OK, i resume what i did to avoid this fuc.. spammer .
But i keeps receiving emails that were sent by [email protected] , i will copy one here and you will see , that I understand that the original email was sent using my server.
I receive it in my inbox ....I replace MYDOMAINHERE and xx.xx..xx<-- THIS IS MY IP' SERVER
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
[email protected]
(ultimately generated from [email protected])
mailbox is full: retry timeout exceeded
------ This is a copy of the message, including all the headers. ------
Return-path: <[email protected]>
Received: from aclermont-ferrand-157-1-16-228.w83-205.abo.wanadoo.fr ([83.205.143.228]:2402)
by enzo.websitewelcome.com with esmtp (Exim 4.52)
id 1Ge8CM-0000bv-Kf
for [email protected]; Sun, 29 Oct 2006 04:47:27 -0600
Received: from XXX.XXX.XXX.XXX(HELO MYDOMAINHERE.com)
by usash.com with esmtp (HH7I1U8G1 JL487)
id EC7N00-BD83Y1-K1
for [email protected]; Sun, 29 Oct 2006 10:47:34 -0060
From: "Danielle Beal" <[email protected]MYDOMAINHERE.com>
To: <[email protected]>
Subject: Notification
Date: Sun, 29 Oct 2006 10:47:34 -0060
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Office Outlook, Build 11.0.6353
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1478
Thread-Index: Aca6QMFUDL7VL222RV6EN62GPY2S06==
The accumulation of positions by those in the know has shot
A_U_N_I up 33% in a few short days. We hope you all got in
early like we told you to, and are enjoying your good fortune.
But even if you didn't don't worry because ..........
So, someone is sending though MYIP with [email protected] , but i can not detect them.
I trying putting the domain tha uses to connect to my smtp , in my black list in my server, but he keeps changing it with every email.
When exim sends an email, does not keeps logs about sending if it was ok, it keeps about errors, or only date time on sucessfully sending, right ?
what do you suggest to detect this spammer ?
one thing i detect is that somes of the domains in this server that have catch all feature, is happening the same thing. I suppose that exim that rejects an non existant email, but with catch all , all email is valid right ?
- I read all features and enabled them on whm
- I found out that my exim log rejects relays that are not my clients, i think...
- I Installed the choon.net feature in php to detect if an script is sending though my server, i tested it , it works, but i do not detect any spammer like this
- i installed RBL, SBL and all features about detecting ip from spammers, to avoid them to conect to my server
- i installed ALL features like dictonary attack, firewall, apm , etc etc etc.
But i keeps receiving emails that were sent by [email protected] , i will copy one here and you will see , that I understand that the original email was sent using my server.
I receive it in my inbox ....I replace MYDOMAINHERE and xx.xx..xx<-- THIS IS MY IP' SERVER
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
[email protected]
(ultimately generated from [email protected])
mailbox is full: retry timeout exceeded
------ This is a copy of the message, including all the headers. ------
Return-path: <[email protected]>
Received: from aclermont-ferrand-157-1-16-228.w83-205.abo.wanadoo.fr ([83.205.143.228]:2402)
by enzo.websitewelcome.com with esmtp (Exim 4.52)
id 1Ge8CM-0000bv-Kf
for [email protected]; Sun, 29 Oct 2006 04:47:27 -0600
Received: from XXX.XXX.XXX.XXX(HELO MYDOMAINHERE.com)
by usash.com with esmtp (HH7I1U8G1 JL487)
id EC7N00-BD83Y1-K1
for [email protected]; Sun, 29 Oct 2006 10:47:34 -0060
From: "Danielle Beal" <[email protected]MYDOMAINHERE.com>
To: <[email protected]>
Subject: Notification
Date: Sun, 29 Oct 2006 10:47:34 -0060
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Office Outlook, Build 11.0.6353
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1478
Thread-Index: Aca6QMFUDL7VL222RV6EN62GPY2S06==
The accumulation of positions by those in the know has shot
A_U_N_I up 33% in a few short days. We hope you all got in
early like we told you to, and are enjoying your good fortune.
But even if you didn't don't worry because ..........
So, someone is sending though MYIP with [email protected] , but i can not detect them.
I trying putting the domain tha uses to connect to my smtp , in my black list in my server, but he keeps changing it with every email.
When exim sends an email, does not keeps logs about sending if it was ok, it keeps about errors, or only date time on sucessfully sending, right ?
what do you suggest to detect this spammer ?
one thing i detect is that somes of the domains in this server that have catch all feature, is happening the same thing. I suppose that exim that rejects an non existant email, but with catch all , all email is valid right ?
