wimp

Well-Known Member
Jul 13, 2002
301
0
166
hi,
i have a spamer on a server who send tons of e-mails around the world.
Is there a way to know what account send this spam using the message ID ? Have no other infos about message exept the message ID and I now that a lot of messagges comes back to my server by message delivery:
Return-path: &[email protected]&
Received: from nobody by my-servername.net with local (Exim 3.36 #1)

PS:
suexe is disable on server


Thanks for help
 

wimp

Well-Known Member
Jul 13, 2002
301
0
166
Please can anybody bige me a tip how to solve this problem??

thanks
 

icehosting

Well-Known Member
Dec 22, 2002
60
0
156
Hi,
i can help you to find the spammers.
If you are interest send to my email, your ICQ or YIM ID and i contact you.
Christos
 

wimp

Well-Known Member
Jul 13, 2002
301
0
166
&icehosting& i sent you a privat MS but no replay from you.

Anyway. Found the spamer (they using a . cgi script) and block it.


By
 

FijianTribe

Well-Known Member
Jan 30, 2003
70
0
156
WImp:

Would you mind posting what you did to find the spammers script?
 

wimp

Well-Known Member
Jul 13, 2002
301
0
166
Hi,
they use a .cgi based mailing List called RobMail

You can do a search with google to see how Rob Mail works

bye
 

AlaskanWolf

Well-Known Member
Aug 11, 2001
537
0
316
Fremont CA
Check out SpamStopper @ http://webhostingbilling.com/

SpamStopper will monitor outgoing emails using sendmail and will limit XXX emails being sent in XXX minutes

and if a user goes over, it will send a detailed email to the admin
 

icehosting

Well-Known Member
Dec 22, 2002
60
0
156
Hi,
sorry but i forgot to check my PM.
If you continew to have problems contact me.
Regards,
Christos
 

jcsolutions

Well-Known Member
Nov 4, 2002
184
0
166
Canada
Spammer problem

I am having the same problem as "wimp" mentioned above. Over the last few days, someone has been sending a lot of spam from my server and I can't tell who/where it's coming from.

I've tested my server at http://ordb.org for an open relay. The results came back negative... no relaying permitted.

I'm running:
Cpanel 5.3.0-R117
Exim 3.36 #1
SuExec is enabled.

Spam email details:
auth_id = nobody
auth_sender = [email protected]

I currently have only 75 users on the server.
My mail stats don't help, as "nobody" is the sender.

I've read all I could find on "spam" in these forums. Unfortunately, none of it helped. Any information or ideas would be greatly appreciated!
 

jcsolutions

Well-Known Member
Nov 4, 2002
184
0
166
Canada
I would, unfortunately v6 doesn't have a RELEASE build for linux yet, let alone a STABLE build. I'd prefer to stick with the STABLE builds if possible as I am still fairly new to WHM and Cpanel.
 

mpierre

Well-Known Member
Jun 30, 2002
196
0
166
If I disable nobody from sending mail, won't it prevent valid CGI scripts from sending e-mail too ???

Just a stupid question...
 

H2Hosting.com

Well-Known Member
Sep 4, 2001
192
0
316
one small tip:

Open WHM, click to "Change where system mail goes" and set "Nobody" email redirection to your own POP3 account. Spam lists have a lot of fake email addresses, so you will receive this spam to your account and track m***r down.
 

InternetNut

Member
Jan 17, 2003
5
0
151
Originally posted by AlaskanWolf
Check out SpamStopper @ http://webhostingbilling.com/

SpamStopper will monitor outgoing emails using sendmail and will limit XXX emails being sent in XXX minutes

and if a user goes over, it will send a detailed email to the admin
How does SpamStopper differ from the new features in Cpanel 6.

Thanks,

Darrell
 

AlaskanWolf

Well-Known Member
Aug 11, 2001
537
0
316
Fremont CA
I havent had to much success with that feature in Cpanel, and i cant honestly tell you if it only monitors SMTP or it monitors sendmail as well.

I tested it multiple times and I am running into quite a bit of issues, such as "no route to host" and worst, it doesnt tell you what or who its stopping. I had to disable it on most of our servers. I was under the impression that it only monitors SMTP usage

Our script on the other hand monitors Sendmail and will email you when a user reachs such limits.

I also tested the feature in WHM many times, and I was able to continue to send out emails with both SMTP and a basic formmail script (i had set it to 1 per hour...i tired sendmail, was able to send 20 and it didnt look like it was going to stop anytime soon)

I also noticed, with the WHM feature, emails to say www-hosting.net WOULD go though, yahoo WOULD go though, then i tired setting up bugzilla, set my admin email to [email protected], thats when i got the "no route to host" issue. No one was any help...nick being as busy as he is, couldnt help, so that was that, even after i disabled it, i ended up having to reboot the machine for the changes to take.......alot of other users were having problems as well, i had set the limit to something like 200, yet i know for a fact that there was no way i send out 200 emails an hour from WHN's primary url, neither does 99% of my customers!

The problems with the WHM script gave me an ulcer after i figured it may have been the root of my problems :(
 
Last edited:

cch

Member
Mar 24, 2003
17
0
151
Originally posted by wimp
&icehosting& i sent you a privat MS but no replay from you.

Anyway. Found the spamer (they using a . cgi script) and block it.


By

How do you check which script send out spam?

thanks