The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Spam problems

Discussion in 'General Discussion' started by mcstoner, Oct 17, 2003.

  1. mcstoner

    mcstoner Member

    Joined:
    Sep 26, 2003
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    I have tried, and tried to figure this one out. Help would greatly be appreciated:

    The problem:

    Someone is sending thousands of emails every hour to one of my customers, using different ip addresses and different names, etc. Here is some sample of them.

    1AAc9w-0007AH-0U-H
    root 0 0
    <airboHH@AOL.COM>
    1066426160 0
    -helo_name servidor.metroces.es
    -host_address 195.55.205.91.6282
    -interface_address 69.22.172.162.25
    -received_protocol esmtp
    -body_linecount 1
    -deliver_firsttime
    XX
    1
    airbornrgr@excelforlife.com

    198P Received: from [195.55.205.91] (helo=servidor.metroces.es)
    by unix01.unimatrix-001.net with esmtp (Exim 4.24)
    id 1AAc9w-0007AH-0U
    for airbornrgr@excelforlife.com; Fri, 17 Oct 2003 14:29:20 -0700
    138P Received: from accrue ([211.158.80.197]) by servidor.metroces.es with Microsoft SMTPSVC(5.0.2195.6713);
    Fri, 17 Oct 2003 22:33:19 +0200
    036 Date: Fri, 17 Oct 2003 20:29:16 GMT
    031F From: "Dietz"<airboHH@AOL.COM>
    032T To: airbornrgr@excelforlife.com
    028 Subject: Question about HGH
    018 Mime-Version: 1.0
    042 Content-Type: text/html; charset=us-ascii
    032 Content-Transfer-Encoding: 7bit
    029* Return-Path: airboHH@AOL.COM
    063I Message-ID: <SERVIDORbTCln3N2kqh00004e8b@servidor.metroces.es>
    084 X-OriginalArrivalTime: 17 Oct 2003 20:33:20.0796 (UTC) FILETIME=[E7765DC0:01C394ED]
    -----------------------------------------------------
    1AAc9y-0007AH-J3-H
    root 0 0
    <airHH@AOL.COM>
    1066426162 0
    -helo_name servidor.metroces.es
    -host_address 195.55.205.91.6282
    -interface_address 69.22.172.162.25
    -received_protocol esmtp
    -body_linecount 1
    -deliver_firsttime
    XX
    1
    airboyz@excelforlife.com

    195P Received: from [195.55.205.91] (helo=servidor.metroces.es)
    by unix01.unimatrix-001.net with esmtp (Exim 4.24)
    id 1AAc9y-0007AH-J3
    for airboyz@excelforlife.com; Fri, 17 Oct 2003 14:29:22 -0700
    138P Received: from accrue ([211.158.80.197]) by servidor.metroces.es with Microsoft SMTPSVC(5.0.2195.6713);
    Fri, 17 Oct 2003 22:36:02 +0200
    036 Date: Fri, 17 Oct 2003 20:31:58 GMT
    036F From: "Rebecca Jean"<airHH@AOL.COM>
    029T To: airboyz@excelforlife.com
    041 Subject: Sample of weight loss product!
    018 Mime-Version: 1.0
    042 Content-Type: text/html; charset=us-ascii
    032 Content-Transfer-Encoding: 7bit
    027* Return-Path: airHH@AOL.COM
    063I Message-ID: <SERVIDOR2GtBYxIwFbB00004f72@servidor.metroces.es>
    084 X-OriginalArrivalTime: 17 Oct 2003 20:36:05.0515 (UTC) FILETIME=[49A47DB0:01C394EE]
    ---------------------------
    1AAcQM-0007xQ-2t-H
    root 0 0
    <ajaDD@NETSCAPE.COM>
    1066427178 0
    -helo_name mail.sseika.ac.jp
    -host_address 218.44.230.147.59137
    -interface_address 69.22.172.162.25
    -received_protocol esmtp
    -body_linecount 1
    -deliver_firsttime
    XX
    1
    ajang97@excelforlife.com

    193P Received: from [218.44.230.147] (helo=mail.sseika.ac.jp)
    by unix01.unimatrix-001.net with esmtp (Exim 4.24)
    id 1AAcQM-0007xQ-2t
    for ajang97@excelforlife.com; Fri, 17 Oct 2003 14:46:18 -0700
    132P Received: from plow ([211.158.81.12]) by mail.sseika.ac.jp with Microsoft SMTPSVC(5.0.2195.6713);
    Sat, 18 Oct 2003 05:36:28 +0900
    036 Date: Fri, 17 Oct 2003 20:44:53 GMT
    040F From: "Marcial Hom"<ajaDD@NETSCAPE.COM>
    029T To: ajang97@excelforlife.com
    085 Subject: Get your own fountain of youth! HGH human growth hormone from 21st Century!
    018 Mime-Version: 1.0
    042 Content-Type: text/html; charset=us-ascii
    032 Content-Transfer-Encoding: 7bit
    032* Return-Path: ajaDD@NETSCAPE.COM
    060I Message-ID: <MAILlrjWHRTpv0hV7Ga000768cb@mail.sseika.ac.jp>
    084 X-OriginalArrivalTime: 17 Oct 2003 20:36:29.0109 (UTC) FILETIME=[57B4A650:01C394EE]


    I have rerouted the MX record to another domain, yet my exim is getting bogged, I have changed site IP addresses, and even started using iptables to block entire /16 addresses. No go still getting through.

    Any ideas are appreciated. This spammer has made it impossible for my customer to use their domain
     
  2. mcstoner

    mcstoner Member

    Joined:
    Sep 26, 2003
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    update

    Still a major problem.

    I have taken out the MX record so the domain has no MX record. Still getting lots of bad mail.

    It is all going to a :blackhole: yet it is still clogging my server.

    In the last 4 hours over 51,000 emails.
     
  3. donnie

    donnie Active Member

    Joined:
    May 23, 2003
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    uk
    Well, I'm also having the same problem and getting 100s of SPAM mails everyday but they are unroutable. It means the address set in the Reply-To was fake so they are jamming my server. I'm using EXIM

    Some please tell here How To add a filter to block fake unroutable mails.

    Any help would be really apreciatable.
     
Loading...

Share This Page