The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Spam issue to yahoo

Discussion in 'E-mail Discussions' started by raul benitez, Mar 25, 2015.

  1. raul benitez

    raul benitez Member

    Joined:
    Mar 25, 2015
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Chicago
    cPanel Access Level:
    Root Administrator
    We unfortunately had a spam bot on our server that was sending a massive about of spam to yahoo accounts. We finally found it and disable it but are still see the affects. We have CENTOS 5.10 x86_64 standard [Removed] installed. If I watch the exim logs I'm noticing hundreds of connections to yahoo servers with returns. When I do a
    isof -1 to see connections and i see constant ones to yahoo servers.

    IF I look at the exim mail log in real time you can see there are hundreds of connections happening with spoofed accounts.

    [Removed - Actual Email Addresses Were Posted]


    How can I stop this? I followed everything in the cpanel documents to prevent spam and yet its still happening.
    Any suggestions will be appreciated.
     
    #1 raul benitez, Mar 25, 2015
    Last edited by a moderator: Mar 26, 2015
  2. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,146
    Likes Received:
    34
    Trophy Points:
    48
    Location:
    India
    cPanel Access Level:
    Root Administrator
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    650
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    Check your mail queue to see if SPAM messages are still in the queue for delivery. If so, you may want to remove them so that future delivery attempts stop.

    Thank you.
     
  4. raul benitez

    raul benitez Member

    Joined:
    Mar 25, 2015
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Chicago
    cPanel Access Level:
    Root Administrator
    I already followed those instructions and i'm still getting thousands of bounce backs form yahoo severs from spooof accounts. below is a snip of the exim_mainlog. I can't seem to stop this whatever I do.

    [Removed - Posting Actual Email Accounts]
     
    #4 raul benitez, Mar 27, 2015
    Last edited by a moderator: Apr 6, 2015
  5. 24x7ss

    24x7ss Well-Known Member

    Joined:
    Sep 30, 2014
    Messages:
    271
    Likes Received:
    16
    Trophy Points:
    18
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Twitter:
    First clear the server mail queue and change the mail routing IP of the server by modifying /etc/mailips. Makre sure IP you are adding in mailips file is not blacklisted. You can check the IP in mxtoolbox.
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    650
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    I removed the output from your previous post because you posted actual email addresses to a public forum. Could you elaborate on how you determined the emails were spoofed and not actually sent from your server?

    Thank you.
     
  7. raul benitez

    raul benitez Member

    Joined:
    Mar 25, 2015
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Chicago
    cPanel Access Level:
    Root Administrator
    ALL those emails were spoofed every single one of them.
     
  8. raul benitez

    raul benitez Member

    Joined:
    Mar 25, 2015
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Chicago
    cPanel Access Level:
    Root Administrator
    BTW its still happening and I cant figure out a way to stop it outside of just shutting down the server and yes I already implemented all the suggested edits to exim.
     
  9. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    650
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
Loading...

Share This Page