Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Spam Sent Directly to mailer-daemon@myServer

Discussion in 'E-mail Discussion' started by toolsmythe, Oct 28, 2014.

  1. toolsmythe

    toolsmythe Member

    Joined:
    May 3, 2007
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    151
    For the past two or three weeks I've been getting spam sent directly to my mailer daemon. These are not bouncebacks; I've looked at the headers and they do not originate from my server. Furthermore, they are not formatted like a bounceback would be; they are usually a paragraph or two of Russian text with a link in there somewhere.

    The emails are sent to mailer-daemon@myservername (where myservername is the name of my server) and the emails are always from mailer-daemon@someotherdomain (where someotherdomain is someone's domain name - different every time).

    Is there any way to filter these out or configure the server to reject emails to the mailer daemon that are not bounce-backs?

    I'm only getting 10 - 15 of these a day, but it's still annoying.

    Thanks for any help.

    JP
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,961
    Likes Received:
    1,821
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello :)

    Could you post the message header of one of those messages (replacing actual domain names and IP addresses with examples)?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. toolsmythe

    toolsmythe Member

    Joined:
    May 3, 2007
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    151
    Sorry for the delay in posting a response. I was either never notified of your post or (more likely) missed it.

    Anyway, here is a sample header you requested:

    Code:
    Return-path: <mailer-daemon@domain.net>
    Envelope-to: mailer-daemon@my.redacted.server.name
    Delivery-date: Wed, 26 Nov 2014 05:12:00 -0700
    Received: from [120.59.142.241] (port=29519 helo=admin.domain)
    by my.redacted.server.name with smtp (Exim 4.82)
    (envelope-from <mailer-daemon@domain.net>)
    id 1XtbRw-0004S1-C5
    for mailer-daemon@my.redacted.server.name; Wed, 26 Nov 2014 05:12:00 -0700
    Message-ID: <4038567a2b13317854d305b715ef59ec@domain.net>
    From: <mailer-daemon@domain.net>
    To: <mailer-daemon@my.redacted.server.name>
    Subject: =?utf-8?B?0Y8g0L/QvtC00L7Qs9C90LDQuyDRgdCy0L7QtdC80YMg0YDQtQ==?=
    =?utf-8?B?0LHQtdC90LrRgw==?=
    Date: Wed, 26 Nov 2014 17:40:58 +0530
    MIME-Version: 1.0
    Content-Type: multipart/alternative;
    boundary="04504d4297a262bfa50f19ef000d7770"

    I redacted my server name. Otherwise the header is unaltered.

    It's a different domain every time. The message itself is always in Russian.

    I expected this to stop after time. It has remained steady.

    Any help would be appreciated. Thanks!

    JP





    - - - Updated - - -


    Here's a second one because variety is the spice of life <grin> ...
    Code:
    Return-path: <mailer-daemon@domain.net>
    Envelope-to: mailer-daemon@my.redacted.server.name
    Delivery-date: Wed, 26 Nov 2014 04:52:02 -0700
    Received: from [116.203.66.210] (port=54778 helo=prashant-pc.domain)
    by my.redacted.server.name with smtp (Exim 4.82)
    (envelope-from <mailer-daemon@domain.net>)
    id 1Xtb8b-0004AF-9C
    for mailer-daemon@my.redacted.server.name; Wed, 26 Nov 2014 04:52:02 -0700
    Message-ID: <75eee0349b9102ae34f6e3c2125d8f94@domain.net>
    From: <mailer-daemon@domain.net>
    To: <mailer-daemon@my.redacted.server.name>
    Subject: =?utf-8?B?0Y8g0LrRg9C/0LjQuyDRgdCy0L7QtdC80YMg0YHRi9C90YM=?=
    Date: Wed, 26 Nov 2014 17:21:48 +0530
    MIME-Version: 1.0
    Content-Type: multipart/alternative;
    boundary="3bac391d20d67b1c04855b6900072420"

    Thanks again.

    JP
     
    #3 toolsmythe, Nov 26, 2014
    Last edited: Nov 26, 2014
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,961
    Likes Received:
    1,821
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Email for "root" is forwarded, so you could setup a filter for the email account that is used for mail forwarded from "root" that deletes these messages.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice