MustaphaG

Member
Sep 7, 2020
13
1
3
tunisia
cPanel Access Level
Root Administrator
hello, recently and while checking the "track delivery" i found out this issue: there is an email who sends to unkonwn email addresses automaticly. so i did put a restriction to not allow sending from this email address, here is the sending information:

Event:failure
error
User:mydomain
Domain:mydomain.com
From Address:[email protected]
Sender:[email protected]
Sent Time:Oct 16, 2020, 10:15:10 AM
Sender Host:localhost
Sender IP:127.0.0.1
Authentication:localuser
Spam Score:
Recipient:[email protected]
Delivery User:-system-
Delivery Domain:
Delivered To:
Router:autoreply_lookuphost
Transport:remote_smtp
Out Time:Oct 16, 2020, 10:15:10 AM
ID:1kTLpU-0002vj-KE
Delivery Host:aspmx.l.google.com
Delivery IP:74.125.71.26
Size:3.04 KB
Result:ECDHE-ECDSA-AES128-GCM-SHA256:128 CV=yes: SMTP error from remote mail server after RCPT TO:<[email protected]>: 550-5.1.1 The email account that you tried to reach does not exist. Please try\n550-5.1.1 double-checking the recipient's email address for typos or\n550-5.1.1 unnecessary spaces. Learn more at\n550 5.1.1 Fix bounced or rejected emails - Gmail Help a186si1779065wmc.33 - gsmtp

is my vps being attacked or something like this?
 

MustaphaG

Member
Sep 7, 2020
13
1
3
tunisia
cPanel Access Level
Root Administrator
good morning, i found out the reason and i'm sorry for disturbing.
the problem is, i have many spam comming to the email address "[email protected]" then i did enable the boxtrapper, so every email come to the box trapper , [email protected] will send a verification email to the sender. at this point i did make a restrection not to send emails from contact. so in the track delivery i saw many sending errors to unknowns emails.
i hope you did understand the conclusion of my issue.
i'm sorry for my mistake
 

rscalover

Active Member
Dec 16, 2010
33
2
58
Hello,

Firstly you are not disturbing .If your vps is sending emails without your concent it's time to investagate on a cPanel server with exim as it's mta have a look at

Code:
tail /var/log/exim_mainlog
tail /var/log/exim_rejectlog
enabling boxtrapper is not a good idea as it will cause more spam then it will help you in solving the problem.I have the impression there is some malicious script on your vps that is sending that mails i would try a scan with a virus scanner or rkhunter.
 
  • Like
Reactions: cPanelLauren

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,252
313
Houston
good morning, i found out the reason and i'm sorry for disturbing.
the problem is, i have many spam comming to the email address "[email protected]" then i did enable the boxtrapper, so every email come to the box trapper , [email protected] will send a verification email to the sender. at this point i did make a restrection not to send emails from contact. so in the track delivery i saw many sending errors to unknowns emails.
i hope you did understand the conclusion of my issue.
i'm sorry for my mistake
Glad to see you found the cause, this is exactly the thing that box trapper is designed to do. When it sends the verification email to one of the spammer addresses which doesn't exist you'd see the bounceback messages in Track Delivery which makes sense.