The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

spam, forged sender, bounce backs

Discussion in 'General Discussion' started by Drake, Aug 26, 2004.

  1. Drake

    Drake Well-Known Member

    Joined:
    Nov 9, 2001
    Messages:
    83
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    New Jersey
    cPanel Access Level:
    DataCenter Provider
    Hi all,

    This age old problem is getting on our nerves again. Especially within the last few days (August 20+) As sysadmins, we are receiving non-deliverable e-mail bounce backs. It is obviously spammers (not relaying through our boxes), but just using a bogus sender name. Some of the recipient targeted servers actually send back a full snapshot of the bounced e-mail, which is good, so we can analyse the headers to be sure its not one of our own customers spamming. What we're seeing is that the sender is claiming to be from one or more of our hosted domain names, but not an IP number or ours. These originating IP numbers have been in Thailand, taiwan, and various eastern block Europe countries. Only a few are from IP's within the USA. In a perfect world, you would lookup the IP number and send a complaint to the Sysadmin of the offending network. OK, but this gets nowhere, even with Bell Atlantic DSL, and other USA companies. The best response I got from them was an automated e-mail trying to sell me their spam blocking service. What a joke. And forget about complaining to a sysadmin in Bulgaria. This seemes to come in waves, and then quiet down for a while. Anyone got any ideas why this is? :mad:
     
  2. Snowman30

    Snowman30 Well-Known Member
    PartnerNOC

    Joined:
    Apr 7, 2002
    Messages:
    681
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    DataCenter Provider
    Im wondering if you found a soultion for this.

    Im having the same sort of problem on one domain and its loading up exim way to much...
     
  3. Poonga

    Poonga Registered

    Joined:
    Sep 17, 2004
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    bogons, blacklists, and the like

    Have you looked into bogon listings? They can be added to your iptables to block bogus ip net ranges, also, adding rbl listings to your sa or exim can filter out quite a few spammers. Using a global type of filter like that to block subject headers can cause real bounce backs to be foobared so you gotta be careful with those. Do a forum search in here, I'm sure you'll find a couple of threads mentioning this.

    Edit: There's a great filter for fake message bouncing over at http://www.timj.co.uk/linux/sa.php thanks to Tim Jackson.
     
    #3 Poonga, Sep 20, 2004
    Last edited: Sep 20, 2004
Loading...

Share This Page