How To Block All Emails From A Certain Address

Apr 14, 2008

I am receiving around 7.000 emails from different sources with the subject “Undelivered Mail Returned to Sender” or similar.

It seems someone is using an alias to my email address to send huge amounts of spam. I have checked the mail queue in WHM and the emails are not there. I have turned on the SMTP Tweak in security center, but that doesn’t seem to work.

I have no idea if this person is using my server to send massive amounts of spam,

What I have noticed is that most emails return to msxf@mydomain.com so is there a way to block this?

View 10 Replies


ADVERTISEMENT

Apf To Block An IP Address

Apr 29, 2008

I have blocked this IP 125.115.144.28

/etc/apf/apf -d 125.115.144.28

But

netstat -anp|grep tcp|awk '{print $5}'| cut -d : -f1 | sort | uniq -c | sort -n

It still showing

202 125.115.144.28

Why?

Is it supposed to blocked right away, or need some time to get blocked.

When I checked /etc/apf/deny_hosts.rules

The IP is in the file.

View 12 Replies View Related

DoS :: Block IP Address Automatically

May 4, 2008

I manage a website which runs on the cpanel/whm interface and was wondering if there was anything my host could do to prevent DoS attacks on the server...at the moment we are having huge DoS attacks on our website therefore taking the whole website down for quite long periods of time.

My host just seems to be manually blocking the DoS'ers IP's manually but this is just too tedious and not efficient enough.

Is there any program for example that he can install which will block andy ip which sends a certain amount of requests within a given time period?

View 3 Replies View Related

I Want To Block IP Address Of Ddos Like Behavior

Oct 18, 2009

Like exceeding 60 connections per minute same IP = automatically blocked.
How do I set it up?

View 4 Replies View Related

Block My Own Email Address To Receive Spam

Jun 11, 2008

I have configured qmail+spamassassin. It working find but still I have 2 problem. I am receiving spam mails from my own account to my own account e.g. from=info@domain.com to info@domain.com. How can I block this spam?

View 2 Replies View Related

ATT Block 553 Error On Phplist Emails

Nov 8, 2009

We have several clients who use phplist for their opt-in lists. ATT and a few others are blocking emails. The main reason is because the email from the list (email@client.com) originates from comcast.net. ATT and others appear to block based upon that discrepancy.

Questions for anyone who works with phplist:

1) If the client simply sends from the comcast.net email (and not from email@client.com) and we allow this as a valid sending source in phplist, will this solve our problem?

2) We attempted to send via webmail, which would have trumped all issues, however because the clients are sending email which incorporates graphics in a template, webmail is a poor choice.

3) Is there another workaround that we are not seeing?

View 3 Replies View Related

Plesk 12.x / Linux :: How To Block All Emails Except From One IP

Dec 19, 2014

I use a spam protection service. It works as following : -My DNS are configured to point to a server (sever A) which is configured to filter spams. -If an email is not a spam, the first server send it to my mail server (server B).

But some spammers found a way to bypass the protection : They send directly their email to my mail server (server A). So, i want to allow only emails coming from the server A IP.

View 2 Replies View Related

Plesk 11.x / Linux :: How To Block Mail From Specific Address

May 19, 2014

I'm trying to use spamfilter to block mail from specific address, adding this e-mail to spamfilter in mail account settings, but it doesn't work. In logs I see:

spamc[13430]: skipped message, greater than max message size (256000 bytes).

View 8 Replies View Related

Install A Software To BLOCK The Spam Emails?

Mar 27, 2008

I have a dedicated server with WHM Control panel

But know, i have a serious problem about Spam emails,

How can i install a sofeware for BLOCK the spam emails?

Is there any program in WHM Control panel?

View 6 Replies View Related

Can Rbl Antispam Filters Block Emails Sent Through Clean Email Servers

Jun 24, 2007

I have noticed that a customer's emails are banned by certain RBL/antispam filters even though they are sent using SMTP-Authentication through a non-banned SMTP server.

It seems that its ISP IP is blacklisted..... Is this normal?

View 1 Replies View Related

Forwarding Emails To An IP Address

Apr 20, 2008

Is it possible to forward all emails to a IP? For example the IP of a internal mail server?

View 11 Replies View Related

Blocking IP Address From Sending Emails How

Mar 4, 2008

how to block a certain IP address from sending emails

im getting emails sent from a certain IP address repeatedly spamming and sending unsolicited emails

i cant block the email address because its changing everyday however the IP which is sending it seems
fixed and i want to know how i can deny any emails being sent from that mailserver ip to be nulled or block

im using Cpanel / WHM and Running Centos linux

View 3 Replies View Related

New Type Of Spam Emails (same FROM And TO Address)

Dec 10, 2008

we are receiving a new type of spam emails in most of the domains hosted on different servers. In this type of spam emails, the From address is the same as the To address and is of the user who is receiving the emails. For example, a@abc.com is sending email to a@abc.com which is not originating from the server. However, since the From Address is the same as the To address, it fools the antispam and the emails are delivered as genuine emails. Has anybody else faced the same problem lately? Does anybody have as workaround to stop these type of spam emails?

View 10 Replies View Related

LT & TP Abuse Dept Emails Address

Jul 7, 2008

how i can get in touch with the abuse dept of layeredtech.com and theplanet.com's abuse dept as IPs from these seem to be making a suspected DDoS attack on my server?

View 1 Replies View Related

Emails In Response To Autoresponders Going To Two Email Address's

Jan 3, 2008

Anyone here got any experience with autoresponders?

An autoresponder is setup, so that anyone emailing to admin@example.com, gets an autoresponder from enquiries@example.com asking for a couple of details, the person then replies to the autoresponder with the details, they then receive another autoresponder from enquiries@example.com confirming receipt of their last email. That's what should happen, but instead, the person keeps getting an autoresponder from enquiries@example.com asking for more details, even after they've already emailed the details?

If it's any help, when I've been testing this, when replying to the first autoresponder, I notice in the 'to' line it mentions both email address's, in the following format:
Enquiries@example.com <admin@example.com>

View 1 Replies View Related

Plesk 12.x / Linux :: Allow Incoming Emails Only From One IP Address?

Apr 21, 2015

On my plesk server, i have several emails account. These email addresses should receive only emails send by a specific server. But for now, they can receive any email, including spam.

So, i would like to block all emails that are not coming from the allowed server.

How can i do this in plesk ? As i am not a very good server admin, can you tell me exactly what i need to do in plesk?

View 3 Replies View Related

Plesk 11.x / Linux :: Emails Loop Back To Original Servers Address

Dec 2, 2014

I have 2 different servers one with Plesk 11.5. and one new just installed Plesk 12.0, the 12.0 will not send emails out but i get them back to the inbox of the outgoing server. is there a fix for this as i have tried both postfix and qmail to send out emails all with the same result.

It seems that something has changed from version 11.5 to 12.

The plesk configuration is installed on Debian 7.7 OS

View 6 Replies View Related

Apache :: How To Use Virtual Host IP Address In Request To Remote Address

Feb 6, 2015

My customer has an external facing Apache server that is acting as a reverse proxy to two internal applications. They have:

- external addresses for each app which resolve to different ip addresses, so app1.their_domain.com and app2.their_domain.com resolve to 77.3.170.10 and 77.3.170.11 respectively.
- the Apache server has two network interfaces with ip addresses 192.168.10.10 and 192.168.10.11
- the external ip addresses resolve to the above internal addresses
- the firewall between the Apache server and the internal app servers is configured to allow traffic from 192.168.10.10 to reach app_server1, and traffic from 192.168.10.11 to reach app_server2, both using port 7777.

I have configured a virtual host in httpd.conf for each ip, i.e.

Code:

<VirtualHost 192.168.10.10:80>
...
ProxyPass /app http://app_server1:7777/app
ProxyPassReverse /app http://app_server1:7777/app
RewriteRule ^/$ /app/app1 [R,L]
...
<VirtualHost>

and

Code:

<VirtualHost 192.168.10.11:80>
...
ProxyPass /app http://app_server2:7777/app
ProxyPassReverse /app http://app_server2:7777/app
RewriteRule ^/$ /app/app2 [R,L]
...
<VirtualHost>

This works fine in that the external address are being routed to the correct application, however the firewall is blocking requests to the second app as it appears the requests are coming from the Apache servers 'primary' ip address 192.168.10.10 instead of 192.168.10.11.

Is it possible to send requests using the ip address from the relevant VirtualHost?

Windows server 2008
Apache 2.2

View 1 Replies View Related

Virtuozzo Firewall :: Is It Possible To Enter Two Different Ip Address In Source Address?

Aug 4, 2008

I am using virtuozzo firewall to secure access.

I enter 58.27.175.211/255.255.255.0 for Source Address and Netmask for port 22.

But still I can connect using 58.181.103.217 or 58.27.151.120.

Second is it possible to enter two different ip address in source address?

View 4 Replies View Related

How Do I Setup A New Ip Address As My Server's Main Ip Address

Jul 26, 2007

I just bought a new ip address and want to setup this new ip as my server's main ip, making the 'existing main ip' as the secondary ip.

Which means, this new ip will be the server's default ip address for all services, including when connecting to other server.

I'm using CentOs 4.5 and swsoft's panels: HSPcomplete & Virtuozzo Power Panel, and Webmin.

View 1 Replies View Related

URL Redirection Without Changing The Address In The Address Bar

Nov 8, 2007

I want to redirect a website to a particular URL so that the address bar shows the same URL and not the destination URL. I know it is possible via URL masking, however, I want it in such a way that whenever somebody clicks on any link in the website, the address bar should still show the original URL. To put it in simple words, Suppose I want to redirect [url] to [url]. Now if there is a link named contact/index.htm and somebody clicks on it the address bar should display [url]and not redirect to [url]

How can it be possible using URL Rewrite method in .htaccess file?

View 2 Replies View Related

98)Address Already In Use: Make_sock: Could Not Bind To Address [::]:443

Aug 4, 2007

The problem usually goes like this:

- I can't access the webserver
- I'll try to restart httpd, and I'll get

Starting httpd: (98)Address already in use: make_sock: could not bind to address [::]:443

To fix this, I run

[root@www1 ~]# lsof -i tcp:443
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
perl 11307 apache 4u IPv6 476943447 TCP *:https (LISTEN)

There is always leftover process that is causing the restart to fail. Once i force kill the process, I am able to restart httpd properly.

Now it is ok if this just occurs once in a while, but this problem keeps repeating itself almost everyday at 4am server time (cron time?). What can I do to permanently fix this?

View 5 Replies View Related

Thousands Of Emails Being Sent Via Sendmail To Ne.jp Emails

Sep 4, 2007

Since Jan 07, one of our servers has been sending thousands of emails to ne.jp hosts.

Eg from logs:

Code:
Sep 4 19:11:11 debian sm-mta[25383]: l84FY9ME016602: to=, ctladdr= (2001/2001), delay=01:37:02, xdelay=00:00:00, mailer=esmtp, pri=930403, relay=lsean.ezweb.ne.jp., dsn=4.0.0, stat=Deferred: Connection timed out with lsean.ezweb.ne.jp.

Sep 4 19:11:11 debian sm-mta[25383]: l84FYB7d016734: to=, ctladdr= (2001/2001), delay=01:37:00, xdelay=00:00:00, mailer=esmtp, pri=930403, relay=lsean.ezweb.ne.jp., dsn=4.0.0, stat=Deferred: Connection timed out with lsean.ezweb.ne.jp.

Sep 4 19:11:11 debian sm-mta[25383]: l84FY9A4016629: to=, ctladdr= (2001/2001), delay=01:37:02, xdelay=00:00:00, mailer=esmtp, pri=930403, relay=lsean.ezweb.ne.jp., dsn=4.0.0, stat=Deferred: Connection timed out with lsean.ezweb.ne.jp.

Sep 4 19:11:11 debian sm-mta[25383]: l84FY9la016616: to=, ctladdr= (2001/2001), delay=01:37:02, xdelay=00:00:00, mailer=esmtp, pri=930403, relay=lsean.ezweb.ne.jp., dsn=4.0.0, stat=Deferred: Connection timed out with lsean.ezweb.ne.jp.

Sep 4 19:11:11 debian sm-mta[25383]: l84FYCkO016807: to=, ctladdr= (2001/2001), delay=01:36:58, xdelay=00:00:00, mailer=esmtp, pri=930403, relay=lsean.ezweb.ne.jp., dsn=4.0.0, stat=Deferred: Connection timed out with lsean.ezweb.ne.jp.

Sep 4 19:11:11 debian sm-mta[25383]: l84FYB7B016730: to=, ctladdr= (2001/2001), delay=01:37:00, xdelay=00:00:00, mailer=esmtp, pri=930403, relay=lsean.ezweb.ne.jp., dsn=4.0.0, stat=Deferred: Connection timed out with lsean.ezweb.ne.jp.

Sep 4 19:11:11 debian sm-mta[25383]: l84FYCO0016757: to=, ctladdr= (2001/2001), delay=01:36:59, xdelay=00:00:00, mailer=esmtp, pri=930403, relay=lsean.ezweb.ne.jp., dsn=4.0.0, stat=Deferred: Connection timed out with lsean.ezweb.ne.jp.

Sep 4 19:11:11 debian sm-mta[25383]: l84FYDjq016819: to=, ctladdr= (2001/2001), delay=01:36:58, xdelay=00:00:00, mailer=esmtp, pri=930403, relay=lsean.ezweb.ne.jp., dsn=4.0.0, stat=Deferred: Connection timed out with lsean.ezweb.ne.jp.

Sep 4 19:11:11 debian sm-mta[25383]: l84FYBhL016751: to=, ctladdr= (2001/2001), delay=01:37:00, xdelay=00:00:00, mailer=esmtp, pri=930403, relay=lsean.ezweb.ne.jp., dsn=4.0.0, stat=Deferred: Connection timed out with lsean.ezweb.ne.jp.

Sep 4 19:11:11 debian sm-mta[25383]: l84FYDPw016811: to=, ctladdr= (2001/2001), delay=01:36:58, xdelay=00:00:00, mailer=esmtp, pri=930403, relay=lsean.ezweb.ne.jp., dsn=4.0.0, stat=Deferred: Connection timed out with lsean.ezweb.ne.jp.
We're absolutely unable to track or find out who is sending it or how to stop this.

So I'm wondering if it is possible to prevent sendmail from sending to:

lsean.ezweb.ne.jp, OR
docomo.ne.jp, OR
softbank.ne.jp

/var/mail/vhostswww logs are not showing helpful info at all. Eg:

Code:
--l84GRnX5029819.1188924137/debian--

Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=ISO-2022-JP
Mime-Version: 1.0
From: hanako.@docomo.ne.jp
Subject:
To: a_j.n-y_bluespider-tattoo@softbank.ne.jp
Message-Id: <200709041410.l84EA0Fh007971@debian>
Date: Tue, 4 Sep 2007 16:10:00 +0200
Tue, 4 Sep 2007 16:10:00 +0200
by debian (8.13.4/8.13.4/Submit) id l84EA0Fh007971;
Received: (from vhostswww@localhost)
for ; Tue, 4 Sep 2007 16:10:00 +0200
by debian (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id l84EA0jk007973
Received: from debian (localhost [127.0.0.1])
Return-Path:

Content-Type: text/rfc822-headers
--l84GRnX5029819.1188924137/debian

Last-Attempt-Date: Tue, 4 Sep 2007 18:42:16 +0200
Diagnostic-Code: SMTP; 550 Invalid recipient:
Remote-MTA: DNS; mx.softbank.ne.jp
Status: 5.1.1
Action: failed
Final-Recipient: RFC822; a_j.n-y_bluespider-tattoo@softbank.ne.jp

Arrival-Date: Tue, 4 Sep 2007 16:10:00 +0200
Reporting-MTA: dns; debian

Content-Type: message/delivery-status
--l84GRnX5029819.1188924137/debian

<<< 503 No recipients specified
550 5.1.1 ... User unknown
<<< 550 Invalid recipient:
>>> DATA
... while talking to mx.softbank.ne.jp.:
----- Transcript of session follows -----

(reason: 550 Invalid recipient: )

----- The following addresses had permanent fatal errors -----

from localhost [127.0.0.1]
The original message was received at Tue, 4 Sep 2007 16:10:00 +0200

--l84GRnX5029819.1188924137/debian

This is a MIME-encapsulated message

Auto-Submitted: auto-generated (failure)
Subject: Returned mail: see transcript for details
boundary="l84GRnX5029819.1188924137/debian"
Content-Type: multipart/report; report-type=delivery-status;
MIME-Version: 1.0
To:
Message-Id: <200709041642.l84GRnX5029819@debian>
From: Mail Delivery Subsystem
Date: Tue, 4 Sep 2007 18:42:17 +0200
Tue, 4 Sep 2007 18:42:17 +0200
by debian (8.13.4/8.13.4/Debian-3sarge3) id l84GRnX5029819;
Received: from localhost (localhost)
Return-Path:
From MAILER-DAEMON Tue Sep 4 18:42:17 2007

--l84GRnX4029819.1188924135/debian--

Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=ISO-2022-JP
Mime-Version: 1.0
From: hanako.@docomo.ne.jp
Subject:
To: a_j.n-y_bluespider-tattoo@softbank.ne.jp
Message-Id: <200709041411.l84EB8CS011861@debian>
Date: Tue, 4 Sep 2007 16:11:08 +0200
Tue, 4 Sep 2007 16:11:08 +0200
by debian (8.13.4/8.13.4/Submit) id l84EB8CS011861;
Received: (from vhostswww@localhost)
for ; Tue, 4 Sep 2007 16:11:09 +0200
by debian (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id l84EB8f6011862
Received: from debian (localhost [127.0.0.1])
Return-Path:

Content-Type: text/rfc822-headers
--l84GRnX4029819.1188924135/debian

Last-Attempt-Date: Tue, 4 Sep 2007 18:42:15 +0200
Diagnostic-Code: SMTP; 550 Invalid recipient:
Remote-MTA: DNS; mx.softbank.ne.jp
Status: 5.1.1
Action: failed
Final-Recipient: RFC822; a_j.n-y_bluespider-tattoo@softbank.ne.jp

Arrival-Date: Tue, 4 Sep 2007 16:11:09 +0200
Reporting-MTA: dns; debian

Content-Type: message/delivery-status
--l84GRnX4029819.1188924135/debian

<<< 503 No recipients specified
550 5.1.1 ... User unknown
<<< 550 Invalid recipient:
>>> DATA
... while talking to mx.softbank.ne.jp.:
----- Transcript of session follows -----

(reason: 550 Invalid recipient: )

----- The following addresses had permanent fatal errors -----

from localhost [127.0.0.1]
The original message was received at Tue, 4 Sep 2007 16:11:09 +0200

--l84GRnX4029819.1188924135/debian

This is a MIME-encapsulated message

Auto-Submitted: auto-generated (failure)
Subject: Returned mail: see transcript for details
boundary="l84GRnX4029819.1188924135/debian"
Content-Type: multipart/report; report-type=delivery-status;
MIME-Version: 1.0
To:
Message-Id: <200709041642.l84GRnX4029819@debian>
From: Mail Delivery Subsystem
Date: Tue, 4 Sep 2007 18:42:15 +0200
Tue, 4 Sep 2007 18:42:15 +0200
by debian (8.13.4/8.13.4/Debian-3sarge3) id l84GRnX4029819;
Received: from localhost (localhost)
Return-Path:
From MAILER-DAEMON Tue Sep 4 18:42:15 2007

--l84GRnX3029819.1188924134/debian--
How would I solve this problem as it's making our server load skyhigh 24/7.

Additional info about system:
> Debian Linux, latest kernel
> Sendmail (we've tried postfix, exim, with same results)
> Non cPanel system.

View 6 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved