I regularly report spam that makes it through an RBL (sbl-xbl.spamhaus.org), SQLGrey, and an internal blacklist. I've noticed that the spam I get originates all over the place (though uu.net seems to be getting more popular). However, one host stands out when it comes to the spamvertised websites that are being sent - theplanet.com. In looking the past 30 days of spam reports 60% have advertised a site hosted on [url]
Do you report spam via spamcop? Who is your biggest sender and hoster?
Please understand that I filter hundreds of spam messages a day (about 560 yesterday). These are only the ones making it though.
We have see a interesting system from one competitors:
any user that have a email account receive any 24 hours a email report of all spam receive (as html attach) In this html file there is list and flag and user can be indicate that is NOT a spam and click submit into html file that send information to mail server
Today my site was reported for the second time at SpamCop.net as spamvertised site. Somebody is just copy pasting content from my site and is spamming people with it. It is done without my knowledge or consent. Unfortunately, today KnownHost supported me for the second time asking me to remove the domain/exploits or face account suspension.
how to deal with it? Recently one of my sites was penalized by Google all of a sudden, which brought down my adsense income by 1/3. I suspect that it might have something to do with this abuse.
I have already set an SPF record to prevent domain masking, but they are sending it from their own from address. Has anyone here ever faced anything like this? Can someone please advice me what to do?
So I get this email today from SpamCop complaining about my server sending unsolicited bounce messages.
Well yea... thanks to spammers domain spoofing and sending spam to my server, my server finds that there's no address - so it replies to the spoofed address.
My question is.... what do I do about it? The spamcop site has this to say... Though if I setup the server to do something odd like not sending a bounce because it's "filed internally", how will legit people get the proper bounce response??
Problem: Misdirected bounces
Description: When a mail server accepts a message and later decides that it can't deliver the message, it is required to send back a bounce email to the sender of the original message. These bounce emails are often misdirected.
Solution: Upgrade and/or configure your mail server software so that this situation is never encountered. Configure your software to either reject messages during delivery or accept them permanently. Do not let your software make choices about delivery after it has accepted a message. If you must accept delivery before you know the status of a message, then file it internally - do not send, forward or bounce it outside your organization. The errant message can be placed in a special folder or routed to your postmaster.
Now they stated this.. but im totally unsure what it means. If anyone knows. what section is for what... i only see the ip once, that they reported the spam come from 66.79.165.30.
Code: X-Apparently-To: x via 66.163.179.144; Wed, 26 Sep 2007 11:00:52 -0700 X-Originating-IP: [68.230.241.14] Authentication-Results: mta175.mail.re2.yahoo.com from=cox.net; domainkeys=neutral (no sig) Received: from 68.230.241.14 (EHLO fed1rmpop110.cox.net) (68.230.241.14) by mta175.mail.re2.yahoo.com with SMTP; Wed, 26 Sep 2007 11:00:52 -0700 Received: from fed1rmimpo01.cox.net ([70.169.32.71]) by fed1rmmtao105.cox.net (InterMail vM.7.08.02.01 201-2186-121-102-20070209) with ESMTP id <20070926175141.MUBZ11358.fed1rmmtao105.cox.net@fed1rmimpo01.cox.net>; Wed, 26 Sep 2007 13:51:41 -0400 Received: from fed1wml11.mgt.cox.net ([172.18.180.10]) by fed1rmimpo01.cox.net with bizsmtp id t5re1X00W0DrMWL0000000; Wed, 26 Sep 2007 13:51:39 -0400 Received: from 66.79.165.30 by webmail.west.cox.net; Wed, 26 Sep 2007 13:51:38 -0400 Date: Wed, 26 Sep 2007 10:51:39 -0700 From: UK NATIONA LOTTERY <gailpmm@cox.net> Reply-To: mrsjuliaelm@hotmail.com Subject: Congratulation! you have won MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Priority: 3 (Normal) Sensitivity: Normal
FAILReverse DNS entries for MX recordsERROR: The IP of one or more of your mail server(s) have no reverse DNS (PTR) entries/* (if you see "Timeout" below, it may mean that your DNS servers did not respond fast enough)*/. RFC1912 2.1 says you should have a reverse DNS for all your mail servers. It is strongly urged that you have them, as many mailservers will not accept mail from mailservers with no reverse DNS entry. You can double-check using the 'Reverse DNS Lookup' tool at the DNSstuff site if you recently changed your reverse DNS entry (it contacts your servers in real time; the reverse DNS lookups in the DNS report use our local caching DNS server). The problem MX records are: 22.130.197.82.in-addr.arpa [No reverse DNS entry (rcode: 3 ancount: 0) (check it)]
FAILAcceptance of postmaster addressERROR: One or more of your mailservers does not accept mail to postmaster@myminiaturepainting.com. Mailservers are required (RFC822 6.3, RFC1123 5.2.7, and RFC2821 4.5.1) to accept mail to postmaster.
I'm hosting my website on a shared hosting, and recently the ip 87.255.1.42 began sending DoS attacks to my website - there are constantly being sent queries to the starting page of my website, more than 400,000 queries/day.
It's not doing any significant damage but overloads the server every day, and I would like to know how to report this attack to any authority who can stop the attack.
I queried the RIPE database db.ripe.net/whois?form_type=simple
I have run rkhunter and got the following report, I have checked everything and seems to be fine. Also, I have run rkhunter --update and didn't help. How can remove this bad messages? Do I need to reinstall the package?
/bin/dmesg [ BAD ] /bin/env [ BAD ] /bin/grep [ BAD ] /bin/kill [ BAD ] /bin/login [ BAD ]
I have been receiving unsolicited emails from a site which is hosted on DonHost servers in UK.
I have been receiving these emails for the last 3-4 days on my business email which is not on any list. I think the sender is complete amateur because he is using CC and I can see everyone's emails. They are mostly local companies and Government offices so they way this person gathered the email list is very questionable.
I contacted DonHost on www.donhost.co.uk and sent them an email to their Support but they haven't even replied to me.
My VPS is setup and now when I did a dnsreport for my site, it shows:
Number of nameservers ERROR: You have 2 nameservers, but both are on the same IP! This is not a valid setup. You are required to have at least 2 nameservers, per RFC 1035 section 2.2.
Is this a big problem?
The report [url] also shows other failures. Are there any critical ones that I need to take care of? How do I do it?
I have been receivig a huge logwatch report, seems that logwatch is not parsing the /var/log/secure file, but sending the log entries instead of any resume of it. I got thousands of lines like
Cp-Wrap: Pushing "47 GETDISKUSED pvargas lights.com.co" to '/usr/local/cpanel/bin/eximadmin' for UID: 47 : 25 Time(s) Cp-Wrap: Pushing "47 GETDISKUSED r.perez konecrans.com" to '/usr/local/cpanel/bin/eximadmin' for UID: 47 : 69 Time(s) Cp-Wrap: Pushing "47 GETDISKUSED r.rodriguez konecrans.com" to '/usr/local/cpanel/bin/eximadmin' for UID: 47 : 114 Time(s)
I have upgraded to the most recent version of Logwatch with default configuration. Any ideas on what could be wrong?
I'm not sure how much people use InternetHealthReport.com, but Global Crossing consistently has the worst packet loss - [url]
I'm not sure what the cause is, but I wouldn't be surprised if it's because they are a primary peer for Hurricane Electric and other budget carries who don't have much other Tier 1 peers (i.e. Xeex).
Any comments from current Global Crossing customers?
I got a RHEL dedicated server it has Ensim Ensim Pro 4.0.3-22.rhel.3ES
I got a few email accounts over quota limit. Even though it reached the quota the still consumes mail.
the size keeps increasing until HD space runs out. I checked other forums and they recommended to
do this find /home/virtual/site#/fst/var/spool/mqueue/ -exec rm -f {} ;
I did this but there were no files in there to begin with.
So every hour i keep getting this failure notice. This is a report generated by the hourly run of MailQueueCleaner. Some sites on this server have problems which prevent the processing of their email queues. UNTIL YOU RESOLVE THE PROBLEMS, THESE SITES WILL NOT BE ABLE TO RECEIVE EMAIL. A summary of the problems is included below.
sites over the quota show up here.
I just want to be abl to clear the mail out of selected accounts without logging in the account. I am sure it is some file to clear.
Microsoft Windows Server 2008 R2 Service Pack 1 Panel version 11.0.9 Update #59, last updated at Oct 3, 2013 02:06 AM MailEnable version 5
I see in the plesk documentation that the screen to enable SPAM filtering for an individual there is an option to "Move spam to the Spam folder". I don't see that option so I am wondering if it is only available on some versions of Plesk, or in combination with certain mail servers. How to make that option available?
I run a site with about 1,000,000 unique visitors per month and recents server failures made me decide to get a failover server to minimize downtime. My goal wasn't to get 99.999% uptime but to be able to be back on track after a failure in a "reasonable" amount of time. After evaluating several solutions, I decided to go with DNS failover. Here's how the setup work:
1) mydomain.com points to main server with a very low TTL (time to live) 2) failover server replicates data from main server 3) when main server goes down, mydomain.com is changed to point to failover server
The drawback is the DNS propagation time since some DNS servers don't honor the TTL and there is some caching happening on the user's machine and browser. I looked for empirical data to gauge the extent of the problem but couldn't find any so I decided to setup my own experiment.
The Experiment ==============
I start with mydomain.com pointing to the main server with a TTL of 1800 seconds (1/2 hour). I then change it to point to the failover server which simply port forwards to the main server. On the main server, I periodically compute the percentage of requests coming from the failover server which gives me the percentage of people for which the DNS change has propagated.
I made the DNS change at exactly 16:04 on 06/21/06 and here are the percentage of propagated users:
So even after 18 hours, there is still a certain percentage of users going to the old server so DNS failover is obviously not a 99.999% uptime solution. However, since more than 90% of the users are propagated in the first hour, the solution works well enough for me.
