Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

relay issue

Discussion in 'E-mail Discussion' started by Dante78, Nov 3, 2012.

  1. Dante78

    Dante78 Well-Known Member

    Joined:
    May 1, 2010
    Messages:
    59
    Likes Received:
    0
    Trophy Points:
    56
    Hello

    I get more often these kind of warnings from my servers:

    Time: Sun Nov 4 01:24:28 2012 +0200
    Type: AUTHRELAY, Remote IP - 211.44.xx0.xxx (KR/Korea, Republic of/-)

    Obviously someone is using a hosting account to send spam.

    How can I prevent connections to certain accounts from getting used in this manner?

    Thanks
     
    #1 Dante78, Nov 3, 2012
  2. gunmuse

    gunmuse Well-Known Member

    Joined:
    Jul 3, 2003
    Messages:
    98
    Likes Received:
    0
    Trophy Points:
    156
    Location:
    New Mexico
    I am looking for a simliar shut off of the authrelay We have been blacklisted because of a relay of spam from a domain that I DELETED. So this spoofing is probably part of the "please let the communists control ICANN campaign" But getting blacklisted is causing outgoing mails to end up dead.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 gunmuse, Dec 4, 2012
  3. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,348
    Likes Received:
    60
    Trophy Points:
    178
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    It's probably a result of one of your users having a hijacked email account. You need to search your /var/log/exim_mainlog.

    Do something like this [and I"m sure there are more efficient ways to do this]:

    grep '211\.44\.xx0\.xxx' /var/log/exim_mainlog|grep courier_login
    or
    grep '211.44.xx0.xxx' /var/log/exim_mainlog|grep courier_login


    Then look for the email account that the spammer authenticated into in order to relay the spam:

    A=courier_login:some-email@someaddress.ext

    m
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #3 mtindor, Dec 4, 2012
(You must log in or sign up to post here.)
Loading...
Similar Threads - relay issue
  1. hesperson

    Relay Issues - removed domain

    hesperson, Sep 19, 2017, in forum: E-mail Discussion
    Replies:
    7
    Views:
    502
    cPanelMichael
    Sep 20, 2017
  2. arjanvr

    Relay issue

    arjanvr, May 10, 2017, in forum: E-mail Discussion
    Replies:
    1
    Views:
    539
    cPanelMichael
    May 10, 2017
  3. ipublicis

    LOCALHOSTRELAY, IPv6 localhost - ::1

    ipublicis, Nov 16, 2018, in forum: E-mail Discussion
    Replies:
    1
    Views:
    89
    cPanelLauren
    Nov 20, 2018
  4. GQsm

    Spammer has relayed through my server using a forwarder (no real account) as authentication

    GQsm, Nov 1, 2018, in forum: E-mail Discussion
    Replies:
    1
    Views:
    134
    cPanelLauren
    Nov 2, 2018
  5. Bruno Fumagally

    Mailgun Relay

    Bruno Fumagally, Oct 23, 2018, in forum: E-mail Discussion
    Replies:
    1
    Views:
    97
    cPanelLauren
    Oct 24, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice