The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

relay issue

Discussion in 'E-mail Discussions' started by Dante78, Nov 3, 2012.

  1. Dante78

    Dante78 Well-Known Member

    Joined:
    May 1, 2010
    Messages:
    53
    Likes Received:
    0
    Trophy Points:
    6
    Hello

    I get more often these kind of warnings from my servers:

    Time: Sun Nov 4 01:24:28 2012 +0200
    Type: AUTHRELAY, Remote IP - 211.44.xx0.xxx (KR/Korea, Republic of/-)

    Obviously someone is using a hosting account to send spam.

    How can I prevent connections to certain accounts from getting used in this manner?

    Thanks
     
  2. gunmuse

    gunmuse Well-Known Member

    Joined:
    Jul 3, 2003
    Messages:
    98
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    New Mexico
    I am looking for a simliar shut off of the authrelay We have been blacklisted because of a relay of spam from a domain that I DELETED. So this spoofing is probably part of the "please let the communists control ICANN campaign" But getting blacklisted is causing outgoing mails to end up dead.
     
  3. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,279
    Likes Received:
    36
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    It's probably a result of one of your users having a hijacked email account. You need to search your /var/log/exim_mainlog.

    Do something like this [and I"m sure there are more efficient ways to do this]:

    grep '211\.44\.xx0\.xxx' /var/log/exim_mainlog|grep courier_login
    or
    grep '211.44.xx0.xxx' /var/log/exim_mainlog|grep courier_login


    Then look for the email account that the spammer authenticated into in order to relay the spam:

    A=courier_login:some-email@someaddress.ext

    m
     
Loading...

Share This Page