The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Strange problem with spam

Discussion in 'General Discussion' started by heavypredator, Jun 18, 2006.

  1. heavypredator

    heavypredator Well-Known Member

    Joined:
    May 2, 2003
    Messages:
    93
    Likes Received:
    1
    Trophy Points:
    8
    For some time now i have problem with spam. My datacenter is getting complains (from aol)
    about my additional ip sending spam.

    The problem is this ip has only one site with no mailboxes, mail port is blocked by firewall, there is no trace of spam sent like in sample provided by aol (im logging every email sent with /usr/sbin/sendmail, there is nothing in exim_mainlog and exim_rejectlog about this spam):

    PHP:
    Receivedfrom  my.hostname.com (ev1s-69-57-*-*.ev1servers.net [69.57.*.*]) by rly-yd06.mx.aol.com (v109.13with ESMTP id MAILRELAYINYD64-77a4493af431d7Sat17 Jun 2006 03:29:08 -0400 
    Received
    : (qmail 50802 invoked by uid 10001); Sun18 Jun 2006 01:29:01 +0200 (CEST
    Message-Id: <20060618012901.50802.qmail@mxub.my.hostname.com
    From"Marey Yang" <venusamaral2@camunicongusto.com
    To: <Undisclosed Recipients
    DateSun18 Jun 2006 01:29:01 +0200 (CEST
    Subject: Try out striking in <censored
    Mime-Version1.0 
    Content
    -Typetext/plain 
    X
    -AOL-IP69.57.*.* 
    X-MailerUnknown (No Version
     
    MIME element (text/plain
    Currently <censoredwills to catch blasts 
    on http
    ://asatewaro.com/<censored> from 
    <censored>
    I have no idea how can it be sent dc techs checked server 3 times now - anyone seen something like this?
     
  2. rhenderson

    rhenderson Well-Known Member

    Joined:
    Apr 21, 2005
    Messages:
    785
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Oklahoma
    cPanel Access Level:
    Root Administrator
    Since you have not gotten a response yet.... I am no expert at this but I know you should grep your message ID to try and trace it down.

    You might try:

    Code:
    grep msgID /var/log/exim_mainlog
    
    Or check your /var/log/maillog for oddities.

    or even

    Code:
    grep IPADDYINQUESTON /var/log/exim_mainlog
    Just some thoughts off the top of my head. You can also contact Chirpy at http://configserver.com and ask him to help you track it down for a small fee.
     
  3. megalai

    megalai Registered

    Joined:
    Mar 22, 2005
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
Loading...

Share This Page