The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Since I upgraded CP I'm getting email attacks like mad. NOBODY etc... Need Advice TIA

Discussion in 'E-mail Discussions' started by LittleBrother, Sep 12, 2006.

  1. LittleBrother

    LittleBrother Registered

    Sep 12, 2006
    Likes Received:
    Trophy Points:

    I am new and hope this is the correct location for this post. I appreciate any advice or guidance. I have computer background but I'm not heavy. I can usually chase down issues and fix them with some general guidance.

    I have tens of thousands of emails being sent from my server to other people with a Chase Manhattan phishing expedition email message inside it. I see these emails as they get returned from other servers on the web. They come in on nobody@*.com

    I've placed some deletion filters for Chase Manhattan in my control panel interface to try and slow them down. I cleaned out a few tmp folders on my system drive and I also poked around on my web space and deleted any pages used to contact us via email and a CGI script folder that went with it. I think I have my exim service stopped right now but the server has been rebooted and things seem quiet at this moment. I'm not sure if that's because of something I have done or the email attack has simply ceased fire for a moment.

    In the meantime I am wondering if my control panel upgrades recently have anything to do with this issue or if I am being hijacked somehow and can get some advice.


    NOTE: This is for the most part what one of the emails looks like..

    mailnull 47 12
    1158075715 0
    -ident mailnull
    -received_protocol local
    -body_linecount 25

    186P Received: from mailnull by with local (Exim 4.52)
    id 1GNAOZ-00046M-RH
    for; Tue, 12 Sep 2006 11:41:59 -0400
    046 X-Failed-Recipients:
    031 Auto-Submitted: auto-generated
    078F From: Mail Delivery System <>
    046T To:
    059 Subject: Mail delivery failed: returning message to sender
    067I Message-Id: <>
    038 Date: Tue, 12 Sep 2006 11:41:55 -0400

    This message was created automatically by mail delivery software.

    A message that you sent could not be delivered to one or more of its
    recipients. This is a permanent error. The following address(es) failed:
    SMTP error from remote mail server after RCPT TO:<>:
    host []: 550 <>:
    Recipient address rejected: unknown user <>

    ------ This is a copy of the message, including all the headers. ------

    Return-path: <>
    Received: from nobody by with local (Exim 4.52)
    id 1GNAOJ-00045Q-C6
    for; Tue, 12 Sep 2006 11:41:40 -0400
    Subject: Chase Bank Security Department Alert
    Content-Type: text/html
    Message-Id: <>
    Date: Tue, 12 Sep 2006 11:41:39 -0400

    <html><head><title>Chase Bank Security Email</title>

Share This Page