Blocking Emails From Nonexistent Local Addresses - EXIM
Jul 16, 2007
I'm trying to figure out a method to stop some of the email spam that we get, and I have something figured out, but I need help on implementing it.
Basically, we get a lot of spam emails from addresses claiming to be from our domain (EX: From: someguy@mysite.com). The email is actually not from our domain, nor does the address actually exist, but the From address is being forged to look like it is our domain.
Basically to fix this, i want to block all email where the From address is claiming to be from our domain, with a nonexistent email address. I'm pretty sure that this is configurable in Exim, but I haven't found any tutorial on it, and I'm not familiar enough with Exim to do it very easily. Anyway if anyone knows of a tutorial or how this could be accomplished, please let me know.
Just to Add:
The reason that these emails are a problem is that the spam software we are running recognizes these emails as being from our domain which it trusts, so they pass most spam filters.
View 0 Replies
ADVERTISEMENT
May 24, 2007
APF firewall is blocking IP's from the allowed range
I have this inserted in /etc/apf/allowed_hosts.rules and restarted APF of course
67.79.221.0/24
70.112.124.0/24
70.113.54.0/24
It still blocked this IP for example, 67.79.221.154
Anyone know why?
View 4 Replies
View Related
Feb 15, 2013
I have a website on a linux-server working fine with PHP/Apache. The page loads a lot of css/js/image-stuff (total 84 requests, 220k), it takes about 4 secs to load via internet.
Now I'm testing the same page locally on a Win7-64-system (Apache 2.2, PHP 5.4). The system is not very slow (8 GB RAM, SSD, i7-CPU), but loading the same page as above takes about 50 secs.
The Q is: What might be the problem?
- I turned off firewall and anti-virus.
- I used mod_status: 150 threads, max. 11 seems to be used during the loading of the page.
- I tried php5apache2_2.dll with TS-PHP 5.4 and mod_fcgid.so with NTS-PHP 5.4, but the loading-time kept almost the same.
Looking at the "network-tab" in FF or Chrome, I found that a lot of subqueries get a timing like this:
Blocking: 11.96 s
Sending: 0
Waiting: 1 ms
Receiving: 6ms
So the loss of time seem to be in the "blocking"-section. I first thought of something like "limited number of TCP-Connections", but as said above, on the same system the page is remotly loaded fast enough almost without these "blocking"-parts.
View 3 Replies
View Related
May 4, 2008
I've been carrying some weird hours lately, so I'm able to see activity on my sites that I normally don't see.
Certain IPs are trying to diddle their things into my server and need the boot. It's not consistent (ie not happening every 5, 10 mins)... it's periodically throughout the months. I'll see an IP I blocked 2 months ago just randomly show up at 4:30am and try accessing the same files it was probing during it's last visit. Assuming this is just some sort of bot, can I block it permanently?
I know APF has a collection system that purges an IP list to keep it from bloating, and I had PSM do some hardening so I'm not entirely sure about the workings of APF firewall. So far my IP blocks are blank (which is a good sign!), but I'd like to add some nuisances to it, to keep their crap from appearing in my error logs anymore as "Denied by Server Configuration"
My question is: Can I block people at server level permanently? I do not want their IP being taken out with the purge list that comes by every so often.
View 4 Replies
View Related
Jul 5, 2007
I'm tired of india people hitting our website (because it is a top hit on google and the others) then calling the next day to bug me to use them for outsourcing.
I am going to block some IP blocks in my .htaccess file to prevent this.
I can see from my statcounter logs that the hits from india so far have come from 59.* 102.* and 203.* (as in 59.###.###.###).
Is there a place I can lookup to find out if I block those, will I will also be blocking some north america IPs (since I'm using such a broad wildcard)?
All our paying business comes from north america.
my htaccess file will look like this:
Code:
# prevents a directory listing when typing in the directory path in the browser
Options -Indexes
#
# My effort to keep india sites from seeing our website
order allow,deny
deny from 203.
deny from 59.
allow from all
View 7 Replies
View Related
Nov 28, 2008
I have 2 server one is Linux server+Cpanel+CSF firewall where my site is running and one is windows server where my exchange mail server is running .Now thing is that when anyone send mail through my web site (after filling contact form) to me it doesn't come to my email id but when i stop my firewall and then i check contact form and fill it the mail goes to my mail id.
I have php script with SMTP authentication.
which port is blocked in my firewall and after disabling firewall it work.how can i check when firewall is on that time why mails are not coming in my email id that time which port is blocked by firewall.
Allow Port in firewall:-- 25,80,20,21,465,443,110,143
View 10 Replies
View Related
Apr 20, 2009
We are only a small construction business in NEW Zealand, and send very few emails. But from the 4th April, Yahooo has started blocking all emails from our domain name?
We hve not done bulk newsletters, we have not had bulk reject messages. Our website/ email host is Clevernet.
YAhoo NZ have sent us a bulk email form, which Clevernet submitted. We then had to get another approved server form filled out by Cleverney which they did last Friday, but our email domain is still blocked.
Xtra/ Yahoo NZ< seem to think there is nothing they can do, but wait and see if Yahoo unblock it. There does not seem to be anyone who we can contact at the Yahoo server. NZ say they cant contact anyone at Yahoo. We seem to be stuck between a rock and a hard place.
View 11 Replies
View Related
Mar 4, 2008
how to block a certain IP address from sending emails
im getting emails sent from a certain IP address repeatedly spamming and sending unsolicited emails
i cant block the email address because its changing everyday however the IP which is sending it seems
fixed and i want to know how i can deny any emails being sent from that mailserver ip to be nulled or block
im using Cpanel / WHM and Running Centos linux
View 3 Replies
View Related
Mar 28, 2007
I just discovered this completely by accident on my new vps
visits (via apache) from 10.16.x.x and 10.28.x.x
These aren't backups but actual website visits.
What on earth is going on? Is my host browsing my website though their network?
Their behavior seems harmless but I just want to make sure this is not a security issue with a neighbor somehow doing something.
View 1 Replies
View Related
Sep 9, 2008
We are a small ISP with about 5000 users. Only a very small percentage of our users can send email to Yahoo, and even that is sporadic.
Hundreds of our users' legitimate emails are rejected daily with the following message:
421 Message from (208.66.56.9) temporarily deferred - 4.16.50. Please refer to help.yahoo.com/help/us/mail/defer/defer-06.html
I have filled out "Yahoo! Mail Delivery Issues Form" a few times. I get the following automated response message:
--------------------------------------------------------------------
Hello,
This is an automated message regarding your recent request for Yahoo!
Mail Customer Care support. We have received your message and willYa
respond within the next 48 hours with an answer.
Thank you for reaching out to us. We look forward to helping you!
Sincerely,
Yahoo! Customer Care
**Please do not respond to this message as no one will receive it.
--------------------------------------------------------------------------
But I never received a response from Yahoo and they continue rejecting our users' legitimate emails.
After reading many forums and blogs, it appears that they are doing the same thing to many other small ISPs and companies with their own email servers.
This practice can interrupt many legitimate business communications and hurts many small businesses.
View 14 Replies
View Related
Jan 30, 2007
It seems that all of the emails sent from clientexec to the major carriers (gmail, yahoo, msn etc.,) are being either blocked completely or marked as spam (msn).
When I send an email from outlook from the same domain client exec is on the email goes through fine.
I have added an SPF Record and my domain is not "blacklisted" for spam anywhere.
View 1 Replies
View Related
Apr 11, 2008
how to fix rkhunter from; 'not found' in local files and unknown for exim and php 5.2.5.
System checks
* Allround tests
Checking hostname... Found. Hostname is
Checking for passwordless user accounts... OK
Checking for differences in user accounts... OK. No changes.
Checking for differences in user groups... OK. No changes.
Checking boot.local/rc.local file...
- /etc/rc.local [ OK ]
- /etc/rc.d/rc.local [ OK ]
- /usr/local/etc/rc.local [ Not found ]
- /usr/local/etc/rc.d/rc.local [ Not found ]
- /etc/conf.d/local.start [ Not found ]
- /etc/init.d/boot.local [ Not found ]
* Application version scan
- Exim MTA 4.68 [ Unknown ]
- GnuPG 1.2.6 [ Old or patched version ]
- Apache [unknown] [ OK ]
- Bind DNS 9.2.4 [ OK ]
- OpenSSL 0.9.7a [ Old or patched version ]
- PHP 5.2.5 [ Unknown ]
- PHP 5.2.5 [ Unknown ]
- Procmail MTA 3.22 [ OK ]
- OpenSSH 3.9p1 [ OK ]
View 4 Replies
View Related
Jan 22, 2007
how to config exim to accepting mails from networks with address: something.fbc.local?
I saw that a lot if comanies using a internal mailserver in there network and the using a mailserver to send all mails coming from different pc's on that internal network. However the mailserver has the name as: 14g5nldo7.fbc.local and exim does not accept e-mails coming from this tipe of services.
View 0 Replies
View Related
Nov 9, 2009
Do yo uguys know how to skip CLAMD and SPAMD on local emails on cpanel server?
our clietns send emails internall too crazily, running clamd and spamd cause high load often
View 1 Replies
View Related
Oct 26, 2007
Sometime before users of my site were receiving mails properly but now they are complaining they are not receiving it. They have their own domains email addresses.
I confirmed with my personal Yahoo, Gmail and Hotmail addresses but I am receiving it well.
How can I confirm that the problem is with their mail servers not with mine?
I do not have experience in such things
View 4 Replies
View Related
May 1, 2007
am running CentOS 4.4 i686 and WHM 10.8.0 and we are having trouble receiving email from certain domains.
Undere whm tweak settings we do not have the "SpamAssassin Spam Filter" enabled.
Mails sent from two domains (that we know of) do not reach us at all and no error message is deliver to the sending address.
Emails sent from us to them DO reach they destination so we are thinking some spam filfer or configuration in exim must be the culprit.
View 6 Replies
View Related
Jul 11, 2014
Upon checking the mail logs, I find this
Code:
Jul 12 07:39:35 ns2 postfix/smtp[31739]: certificate verification failed for gmail-smtp-in.l.google.com[173.194.68.26]:25: untrusted issuer /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
Jul 12 07:39:36 ns2 postfix/smtp[31739]: 2AC1222A0003: to=<aarontd207@gmail.com>, relay=gmail-smtp-in.l.google.com[173.194.68.26]:25, delay=2, delays=0.1/0/1.3/0.64, dsn=2.0.0, status=sent (250 2.0.0 OK 1405143576 q6si6606624qan.104 - gsmtp)
View 1 Replies
View Related
May 16, 2009
I've looked through my exim logs a number of times and I see emails being sent out with "from:" fields with email addresses of other domains. Usually they are spam related and fraudulent.
How can exim be setup to only send out emails that have localdomains in their from fields?
E.g. if I have account bob.com on my server then the owner of bob.com can only send out emails "xxxx@bob.com" no matter what else he tries to do that's all exim will send out.
How can you get exim to do this? I have been using filtering to block commonly spammed domains like aol.com hotmail.com etc - any emails sent out with these in their from fields are filtered and blocked - but rather building up a larger and larger filter of commonly abused domains - why not just block everything except domains on your server.
View 11 Replies
View Related
Feb 7, 2008
running WHM at Fedora 6... WHM 11.11.0 cPanel 11.16.0-R18546
I have a problem with spoofing spammers.. my queue is plenty of non-delivered emails from externals SMTP, sended to NON-existents address on my server...
The question is the destination domain (mydomain.com b.example) has already its ":fail: No Such User Here" alias.
SMF records applied, but not the most external SMTP servers checks them nowadays...
Using :fail: the email is never accepted into the server. During the initial SMTP negotiation when the senders SMTP server connects to your SMTP server, the sending SMTP server issues a RCPT command notifying your server which email address the email to follow is intended for. Your server then checks whether the recipient email actually exists on your server (a POP3 account, an alias or a catchall alias) and if it does not, it issues an SMTP DENY which terminates the attempt to deliver the email.
Well, in my case it justs receives message and then frozen it!
Some more data:
IN MY QUEUE:
1JMoh4-0004UG-Pz-H
mailnull 47 12
<>
1202321302 0
-helo_name luatvietnam.vn
-host_address 203.162.168.16.1839
-interface_address 85.x.x.x.25
-received_protocol smtp
-body_linecount 50
-max_received_linelength 93
-frozen 1202407547
-host_lookup_failed
-manual_thaw
XX
1
dlsex-ireddols@abrasivoshermes.com
210P Received: from [203.162.168.16] (port=1839 helo=luatvietnam.vn)
by myserver.mine.com with smtp (Exim 4.68)
id 1JMoh4-0004UG-Pz
for dlsex-ireddols@mydomain.com; Wed, 06 Feb 2008 19:08:23 +0100
069P Received: (qmail 6913 invoked for bounce); 5 Feb 2008 09:04:11 -0500
032 Date: 5 Feb 2008 09:04:11 -0500
032F From: postmaster@luatvietnam.vn
039T To: dlsex-ireddols@mydomain.com
024 Subject: failure notice
WHEN TRYING TO DELIVER FROM QUEUE:
Message 1JMoh4-0004UG-Pz is no longer frozen
LOG: MAIN
cwd=/usr/local/cpanel/whostmgr/docroot 4 args: /usr/sbin/exim -v -M 1JMoh4-0004UG-Pz
delivering 1JMoh4-0004UG-Pz
LOG: MAIN
** dlsex-ireddols@mydomain.com F=<> R=virtual_aliases: No Such User Here
LOG: MAIN
Frozen (delivery error message)
AT LOGS (first time):
2008-02-06 19:08:17 SMTP connection from [203.162.168.16]:1839 I=[85.112.9.44]:25 (TCP/IP connection count = 9)
2008-02-06 19:08:20 no host name found for IP address 203.162.168.16
2008-02-06 19:08:22 H=(luatvietnam.vn) [203.162.168.16]:1839 I=[85.x.x.x]:25 Warning: Sender rate 0.0 / 1h
2008-02-06 19:08:23 1JMoh4-0004UG-Pz <= <> H=(luatvietnam.vn) [203.162.168.16]:1839 I=[85.x.x.x]:25 P=smtp S=2405 T="failure notice" from <> for dlsex-ireddols@mydomain.com
2008-02-06 19:08:23 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1JMoh4-0004UG-Pz
2008-02-06 19:08:23 1JMoh4-0004UG-Pz ** dlsex-ireddols@mydomain.com F=<> R=virtual_aliases: No Such User Here
2008-02-06 19:08:23 1JMoh4-0004UG-Pz Frozen (delivery error message)
2008-02-06 19:08:24 SMTP connection from (luatvietnam.vn) [203.162.168.16]:1839 I=[85.x.x.x]:25 closed by QUIT
View 1 Replies
View Related
Jan 17, 2008
1) What would you guys say is average in terms of the # of emails in the Mail Queue?
2) What steps can be taken to tighten it up? If I start with a clean slate, it only takes about a week or less for my mail queue to reach 1000 or more. Most of it seems like junk mail.
View 0 Replies
View Related
Mar 26, 2008
im trying to delete emails sent to dbmaster@example.com. there are about 2000 emails like that in exim email queue
here's what i did:
SSH to my server
type: exiqgrep -ir dbmaster@example.com | xargs exim -Mrm
but it says: bash: exiqgrep: command not found
View 4 Replies
View Related
Jun 13, 2008
I have noticed on my two dedicated servers logs that some emails just dissapear after being frozen for days in queue and there is no notice or warning sent to the sender.
Please check your logs and tell me if I am wrong, just check for non-zero on your exim_mainlog
grep non-zero /var/log/exim_mainlog
and then grep your messageId
grep 1K17WW-0002so-Sn /var/log/exim_mainlog
2008-05-24 17:34:23 1K17WW-0002so-Sn == vicoello@xxxxx.com R=lookuphost T=remote_smtp defer (-1): smtp transport process returned non-zero status 0x000e: terminated by signal 14
2008-05-24 17:34:23 1K17WW-0002so-Sn Frozen
2008-05-25 18:02:27 1K17WW-0002so-Sn Message is frozen
...
2008-05-26 22:08:47 1K17WW-0002so-Sn Message is frozen
....
2008-05-27 15:00:31 1K17WW-0002so-Sn Message is frozen
? Dissapeared
View 6 Replies
View Related
Apr 17, 2007
Whenever I send mail, it never gets sent and I get the following error under "View Mail Statistics" in WHM:
1 xxx@aol.com R=fail_remote_domains: unrouteable
mail domain "aol.com"
I have only recently noticed these errors, as my mail was working before.
View 2 Replies
View Related
Nov 19, 2007
my Exim mail outgoing queue is getting stuck and i cannot receive emails. Under WHM i have 50 odd emails, some 7 days old.
A small dump from /var/log/exim-mainlog is below:
2007-11-19 04:40:45 H=(H®) [202.57.142.156] sender verify defer for <jqyuehutmqluz@epilot.com>: could not connect to mail02.interchangeusa.com [63.251.210.81]: Connection timed out
2007-11-19 04:40:45 H=(H®) [202.57.142.156] F=<jqyuehutmqluz@epilot.com> temporarily rejected RCPT <morleyc@myemail.net>: Could not complete sender verify callout
2007-11-19 04:40:45 unexpected disconnection while reading SMTP command from (H®) [202.57.142.156]
2007-11-19 04:40:51 no IP address found for host 202.57.142.156.sta.isp-thailand.com (during SMTP connection from [202.57.142.156])
2007-11-19 04:40:57 no IP address found for host 202.57.142.156.sta.isp-thailand.com (during SMTP connection from [202.57.142.156])
2007-11-19 04:41:01 no IP address found for host 202.57.142.156.sta.isp-thailand.com (during SMTP connection from [202.57.142.156])
2007-11-19 04:41:04 no IP address found for host 202.57.142.156.sta.isp-thailand.com (during SMTP connection from [202.57.142.156])
2007-11-19 04:41:43 no host name found for IP address 77.94.106.13
2007-11-19 04:41:49 1ItxNu-0007E6-4s mail.global.frontbridge.com [207.46.51.86] Connection timed out
2007-11-19 04:41:49 1ItxNu-0007E6-4s == hmt@someaddress.com <HMT@someaddress.com> R=lookuphost T=remote_smtp defer (110): Connection timed out
2007-11-19 04:41:49 1ItxNu-0007E6-4s == jog@someaddress.com <JOG@someaddress.com> R=lookuphost T=remote_smtp defer (110): Connection timed out
2007-11-19 04:41:49 1ItxNu-0007E6-4s == mrl@someaddress.com <MRL@someaddress.com> R=lookuphost T=remote_smtp defer (110): Connection timed out
2007-11-19 04:42:29 H=(client-200.121.46.74.speedy.net.pe) [200.121.46.74] sender verify defer for <tecat@yahoo.de>: Could not complete sender verify callout
2007-11-19 04:42:29 H=(client-200.121.46.74.speedy.net.pe) [200.121.46.74] F=<tecat@yahoo.de> temporarily rejected RCPT <morleyc@myemail.net>: Could not complete sender verify callout
2007-11-19 04:42:29 unexpected disconnection while reading SMTP command from (client-200.121.46.74.speedy.net.pe) [200.121.46.74]
Everything was fine until about 7 days ago, i dont know why the config didnt change but since then its been dropping received emails and queueing on sends.
View 10 Replies
View Related
