Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

SOLVED Spam Relay

Discussion in 'E-mail Discussion' started by Neso, Dec 5, 2016.

Tags:
  1. Neso

    Neso Active Member

    Joined:
    Feb 11, 2009
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    51
    Hi, can anybody help me to stop these Russian spammers, how they send emails over my server, how can I block them I use CSF, SMTP_BLOCK is active ... is this relay and if yes how to stop ?


    Here details about one of emails:

    Code:
    1cDZdJ-00082C-JP-H
    mailnull 47 12
    <ortukov82@example.com>
    1480868841 0
    -helo_name 77.221.130.6.addr.domain.ru
    -host_address 203.192.221.87.57235
    -interface_address SERVER-IP.587
    -received_protocol esmtps
    -body_linecount 23
    -max_received_linelength 76
    -host_lookup_failed
    -tls_cipher TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256
    -tls_ourcert -----BEGIN CERTIFICATE-----\nMIIFajCCBFKgAwIBAgIRAM7Iw/n6TSL42MnWKY7ga7cwDQYJKoZIhvcNAQELBQAw\ngZAxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO\nBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTYwNAYD\nVQQDEy1DT01PRE8gUWxpZGF0ZWQxFDASBgNVBAsTC1Bvc2l0aXZlU1NMMSAw\nHgYDVQQDExdzZXJ2ZXItdXMwMS5zZXJ2ZXIucGx1czCCASIwDQYJKoZIhvcNAQEB\nBQADggEPADCCAQoCggEBAMkSKVSix6Er+aKbHKD8WHjAJ9dpZuaVMBMyKPnHWi08\n7lFCA17MyxXlaqBkN5lCgX0dc7WADxc/eBlBjrnE58n/1qcU8TvWbXaa2oPj0C4s\nkzCgWnZFgZuEIu/MAcDq75xiSxkVol3iYyDkKDI8Us5faOfOklwrJhgOLHTHsyac\nPJC+W4StzCLLvUjAmPZgOJ5UO+RIsLjkqvyIWOnZXBQcyQ8NFEaEiwJ41yML9m/V\nT5zaiHDel55ymouKuGpkbKaMjxAMqKQguHlbbGMaMa7d6lxifdIKYz1GoNHFyAjU\njZclAXj3nvHpWqO9BJPhcM8KdGCxXjKRrZU4OiLb2zECAwEAAaOCAfEwggHtMB8G\nA1UdIwQYMBaAFJCvajqUWgvYkOoSVnPfQ7Q6KNrnMB0GA1UdDgQWBBSd4KtKLw5u\nyqQPb6Efe9Necr/6ujAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNV\nHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwTwYDVR0gBEgwRjA6BgsrBgEEAbIx\nAQICBzArMCkGCCsGAQUFBwIBFh1odHRwczovL3NlY3VyZS5jb21vZG8uY29tL0NQ\nUzAIBgZngQwBAgEwVAYDVR0fBE0wSzBJoEegRYZDaHR0cDovL2NybC5jb21vZG9j\nYS5jb20vQ09NT0RPUlNBRG9tYWluVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNy\nbDCBhQYIKwYBBQUHAQEEeTB3ME8GCCsGAQUFBzAChkNodHRwOi8vY3J0LmNvbW9k\nb2NhLmNvbS9DT01PRE9Euc2VydmVyLnBsdXOCG3d3dy5zZXJ2ZXItdXMwMS5z\nZXJ2ZXIucGx1czANBgkqhkiG9w0BAQsFAAOCAQEAdB/5z5m0vIz3gqNIOlHrkSvx\niuyq9alESU/jG2RM8pqF8je3AwV5i5or1qvkfNNrbzapIfB6LShUOa6Eo94hJHTd\ng1h+V6dlesGhkpHonSwdCYoPxQboGPByAjFTEdy2YM/WJ9wbN49QMzGaVDtaq5+j\nZ01ligSki+cbM/1cQV78FmQ6iiqnRhHfDQhNCDQJak1WcWITWQlb9ND7TzLk1qi8\nlFeu8cviI7TdzEKWnhgF5E5bzQ1I7hO4iTLU1exKER7LPSjqN1GxKZtML+tcj4Dn\n/6EqdIeO2auyzx/3oHwl8ELJ7XPD6yInTGrrWyg4mJ6knK9OYiRRf1G5Jy/XUw==\n-----END CERTIFICATE-----\n
    XX
    1
    colar@domain.ru
    
    292P Received: from [203.192.221.87] (port=57235 helo=77.221.130.6.addr.example.ru)
    by server-us01.xxx.xxx with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
    (Exim 4.87)
    (envelope-from <ortukov82@example.com>)
    id 1cDZdJ-00082C-JP
    for colar@domain.ru; Sun, 04 Dec 2016 11:27:22 -0500
    058I Message-ID: <47BDFEDD6EBA95568A8FC6783CE9531E@moskva.com>
    073F From: =?windows-1251?B?yOPu8PwgyOPu8OXi6PcgIA==?= <ortukov82@example.com>
    023T To: <colar@domain.ru>
    057 Subject: =?windows-1251?B?yvPv6/4v7/Du5ODsIGJpdGNvaW4=?=
    037 Date: Sun, 4 Dec 2016 17:27:18 +0100
    018 MIME-Version: 1.0
    048 Content-Type: text/html; charset="windows-1251"
    044 Content-Transfer-Encoding: quoted-printable
    078 X-cPanel-MailScanner-Information: Please contact the ISP for more information
    042 X-cPanel-MailScanner-ID: 1cDZdJ-00082C-JP
    040 X-cPanel-MailScanner: Found to be clean
    033 X-cPanel-MailScanner-SpamCheck:
    048 X-cPanel-MailScanner-From: ortukov82@example.com
    018 X-Spam-Status: No 
    
     
    #1 Neso, Dec 5, 2016
    Last edited by a moderator: Dec 5, 2016
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,167
    Likes Received:
    1,933
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    The following thread is a good place to start:

    How can I find out if my server is sending spam?

    You should also change the password for that email account, and for the cPanel account it's added to.

    Let us know if this helps.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice