How To Block All Emails From A Certain Address
Apr 14, 2008
I am receiving around 7.000 emails from different sources with the subject “Undelivered Mail Returned to Sender” or similar.
It seems someone is using an alias to my email address to send huge amounts of spam. I have checked the mail queue in WHM and the emails are not there. I have turned on the SMTP Tweak in security center, but that doesn’t seem to work.
I have no idea if this person is using my server to send massive amounts of spam,
What I have noticed is that most emails return to msxf@mydomain.com so is there a way to block this?
View 10 Replies
Apr 29, 2008
I have blocked this IP 125.115.144.28
/etc/apf/apf -d 125.115.144.28
But
netstat -anp|grep tcp|awk '{print $5}'| cut -d : -f1 | sort | uniq -c | sort -n
It still showing
202 125.115.144.28
Why?
Is it supposed to blocked right away, or need some time to get blocked.
When I checked /etc/apf/deny_hosts.rules
The IP is in the file.
View 12 Replies
View Related
May 4, 2008
I manage a website which runs on the cpanel/whm interface and was wondering if there was anything my host could do to prevent DoS attacks on the server...at the moment we are having huge DoS attacks on our website therefore taking the whole website down for quite long periods of time.
My host just seems to be manually blocking the DoS'ers IP's manually but this is just too tedious and not efficient enough.
Is there any program for example that he can install which will block andy ip which sends a certain amount of requests within a given time period?
View 3 Replies
View Related
Nov 8, 2009
We have several clients who use phplist for their opt-in lists. ATT and a few others are blocking emails. The main reason is because the email from the list (email@client.com) originates from comcast.net. ATT and others appear to block based upon that discrepancy.
Questions for anyone who works with phplist:
1) If the client simply sends from the comcast.net email (and not from email@client.com) and we allow this as a valid sending source in phplist, will this solve our problem?
2) We attempted to send via webmail, which would have trumped all issues, however because the clients are sending email which incorporates graphics in a template, webmail is a poor choice.
3) Is there another workaround that we are not seeing?
View 3 Replies
View Related
Dec 19, 2014
I use a spam protection service. It works as following : -My DNS are configured to point to a server (sever A) which is configured to filter spams. -If an email is not a spam, the first server send it to my mail server (server B).
But some spammers found a way to bypass the protection : They send directly their email to my mail server (server A). So, i want to allow only emails coming from the server A IP.
View 2 Replies
View Related
Dec 10, 2008
we are receiving a new type of spam emails in most of the domains hosted on different servers. In this type of spam emails, the From address is the same as the To address and is of the user who is receiving the emails. For example, a@abc.com is sending email to a@abc.com which is not originating from the server. However, since the From Address is the same as the To address, it fools the antispam and the emails are delivered as genuine emails. Has anybody else faced the same problem lately? Does anybody have as workaround to stop these type of spam emails?
View 10 Replies
View Related
Jan 3, 2008
Anyone here got any experience with autoresponders?
An autoresponder is setup, so that anyone emailing to admin@example.com, gets an autoresponder from enquiries@example.com asking for a couple of details, the person then replies to the autoresponder with the details, they then receive another autoresponder from enquiries@example.com confirming receipt of their last email. That's what should happen, but instead, the person keeps getting an autoresponder from enquiries@example.com asking for more details, even after they've already emailed the details?
If it's any help, when I've been testing this, when replying to the first autoresponder, I notice in the 'to' line it mentions both email address's, in the following format:
Enquiries@example.com <admin@example.com>
View 1 Replies
View Related
Apr 21, 2015
On my plesk server, i have several emails account. These email addresses should receive only emails send by a specific server. But for now, they can receive any email, including spam.
So, i would like to block all emails that are not coming from the allowed server.
How can i do this in plesk ? As i am not a very good server admin, can you tell me exactly what i need to do in plesk?
View 3 Replies
View Related
Feb 6, 2015
My customer has an external facing Apache server that is acting as a reverse proxy to two internal applications. They have:
- external addresses for each app which resolve to different ip addresses, so app1.their_domain.com and app2.their_domain.com resolve to 77.3.170.10 and 77.3.170.11 respectively.
- the Apache server has two network interfaces with ip addresses 192.168.10.10 and 192.168.10.11
- the external ip addresses resolve to the above internal addresses
- the firewall between the Apache server and the internal app servers is configured to allow traffic from 192.168.10.10 to reach app_server1, and traffic from 192.168.10.11 to reach app_server2, both using port 7777.
I have configured a virtual host in httpd.conf for each ip, i.e.
Code:
<VirtualHost 192.168.10.10:80>
...
ProxyPass /app http://app_server1:7777/app
ProxyPassReverse /app http://app_server1:7777/app
RewriteRule ^/$ /app/app1 [R,L]
...
<VirtualHost>
and
Code:
<VirtualHost 192.168.10.11:80>
...
ProxyPass /app http://app_server2:7777/app
ProxyPassReverse /app http://app_server2:7777/app
RewriteRule ^/$ /app/app2 [R,L]
...
<VirtualHost>
This works fine in that the external address are being routed to the correct application, however the firewall is blocking requests to the second app as it appears the requests are coming from the Apache servers 'primary' ip address 192.168.10.10 instead of 192.168.10.11.
Is it possible to send requests using the ip address from the relevant VirtualHost?
Windows server 2008
Apache 2.2
View 1 Replies
View Related
Jul 26, 2007
I just bought a new ip address and want to setup this new ip as my server's main ip, making the 'existing main ip' as the secondary ip.
Which means, this new ip will be the server's default ip address for all services, including when connecting to other server.
I'm using CentOs 4.5 and swsoft's panels: HSPcomplete & Virtuozzo Power Panel, and Webmin.
View 1 Replies
View Related
Nov 8, 2007
I want to redirect a website to a particular URL so that the address bar shows the same URL and not the destination URL. I know it is possible via URL masking, however, I want it in such a way that whenever somebody clicks on any link in the website, the address bar should still show the original URL. To put it in simple words, Suppose I want to redirect [url] to [url]. Now if there is a link named contact/index.htm and somebody clicks on it the address bar should display [url]and not redirect to [url]
How can it be possible using URL Rewrite method in .htaccess file?
View 2 Replies
View Related
Aug 4, 2007
The problem usually goes like this:
- I can't access the webserver
- I'll try to restart httpd, and I'll get
Starting httpd: (98)Address already in use: make_sock: could not bind to address [::]:443
To fix this, I run
[root@www1 ~]# lsof -i tcp:443
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
perl 11307 apache 4u IPv6 476943447 TCP *:https (LISTEN)
There is always leftover process that is causing the restart to fail. Once i force kill the process, I am able to restart httpd properly.
Now it is ok if this just occurs once in a while, but this problem keeps repeating itself almost everyday at 4am server time (cron time?). What can I do to permanently fix this?
View 5 Replies
View Related
Sep 4, 2007
Since Jan 07, one of our servers has been sending thousands of emails to ne.jp hosts.
Eg from logs:
Code:
Sep 4 19:11:11 debian sm-mta[25383]: l84FY9ME016602: to=, ctladdr= (2001/2001), delay=01:37:02, xdelay=00:00:00, mailer=esmtp, pri=930403, relay=lsean.ezweb.ne.jp., dsn=4.0.0, stat=Deferred: Connection timed out with lsean.ezweb.ne.jp.
Sep 4 19:11:11 debian sm-mta[25383]: l84FYB7d016734: to=, ctladdr= (2001/2001), delay=01:37:00, xdelay=00:00:00, mailer=esmtp, pri=930403, relay=lsean.ezweb.ne.jp., dsn=4.0.0, stat=Deferred: Connection timed out with lsean.ezweb.ne.jp.
Sep 4 19:11:11 debian sm-mta[25383]: l84FY9A4016629: to=, ctladdr= (2001/2001), delay=01:37:02, xdelay=00:00:00, mailer=esmtp, pri=930403, relay=lsean.ezweb.ne.jp., dsn=4.0.0, stat=Deferred: Connection timed out with lsean.ezweb.ne.jp.
Sep 4 19:11:11 debian sm-mta[25383]: l84FY9la016616: to=, ctladdr= (2001/2001), delay=01:37:02, xdelay=00:00:00, mailer=esmtp, pri=930403, relay=lsean.ezweb.ne.jp., dsn=4.0.0, stat=Deferred: Connection timed out with lsean.ezweb.ne.jp.
Sep 4 19:11:11 debian sm-mta[25383]: l84FYCkO016807: to=, ctladdr= (2001/2001), delay=01:36:58, xdelay=00:00:00, mailer=esmtp, pri=930403, relay=lsean.ezweb.ne.jp., dsn=4.0.0, stat=Deferred: Connection timed out with lsean.ezweb.ne.jp.
Sep 4 19:11:11 debian sm-mta[25383]: l84FYB7B016730: to=, ctladdr= (2001/2001), delay=01:37:00, xdelay=00:00:00, mailer=esmtp, pri=930403, relay=lsean.ezweb.ne.jp., dsn=4.0.0, stat=Deferred: Connection timed out with lsean.ezweb.ne.jp.
Sep 4 19:11:11 debian sm-mta[25383]: l84FYCO0016757: to=, ctladdr= (2001/2001), delay=01:36:59, xdelay=00:00:00, mailer=esmtp, pri=930403, relay=lsean.ezweb.ne.jp., dsn=4.0.0, stat=Deferred: Connection timed out with lsean.ezweb.ne.jp.
Sep 4 19:11:11 debian sm-mta[25383]: l84FYDjq016819: to=, ctladdr= (2001/2001), delay=01:36:58, xdelay=00:00:00, mailer=esmtp, pri=930403, relay=lsean.ezweb.ne.jp., dsn=4.0.0, stat=Deferred: Connection timed out with lsean.ezweb.ne.jp.
Sep 4 19:11:11 debian sm-mta[25383]: l84FYBhL016751: to=, ctladdr= (2001/2001), delay=01:37:00, xdelay=00:00:00, mailer=esmtp, pri=930403, relay=lsean.ezweb.ne.jp., dsn=4.0.0, stat=Deferred: Connection timed out with lsean.ezweb.ne.jp.
Sep 4 19:11:11 debian sm-mta[25383]: l84FYDPw016811: to=, ctladdr= (2001/2001), delay=01:36:58, xdelay=00:00:00, mailer=esmtp, pri=930403, relay=lsean.ezweb.ne.jp., dsn=4.0.0, stat=Deferred: Connection timed out with lsean.ezweb.ne.jp.
We're absolutely unable to track or find out who is sending it or how to stop this.
So I'm wondering if it is possible to prevent sendmail from sending to:
lsean.ezweb.ne.jp, OR
docomo.ne.jp, OR
softbank.ne.jp
/var/mail/vhostswww logs are not showing helpful info at all. Eg:
Code:
--l84GRnX5029819.1188924137/debian--
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=ISO-2022-JP
Mime-Version: 1.0
From: hanako.@docomo.ne.jp
Subject:
To: a_j.n-y_bluespider-tattoo@softbank.ne.jp
Message-Id: <200709041410.l84EA0Fh007971@debian>
Date: Tue, 4 Sep 2007 16:10:00 +0200
Tue, 4 Sep 2007 16:10:00 +0200
by debian (8.13.4/8.13.4/Submit) id l84EA0Fh007971;
Received: (from vhostswww@localhost)
for ; Tue, 4 Sep 2007 16:10:00 +0200
by debian (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id l84EA0jk007973
Received: from debian (localhost [127.0.0.1])
Return-Path:
Content-Type: text/rfc822-headers
--l84GRnX5029819.1188924137/debian
Last-Attempt-Date: Tue, 4 Sep 2007 18:42:16 +0200
Diagnostic-Code: SMTP; 550 Invalid recipient:
Remote-MTA: DNS; mx.softbank.ne.jp
Status: 5.1.1
Action: failed
Final-Recipient: RFC822; a_j.n-y_bluespider-tattoo@softbank.ne.jp
Arrival-Date: Tue, 4 Sep 2007 16:10:00 +0200
Reporting-MTA: dns; debian
Content-Type: message/delivery-status
--l84GRnX5029819.1188924137/debian
<<< 503 No recipients specified
550 5.1.1 ... User unknown
<<< 550 Invalid recipient:
>>> DATA
... while talking to mx.softbank.ne.jp.:
----- Transcript of session follows -----
(reason: 550 Invalid recipient: )
----- The following addresses had permanent fatal errors -----
from localhost [127.0.0.1]
The original message was received at Tue, 4 Sep 2007 16:10:00 +0200
--l84GRnX5029819.1188924137/debian
This is a MIME-encapsulated message
Auto-Submitted: auto-generated (failure)
Subject: Returned mail: see transcript for details
boundary="l84GRnX5029819.1188924137/debian"
Content-Type: multipart/report; report-type=delivery-status;
MIME-Version: 1.0
To:
Message-Id: <200709041642.l84GRnX5029819@debian>
From: Mail Delivery Subsystem
Date: Tue, 4 Sep 2007 18:42:17 +0200
Tue, 4 Sep 2007 18:42:17 +0200
by debian (8.13.4/8.13.4/Debian-3sarge3) id l84GRnX5029819;
Received: from localhost (localhost)
Return-Path:
From MAILER-DAEMON Tue Sep 4 18:42:17 2007
--l84GRnX4029819.1188924135/debian--
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=ISO-2022-JP
Mime-Version: 1.0
From: hanako.@docomo.ne.jp
Subject:
To: a_j.n-y_bluespider-tattoo@softbank.ne.jp
Message-Id: <200709041411.l84EB8CS011861@debian>
Date: Tue, 4 Sep 2007 16:11:08 +0200
Tue, 4 Sep 2007 16:11:08 +0200
by debian (8.13.4/8.13.4/Submit) id l84EB8CS011861;
Received: (from vhostswww@localhost)
for ; Tue, 4 Sep 2007 16:11:09 +0200
by debian (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id l84EB8f6011862
Received: from debian (localhost [127.0.0.1])
Return-Path:
Content-Type: text/rfc822-headers
--l84GRnX4029819.1188924135/debian
Last-Attempt-Date: Tue, 4 Sep 2007 18:42:15 +0200
Diagnostic-Code: SMTP; 550 Invalid recipient:
Remote-MTA: DNS; mx.softbank.ne.jp
Status: 5.1.1
Action: failed
Final-Recipient: RFC822; a_j.n-y_bluespider-tattoo@softbank.ne.jp
Arrival-Date: Tue, 4 Sep 2007 16:11:09 +0200
Reporting-MTA: dns; debian
Content-Type: message/delivery-status
--l84GRnX4029819.1188924135/debian
<<< 503 No recipients specified
550 5.1.1 ... User unknown
<<< 550 Invalid recipient:
>>> DATA
... while talking to mx.softbank.ne.jp.:
----- Transcript of session follows -----
(reason: 550 Invalid recipient: )
----- The following addresses had permanent fatal errors -----
from localhost [127.0.0.1]
The original message was received at Tue, 4 Sep 2007 16:11:09 +0200
--l84GRnX4029819.1188924135/debian
This is a MIME-encapsulated message
Auto-Submitted: auto-generated (failure)
Subject: Returned mail: see transcript for details
boundary="l84GRnX4029819.1188924135/debian"
Content-Type: multipart/report; report-type=delivery-status;
MIME-Version: 1.0
To:
Message-Id: <200709041642.l84GRnX4029819@debian>
From: Mail Delivery Subsystem
Date: Tue, 4 Sep 2007 18:42:15 +0200
Tue, 4 Sep 2007 18:42:15 +0200
by debian (8.13.4/8.13.4/Debian-3sarge3) id l84GRnX4029819;
Received: from localhost (localhost)
Return-Path:
From MAILER-DAEMON Tue Sep 4 18:42:15 2007
--l84GRnX3029819.1188924134/debian--
How would I solve this problem as it's making our server load skyhigh 24/7.
Additional info about system:
> Debian Linux, latest kernel
> Sendmail (we've tried postfix, exim, with same results)
> Non cPanel system.
View 6 Replies
View Related