The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

User Not On my server BUt sending spam

Discussion in 'E-mail Discussions' started by bhanuprasad1981, Nov 28, 2009.

  1. bhanuprasad1981

    bhanuprasad1981 Well-Known Member

    Joined:
    Aug 5, 2008
    Messages:
    222
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    India
    hi,

    ia m getting frequent complaints from DC that spam is sent from server by a user who doesn't even exist on my server how can this be possible ? please help me to eradicate it

    sample email :-


    Code:
    Received: from outbound-bu1.dca.untd.com (supportmail02.dca.untd.com [10.171.43.25])
    by scanmaildb02.vgs.untd.com with SMTP id AABFTA27RADTFYTA
    for (sender );
    Fri, 27 Nov 2009 15:41:35 -0800 (PST)
    Received: (qmail 16487 invoked by uid 514); 27 Nov 2009 23:41:34 -0000
    X-Issue-Tag: .catch_spam_mail
    Delivered-To: support-juno-com-spamdesk-spam@support.juno.com
    Received: from outbound-bu1.dca.untd.com (webmail19.dca.untd.com [10.171.12.159])
    by supportmail02.dca.untd.com with SMTP id AABFTA248AYFJVAS
    for (sender );
    Fri, 27 Nov 2009 15:40:14 -0800 (PST)
    X-UNTD-OriginStamp: szZ1ymWg3oGaspsxfOkPaPRHOL0+gYWDqueaCIyWFER9Ni2hw5b4Qg==
    Received: (from X)
    by webmail19.dca.untd.com (jqueuemail) id PYEN9VR5; Fri, 27 Nov 2009 15:39:15 PST
    X-EOW-USER-IP: 71.2.121.174
    Received: from mx12.vgs.untd.com (mx12.vgs.untd.com [10.181.44.42])
    by maildeliver04.dca.untd.com with SMTP id AABFS5R4DAQVSWHS
    for (sender );
    Wed, 25 Nov 2009 15:35:31 -0800 (PST)
    Received-SPF: None
    Received: from sccmmhc92.asp.att.net (sccmmhc92.asp.att.net [204.127.203.212])
    by mx12.vgs.untd.com with SMTP id AABFS5R4DAA9CSHA
    for (sender );
    Wed, 25 Nov 2009 15:35:31 -0800 (PST)
    DKIM-Signature: v=1; q=dns/txt; d=mchsi.com; s=dkim01;
    i=matthartxmasoffer30@mchsi.com; a=rsa-sha256; c=relaxed/relaxed;
    t=1259192130; h=Message-Id:Date:From; bh=Pu2h+9PFk0ThieHc7/NErPsM2
    7ty3PagZEZjvgdEA2c=; b=rCcOFDxHUR0wY5AT+54R+34VmOLiLQf/j38VlpLb/UBj
    VawIqr7nJw7eulx1UZ2Jc2mViKdrK6JgCuNiEpdu2w==
    Received: from sccqwbc18 (scommcenter18.asp.att.net[204.127.203.180])
    by mchsi.com (sccmmhc92) with SMTP
    id ; Wed, 25 Nov 2009 23:30:38 +0000
    Received: from [69.65.43.145] by sccqwbc18;
    Wed, 25 Nov 2009 23:30:26 +0000
    From: "Mr Matt Hart"
    Reply-to: matthartloanoffer01@gmail.com
    Date: Wed, 25 Nov 2009 23:30:26 +0000
    Message-Id:
    X-Mailer: AT&T Message Center Version 1 (Mar 2 2009)
    X-Authenticated-Sender: bWF0dGhhcnR4bWFzb2ZmZXIzMEBtY2hzaS5jb20=
    To: Undisclosed-recipients: ;
    X-UNTD-BodySize: 66
    X-UNTD-SPF: None
    X-UNTD-SIGN-INFO: 37d97901383d80b57174340dcd6001d9148160c14de1381538711171343425149d049d807170e100e991e0e9e4e970
    X-ContentStamp: 1:1:2562239111
    X-MAIL-INFO:3725850920a570f0ad95b049c0b091f149a0c0c0515515014951f0c9d08561a431
    X-UNTD-Peer-Info: 204.127.203.212|sccmmhc92.asp.att.net|sccmmhc92.asp.att.net|matthartxmasoffer30@mchsi.com
    X-UNTD-UBE:-1
    Subject: Ref # [1M3cR0q9mY1Lq2r]
    X-Juno-Message-Id: 1M3cR0q9mY1Lq2r06Bx
    X-Thread-Count: 1
    X-UNTD-SPAMDESK-TYPE: EOW-SPAM
    
    Email matthartloanoffer01@gmail.com, for more info about a loan.
     
  2. thewebhostingdi

    thewebhostingdi Well-Known Member

    Joined:
    Jan 10, 2008
    Messages:
    141
    Likes Received:
    0
    Trophy Points:
    16
    If you have an access to your server then from command prompt kindly check the mail logs with the particular message id : 1M3cR0q9mY1Lq2r06Bx
    as shown below:

    cat /var/log/exim_mainlog | grep 1M3cR0q9mY1Lq2r06Bx

    Once you type the above command in your command prompt you will get the domain name from which SMTP authentication the mail was sent. Kindly have a try.
     
    #2 thewebhostingdi, Nov 28, 2009
    Last edited: Nov 28, 2009
  3. bhanuprasad1981

    bhanuprasad1981 Well-Known Member

    Joined:
    Aug 5, 2008
    Messages:
    222
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    India
    i get no result :( nothing found :(
     
  4. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,384
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Is the server in question a cPanel server? I am not seeing any Exim message ids in the headers you provided.
     
Loading...

Share This Page