The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Pile Of Spam Undeliverable Messages, But Can't Send To :fail: as it's a valid email

Discussion in 'E-mail Discussions' started by orty, Apr 22, 2008.

  1. orty

    orty Well-Known Member

    Joined:
    Jun 29, 2004
    Messages:
    110
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Bend, Oregon
    cPanel Access Level:
    Root Administrator
    Pile Of Spam Undeliverable Messages, But Can't Send To :fail: as it's a valid address

    Since 11:30PM last night and this morning, I've gotten over 640 "Undelivered Mail Returned To Sender" messages in my inbox. Apparently some automated spamming robot decided to spam a crapload of people faking the reply-to address to bounce back to me, basically using my server as their trash can. Usually these things just get sent to :fail:, as they'll use invalid reply-to addresses on my server, but this time they used and address I actually use. Looking at the headers of the messages that were bounced back...

    Code:
    Return-Path: <jake@mydomain.com>
    Received: from green.shirasaki.co.jp (green.shirasaki.co.jp [202.238.50.147])
    by green.shirasaki.co.jp (Switch-3.1.6/Switch-3.1.2) with SMTP id 03MF0M61F00001658
    for <takahashi@ecosup.com>; Wed, 23 Apr 2008 00:22:47 +0900
    Received: from 59.12.13.99 ([59.12.13.99])
    by green.shirasaki.co.jp (SMSSMTP 4.1.0.19) with SMTP id M2008042300224602851
    for <takahashi@ecosup.com>; Wed, 23 Apr 2008 00:22:47 +0900
    Message-ID: <000801c8a48c$0321b897$914eb19a@nubfw>
    From: "Leivtra Cylais" <jake@mydomain.com>
    To: <takahashi@ecosup.com>
    Subject: Free Viagar Pilsl. takahashi's discount Coupon #GYJTN.
    Date: Tue, 22 Apr 2008 13:35:18 +0000
    MIME-Version: 1.0
    Content-Type: multipart/alternative;
    boundary="----=_NextPart_000_0005_01C8A48C.031BAD84"
    X-Priority: 3
    X-MSMail-Priority: Normal
    X-Mailer: Microsoft Outlook Express 6.00.2900.3138
    X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
    ...it's fairly obvious these didn't come from my server (this particular one came from some ISP in Korea). I need to go through some of the other messages and start digging through the IP addresses to see if there is a few that are the bulk of it so I can report them IPs to the appropriate abuse folks.

    Is there any way to bounce these (I have chirpy's MailScanner setup) or just toss them so that they don't hit my inbox? I know this is a stretch, but is there any way to have the ISPs automatically reported-to (I use Outlook 2003 on my desktop, if that matters -- even if I could get a list of the various IP addresses these were coming from, that'd be terrific)?
     
    #1 orty, Apr 22, 2008
    Last edited: Apr 22, 2008
  2. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,279
    Likes Received:
    36
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    I'm sure there may be better ways - but what you are getting is NDRs / undeliverable messages from remote mail servers.

    For that particular account, you could set up a filter to (at least for a few days) delete incoming messages to that account if the FROM address contains postmaster@ or mailer-daemon@ (the two most common).

    That would stop that account from getting most of the returns from that crap. As you have already figured out, _you_ aren't being spammed - its just remote mail servers sending back the undeliverables / bounces to the forged FROM address that happens to be the address of that email account.

    Mike
     
  3. orty

    orty Well-Known Member

    Joined:
    Jun 29, 2004
    Messages:
    110
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Bend, Oregon
    cPanel Access Level:
    Root Administrator
    I know I'm not getting spammed, and know I'm spamming anybody, I'm just getting the garbage from the spammers -- kind of like a ddos from a variety of e-mail servers around the globe.

    I'll setup a temporary filter to stave things off a bit, was just wondering if there was any sort of way I could report these guys en masse.
     
  4. wkdwich

    wkdwich Well-Known Member

    Joined:
    Apr 11, 2005
    Messages:
    105
    Likes Received:
    0
    Trophy Points:
    16


    Same thing happening right now here.. and reporting is a waste of time.. the newest versions of spam bombs are forging EVERYTHING.. so even the IPs you see are fake..

    been there done that caught a set of files uploaded on my server not too long ago which verifys this.. I saw the script AND the dozens of files each containing IP's, FROM's and content..
     
Loading...

Share This Page