The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

stop mail spam?

Discussion in 'E-mail Discussions' started by Final-Solution, May 22, 2003.

  1. Final-Solution

    Final-Solution Well-Known Member

    Joined:
    Jul 14, 2002
    Messages:
    92
    Likes Received:
    0
    Trophy Points:
    6
    I got an email in my box today that is supposed to be from myself, but it has a virus on it . . I didnt send it, does it look like someones using my box to send it 'cuz it does to me . . how would i fix it up?

    >>>>>
    Return-path: <user@domain.com>
    Received: from qn-212-127-196-189.quicknet.nl ([212.127.196.189] helo=mail.domain.com)
    by server1.domain.com with smtp (Exim 3.36 #1)
    id 19Is58-0001wO-00
    for user@domain.com; Thu, 22 May 2003 11:34:14 -0400
    From: User<user@domain.com>
    To: User@domain.com
    <<<<<

    I seem to remember helo being a command when relaying mail, how would i go about turning off a relay option if thats the case?

    thanks!

    cPanel.net Support Ticket Number:
     
  2. loststryk

    loststryk Well-Known Member

    Joined:
    Mar 25, 2003
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    London, UK.
    smtp authentication is required.

    what this person may have done is the following ( this is a telnet example)

    telneted to port 25 on your server and typed the following commands.

    helo abuse.net
    mail from: root@yourdomain.com
    rcpt to: your@emailaddress.com
    data
    whatever they wanted to write in your email.
    .

    easy stuff, now why isn't there a fix for this frigging problem ?

    i don't know enough about exim, i have read the exim web site quite a few times now, and i still can't stop this problem.

    all mail should be authenticated, but it don't =o(

    cPanel.net Support Ticket Number: 0800-R-U-Legit
     
  3. loafer

    loafer Member

    Joined:
    May 13, 2003
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    It's likely to be this...

    1) Someone (now to be know as clueless) else has you in their address book without any AV.
    2) Clueless gets infected with a virus that randomly chooses from and to addresses and sends it's self out. But uses clueless's address as the envelope from so every dam locally configured relay will process the mail.
    3) Clueless's virus pick you for both the (fake)sender and the recipient.
    4) you get the virus, and your av catches it.

    Simple innit' ? :D

    cPanel.net Support Ticket Number:
     
  4. Final-Solution

    Final-Solution Well-Known Member

    Joined:
    Jul 14, 2002
    Messages:
    92
    Likes Received:
    0
    Trophy Points:
    6
    Yea i kinda figured someone was sending me an infected file . . I'm just concerned if they sent it to me through our server, if its someone elses server spamming out virii it's not my concern, though just now i realize thats not my IP in the from address.

    thanks for the replies!

    cPanel.net Support Ticket Number:
     
Loading...

Share This Page