AOL Redacted Spam Complaints: Tracing
Nov 24, 2007
I have a customer that uses mailman to send out newsletters. For some reason he has a few users on that list at AOL that feel they need to report them as spam instead of simply unsubscribing or deleting. I'm on the AOL feedback loop, and receive these complaints each time he sends.
AOL removes (redacts) all traces that might make it possible to simply remove the complainer, instead making me have to go in and trace the mail. Ok, privacy and all that. Fine. Unfortunately, since he has a few hundred AOL addresses on that list, it's nearly impossible (AFAIK) to figure out who it is so I can remove that user (or three).
I've searched through the mail logs using the message ID and timestamp, as well as grepping for AOL in the results. This has narrowed it down to about 120 addresses. From here I'm stuck. Can anyone recommend something else to try in order to narrow it down further? What am I missing?
Here are the headers that came with the complaint, edited for privacy.
Quote:
Return-Path: <redacted-bounces@customerdomain.com>
Received: from rly-dd06.mx.aol.com (rly-dd06.mail.aol.com [172.19.141.153]) by air-dd03.mail.aol.com (v120.9) with ESMTP id MAILINDD034-b804748865c294; Sat, 24 Nov 2007 15:15:39 -0400
Received: from neo.myserver.com (ns3.myserver.com [my.server.ip.addy]) by rly-dd06.mx.aol.com (v120.9) with ESMTP id MAILRELAYINDD062-b804748865c294; Sat, 24 Nov 2007 15:15:29 -0400
Received: from localhost ([127.0.0.1] helo=neo.myserver.com)
by neo.myserver.com with esmtp (Exim 4.68)
(envelope-from <redacted-bounces@customerdomain.com>)
id 1Iw1P8-0006og-3w; Sat, 24 Nov 2007 15:15:06 -0500
Received: from adsl-225-31-27.mia.bellsouth.net ([customer's.ip] helo=Home)
by neo.myserver.com with esmtpa (Exim 4.68)
(envelope-from <customer_email@customerdomain.com>) id 1Iw1P1-0006l0-Tc
for redacted@customerdomain.com; Sat, 24 Nov 2007 15:15:00 -0500
Message-ID: <002d01c82ed6$b4485f20$210110ac@Home>
From: <customer_email@customerdomain.com>
To: redacted@customerdomain.com
Date: Sat, 24 Nov 2007 15:15:05 -0500p
View 12 Replies
ADVERTISEMENT
May 15, 2009
I have several domains that offer newsletters through double opt-in and sometimes people forget they subscribed and make a spam complaint (especially aol users). This is causing me horrible grief with godaddy. Can anyone recommend a reasonably priced hosting company that won't totally freak out and lock up your domain because of these occasional spam complaints?
I am not talking floods of genuine complaints here or any real spam practices, just people who are too free with the "report spam" button just because they've become bored with my newsletter.
View 8 Replies
View Related
Apr 17, 2008
I'm having a bad experience with someone in customer support, for eNom's shared hosting account (thread started on WHT a short while ago).
Drawn a blank obtaining complaints email address for eNom customer support or better still management?
View 3 Replies
View Related
Feb 19, 2008
I just received two complaints that my server (71.6.197.244) is trying to run exploits on other people's servers.
I have tried checking my access logs, but am not sure what to look for.
Is this a process, or is it an exploit through a url or a php form?
I have attached the e-mail complaints as txt.
View 6 Replies
View Related
Dec 10, 2008
How well does ThePlanet.com handle DMCA complaints?
Recently got shafted by a client for over $30K (3 months of work plus our own out of pocket expenses). To make matters worse, this crook took the PHP source code which my company offers as a hosted solution and installed it on a dedicated server at Theplanet.com.
I have sent DMCA take down notices to theplanet, following their procedure (which is the standard legal procedure) but they have not done anything to the perpetrator. He has managed to spring up 2 websites already, and is no doubt planning to launch more.
Not sure if anyone else has been in this type of situation but I need to get something done about this. I have no doubt in my mind that even if theplanet did shut his sites down, or at least wiped the infringing software from the disks, he would jump over to another host and do the same thing again. My company doesn't have time to waste chasing him around, however the software he has contains a lot of proprietary code that we created and was never intended to be public.
So far both of the domains that he is using have Network Solutions as the registrar. Does Netsol assist with this kind of thing? Hopefully someone with similar experience can chime in with some advice.
View 10 Replies
View Related
Mar 4, 2008
what is causing a high serer load (25-30% cpu usage average).
Using cpanel 11 / centos 5 / php 5 / mysql 5 / phpsuexec
root@server3 [/proc/8052]# ps waux | grep -c exim
28
root@server3 [/proc/8052]#
root@server3 [/proc/8052]# ps waux | grep -c exim
27
root@server3 [/proc/8052]# ps waux | grep -c mysql
3
root@server3 [/proc/8052]# ps waux | grep -c httpd
46
root@server3 [/proc/8052]# ps waux | grep -c php
3
I am having a hard time tracing who/what is causing the high load
View 8 Replies
View Related
Mar 8, 2007
What is the most effective, surest way to trace server load (centos / cpanel, shared hosting environment)? I'm aware of top and top -c but I'm looking at it and nothing shows high usage, yet whm server status shows about 12-20% cpu (dual xeon box, 4gb memory). Disk usage is 32% (10k scsi, 300GB) I've attached 4 samples of top -c
View 1 Replies
View Related
Jul 5, 2008
I was checking my netstat and I saw something like this:
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
tcp 0 1 192.168.30.98:40493 207.45.xxx.xx:3306 SYN_SENT 48 3130522 5339/httpd
tcp 0 1 192.168.30.98:40510 207.45.xxx.xx:3306 SYN_SENT 48 3131478 7180/httpd
tcp 0 1 192.168.30.98:40502 207.45.xxx.xx:3306 SYN_SENT 48 3130994 6732/httpd
tcp 0 0 192.168.30.98:47493 65.55.xxx.xx:80 TIME_WAIT 0 0 -
tcp 0 0 192.168.30.98:47494 65.55.xxx.xx:80 TIME_WAIT 0 0 -
tcp 0 0 192.168.30.98:47495 65.55.xxx.xx:80 TIME_WAIT 0 0 -
tcp 0 0 192.168.30.98:47496 65.55.xxx.xx:80 TIME_WAIT 0 0 -
tcp 0 0 192.168.30.98:47497 65.55.xxx.xx:80 TIME_WAIT 0 0 -
I see that there are some connections from my server to some remote mySQL server, and I am curios to know which script is running them. (192.168.30.98:40493 207.45.xxx.xx:3306 5339/httpd)
I try through lsof but it is not that it points directly to the website running this connection.
I also see some strange connections like:
Code:
tcp 0 0 192.168.30.98:47493 65.55.xxx.xx:80 TIME_WAIT 0 0
I want to know if this is some uncontroled script in my server.
View 4 Replies
View Related
Apr 9, 2009
I have a cpanel, centos server that had to be rebooted due to the high load spike. I was unable to ssh in nor enter whm prior to the reboot so my only option was of course to reboot the server.
Now, I'm trying to trace the cause of the spike. RTG graphs show no indication of a ddos attack.
Inside whm, CPU/Memory/MySQL Usage shows no reds nor yellow warnings either except red for gzip (backup process) at 19% CPU. I doubt this is the cause.
This is from /var/log/messages of the logs slightly before and after the reboot.
Code:
Apr 9 13:31:49 server pure-ftpd: (?@70.250.201.162) [INFO] Logout.
Apr 9 13:32:05 server pure-ftpd: (?@xxx.xxx.85.3) [INFO] New connection from xxx.xxx.85.3
Apr 9 13:32:28 server pure-ftpd: (?@xxx.xxx.85.3) [INFO] New connection from xxx.xxx.85.3 .......
View 4 Replies
View Related
Feb 28, 2008
I have a server that has server load showing at 25-40 (once it was even 53!), running like that for hours. The server has 4 cpus - and yet the sites on the server seem to run fine when I check them. What I'm wondering is, what exactly is load in this context; and how can load run so high like that without the server crashing?
According to top, the load is caused by httpd processes running under user 'nobody', that often take up double digit CPU percentage.
Does Apache always run under 'nobody'?
Is there any way to trace an httpd processes - which account it's for, or which physical script or URL is calling it?
And for top itself, the TIME field on one server of mine is in the format xx:xx (e.g. 3:25), on another it's TIME+ and in the format xx:xx.xx (e.g. 30:02.77). What exactly does this mean? I would asume it's minutes:seconds and minutes:seconds:hundredths, but while watching top it doesn't seem to correlate with that.
View 11 Replies
View Related
Oct 17, 2013
Microsoft Windows Server 2008 R2 Service Pack 1
Panel version 11.0.9 Update #59, last updated at Oct 3, 2013 02:06 AM
MailEnable version 5
I see in the plesk documentation that the screen to enable SPAM filtering for an individual there is an option to "Move spam to the Spam folder". I don't see that option so I am wondering if it is only available on some versions of Plesk, or in combination with certain mail servers. How to make that option available?
View 3 Replies
View Related
Nov 17, 2008
One of our customers on a VPS downloaded this file and then ran it perl bnc.txt
I am wondering if its a spammer using the script to send spam.
It seems to be written in Portuguese, I have translated parts of it and it reminds of of the typical spam subjects you find now-a-days.
View 6 Replies
View Related
Aug 15, 2008
We are having some big issues with a spam bot on the server. We can remove the bot but could you please explain, IN DETAIL , how to configure the NAT to prevent outbound port 25 connections to the internet except from our real mail servers on with windows server 2003. Currently, the only firewall on this system is the standard windows one.
View 1 Replies
View Related
Aug 19, 2007
through some accounts on the server and the amount of spam in their mail queue is really frustrating. I had to set admin accounts for each site I run and the spammers have discovered them, so I am looking for a ssh command where I can just easily clean all the spam out. I tried cat /dev/null > /var/mail/"the username" but that didn't work.
View 1 Replies
View Related
Nov 6, 2007
Someone on our server is sending spam mails, he does not know about it.
Most spam are sent to aol.com,gmail.com and cs.com
I'm getting loads of these Mail delivery failed mails:
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
The e-mails come from the system/user account e-mail of the domain (usernameDA@domain.com), where DA is Direct Admin.
I think it sent more then 30.000 mails in 2 days.
Also received a complaint from aol.
How can I trace this? What can I do to fix it?
Is it a some crappy written php script?
He said he updated joomla, wiki and smf forum.
View 13 Replies
View Related
May 1, 2008
I use cpanel license, i enable phpsux on my server, but user can send email without smtp address.
how can pervent user for send mail without smtp?
View 3 Replies
View Related
Jan 29, 2009
I just got this from EasyAntiSpam. Unless my address is harvested from the HostingCon database, I've certainly never been in touch with them. Disappointing either way.
Matt:
Good afternoon! I hope you are doing well. I am the new Director of Sales for Easy Antispam and I wanted to get in touch with you to find out who currently provides you with your anti-spam solutions?
I have listed below a few key benefits for our antispam solution here at Easy Antispam [url]
· Fully brandable quarantine with customizable url
· Customer level whitelisting
· Nothing to install. No complex configuration changes to make.
All you have to do is redirect the MX.
Easy Antispam is a service of Interjuncture, Corp. which was founded by George A. Roberts IV and Frank Spaulding in 2004. Easy Antispam offers a solution that doesnât cause more problems and work than the spam itself. Thousands of businesses, organizations and individuals rely on Easy Antispamâs Email Protection Services to defend their inboxes against spam and other threats. So, what are YOU waiting for? Get protected, sign up now for a 30 day free trial.
View 14 Replies
View Related
Apr 18, 2009
I have a linux server with shared hosting ,now for couple of days one of my client face problem regarding spam with gmail,I have also cross-checked all the mandatory records,and we have already create MX,SPF & reverse dns record with domain keys for that domain.
View 5 Replies
View Related
Jun 25, 2009
im getting 50 and more spam mails each day, how do i secure my vps to stop 99% of the spam from coming in as i understand theres no way to completely block spams.
Im using directadmin control panel and enabled SpamAssasain but its not much of use even when i apply strict options on it.
View 3 Replies
View Related
Jan 5, 2009
I used to have a reseller account and have shifted everything to a dedicated server. I now find that a couple of clients are getting lots of spam when they didn't before.
It seems that the servers used by the reseller account had some level of basic spam filtering installed; my provider suggested I look for a filtering program to install on my server.
There are, of course, dozens of them, so I wondered if anyone has any experience - enough, perhaps, to make a recommendation.
View 6 Replies
View Related
May 12, 2009
I'm having difficulties with a whm running on centos dedicated server. The problem is that we receive too much of spam and junk emails. by too much I mean 2000 bulks per week. It's killing us.
how I can stop it.
View 14 Replies
View Related
Jul 5, 2009
I am facing some major SPAM problems.
I am a web host from the city of Kolkata, India.
Almost 95% of my clients are from my city - others are also known to me. I know many of them face to face - there are very little chances that any of them are SPAMMER.
Still my server IP is blacklisted - several times in last 1 year - I changed my datacenter - but the problem still persists.
View 10 Replies
View Related
Apr 2, 2009
We're using whm/cpanel and we're always up to date with the latest upgrades (with all our scripts).
2 weeks ago, we receive a notification from SpamCop saying that our server was sending out spam. We verified everything and found nothing. 2 days ago, same story.
We tried looking at our logs and found nothing. Does this mean that there's a security hole somewhere? How can we find out from where the spammer is sending his viagra emails from ? We do not want to be permanently banned because of a spammer.
View 5 Replies
View Related
May 27, 2009
I have problems with my mail server.
I have installed cPanel WHM.
In my server there are many accounts and now I discovered that not all accounts, when they send email to hotmail and yahoo, go to spam.
It does not happen in all accounts.
How can I bypass the filter of yahoo and hotmail for all domains configured on my server?
View 4 Replies
View Related
Mar 31, 2009
i have this in my account:
/cgi-bin/check.cgi
/cgi-bin/gz.cgi
/cgi-bin/km.cgi
/cgi-bin/hnc.cgi
/cgi-bin/ypej.cgi
some script that sends (a LOT)spam, and dissapears
Does anyone know what that was?
i cannot find anything about it
i disabled cgi scripting,
View 2 Replies
View Related
May 20, 2009
I guess the economy must be hitting them hard. They have resorted to unsolicited commercial email, everyone's favourite.
Quote:
I hope this finds you well. I am currently attempting to reach out to companies that offer web hosting services and either use, or have used, Parallels Plesk Panel as a part of the service offerings. The goal is to re-introduce Parallels Plesk Panel and hopefully revive any previously established relationships. This includes looking into why the Parallels Plesk Panel business slowed, or stopped completely, within your organization.
We are working very hard to establish a reputable channel within the hosting marketplace. In order to do so we need to look at what is currently working and what is not currently working. The best place to begin this research is with companies that have used us, but now don't really offer our products. With that said, are you available for a phone call to discuss?
My goal is to understand:
* Do you currently offer control panels, if so, is Parallels Plesk Panel a part of your offerings?
* If you are no longer offering (pushing) Parallels Plesk Panel, is there a reason?
* Would you be receptive to some sort of "trial" program to re-introduce you to Parallels Plesk Panel and our Service Provider Partnership Program?
I look forward to your response and hopefully speaking with you soon.
Antoine Wilson
Partner Recruitment Manager
Service Provider Division
Parallels, Inc.
+1 (703) 995-4170 Direct
+1 (703) 991-5511 Efax
AIM: scrams93
Skype: antoine.wilson
ICQ: 215351114
View 13 Replies
View Related
Jun 17, 2009
I was running an IP check on spamcannibal.org
It shows blocked because of this reason:
no reverse DNS, MX host should have rDNS - RFC1912 2.1
Is it actually possible to setup some kind of generic ptr records on IPs, even if they are assigned to dedicated server clients?
View 3 Replies
View Related
Jul 14, 2009
I noticed that reported server usage from Plesk is 2.x - 3.x, so I went to mail queue (in Plesk) and saw lots of mails that shouldn't be there.
There were several senders under the domain dedibox.fr sendint LOTS of emails to lots of addresses in the same email. There shouldn't be a sender @dedibox.fr, as that domain isn't hosted on our dedicated server.
I know little about Linux administration... I tried going to the /var/log folder and grep for dedibox on the messages and maillog files, but nothing found...
How can I know if someone connected to our server as an user or something like that?
View 6 Replies
View Related
Apr 17, 2009
I have a server that is sending spam, but I can not know who sent because the server not has installed suphp.
There is another option to see who sends spam?
View 6 Replies
View Related
