Spamer on Server Help !

[wimp]

hi,
i have a spamer on a server who send tons of e-mails around the world.
Is there a way to know what account send this spam using the message ID ? Have no other infos about message exept the message ID and I now that a lot of messagges comes back to my server by message delivery:
Return-path: &[email protected]&
Received: from nobody by my-servername.net with local (Exim 3.36 #1)

PS:
suexe is disable on server


Thanks for help

 

[wimp]

Please can anybody bige me a tip how to solve this problem??

thanks

 

[SprintSlash]

Did you try to check the Mail Statistics in WHM?

 

[wimp]

yes but since the refer is [email protected] there is no way to check who user sent mails....

 

[icehosting]

Hi,
i can help you to find the spammers.
If you are interest send to my email, your ICQ or YIM ID and i contact you.
Christos

 

[wimp]

&icehosting& how can i contact you ??

 

[casey]

Click on his profile and send him an e-mail.

 

[wimp]

&icehosting& i sent you a privat MS but no replay from you.

Anyway. Found the spamer (they using a . cgi script) and block it.


By

 

[FijianTribe]

WImp:

Would you mind posting what you did to find the spammers script?

 

[wimp]

Hi,
they use a .cgi based mailing List called RobMail

You can do a search with google to see how Rob Mail works

bye

 

[AlaskanWolf]

Check out SpamStopper @ http://webhostingbilling.com/

SpamStopper will monitor outgoing emails using sendmail and will limit XXX emails being sent in XXX minutes

and if a user goes over, it will send a detailed email to the admin

 

[icehosting]

Hi,
sorry but i forgot to check my PM.
If you continew to have problems contact me.
Regards,
Christos

 

[jcsolutions]

Spammer problem

I am having the same problem as "wimp" mentioned above. Over the last few days, someone has been sending a lot of spam from my server and I can't tell who/where it's coming from.

I've tested my server at http://ordb.org for an open relay. The results came back negative... no relaying permitted.

I'm running:
Cpanel 5.3.0-R117
Exim 3.36 #1
SuExec is enabled.

Spam email details:
auth_id = nobody
auth_sender = [email protected]

I currently have only 75 users on the server.
My mail stats don't help, as "nobody" is the sender.

I've read all I could find on "spam" in these forums. Unfortunately, none of it helped. Any information or ideas would be greatly appreciated!

 

[jcsolutions]

I would, unfortunately v6 doesn't have a RELEASE build for linux yet, let alone a STABLE build. I'd prefer to stick with the STABLE builds if possible as I am still fairly new to WHM and Cpanel.

 

[mpierre]

If I disable nobody from sending mail, won't it prevent valid CGI scripts from sending e-mail too ???

Just a stupid question...

 

[H2Hosting.com]

one small tip:

Open WHM, click to "Change where system mail goes" and set "Nobody" email redirection to your own POP3 account. Spam lists have a lot of fake email addresses, so you will receive this spam to your account and track m***r down.

 

[InternetNut]

Originally posted by AlaskanWolf
Check out SpamStopper @ http://webhostingbilling.com/

SpamStopper will monitor outgoing emails using sendmail and will limit XXX emails being sent in XXX minutes

and if a user goes over, it will send a detailed email to the admin

How does SpamStopper differ from the new features in Cpanel 6.

Thanks,

Darrell

 

[AlaskanWolf]

I havent had to much success with that feature in Cpanel, and i cant honestly tell you if it only monitors SMTP or it monitors sendmail as well.

I tested it multiple times and I am running into quite a bit of issues, such as "no route to host" and worst, it doesnt tell you what or who its stopping. I had to disable it on most of our servers. I was under the impression that it only monitors SMTP usage

Our script on the other hand monitors Sendmail and will email you when a user reachs such limits.

I also tested the feature in WHM many times, and I was able to continue to send out emails with both SMTP and a basic formmail script (i had set it to 1 per hour...i tired sendmail, was able to send 20 and it didnt look like it was going to stop anytime soon)

I also noticed, with the WHM feature, emails to say www-hosting.net WOULD go though, yahoo WOULD go though, then i tired setting up bugzilla, set my admin email to [email protected], thats when i got the "no route to host" issue. No one was any help...nick being as busy as he is, couldnt help, so that was that, even after i disabled it, i ended up having to reboot the machine for the changes to take.......alot of other users were having problems as well, i had set the limit to something like 200, yet i know for a fact that there was no way i send out 200 emails an hour from WHN's primary url, neither does 99% of my customers!

The problems with the WHM script gave me an ulcer after i figured it may have been the root of my problems

 

[cch]

Originally posted by wimp
&icehosting& i sent you a privat MS but no replay from you.

Anyway. Found the spamer (they using a . cgi script) and block it.


By

How do you check which script send out spam?

thanks

 

[easyhoster1]

How do you check which script send out spam?

Just look at apache status in WHM and you will see the cgi script being used and what domain is sending it.