Rouge domains said to be pointing at my server and i cant find them

krusty

Active Member
Apr 1, 2004
26
0
151
I had a user's mail deliverly failure email. Looked at it and we found we were on the spamhous's sbl list.. Wasn't a few days ago.

Anyhow the the ip's were there and the domains weren't listed in cpanel nor httpd.conf and nor named.conf...

I did a trace route and sure enough they were pointing to my server

a couple of the domains were starting in wowo So i don't know if this is a well known hack or what.

My main concern is now to remove them ...
 

BianchiDude

Well-Known Member
PartnerNOC
Jul 2, 2005
617
0
166
Try:
cat /etc/userdomains |grep domain

Do you have this checked in WHM:
Track the origin of messages sent though the mail server by adding the X-Source headers (exim 4.34+ required)

That will give you the full path of the sript used to send the email.