The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Where is this spam coming from?

Discussion in 'E-mail Discussions' started by cooldude7273, Aug 19, 2008.

  1. cooldude7273

    cooldude7273 Well-Known Member

    Joined:
    Jan 11, 2004
    Messages:
    363
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Roswell, GA
    Which account is being used to send this spam? I'm having thousands and thousands of emails being sent and I can't seem to track it down:

    Code:
    1KVcv6-0004iF-Tr-H
    mailnull 47 12
    <prohrdept@gmail.com>
    1219197332 0
    -helo_name 192.168.1.100
    -host_address 65.185.121.96.2210
    -host_name cpe-65-185-121-96.woh.res.rr.com
    -interface_address 208.43.97.172.25
    -received_protocol smtp
    -body_linecount 47
    -max_received_linelength 250
    NN tracyp16@aol.com
    2
    panther_34654@yahoo.com
    tracyp16@aol.com
    
    232P Received: from cpe-65-185-121-96.woh.res.rr.com ([65.185.121.96] helo=192.168.1.100)
    	by angela.limitlesshosting.net with smtp (Exim 4.69)
    	(envelope-from <prohrdept@gmail.com>)
    	id 1KVcv6-0004iF-Tr; Tue, 19 Aug 2008 21:55:10 -0400
    045F From: "mary lizzabeth" <prohrdept@gmail.com>
    004T To:
    094  Subject: EZ twenty now is exploding...$20$20...to many twenties not enough time...hee...hee..
    047S Sender: "mary lizzabeth" <prohrdept@gmail.com>
    018  Mime-Version: 1.0
    081  Content-Type: multipart/alternative;
    	boundary="= Multipart Boundary 0819082155"
    038  Date: Tue, 19 Aug 2008 21:55:32 -0400
    014  X-ACL-Warn: {
    
     
  2. furry

    furry Member

    Joined:
    Aug 3, 2008
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Are they being sent from you accounts? have you contacted your hosting companies security department to see if they can aid you?
     
  3. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Read the first Received: header line. This appears to show that email coming from 65.185.121.96. If that's not on your server, then the spam is incoming, not outgoing. If your server is being reported for spam, check whether you have any forwarders in /etc/valiases/* pointing to aol.com, yahoo.com or any other free email service. If you have then most likely your users are tagging email relayed through your server to their forwarder as spam. If so, you need to either:

    1. Educate them to not tag as spam email relayed through your server
    2. Remove the forwarders and tell them to POP their accounts
     
  4. cooldude7273

    cooldude7273 Well-Known Member

    Joined:
    Jan 11, 2004
    Messages:
    363
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Roswell, GA
    Couldn't find anything out of the normal.

    Problem is I have thousands of spam emails being sent every few days with identical spam messages with this kind of header, just with different email address. "prohrdept@gmail.com" is always in there though.
     
  5. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,381
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Is angela.limitlesshosting.net your server?

    It looks like someone is relaying mail through your server. Chances are someone from IP address 65.185.121.96 is logging into your POP3 server, which then allows that IP to relay mail through your server.

    Check the /var/log/maillog for a mention of that IP address.

    cat /var/log/maillog | grep 65.185.121.96
     
  6. vinoo

    vinoo Registered

    Joined:
    Apr 9, 2007
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    You can set filters on your account to avoid spam.Mail filters allow you to automatically perform different actions on emails received, based on who sent them, where they were sent to, and what they contain. Some of the possible actions are: discard, redirect, move to a folder or pipe to a program. For example, you could create a filter that automatically discards any email received from prohrdept@gmail.com. Also check spam assassin is configured for the account and the spam score is set to lower value which can reduce the spams.
     
Loading...

Share This Page