... they are not a
simple annoyance problem. they are there for a reason... :P

Sheldon
 

flash_me

Member
Sep 30, 2003
11
0
151
i agree with you but i'm receiving thousand of e-mails just like the one i post, no way to block it ?
 

Sheldon

Well-Known Member
Jun 7, 2004
378
0
166
Canada
use your mail client filters to delete the emails!

and .. then id suggest forking over lotsa $$ to have your server fixed...

either that backup personal files only and format!
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,437
32
473
Go on, have a guess
1. infected by a trojan
2. rooted
3. one of your clients or someone is spamming!
Nope, that's wrong.

If you look at the bounced email header you'll see that the last received header record (the only one you can trust) comes from host16-102.pool80116.interbusiness.it - a dialup port.

What you're suffering from is spam bounces where you are the innocent party in a forged header that has your email address in the from field.

Unfortunately, there's little you can do about this other than ride it out. You ought not filter out mailer-daemon emails as they are the last resort for delivery failure notification and are essential for tracking down mailing issues.

these things usually blow over after 24-48 hours.
 

Leandro

Well-Known Member
Sep 23, 2003
48
0
156
Argentin
cPanel Access Level
DataCenter Provider
Are there any way to fix it finaly?

renaming sendmail some local delivery fails... but doing it for a few minutes, the sent stops...

How can we stop this fucking spammers ???

thanks a lot !!!
 

geeshock

Registered
Sep 3, 2004
3
0
151
Solution, re-install and restore a backup. PPL think I'm insane for backing up everynight, sometimes twice a day but issues like this are exactly why I do them. rsync -azv -H -e has always did me right :)
 

flash_me

Member
Sep 30, 2003
11
0
151
chirpy said:
Nope, that's wrong.

If you look at the bounced email header you'll see that the last received header record (the only one you can trust) comes from host16-102.pool80116.interbusiness.it - a dialup port.

What you're suffering from is spam bounces where you are the innocent party in a forged header that has your email address in the from field.

Unfortunately, there's little you can do about this other than ride it out. You ought not filter out mailer-daemon emails as they are the last resort for delivery failure notification and are essential for tracking down mailing issues.

these things usually blow over after 24-48 hours.
Chirpy you where right, actually after 20 days with thousand and thousand of e-mails things got fixed . :) :)
 

webits

Well-Known Member
May 15, 2004
114
0
166
Easy go to your WHM ROOT go to exim and discard :)
 

Sash

Well-Known Member
Feb 18, 2003
252
0
166
Leandro said:
Hello:

I have the same problem and fix it renaming the senmail link

I hope it helps you !!!
What do you mean by "renaming the sendmail link"?

Thanks
Mike