many messages from ymail.com

upsforum

Well-Known Member
Jul 27, 2005
473
0
166
I can block these messages?
PHP:
Event:	failure error
User:	username
Domain:	virtualhost
Sender:	[email protected]
Sent Time:	Aug 6, 2013 1:33:13 PM
Sender Host:	localhost
Sender IP:	127.0.0.1
Authentication:	dovecot_login
Spam Score:	
Recipient:	[email protected]
Delivered To:	
Delivery User:	
Delivery Domain:	
Router:	lookuphost
Transport:	remote_smtp
Out Time:	Aug 6, 2013 1:33:13 PM
ID:	1V6fVd-0001Tv-Kj
Delivery Host:	mta6.am0.yahoodns.net
Delivery IP:	63.250.192.46
Size:	1.81 KB
Result:	SMTP error from remote mail server after end of data: host mta6.am0.yahoodns.net [63.250.192.46]: 554 delivery error: dd This user doesn't have a ymail.com account ([email protected]) [0] - mta1651.mail.gq1.yahoo.com
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,201
363
Hello :)

It looks like that is a bounce message coming from Yahoo. It indicates the email account sent to does not exist. You can ensure this message does not bounce by not sending emails to that email address. If the message was sent to Yahoo by a spammer, you may find the following document useful:

cPanel - Prevent Email Abuse

Thank you.
 

upsforum

Well-Known Member
Jul 27, 2005
473
0
166
I applied the rules on "cPanel - Prevent Email Abuse" but today I have same problem, you can see attach screenshot, exim conveys too many of these messages with [email protected] like sender

attachment: /https://docs.google.com/file/d/0B5E_-_2tuhrVMHVtZkVfVVRfOUk/edit?pli=1
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,201
363
Could you clarify if you are stating that your server is being used to send email with "Ymail.com" as the "from" address? If so, you should be able to determine the username that is sending this email in the delivery event details of the image you provided. You can search this account for scripts with the ability to send email, or suspend the user if they are spoofing the from field through an external email client.

Thank you.
 

upsforum

Well-Known Member
Jul 27, 2005
473
0
166
is possible that this email account have a vulnerable password? I tried change password, I wait and see what happens tomorrow
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,201
363
is possible that this email account have a vulnerable password? I tried change password, I wait and see what happens tomorrow
It's possible, but it's also possible there is a script that is capable of sending email on this account.

Thank you.