The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Spammmer

Discussion in 'General Discussion' started by Codeguy, Oct 22, 2006.

  1. Codeguy

    Codeguy Member
    PartnerNOC

    Joined:
    May 30, 2006
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    I had a problem with a spammer using an over quota email account to bounce back spam to other users. I blocked this specific spammer by setting the account to :fail: and blocking his IP address but I expect that this can and will happen again.

    I am going to ban all use of catch-all addresses on our servers but that doesn't stop someone from using another full email account to bounce back spam. It just makes them harder to find.

    Here's a suggestion on how to reject mail for users over quota instead of bouncing it. Has anyone tried this?

    http://www.timj.co.uk/linux/rcpt-time-quota-maildir.php

    Does cpanel create a list of users over quota that I could scan for this purpose?

    Thanks.
     
  2. RandyO

    RandyO Well-Known Member

    Joined:
    Jun 17, 2003
    Messages:
    173
    Likes Received:
    0
    Trophy Points:
    16
    Huh? not making any sense to me... perhaps someone could explain?
     
  3. Codeguy

    Codeguy Member
    PartnerNOC

    Joined:
    May 30, 2006
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    A spammer from russia was using a mailbox that was over quota to send spam. My server bounces messages when the user is over quota so he was using that bounce to send his spam to others by using forged email headers. When my server bounces them, the messages get sent to the forged address instead of the real sender. It's called backscatter. Viruses do this a lot because tons of antivirus software will just bounce viruses instead of dropping them.
     

Share This Page