The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

TRACKING an email spammer leaching my smtp (not anon)

Discussion in 'E-mail Discussions' started by tkoweb, Sep 18, 2003.

  1. tkoweb

    tkoweb Active Member

    Joined:
    Dec 26, 2002
    Messages:
    44
    Likes Received:
    0
    Trophy Points:
    6
    I've been getting a number of bouncebacks from aol, with fake headers iwejri3jefe@mydomain.com etc etc. (randomly generated). I have the full header information so technically I already have the details needed to find out WHERE the user spammed from, right?

    But given the message ID, isn't there a quick way to find out which account is doing this spamming using my smtp server? there is no anonymous relaying on, so they had to authenticate first correct?

    I need to track this guy down quick. I can't afford to NOT offer outbound smtp services (running it on two ports even!)

    Thanks,

    cPanel.net Support Ticket Number:
     
  2. tkoweb

    tkoweb Active Member

    Joined:
    Dec 26, 2002
    Messages:
    44
    Likes Received:
    0
    Trophy Points:
    6
    It's a FORMMAIL hole. wtf i thought it was taken care of
    but it's apparently back and being taken advantage of.. whats the best way to update that?

    Ugh.. I'm just going to upgrade to edge..
     
    #2 tkoweb, Sep 18, 2003
    Last edited: Sep 18, 2003
  3. bert

    bert Well-Known Member

    Joined:
    Aug 21, 2001
    Messages:
    602
    Likes Received:
    0
    Trophy Points:
    16
    This is quite an issue. Some of our customers have been sending mail to AOL for weeks without even knowing it.

    I do wonder, however if cgiemail is also vulnerable.

    Nick and staff, please do something to close these wholes. We don't have a problem disabling these on our own machines, but we as well as most other providers have many dedicated/co-located servers and this is certainly a major issue!

    cPanel.net Support Ticket Number:
     
  4. Peoplespaces

    Peoplespaces Well-Known Member

    Joined:
    Oct 1, 2001
    Messages:
    217
    Likes Received:
    2
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Have you looked at the complete headers. We had this happening from an account that was forwarding their email to their AOL account. Of course, all the spam gets forwarded as well and AOL bounces it and then bans our servers saying we are sending out too much bulk email, since the forwarded message was coming from our server

    We know whose account it is from looking at the complete header information.

    cPanel.net Support Ticket Number:
     
Loading...

Share This Page