The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Spam Spam oh my the Spam - But this one is weird

Discussion in 'General Discussion' started by XPerties, Jul 8, 2005.

  1. XPerties

    XPerties Well-Known Member

    Joined:
    Apr 10, 2003
    Messages:
    401
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    New Jersey, USA
    Since this past weekend I have had many reports flooding me from people getting spam form one of my servers. Even my DC has 4 abuse tickets open with me right now about it. Here is the thing, almost 80% of these spams and the headers show the spam coming from unique IP addresses. know these clients aren't sending spam (at least the 10-15 IPs I checked). The server disallows the user nobody to send e-mail and most if not all clients must use SMTP authentication to send.

    Looking at the relayers under WHM doesn't show much. I have done a search in exim logs for keywords from the spams and never got any good hits on it. Does anyone have any suggestions?

    Here is the most recent abuse e-mail I got:

     
  2. rpmws

    rpmws Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    1,824
    Likes Received:
    5
    Trophy Points:
    38
    Location:
    back woods of NC, USA
    that's some disgusting looking subject and bopy lines!!!! god i hope that's not your box for your sake!!!
     
  3. XPerties

    XPerties Well-Known Member

    Joined:
    Apr 10, 2003
    Messages:
    401
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    New Jersey, USA
    Well looking closely and speaking with one of my techs and correct me if I'm wrong but doesn't plesk use qmail and we all know cpanel uses exim.

    qmail@server05.johnny.yourhostdns.com

    [1] don't use qmail
    [2] That is not my server name. Server/Host name is johnny.yourhostdns.com NOT server05.johnny.yourhostdns.com.

    You think I'm on the right path?
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    I agree with you, it does not appear to be orignating from a cPanel server at all. You're just getting the backwash from a forged email header.
     
  5. jamesbond

    jamesbond Well-Known Member

    Joined:
    Oct 9, 2002
    Messages:
    738
    Likes Received:
    1
    Trophy Points:
    18
    I have exactly the same issue with the same spammer it seems. The rr.com domain shows up in my e-mail headers as well.

    In my case the IP address of the abused domain shows up in the header, not the main ip/hostname. It's rather annoying as it has been going on for a week almost.
     
Loading...

Share This Page