The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Spam Sent Directly to mailer-daemon@myServer

Discussion in 'E-mail Discussions' started by toolsmythe, Oct 28, 2014.

  1. toolsmythe

    toolsmythe Member

    Joined:
    May 3, 2007
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    For the past two or three weeks I've been getting spam sent directly to my mailer daemon. These are not bouncebacks; I've looked at the headers and they do not originate from my server. Furthermore, they are not formatted like a bounceback would be; they are usually a paragraph or two of Russian text with a link in there somewhere.

    The emails are sent to mailer-daemon@myservername (where myservername is the name of my server) and the emails are always from mailer-daemon@someotherdomain (where someotherdomain is someone's domain name - different every time).

    Is there any way to filter these out or configure the server to reject emails to the mailer daemon that are not bounce-backs?

    I'm only getting 10 - 15 of these a day, but it's still annoying.

    Thanks for any help.

    JP
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,723
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Could you post the message header of one of those messages (replacing actual domain names and IP addresses with examples)?

    Thank you.
     
  3. toolsmythe

    toolsmythe Member

    Joined:
    May 3, 2007
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Sorry for the delay in posting a response. I was either never notified of your post or (more likely) missed it.

    Anyway, here is a sample header you requested:

    Code:
    Return-path: <mailer-daemon@domain.net>
    Envelope-to: mailer-daemon@my.redacted.server.name
    Delivery-date: Wed, 26 Nov 2014 05:12:00 -0700
    Received: from [120.59.142.241] (port=29519 helo=admin.domain)
    by my.redacted.server.name with smtp (Exim 4.82)
    (envelope-from <mailer-daemon@domain.net>)
    id 1XtbRw-0004S1-C5
    for mailer-daemon@my.redacted.server.name; Wed, 26 Nov 2014 05:12:00 -0700
    Message-ID: <4038567a2b13317854d305b715ef59ec@domain.net>
    From: <mailer-daemon@domain.net>
    To: <mailer-daemon@my.redacted.server.name>
    Subject: =?utf-8?B?0Y8g0L/QvtC00L7Qs9C90LDQuyDRgdCy0L7QtdC80YMg0YDQtQ==?=
    =?utf-8?B?0LHQtdC90LrRgw==?=
    Date: Wed, 26 Nov 2014 17:40:58 +0530
    MIME-Version: 1.0
    Content-Type: multipart/alternative;
    boundary="04504d4297a262bfa50f19ef000d7770"

    I redacted my server name. Otherwise the header is unaltered.

    It's a different domain every time. The message itself is always in Russian.

    I expected this to stop after time. It has remained steady.

    Any help would be appreciated. Thanks!

    JP





    - - - Updated - - -


    Here's a second one because variety is the spice of life <grin> ...
    Code:
    Return-path: <mailer-daemon@domain.net>
    Envelope-to: mailer-daemon@my.redacted.server.name
    Delivery-date: Wed, 26 Nov 2014 04:52:02 -0700
    Received: from [116.203.66.210] (port=54778 helo=prashant-pc.domain)
    by my.redacted.server.name with smtp (Exim 4.82)
    (envelope-from <mailer-daemon@domain.net>)
    id 1Xtb8b-0004AF-9C
    for mailer-daemon@my.redacted.server.name; Wed, 26 Nov 2014 04:52:02 -0700
    Message-ID: <75eee0349b9102ae34f6e3c2125d8f94@domain.net>
    From: <mailer-daemon@domain.net>
    To: <mailer-daemon@my.redacted.server.name>
    Subject: =?utf-8?B?0Y8g0LrRg9C/0LjQuyDRgdCy0L7QtdC80YMg0YHRi9C90YM=?=
    Date: Wed, 26 Nov 2014 17:21:48 +0530
    MIME-Version: 1.0
    Content-Type: multipart/alternative;
    boundary="3bac391d20d67b1c04855b6900072420"

    Thanks again.

    JP
     
    #3 toolsmythe, Nov 26, 2014
    Last edited: Nov 26, 2014
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,723
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Email for "root" is forwarded, so you could setup a filter for the email account that is used for mail forwarded from "root" that deletes these messages.

    Thank you.
     
Loading...

Share This Page