The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Someone using random username which not exist in my server to send spam

Discussion in 'General Discussion' started by Stenny Chong, May 7, 2003.

  1. Stenny Chong

    Stenny Chong Well-Known Member

    Joined:
    Jun 12, 2002
    Messages:
    67
    Likes Received:
    0
    Trophy Points:
    6
    Hi,

    Can anyone please help me flighting this spammer, he is using random email username to send spam, I have contact the domain owner and also check with all his account, and found that he didn;t using any cgi or formail or any other php mail script, and no mailling list also. He said he didn't send spam, but all those spam email sender are from his domain with random username.

    How does this spammer sending thru my server, or he is using some local smtp server like ADR etc and use the domain to send spam?

    Please help me, thanks you.

    Below is the header i get from error return email.


    Received: from ixpres.com ([210.22.96.137]) by mc1-f13.law16.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600);
    Mon, 5 May 2003 07:39:27 -0700
    Received: from unknown (206.46.92.158)
    by ixpres.com with esmtp; Mon, 5 May 2003 01:18:29 -0700
    From: iIDiasrBR@xxxxxx.com
    To: xxbutts@hotmail.com
    Subject: xxbutts this is good news
    Date: Mon, May 05 2003 00:55:57 +1100
    Content-Type: text/html
    Content-Transfer-Encoding: 8bit
    X-Mailer: Microsoft Outlook Express 5.50.4522.1200
    Return-Path: iIDiasrBR@xxxxxx.com
    Message-ID:
    X-OriginalArrivalTime: 05 May 2003 14:39:28.0136 (UTC) FILETIME=[21A6D080:01C31314]


    and this one.

    Received: from eskimo.com ([210.22.96.137]) by mc6-f26.law1.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600);
    Mon, 5 May 2003 07:16:47 -0700
    Received: from mx11.microthink.com.au ([136.94.105.208])
    by eskimo.com with QMQP; Mon, 5 May 2003 00:55:49 -0400
    From: gayZIrSzMdXNv1wa@xxxxxx.com
    To: xxx2002@hotmail.com
    Subject: xxx2002 this is the right time for this
    Date: Monday, 05 May 2003 00:30:17 +0400
    Content-Type: text/html
    Content-Transfer-Encoding: 8bit
    X-Mailer: Microsoft Outlook, Build 10.0.2616
    Return-Path: gayZIrSzMdXNv1wa@xxxxxx.com
    Message-ID:
    X-OriginalArrivalTime: 05 May 2003 14:16:48.0345 (UTC) FILETIME=[F7272C90:01C31310]

    and more i found in whm mail queue tools. some of them:-


    19CgID-0006Me-00 5.1K 42h Delete Deliver Now
    hdhjdxzu577@xxxxxx.com

    19Cgab-0006sc-00 7.2K 42h Delete Deliver Now
    gOZbnqLum9r@xxxxxx.com

    19Cgm6-0007Kt-00 6.9K 41h Delete Deliver Now
    gayZIrSzMdXNv1wa@xxxxxx.com

    19Ch7z-00080h-00 7.2K 41h Delete Deliver Now
    iIDiasrBR@xxxxxx.com

    Anyone please help me how can i stop this..Thanks you.


    Stenny
     
  2. howard

    howard Well-Known Member

    Joined:
    Apr 20, 2003
    Messages:
    233
    Likes Received:
    0
    Trophy Points:
    16
    not sure if there much you can do to stop it as from the headers you supplied the spammer in question is exploting an insecure proxy on port 3128 of ip 210.22.96.137 (assuming thats not yours) and is implicating your domain in the return path and as well the from field (therefore leaving you to deal with the resulting mess)
     
  3. Stenny Chong

    Stenny Chong Well-Known Member

    Joined:
    Jun 12, 2002
    Messages:
    67
    Likes Received:
    0
    Trophy Points:
    6
    But is there anyway I can stop it? because the domain belongs to my customer, I guess only my customer can complain to the sender ISP.

    Is it true?
     
  4. Stenny Chong

    Stenny Chong Well-Known Member

    Joined:
    Jun 12, 2002
    Messages:
    67
    Likes Received:
    0
    Trophy Points:
    6
    seem like the proxy is locate at china.

    Anyway to complain to the ip owner?
     
  5. howard

    howard Well-Known Member

    Joined:
    Apr 20, 2003
    Messages:
    233
    Likes Received:
    0
    Trophy Points:
    16
    yep you could email one of the following (in my opinion the 3rd one of looks the most hopeful) stating how its affecting your client goodwill and repuation as them looks assoicated with the spam sent out

    You could state thats it wasting you time, money and effort to deal with the complaints your client maybe receving because of it and thats it clogging up your mailserver with all bounces resulting from it, finally be polite about it and try not to get too abusive about it (people will generally respond better to polite note informing them of a security problem in their network instead of a irate abusive one)

    The fact its china-netcom.com can be found from the apnic whois records

    However the person doing it could switch to another one (unfortaunely there is no real way to prevent your domain being forged in a spam run)
     
    #5 howard, May 7, 2003
    Last edited: May 7, 2003
Loading...

Share This Page