The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

My server is being used to send out Spam

Discussion in 'E-mail Discussions' started by samhagin, Jan 4, 2011.

  1. samhagin

    samhagin Registered

    Joined:
    Sep 28, 2010
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    The domain name balletry.com has a wildcard *.balletry.com pointing to the IP for my server. You can see the DNS records at Balletry.com DNS Lookup | Nameserver Lookup - Who.is - Who.is . The owner of this domain is using my server to send out spam. sorbs.net lists all my IPs as balcklisted back from May 2010, due to email from ufpbyf******nweo@balletry.balletry.com . Below are some logs from exim

    2011-01-04 11:36:35 remote host address is the local host: blue.balletry.com (while verifying <EuroMaxxx@blue.balletry.com> from host mx.mailix.net [66.11.225.84])
    2011-01-04 11:36:35 H=mx.mailix.net [66.11.225.84] F=<> temporarily rejected RCPT <EuroMaxxx@blue.balletry.com>: remote host address is the local host

    2011-01-04 10:19:02 H=mx.mailix.net [66.11.225.84] Warning: Sender rate 3.3 / 1h
    2011-01-04 10:19:02 remote host address is the local host: special.balletry.com (while verifying <WildLife@special.balletry.com> from host mx.mailix.net [66.11.225.84])
    2011-01-04 10:19:02 H=mx.mailix.net [66.11.225.84] F=<> temporarily rejected RCPT <WildLife@special.balletry.com>: remote host address is the local host

    How can I block this domain from pointing to my server or stop this activity?
     
  2. mopar93

    mopar93 Registered

    Joined:
    Jan 3, 2011
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    It may not be as bad as you think. Sure, your IP address may be listed on a blacklist due to some stupid spammer using your IP previously on the hosting company you are with. But those emails indicated in your log files are "bounce" emails that your server is rejecting. Whoever the clown is that owns balletry.com is probably sending out spam from somewhere else and hasn't changed the DNS records for his domain name. He's hiding, something which typical spammers do.

    Your server isn't sending out spam, it's just rejecting the incoming bounce messages that are also being rejected by their recipients.

    I think there are strict rules about maintaining proper DNS records and also proper internet registry records. cPanel can't take care of this for you. You should file a complaint with I believe, ARIN, or is it IANA? I've never had to look into that, so I'm not sure what to recommend there.

    Something you could probably do is request a different IP address from your hosting company, one that is clean. It's not your fault that the hosting company allowed a spammer to operate on their service. They shouldn't be assigning an IP to you that has a bad reputation. If they can't help you, then they are defaulting on providing you with a good service.

    -Maurice
     
Loading...

Share This Page