Since I upgraded CP I'm getting email attacks like mad. NOBODY etc... Need Advice TIA


Sep 12, 2006

I am new and hope this is the correct location for this post. I appreciate any advice or guidance. I have computer background but I'm not heavy. I can usually chase down issues and fix them with some general guidance.

I have tens of thousands of emails being sent from my server to other people with a Chase Manhattan phishing expedition email message inside it. I see these emails as they get returned from other servers on the web. They come in on [email protected]*.com

I've placed some deletion filters for Chase Manhattan in my control panel interface to try and slow them down. I cleaned out a few tmp folders on my system drive and I also poked around on my web space and deleted any pages used to contact us via email and a CGI script folder that went with it. I think I have my exim service stopped right now but the server has been rebooted and things seem quiet at this moment. I'm not sure if that's because of something I have done or the email attack has simply ceased fire for a moment.

In the meantime I am wondering if my control panel upgrades recently have anything to do with this issue or if I am being hijacked somehow and can get some advice.


NOTE: This is for the most part what one of the emails looks like..

mailnull 47 12
1158075715 0
-ident mailnull
-received_protocol local
-body_linecount 25
[email protected]

186P Received: from mailnull by with local (Exim 4.52)
id 1GNAOZ-00046M-RH
for [email protected]; Tue, 12 Sep 2006 11:41:59 -0400
046 X-Failed-Recipients: [email protected]
031 Auto-Submitted: auto-generated
078F From: Mail Delivery System <[email protected]>
046T To: [email protected]
059 Subject: Mail delivery failed: returning message to sender
067I Message-Id: <[email protected]>
038 Date: Tue, 12 Sep 2006 11:41:55 -0400

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

[email protected]
SMTP error from remote mail server after RCPT TO:<[email protected]>:
host []: 550 <[email protected]>:
Recipient address rejected: unknown user <[email protected]>

------ This is a copy of the message, including all the headers. ------

Return-path: <[email protected]>
Received: from nobody by with local (Exim 4.52)
id 1GNAOJ-00045Q-C6
for [email protected]; Tue, 12 Sep 2006 11:41:40 -0400
To: [email protected]
Subject: Chase Bank Security Department Alert
From: [email protected]
Content-Type: text/html
Message-Id: <[email protected]>
Date: Tue, 12 Sep 2006 11:41:39 -0400

<html><head><title>Chase Bank Security Email</title>