Hoping someone can help here. I have a web server running a couple of sites, has been for a couple of years now. With one of the domains, I have an email forwarder setup through cpanel to forward mail sent to a specific address at that domain to my gmail account (it's a "contact us" type address). I don't think the email address is listed on the web anywhere.
Anyway, I am noticing a lot of spam emails being sent to that address, from that same address and they all appear to be relayed through my exim server legitimately. Obviously they aren't (as I am not sending them).
I am only familiar with sendmail, and am unsure about where to look for any possible hacks to my exim server. Can someone point me in the right direction? I want to stop these spam messages being sent, asap.
I have been searching for a solution to a problem that shouldn't exist but it does.
Background:
I have a customer on a UK server who sends emails to 500+ recipients on a monthly basis, and all but 3 emails are delivered....
The 3 that don't go, bounce after 3 days (as per the exim setup)
The 3 recipient domain's that reject don't seem to accept email from UK/European ip's and I have tried to send them emails from 4 different networks and still they bounce.
I have even tried to contact them via gmail, and still not heard back.
Proposed solution:
I want to be able to send email for that 1 domain to a Postfix Relay I have in the US.
Question:
How do I achieve this within Exim (a Cpanel Server).
I have found that so far its to do with the Router Configuration section within the Cpanel Exim setup, but I cannot seem to find an example of what and where i need to change the config...
after noticing the SQL errors on my sites, I went in to take a closer look.
First thing I noticed was my server load was at 200! This was all due to EXIM!
I stopped exim and then watched my load go back down to like 1... then started it, and it gradually rose again.
After using the Exim Cheat Sheet...
I discovered I had over 7000 messages frozen in my que and a few thousand not frozen.
After erasing all of the frozen messages because they were all spam, I am left wondering what I can do to stop this from happening again...
1. Is this spam being SENT FROM me? Or TO me?
2. Regardless of the answer to #1, how do I make it stop? I don't host any significant sites, and the server only has a few sites on it. None of the domains match up with anything I have anything to do with, so its all worthless and nobody on my server heavily uses their email through me.
What do I do? This is the second time I have had my system with a load this high and after the first time, I paid a chunck for more RAM.
exim queue is always being filled by millions of spam mails...
In 5 minutes more than 1000 messages..
I have removed all several times but they insist in coming back..
In 1 one min:
1Ju7q6-00039t-031mDeleteDeliver Now ALEXNSONIA@MSN.COM 1Ju7q6-00039w-161mDeleteDeliver Now ALEXNSTEPH4-1-98@MSN.COM 1Ju7q6-0003A0-2s1mDeleteDeliver Now ALEXIA27@BELLSOUTH.NET ...
We've been seeing sluggish performance on our mail gateways, and so I started doing some digging in the logs. It looks like we are filling up with messages like:
2007-05-16 12:22:16 Connection from [xx.xx.xx.xx] refused: too many connections
We have our max connections set to 20 (total, not host-specific) in exim4. So I started tailing the logs, and sure enough, we are getting bombarded with requests to randomstring@ourdomain.com coming from all over the map. The requests are getting denied of course, but that doesn't help the connection issue since they are consuming all of them, preventing real mail (for the most part) from getting through.
What is the proper way to deal with something like this? I could certainly just up the max connections value from 20 to 40 or 50 or whatever, but I'm not sure what kind of performance impact that will have on the rest of the traffic going through our gateways.
Since the spam attempts are coming from all over the place, it doesn't seem like I can just firewall out a few addresses and be done with it.
This particular rack is a cluster of web and database servers behind two gateway boxes, which handle the mail traffic (so this problem is on the gateways, the actual mail server itself sits behind the gateways and never actually sees these fake emails).
Not far ago somebody hacked our customer account through the vulnerability in phpBB Album module and uploaded some scripts. Then it started to send nigerian spam using exim and apache. These scripts were found and deleted and the Album module was fully deleted too. But when I look at the processes now I see that exim and httpd still start very often so the system resources are probably overused by them ......
My server is sending all emails via exim smarthost to other specialised exim server (both cPanel). How may I limit customers from sending out SPAM ? Mean to scan outgoing emails and delete/store in some folder which ones identified as SPAM. Preferrably the scan part to be on exim email proxy cause it is much idle.
I have a dedicated windows 2003 server that acts as an smtp relay (legit purposes, not open).
There are large amounts of mail relayed through the server and I would like to install some 3rd party software that can scan the messages/attachments for viruses.
Ideally, if one exists it strips it from the message and notifies the recipient and/or sender of the problem.
Does anyone here know about a dedicated server hosting company located in either Florida or Texas (United States) which allows the use of IRC? I plan to link to an already established network. Nothing illegal!
I have recently opened up a game, in which is slowly becoming pretty active. However, I want the ability to create an IRC server - locally. We are currently only on shared hosting, because we don't have a lot of bandwidth usage yet - however I believe it would be successfull to start an IRC server now, plus it would be nice to know how to do it.
However, I have two questions/problems: I am not interested in having another computer run the IRC server, because I don't have a stable internet connection except at home in which Im not willing to have to drive from campus to home if something were to happen. Therefore, I'd like to be able to run it off a PC I have ideling inside my dorm. The problem is, my roommate uses it a lot while I use my laptop, and therefore it needs to run off Windows, or somehow give me the ability to run it off a linux while running Windows - or something silly like that.
Therefore, I have two possibilities. Either one, this is completely not possible or two there is some sort of emulator or something like in which I can run IRC on Windows - Or the ability to create an IRC server directly onto windows.
Any ideas? If it is the second possibility, please provide some good tutorials or software into creating a basic IRC server. I don't really care about security unless it is going to affect the connection/box. It's not like we have a bunch of hackers who are going to attemp to exploit it, because when we launch out of BETA we will buy a server, in which we will have IRC installed onto it.
I want a cheap Dedicated server that will allow irc. I will only be using IRC on the server so it doesnt need to be very powerful. Anyone have a suggestion? I want to pay less than $50/month.
I'm looking for a dedicated server where IRC is allowed on the network. EU or US. Nothing abusive. Budget is from $80 - $100-$110 and a place where they could announce my /24.
In last several days (maybe weeks) I sometime see in bandwith graph that link of 10mb/s is 100% used, see http://img144.imageshack.us/img144/9103/rtgimgphpvi3.png
Than I watch in var/tmp and find some bad code, files and scripts in which are some hacker email addresses and some IPs. In some file I see and some IRC BOT script. In some are logs in which see attempts of logins.....
I am looking for a reliable dedicated server provider that allows IRC. I am looking for something under 100 dollars. My budget is 100 dollars, not a cent more. I am not concerned about management levels. Managed or un-managed doesn't matter. I would prefer a U.S. based location.
KEEP READING...
1. Dont ask me what specs I am looking for; the under $100 budget will dictate the specs.
2. Yes, I am aware that there have been two topics about dedicated servers that allow IRC in the recent past. I was unable to find a host from those topics.
3. Yes, I am sure I am looking for a dedicated. Don't post links to shell providers.
4. I am about 99% sure, I will not purchase a dedicated server from your sig. If you don't have something useful to say, please don't say it at all.
5. I'm not looking for someone to tell me that its hard to find a dedicated server that allows IRC under 100 dollars. I am also fully aware that most dedicated providers don't allow IRC. On top of that I understand WHY a lot of providers don't allow IRC. Please don't post if your only going to say why IRC isn't allowed.
6. I have checked the offers sections. No luck. Please don't tell me to check the offers section.
7. I am looking for a dedicated server under 100-dollars. That's the bottom line. Thanks for reading the entire post Wait! Did I tell you thanks for reading the entire post?
I'm looking for a dedicated server from an IRC Friendly host. I would appreciate suggestions on places where they allow IRC to be run (Other than FDC).
I've been working on this for some time now, but I'm not sure on how the settings were transfered over to this server. I wish I was there when it was done.
Anyways, we got a new server and we transfered all the accounts to the new one. The old one is gone. When people send emails to their email accounts on the server, this is returned:
This is an automatically generated Delivery Status Notification
Delivery to the following recipient failed permanently:
admin@crewxp.com
Technical details of permanent failure: PERM_FAILURE: SMTP Error (state 9): 550 relay not permitted ....
I am looking for somewhere in the US or Canada that can host a VPS with the following requirements:
10gb space 256mb ram - burst 512mb 200gb bandwidth 2 ips (or 1 with cheap price for an extra ip) Public IRC Capable (not linking with EFNet, etc.)
I've been searching for something that can meet my needs but I've been at a loss. BuyAVPS became a big issue, and I pulled out quickly before the most recent downtime, SolarVPS before that with their lovely billing problems and collection threats.