Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

relay issue

Discussion in 'E-mail Discussions' started by Dante78, Nov 3, 2012.

  1. Dante78

    Dante78 Well-Known Member

    Joined:
    May 1, 2010
    Messages:
    58
    Likes Received:
    0
    Trophy Points:
    56
    Hello

    I get more often these kind of warnings from my servers:

    Time: Sun Nov 4 01:24:28 2012 +0200
    Type: AUTHRELAY, Remote IP - 211.44.xx0.xxx (KR/Korea, Republic of/-)

    Obviously someone is using a hosting account to send spam.

    How can I prevent connections to certain accounts from getting used in this manner?

    Thanks
     
    #1 Dante78, Nov 3, 2012
  2. gunmuse

    gunmuse Well-Known Member

    Joined:
    Jul 3, 2003
    Messages:
    98
    Likes Received:
    0
    Trophy Points:
    156
    Location:
    New Mexico
    I am looking for a simliar shut off of the authrelay We have been blacklisted because of a relay of spam from a domain that I DELETED. So this spoofing is probably part of the "please let the communists control ICANN campaign" But getting blacklisted is causing outgoing mails to end up dead.
     
    #2 gunmuse, Dec 4, 2012
  3. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,323
    Likes Received:
    49
    Trophy Points:
    178
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    It's probably a result of one of your users having a hijacked email account. You need to search your /var/log/exim_mainlog.

    Do something like this [and I"m sure there are more efficient ways to do this]:

    grep '211\.44\.xx0\.xxx' /var/log/exim_mainlog|grep courier_login
    or
    grep '211.44.xx0.xxx' /var/log/exim_mainlog|grep courier_login


    Then look for the email account that the spammer authenticated into in order to relay the spam:

    A=courier_login:some-email@someaddress.ext

    m
     
    #3 mtindor, Dec 4, 2012
(You must log in or sign up to post here.)
Loading...
Similar Threads - relay issue
  1. hesperson

    Relay Issues - removed domain

    hesperson, Sep 19, 2017, in forum: E-mail Discussions
    Replies:
    7
    Views:
    277
    cPanelMichael
    Sep 20, 2017
  2. arjanvr

    Relay issue

    arjanvr, May 10, 2017, in forum: E-mail Discussions
    Replies:
    1
    Views:
    413
    cPanelMichael
    May 10, 2017
  3. Taha Haider

    Rejected relay attempt - For only Gmail

    Taha Haider, Apr 9, 2018, in forum: E-mail Discussions
    Replies:
    1
    Views:
    53
    cPanelMichael
    Apr 9, 2018
  4. eric_fri

    SOLVED Incoming email via relay server

    eric_fri, Mar 24, 2018, in forum: E-mail Discussions
    Replies:
    5
    Views:
    104
    cPanelMichael
    Apr 2, 2018
  5. Samuel Xavier

    Alertas localrelay

    Samuel Xavier, Mar 23, 2018, in forum: Discussões em Português
    Replies:
    1
    Views:
    144
    cPanelMichael
    Mar 23, 2018

Share This Page