Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

other using my email return address

Discussion in 'E-mail Discussion' started by limneos, Mar 1, 2007.

  1. limneos

    limneos Member

    Mar 21, 2004
    Likes Received:
    Trophy Points:
    For the last week, I see undeliverable messages returned to sender , by someone using my server's hostname as a return address , causing my server to receive thousands of undeliverable messages!
    The problem is that whoever this is, they send spam mail, and it contains misleading information about banking accounts, which sounds really dangerous and illegal, considering that there is a chance that my server's address is involved in this.

    Does anybody know how to stop this from happening?
    I changed my hostname since it the only standard thing I saw they used, now what?

    Thank you in advance,

    Elias Limneos
  2. SageBrian

    SageBrian Well-Known Member

    Jun 1, 2002
    Likes Received:
    Trophy Points:
    NY/CT (US)
    cPanel Access Level:
    Root Administrator
    I've got this going on right now for one of my clients.
    Luckily, a bunch are now getting caught by the spam filters.
    And luckily, it's only one domain right now.

    I figure I can just ride it out. Not much can be done.

    What's interesting is that they are using a spoofed Header, making the message look like it comes from the server.
    Something like:
    Received: from (HELO

    [where IP is server IP, and is the client domain]

    I'm just hoping some server admin out there doesn't think the spoofed header is real, and decide to blacklist the IP.
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. ninjatech

    ninjatech Registered

    Mar 29, 2005
    Likes Received:
    Trophy Points:
    About 50,000 return-mail spam bounce backs daily now. Un-freaking-believable. Not even originating from my server. And it's just not one type of spam but hundreds, I tried filtering them but seems like new dozen or so every day get genreated. HELP!

    It's amazing in todays day and age of the Internet that further methods of improving and securing people against spammers has not been created yet, or implimented.
  4. vijeesh

    vijeesh Member

    May 26, 2006
    Likes Received:
    Trophy Points:
    Are you getting bounced mails on the "default address" ? In that case you can set it to : fail,
    so bounces to existing email accounts only will be recieved. Try to setup SPF record also.
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. Spiral

    Spiral BANNED

    Jun 24, 2005
    Likes Received:
    Trophy Points:
    Limneos, an analysis of the headers of the bounced messages will tell you
    whether or not your server has been used for spam or not.

    Generally speaking, there is a very high probability that a spammer is just
    simply setting their return address to your domain instead of actually really
    sending from your server which is a good thing. Unfortunately, there really
    is not much you can do about that because anyone can set their return
    address to any email address.

    The good news is the spam blacklists out there are all wise to this technique
    and you won't get listed in any of the major blacklists from a spammer
    forging their return address to casually look like it came from you.

    What I would recommend though is that you have a valid SPF record setup
    for your domain in the DNS record for the domain. This will help other mail
    servers more quickly recognize that those are fraudulent messages that
    really did not originate from your server.

    As for the annoyance on your end, I would route the default mail for that
    domain to ":fail:" and you can keyword filter any bounced messages
    that make it through which should be fairly easy especially so if the
    spammer is sending out the same basic message to everyone.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice