The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Someone spamming from my server

Discussion in 'General Discussion' started by paulm, Nov 30, 2006.

  1. paulm

    paulm Well-Known Member

    Joined:
    Oct 13, 2003
    Messages:
    60
    Likes Received:
    0
    Trophy Points:
    6
    I got a report of someone spamming from my server, I was unable to find any insecure scripts or anything in the logs that would help me.

    I have two servers:

    Server one runs ns1/ns2.mydomains.com
    Server two runs ns3/ns4.mydomains.com

    The reports are coming from server two but when I look at the maillog grepping for the email address in the reported emails and found they are somehow originating from my server one, or at least it looks like that.. Here is an example of what I am seeing in the exim_rejectlog

    2006-11-25 01:47:21 H=ns1.mydomain.com (localhost.localhost) [xx.xx.xx.xxx] F=<qute1212000@yahoo.it> rejected RCPT <jaccrxxx@quantum.net>: ns1.mydomain.com (localhost.localhost) [xx.xxx.xxx.xxx] is currently not permitted to relay through this server. Perhaps you have not logged into the pop/imap server in the last 30 minutes or do not have SMTP Authentication

    My confusion is that ns1.mydomain.com is not even on server two which is getting the complaints it is on server one.

    Both servers are fairly old, I keep them updated and pretty secure and it is mostly freinds on both these servers so there have been no new people on either server in a few years so I do not think it is an issue with a freind of mine having an insecure script or something, but probably something I have not secured properly.

    Any help would be greatly appreciated.
     
Loading...

Share This Page