many messages from ymail.com

upsforum

upsforum

Well-Known Member
Jul 27, 2005
474
0
166
I can block these messages?
PHP: 
Event:	failure error
User:	username
Domain:	virtualhost
Sender:	[email protected]
Sent Time:	Aug 6, 2013 1:33:13 PM
Sender Host:	localhost
Sender IP:	127.0.0.1
Authentication:	dovecot_login
Spam Score:	
Recipient:	[email protected]
Delivered To:	
Delivery User:	
Delivery Domain:	
Router:	lookuphost
Transport:	remote_smtp
Out Time:	Aug 6, 2013 1:33:13 PM
ID:	1V6fVd-0001Tv-Kj
Delivery Host:	mta6.am0.yahoodns.net
Delivery IP:	63.250.192.46
Size:	1.81 KB
Result:	SMTP error from remote mail server after end of data: host mta6.am0.yahoodns.net [63.250.192.46]: 554 delivery error: dd This user doesn't have a ymail.com account ([email protected]) [0] - mta1651.mail.gq1.yahoo.com
 
cPanelMichael

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,883
2,256
463
Hello :)

It looks like that is a bounce message coming from Yahoo. It indicates the email account sent to does not exist. You can ensure this message does not bounce by not sending emails to that email address. If the message was sent to Yahoo by a spammer, you may find the following document useful:

cPanel - Prevent Email Abuse

Thank you.
 
upsforum

upsforum

Well-Known Member
Jul 27, 2005
474
0
166
I applied the rules on "cPanel - Prevent Email Abuse" but today I have same problem, you can see attach screenshot, exim conveys too many of these messages with [email protected] like sender

attachment: /https://docs.google.com/file/d/0B5E_-_2tuhrVMHVtZkVfVVRfOUk/edit?pli=1
 
cPanelMichael

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,883
2,256
463
Could you clarify if you are stating that your server is being used to send email with "Ymail.com" as the "from" address? If so, you should be able to determine the username that is sending this email in the delivery event details of the image you provided. You can search this account for scripts with the ability to send email, or suspend the user if they are spoofing the from field through an external email client.

Thank you.
 
upsforum

upsforum

Well-Known Member
Jul 27, 2005
474
0
166
is possible that this email account have a vulnerable password? I tried change password, I wait and see what happens tomorrow
 
cPanelMichael

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,883
2,256
463
upsforum said:
is possible that this email account have a vulnerable password? I tried change password, I wait and see what happens tomorrow
Click to expand...
It's possible, but it's also possible there is a script that is capable of sending email on this account.

Thank you.
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
V Too many "Received" headers - suspected mail loop Email 3
leonep too many messages Email 4
A script sending SMTP too many messages in this connection Email 6
albatroz SMTP error messages: too many syntax or protocol errors Email 1
W 421 too many messages in this connection Email 0
Similar threads
Too many "Received" headers - suspected mail loop
too many messages
script sending SMTP too many messages in this connection
SMTP error messages: too many syntax or protocol errors
421 too many messages in this connection
Top Bottom