The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Spamming? Need your input.

Discussion in 'General Discussion' started by lamp, Jun 25, 2005.

  1. lamp

    lamp Well-Known Member

    Dec 22, 2003
    Likes Received:
    Trophy Points:

    For the past couple of days, I have been receiving hundreds of :

    "Delivery Failure"
    "Returned mail: see transcript for details"
    "failure notice"
    "Returned mail: User unkown"

    from remote servers. What troubles me is that each of these email contains a bogus address originating from my server; something like abdqqwxde@[] would be a typical 'from' address. Of course, all of these weird email addresses don't exists on my server. In addition, the body of the email (that is claimed to have been sent from my server) is obviously bogus.

    I've checked my exim log, and all it shows me is that a message was delivered TO abdqqwxde@[] (or whatever other bogus email).

    I have checked the processes running on my server with ps auxwww and nothing seems out of the ordinary.

    Could my server be spamming? Do you guys have an idea as to how I could approach (and erradicate) this problem?

  2. chirpy

    chirpy Well-Known Member

    Jun 15, 2002
    Likes Received:
    Trophy Points:
    Go on, have a guess
    It's difficult to say without seeing the email headers that would hopefully have been shown in the bounce message.

    If you can find no evidence in your exim logs, it's quite possible that you're simply suffering from the blow-back of forged email headers in a spamming/virus run which you basically have to ride out.

    If you could post the full email headers from the reported spam, it would help.
  3. Spiral

    Spiral BANNED

    Jun 24, 2005
    Likes Received:
    Trophy Points:
    The sender's IP is more important than the "From" and "Reply-To" addresses
    which can be set to anything anyone wishes ....

    If the bounce back messages do not show your server's IP as the sender
    then it is most likely that a spammer is simply forging their headers to
    look like it is coming from your domain but in reality actually being sent
    from somewhere else entirely.

    I'd probably put a ":fail:" for the default address on that domain so
    you don't get all the bounce messages coming back from forged headers.

    That's about all I could say to do without seeing the actual message.

Share This Page