My server is being used to send out Spam

S

samhagin

Registered
Sep 28, 2010
4
0
51
The domain name balletry.com has a wildcard *.balletry.com pointing to the IP for my server. You can see the DNS records at Balletry.com DNS Lookup | Nameserver Lookup - Who.is - Who.is . The owner of this domain is using my server to send out spam. sorbs.net lists all my IPs as balcklisted back from May 2010, due to email from ufpbyf******[email protected] . Below are some logs from exim

2011-01-04 11:36:35 remote host address is the local host: blue.balletry.com (while verifying <EuroMax[email protected]> from host mx.mailix.net [66.11.225.84])
2011-01-04 11:36:35 H=mx.mailix.net [66.11.225.84] F=<> temporarily rejected RCPT <EuroMa[email protected]>: remote host address is the local host

2011-01-04 10:19:02 H=mx.mailix.net [66.11.225.84] Warning: Sender rate 3.3 / 1h
2011-01-04 10:19:02 remote host address is the local host: special.balletry.com (while verifying <[email protected]> from host mx.mailix.net [66.11.225.84])
2011-01-04 10:19:02 H=mx.mailix.net [66.11.225.84] F=<> temporarily rejected RCPT <WildLife@special.balletry.com>: remote host address is the local host

How can I block this domain from pointing to my server or stop this activity?
 
M

mopar93

Registered
Jan 3, 2011
4
0
51
It may not be as bad as you think. Sure, your IP address may be listed on a blacklist due to some stupid spammer using your IP previously on the hosting company you are with. But those emails indicated in your log files are "bounce" emails that your server is rejecting. Whoever the clown is that owns balletry.com is probably sending out spam from somewhere else and hasn't changed the DNS records for his domain name. He's hiding, something which typical spammers do.

Your server isn't sending out spam, it's just rejecting the incoming bounce messages that are also being rejected by their recipients.

I think there are strict rules about maintaining proper DNS records and also proper internet registry records. cPanel can't take care of this for you. You should file a complaint with I believe, ARIN, or is it IANA? I've never had to look into that, so I'm not sure what to recommend there.

Something you could probably do is request a different IP address from your hosting company, one that is clean. It's not your fault that the hosting company allowed a spammer to operate on their service. They shouldn't be assigning an IP to you that has a bad reputation. If they can't help you, then they are defaulting on providing you with a good service.

-Maurice
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
S EM mail client - eml attachments being refused by server Email 2
W Servers being used as email relays for spamming Email 1
H My server is being used to send spam Email 4
P My server is being used for spam. Help... Email 2
Kent Brockman How do you know how many Mailman mailing lists are being used in the server? Email 6
Similar threads
EM mail client - eml attachments being refused by server
Servers being used as email relays for spamming
My server is being used to send spam
My server is being used for spam. Help...
How do you know how many Mailman mailing lists are being used in the server?
Top Bottom