The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Receiving spam from myself

Discussion in 'E-mail Discussions' started by jotay, Dec 18, 2008.

  1. jotay

    jotay Member

    Joined:
    Oct 11, 2005
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    hi friends,

    me and my customers are receiving spam from our accounts ....

    example: if my email account is webmaster@abc.com .... i receive a lot of spam from webmaster@abc.com and others @abc.com accounts.

    i have instaled on the server the ConfigServer Security & Firewall - csf v4.29 ... but i really don't know what additional action I must to do.

    i will apreciate any step by step help :confused:

    thx a lot

    J
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,482
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    What version of cPanel are you on?
     
  3. jotay

    jotay Member

    Joined:
    Oct 11, 2005
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    cPanel 11.24.4-R32470 - WHM 11.24.2 - X 3.9
    CENTOS 4.7 i686 on standard

    thx
     
  4. rhenderson

    rhenderson Well-Known Member

    Joined:
    Apr 21, 2005
    Messages:
    785
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Oklahoma
    cPanel Access Level:
    Root Administrator
    Is your email server set to authenticate before SMTP? If not you may have an open relay, check your mailserver at http://www.mxtoolbox.com/

    Other than that someone might have hijacked your email address, look at your headers and see where they are coming from. SPF records does help this somewhat.
     
  5. jotay

    jotay Member

    Joined:
    Oct 11, 2005
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    Sorry but i don't know how verify if the server set to authenticate before SMTP :( ......

    one aditional note is some client's ISP must use the smtp ISP's configuration .... if you try to use the smtp configuration of my server (mail.MYDOMAIN.COM) the email can't be sent.

    ok i made a SMTP diagnostics and return this (from : mxtoolbox.com)

    Banner: -matrix.MYDOMAINh1.com ESMTP Exim 4.69 #1 Fri, 19 Dec 2008 09:39:54 -0430 [2266 ms]

    Connect Time: 0.047 seconds - Good
    Transaction Time: 2.531 seconds - Good

    Relay Check: WARNING! Your server could be an open relay.

    Rev DNS Check: OK - NN.NNN.NNN.NNN resolves to MYISP.com

    GeoCode Info: Geocoding server is unavailable
    Session Transcript: HELO please-read-policy.mxtoolbox.com
    220-We do not authorize the use of this system to transport unsolicited, [0 ms]
    MAIL FROM: <test@mxtoolbox.com>
    220 and/or bulk e-mail. [0 ms]
    RCPT TO: <test@mxtoolbox.com>
    250 matrix.MYDOMAINh1.com Hello mxtb-pws1.mxtoolbox.com [64.20.227.131] [47 ms]
    QUIT
    250 OK [172 ms]

    ..... aditional.... THIS IS AN EXAMPLE OF HEADERS (the email was send from webmaster@MYDOMAIN.net to webmaster@MYDOMAIN.net........ additional webmaster@MYDOMAIN.net is a frowarder to webmaster@MYDOMAIN.com)


    Microsoft Mail Internet Headers Version 2.0
    Received: from mail pickup service by MYDOMAIN.com with Microsoft SMTPSVC; Fri, 19 Dec 2008 03:01:05 -0430
    thread-index: Aclhq8B4hzbjTnodTkGSV9O6vNAu/g==
    Return-Path: <webmaster@MYDOMAIN.net>
    Cc:
    Bcc:
    Envelope-to: webmaster@MYDOMAIN.com
    Delivery-date: Thu, 18 Dec 2008 23:15:54 -0800
    Date: Fri, 19 Dec 2008 03:01:05 -0430
    To: <webmaster@MYDOMAIN.net>
    Subject: Re: Order status
    From: <webmaster@MYDOMAIN.net>
    MIME-Version: 1.0
    Message-ID: <D85B730C837A4264A4BCDA51C8974618@MYDOMAIN.local>
    Importance: High
    Content-Transfer-Encoding: 7bit
    Content-Type: text/html;
    charset="iso-8859-1"
    X-Interideas-MailScanner-Information: Please contact the ISP for more information
    X-Interideas-MailScanner-ID: 1LDZaK-0004oD-DN
    X-Interideas-MailScanner: Found to be clean
    X-Mailer: Microsoft CDO for Exchange 2000
    X-Interideas-MailScanner-SpamCheck: not spam (whitelisted),SpamAssassin (not cached, score=46.73, required 5, autolearn=spam,BAYES_99 5.00, DCC_CHECK 2.17, HTML_IMAGE_ONLY_04 2.04,HTML_MESSAGE 0.00, HTML_SHORT_LINK_IMG_1 0.00, MIME_HTML_ONLY 1.46,MISSING_DATE 0.00, MISSING_MID 0.00, RCVD_IN_BL_SPAMCOP_NET 1.96,RCVD_IN_SORBS_WEB 0.62, RCVD_IN_XBL 3.03, SARE_HTML_A_BODY 0.74,SARE_HTML_IMG_ONLY 1.67, URIBL_AB_SURBL 5.00, URIBL_BLACK 1.96,URIBL_JP_SURBL 5.00, URIBL_OB_SURBL 5.00, URIBL_RHS_DOB 1.08,URIBL_SBL 5.00, URIBL_WS_SURBL 5.00)
    X-Interideas-MailScanner-From: webmaster@MYDOMAIN.net
    X-Spam-Status: No
    X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
    X-AntiAbuse: Primary Hostname - matrix.MYDOMAINh1.com
    X-AntiAbuse: Original Domain - MYDOMAIN.net
    X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
    Content-Class: urn:content-classes:message
    Priority: normal
    X-AntiAbuse: Sender Address Domain - MYDOMAIN.net
    X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.4325
    X-OriginalArrivalTime: 19 Dec 2008 07:31:05.0523 (UTC) FILETIME=[C0979030:01C961AB]



    .... thanks
     
  6. jotay

    jotay Member

    Joined:
    Oct 11, 2005
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    any idea ???????

    some body ? please ?:(
     
  7. rhenderson

    rhenderson Well-Known Member

    Joined:
    Apr 21, 2005
    Messages:
    785
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Oklahoma
    cPanel Access Level:
    Root Administrator
    Many ISP's block port 25 which is most likely the reason the customer has to use thier ISP's SMTP. Open an alternate port to Exim.

    This could be caused by not having SMTP authentication set as stated above.

    It is supposed to be enabled by default, not sure how it was turned off. You might drop a support ticket to cPanel support.
     
    #7 rhenderson, Dec 22, 2008
    Last edited: Dec 22, 2008
  8. trhosting.net

    trhosting.net Well-Known Member

    Joined:
    Mar 7, 2006
    Messages:
    151
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Turkey
    Our customers are receiving same emails.

    I checked our server and it doesn't permit relaying, but there emails are still comming.
    You can find the relay check below:

    Code:
    u@www:~$ telnet xx.xx.xx.xx 25
    Trying xx.xx.xx.xx...
    Connected to xx.xx.xx.xx.
    Escape character is '^]'.
    220-xxx.xxxxxxxx.xxx ESMTP Exim 4.69 #1 Wed, 24 Dec 2008 20:35:16 +0200 
    220-We do not authorize the use of this system to transport unsolicited, 
    220 and/or bulk e-mail.
    helo www.xxx.xxxxxxxx.xxx
    250 xxx.xxxxxxxx.xxx Hello xxx.xxxxxxxx.xxx [xx.xx.xx.xx]
    mail from: uasdf@yahoo.com
    250 OK
    rcpt to: vasdf@hotmail.com
    550-xxx.xxxxxxxx.xxx (www.xxx.xxxxxxxx.xxx) [xx.xx.xx.xx] is currently not
    550-permitted to relay through this server. Perhaps you have not logged into
    550-the pop/imap server in the last 30 minutes or do not have SMTP
    550 Authentication turned on in your email client.
    
    But mxtoolbox.com says "Relay Check: WARNING! Your server could be an open relay. ". I don't know why it is saying this. I tried to send relay mails from different locations and i couln't send mails, system always refsed relaying.

    any idea?
     
Loading...

Share This Page