Spam in Queue

[dynaweb]

I am currently getting attacked by SPAM email being sent to the main domain on my server. I receive over 1000 messages an hour and they are all being caught by email scanner (good) but they still end up in the mail queue for some reason (bad). If I let it go for a few hours server load rises, exim fails. In a few more hours the server putts out

Therefore, I need to clean our the queue completely every couple hours and it is getting annoying. Is there a way to make these messages NOT go to the mail queue but instead get purged?

ANY thoughts or comments or questions are welcome.


Thanks,
Danno

 

[compunet2]

Set the default address for the domain to :blackhole:

 

[dynaweb]

Thanks for bringing that option to my attention. I see it in the MAIL section of Cpanel X.

Im sure that will help

 

[dynaweb]

This is still a major problem for me. Come to find out, only a small fraction of these emails are being sent to the domain thats installed on this server. The majority are being sent [something]@[hostname]. Since the hostname is not allowed to be an actual installed domain on the server, I dont know how to control the routing of this SPAM. It is just getting dumped into the queue. I cleaned all mail from the queue last night and this morning there were so many that the server was nearly dead - took 15 minutes to su in SSH.

So here is the challenge. Server name is like this "master.company.com" and SPAM is being sent to an address like this "[email protected]" and since this is the server name and not an actual domain on the server, it is getting sent to queue.

 

[jmweb]

anyone find a fix?

 

[dynaweb]

Still no fix found but come to find out that the address [email protected] is an address that is generated by FrontPage as the From address in web forms.

Possible exploit?

 

[Tonga]

Try this:
http://www.nuclearelephant.com/projects/dspam/

 

[bear]

Originally posted by dynaweb
Since the hostname is not allowed to be an actual installed domain on the server,

What do you mean by this? That the domain the hostname is based on is not allowed to be set up in WHM, or the actual sub.domain.tld is not allowed?

Can you point out where this is explained?

 

[dynaweb]

quote:
--------------------------------------------------------------------------------
Originally posted by dynaweb
Since the hostname is not allowed to be an actual installed domain on the server,
--------------------------------------------------------------------------------

What do you mean by this? That the domain the hostname is based on is not allowed to be set up in WHM, or the actual sub.domain.tld is not allowed?

Can you point out where this is explained?
--------------------------------------------------------------------------------

Yes, I mean that the server host name is master.domain.com whereas domain.com is a domain installed on the server. If you attempt to setup a sub-domain called master.domain.com the system will not allow it. That makes sense since master.domain.com must have certain controls that make it a unique host name and if you were to establish a sub-domain under that same title it would possibly over-ride the host name config or at least confuse it. The reason I thought about this is that there seems to be no email controls for mail coming in through the hostname ([email protected]). I guess I really need to find a way to :blackhole: mail that comes to that address.

 

[GOT]

What you might be seeing in the queue is rejection messgaes. We used to get a lot of those, but from a thread on this forum, there is a way to make exim reject them mail without ever placing it on your server.

Article is here:

http://www.cpanelhelp.org/modules/news/article.php?storyid=43