The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SOLVED Spam Relay

Discussion in 'E-mail Discussions' started by Neso, Dec 5, 2016.

Tags:
  1. Neso

    Neso Member

    Joined:
    Feb 11, 2009
    Messages:
    24
    Likes Received:
    0
    Trophy Points:
    51
    Hi, can anybody help me to stop these Russian spammers, how they send emails over my server, how can I block them I use CSF, SMTP_BLOCK is active ... is this relay and if yes how to stop ?


    Here details about one of emails:

    Code:
    1cDZdJ-00082C-JP-H
    mailnull 47 12
    <ortukov82@example.com>
    1480868841 0
    -helo_name 77.221.130.6.addr.domain.ru
    -host_address 203.192.221.87.57235
    -interface_address SERVER-IP.587
    -received_protocol esmtps
    -body_linecount 23
    -max_received_linelength 76
    -host_lookup_failed
    -tls_cipher TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256
    -tls_ourcert -----BEGIN CERTIFICATE-----\nMIIFajCCBFKgAwIBAgIRAM7Iw/n6TSL42MnWKY7ga7cwDQYJKoZIhvcNAQELBQAw\ngZAxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO\nBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTYwNAYD\nVQQDEy1DT01PRE8gUWxpZGF0ZWQxFDASBgNVBAsTC1Bvc2l0aXZlU1NMMSAw\nHgYDVQQDExdzZXJ2ZXItdXMwMS5zZXJ2ZXIucGx1czCCASIwDQYJKoZIhvcNAQEB\nBQADggEPADCCAQoCggEBAMkSKVSix6Er+aKbHKD8WHjAJ9dpZuaVMBMyKPnHWi08\n7lFCA17MyxXlaqBkN5lCgX0dc7WADxc/eBlBjrnE58n/1qcU8TvWbXaa2oPj0C4s\nkzCgWnZFgZuEIu/MAcDq75xiSxkVol3iYyDkKDI8Us5faOfOklwrJhgOLHTHsyac\nPJC+W4StzCLLvUjAmPZgOJ5UO+RIsLjkqvyIWOnZXBQcyQ8NFEaEiwJ41yML9m/V\nT5zaiHDel55ymouKuGpkbKaMjxAMqKQguHlbbGMaMa7d6lxifdIKYz1GoNHFyAjU\njZclAXj3nvHpWqO9BJPhcM8KdGCxXjKRrZU4OiLb2zECAwEAAaOCAfEwggHtMB8G\nA1UdIwQYMBaAFJCvajqUWgvYkOoSVnPfQ7Q6KNrnMB0GA1UdDgQWBBSd4KtKLw5u\nyqQPb6Efe9Necr/6ujAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNV\nHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwTwYDVR0gBEgwRjA6BgsrBgEEAbIx\nAQICBzArMCkGCCsGAQUFBwIBFh1odHRwczovL3NlY3VyZS5jb21vZG8uY29tL0NQ\nUzAIBgZngQwBAgEwVAYDVR0fBE0wSzBJoEegRYZDaHR0cDovL2NybC5jb21vZG9j\nYS5jb20vQ09NT0RPUlNBRG9tYWluVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNy\nbDCBhQYIKwYBBQUHAQEEeTB3ME8GCCsGAQUFBzAChkNodHRwOi8vY3J0LmNvbW9k\nb2NhLmNvbS9DT01PRE9Euc2VydmVyLnBsdXOCG3d3dy5zZXJ2ZXItdXMwMS5z\nZXJ2ZXIucGx1czANBgkqhkiG9w0BAQsFAAOCAQEAdB/5z5m0vIz3gqNIOlHrkSvx\niuyq9alESU/jG2RM8pqF8je3AwV5i5or1qvkfNNrbzapIfB6LShUOa6Eo94hJHTd\ng1h+V6dlesGhkpHonSwdCYoPxQboGPByAjFTEdy2YM/WJ9wbN49QMzGaVDtaq5+j\nZ01ligSki+cbM/1cQV78FmQ6iiqnRhHfDQhNCDQJak1WcWITWQlb9ND7TzLk1qi8\nlFeu8cviI7TdzEKWnhgF5E5bzQ1I7hO4iTLU1exKER7LPSjqN1GxKZtML+tcj4Dn\n/6EqdIeO2auyzx/3oHwl8ELJ7XPD6yInTGrrWyg4mJ6knK9OYiRRf1G5Jy/XUw==\n-----END CERTIFICATE-----\n
    XX
    1
    colar@domain.ru
    
    292P Received: from [203.192.221.87] (port=57235 helo=77.221.130.6.addr.example.ru)
    by server-us01.xxx.xxx with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
    (Exim 4.87)
    (envelope-from <ortukov82@example.com>)
    id 1cDZdJ-00082C-JP
    for colar@domain.ru; Sun, 04 Dec 2016 11:27:22 -0500
    058I Message-ID: <47BDFEDD6EBA95568A8FC6783CE9531E@moskva.com>
    073F From: =?windows-1251?B?yOPu8PwgyOPu8OXi6PcgIA==?= <ortukov82@example.com>
    023T To: <colar@domain.ru>
    057 Subject: =?windows-1251?B?yvPv6/4v7/Du5ODsIGJpdGNvaW4=?=
    037 Date: Sun, 4 Dec 2016 17:27:18 +0100
    018 MIME-Version: 1.0
    048 Content-Type: text/html; charset="windows-1251"
    044 Content-Transfer-Encoding: quoted-printable
    078 X-cPanel-MailScanner-Information: Please contact the ISP for more information
    042 X-cPanel-MailScanner-ID: 1cDZdJ-00082C-JP
    040 X-cPanel-MailScanner: Found to be clean
    033 X-cPanel-MailScanner-SpamCheck:
    048 X-cPanel-MailScanner-From: ortukov82@example.com
    018 X-Spam-Status: No 
    
     
    #1 Neso, Dec 5, 2016
    Last edited by a moderator: Dec 5, 2016
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,167
    Likes Received:
    1,295
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    The following thread is a good place to start:

    How can I find out if my server is sending spam?

    You should also change the password for that email account, and for the cPanel account it's added to.

    Let us know if this helps.

    Thank you.
     
Loading...

Share This Page