The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Spam

Discussion in 'General Discussion' started by awsol, Feb 10, 2002.

  1. awsol

    awsol cPanel Test Bitch

    Joined:
    Feb 8, 2002
    Messages:
    591
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Boston MA
    When the new email features were added to WHM tonight I added my email address. Well I got over 300 returned emails. The problem is I cannot figure out what user did it. The message was spamming a domain that isn't on my server so that makes it harder. Here is the little info I do know.

    X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
    X-AntiAbuse: Primary Hostname - ns1.nixhosting.com
    X-AntiAbuse: Original Domain - compuserve.com
    X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [99 99]
    X-AntiAbuse: Sender Address Domain - ns1.nixhosting.com

    Any ideas?
     
  2. awsol

    awsol cPanel Test Bitch

    Joined:
    Feb 8, 2002
    Messages:
    591
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Boston MA
    Little more information

    ------ This is a copy of the message, including all the headers. ------

    Return-path: &nobody@ns1.nixhosting.com&
    Received: from nobody by ns1.nixhosting.com with local (Exim 3.34 #1)
    id 16ZoZQ-0006dU-00
    for florian@iroconsulting.com; Sun, 10 Feb 2002 02:38:44 -0500
    To: florian@iroconsulting.com
    From: tami@fleurspermail.com
    Reply-to: tami@fleurspermail.com
    X-Mailer: Perl Powered Socket Mailer
    Subject: Newsletter - Rose Trivia
    Message-Id: &E16ZoZQ-0006dU-00@ns1.nixhosting.com&
    Date: Sun, 10 Feb 2002 02:38:44 -0500
     
  3. awsol

    awsol cPanel Test Bitch

    Joined:
    Feb 8, 2002
    Messages:
    591
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Boston MA
    This might help also. It looks like a non-client is using the pop3 server somehow.


    --- Below this line is a copy of the message.

    Return-Path: &nobody@ns1.nixhosting.com&
    Received: (qmail 16856 invoked by uid 505); 10 Feb 2002 07:41:50 -0000
    Received: from nobody@ns1.nixhosting.com by mx1.fcc.net with qmail-scanner-1.03 (. Clean. Processed in 0.140654 secs); 10 Feb 2002 07:41:50 -0000
    Received: from unknown (HELO ns1.nixhosting.com) (66.100.217.86)
    by 0 with SMTP; 10 Feb 2002 07:41:49 -0000
    Received: from nobody by ns1.nixhosting.com with local (Exim 3.34 #1)
    id 16ZoZU-0006hL-00
    for rnolan@webspan.net; Sun, 10 Feb 2002 02:38:48 -0500
    To: rnolan@webspan.net
    From: tami@fleurspermail.com
    Reply-to: tami@fleurspermail.com
    X-Mailer: Perl Powered Socket Mailer
    Subject: Newsletter - Rose Trivia
    Message-Id: &E16ZoZU-0006hL-00@ns1.nixhosting.com&
    Date: Sun, 10 Feb 2002 02:38:48 -0500
    X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
    X-AntiAbuse: Primary Hostname - ns1.nixhosting.com
    X-AntiAbuse: Original Domain - webspan.net
    X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [99 99]
    X-AntiAbuse: Sender Address Domain - ns1.nixhosting.com
     
  4. awsol

    awsol cPanel Test Bitch

    Joined:
    Feb 8, 2002
    Messages:
    591
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Boston MA
    Just got this message. This all mean anything?


    errors occured while rotating /var/log/exim_processlog {

    stat of /var/log/exim_processlog failed: No such file or directory
     
  5. AlaskanWolf

    AlaskanWolf Well-Known Member

    Joined:
    Aug 11, 2001
    Messages:
    537
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Fremont CA
    unlikely just do a touch /var/log/exim_processlog

    as for the email, they might be sending out using a form mail or directly with sendmail

    in /home

    do a grep -r SEARCH-PHASE-HERE * with something that strikes out in the spam that is being sent out
     
  6. acetate

    acetate Active Member

    Joined:
    Aug 16, 2001
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    1
    Is there a way to remove the return-path when sending through sendmail so that it'll erroneous emails return to the From: field instead of the return-path field? I get a bunch of returned emails to nobody (forwarded to my email account) by clients of ours emailing to nonexistent email addresses. Tried removing return_path_add from the transports in exim.conf but it doesn't seem to work. Also when emailing via neomail, the return-path is set to account_name@hostname. Anyway of changing it to account_name@account_domain?

    Thanks
     
Loading...

Share This Page