The Community Forums

Interact with an entire community of cPanel & WHM users.
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

victim of a joe job spam. now what?

Discussion in 'General Discussion' started by flamesburn, May 10, 2005.

  1. flamesburn

    flamesburn Member

    Aug 5, 2002
    Likes Received:
    Trophy Points:
    Weve got a client who was the victim of a spammer sending out spam pretending to be him, and all of the bounces are coming back at his email account. over 20,000.

    How can we get cpanel to stop sending him bounced message, basically just ignore or blackhole them?

    Weve switched the default address to fail, doesnt seem to do anything.

    Weve also tried to delete the inbox file, however as soon as we delete it, it is re-created and within a minute or so, is over 500mb again. Which suggests that theres a lot of mail bouncing back.
  2. chirpy

    chirpy Well-Known Member

    Jun 15, 2002
    Likes Received:
    Trophy Points:
    Go on, have a guess
    There's not a great deal you can do except ride out the storm (usually lasts around 24 hours). Your best bet would probably be to use the Filters system to ditch emails with bounce related information in them.
  3. RickG

    RickG Well-Known Member

    Feb 28, 2005
    Likes Received:
    Trophy Points:
    North Carolina
    Changing the accounts default email address to fail is a good thing under any condition as it will bounce mail addressed to unknown users.

    However, in the scenario you describe, it sounds like the bounced mail is addressed to your client (i.e., not some random unknown user (aka a dictionary attack). In this case, you have a couple of options:

    1) Set up an email filter in the client's cPanel (under Mail -> E-mail Filtering) based on a common string found in the bounced messages (maybe the string User Unknown) and direct them to /dev/null (i.e. use the discard option in email filtering). This would although them to retain legitimate mail.

    2) Another option is to delete your clients email account completely. If you have set the accounts default email address to fail, this will then bounce back all messages addressed to him/her.

    3) If you implement #2, and do not want to bounce back the messages, you could re-create their email address as a forward and point it to /dev/null so its discarded.

    Just some thoughts to get you started. No fun in either case. Based on the volume you mention, keep on top of your bandwidth usage, as depending on what type of hosting package you have, this could have an impact on your month end charges.

Share This Page