New Type Of Spam Emails (same FROM And TO Address)
Dec 10, 2008
we are receiving a new type of spam emails in most of the domains hosted on different servers. In this type of spam emails, the From address is the same as the To address and is of the user who is receiving the emails. For example, a@abc.com is sending email to a@abc.com which is not originating from the server. However, since the From Address is the same as the To address, it fools the antispam and the emails are delivered as genuine emails. Has anybody else faced the same problem lately? Does anybody have as workaround to stop these type of spam emails?
I have what seems to be a simple redirect question. I have a dedicated server and a few static IP addresses, but I want to make it so if someone were to type in my IP address in their browser, Apache will redirect them to the domain name. (Typing in [url]
What happens now is that if you were to type in my server's IP address, it will show you the FIRST VirtualHost container that's listed in httpd.conf. This is not so bad since I've placed my main company site at the start of the list, but I'd rather redirect the IP into the domain name I use.
I read somewhere that you can place Mod RewriteRules directly in the VirtualHost container rather than using .htaccess, but the few "rules" that I tried didn't seem to do anything. And yes, I restarted Apache each time I edited httpd.conf.
Is there an easy way to do this?
ALSO, is there a way to redirect the name server address too? If you type in [url]into the browser, it acts the same way. I would ultimately like to redirect both the nameservers and the IP address(es) to the domain name.
When i try to install BotNET 1.0 on my dedicated, i got this error :
root@leet [~/botnet/BotNET-1.0]# . install.sh Compiling source code . . . In file included from src/main.c:9: src/../include/bot.h:43: error: array type has incomplete element type src/../include/bot.h:57: error: array type has incomplete element type src/../include/bot.h:89: error: array type has incomplete element type src/main.c: In function: src/main.c:146: error: type of formal parameter 1 is incomplete Here is my install.sh file: Code: #!/bin/bash # BotNET installation script. # If this script causes problems, try "make all" instead. # Usage: . install.sh
if [ "$bot" != "1" ]; then echo "Installation complete." echo "Executables will be found in bin/" else echo "Errors encountered during compilation!" fi
My OS is centOs 5.x Kernel : Linux 2.6.18-53.el5 #1 SMP Mon Nov 12 02:22:48 EST 2007 i686 i686 i386 GNU/Linux * I have tried all other way to install (make all) and other *
I am receiving around 7.000 emails from different sources with the subject “Undelivered Mail Returned to Sender” or similar.
It seems someone is using an alias to my email address to send huge amounts of spam. I have checked the mail queue in WHM and the emails are not there. I have turned on the SMTP Tweak in security center, but that doesn’t seem to work.
I have no idea if this person is using my server to send massive amounts of spam,
What I have noticed is that most emails return to msxf@mydomain.com so is there a way to block this?
how to block a certain IP address from sending emails
im getting emails sent from a certain IP address repeatedly spamming and sending unsolicited emails
i cant block the email address because its changing everyday however the IP which is sending it seems fixed and i want to know how i can deny any emails being sent from that mailserver ip to be nulled or block
how i can get in touch with the abuse dept of layeredtech.com and theplanet.com's abuse dept as IPs from these seem to be making a suspected DDoS attack on my server?
im getting 50 and more spam mails each day, how do i secure my vps to stop 99% of the spam from coming in as i understand theres no way to completely block spams.
Im using directadmin control panel and enabled SpamAssasain but its not much of use even when i apply strict options on it.
Got this strange issue here. Comcast customers cannot receive any emails sent from my server. With the others, most of the emails are being sent to a spam folder instead of inbox.
Serve is Centos 5 / Cpanel
I confirmed IP has proper reverse dns and is not blaclisted. I also setup SPF as well.
I am using couple of emails on my domain since 3 years. I am having a big amount of spam emails. If I use SpamAssassin™ in the Cpanel it will miss sometimes hotmail, yahoo emails etc.. If I disable it, I will continue receiving those spam emails. However, some of my clients uses free emails like hotmail and yahoo.
Anyone here got any experience with autoresponders?
An autoresponder is setup, so that anyone emailing to admin@example.com, gets an autoresponder from enquiries@example.com asking for a couple of details, the person then replies to the autoresponder with the details, they then receive another autoresponder from enquiries@example.com confirming receipt of their last email. That's what should happen, but instead, the person keeps getting an autoresponder from enquiries@example.com asking for more details, even after they've already emailed the details?
If it's any help, when I've been testing this, when replying to the first autoresponder, I notice in the 'to' line it mentions both email address's, in the following format: Enquiries@example.com <admin@example.com>
On my plesk server, i have several emails account. These email addresses should receive only emails send by a specific server. But for now, they can receive any email, including spam.
So, i would like to block all emails that are not coming from the allowed server.
How can i do this in plesk ? As i am not a very good server admin, can you tell me exactly what i need to do in plesk?
One of my clients is receiving spam from his email address. SpamAssassin is not marking it as spam. I have added an SPF record for the domain, but still gets these messages. Is there any workaround for this? I don't want to activate spambox for that.
I am registered with a well known unmanaged VPS provider around here. My IP got listed on Spamhous - actually a whole /24 block is listed, somebody else is doing malware activity and I got the blame as well, since my IP belongs to this block...
Anyway, I've sent a message to the VPS support, saying the story and giving the relevant spamhous listing URLs.
The support's answer was that I should either contact them or wait a couple of days and if this situation is not cleared, contact them (i.e. the VPS) again.
Should *I* contact Spamhous? Is this normal practice in the VPS industry? What about the real IP causing the trouble - if that guy continous his malware activity, what would I gain even if I contact Spamhous?
Some of my emails send to the clients who are using Yahoo's email is stored in their " Bulk " folder, so Yahoo is considering my email as spamer althought i'm not. So do you know how can i fix it ? Do i need to contat Yahoo about this matter ?
We use some spam blockers that come with cPanel but sometimes it feels like it isn't enough to block out all spam coming in and going out of the server. Anyone here have any experience with any other third party softwares that may be able to stop emails in its track basing it on the content of the email itself?
I would like to offer some good advice to people who Host thier sites with Hostgator or any other Webhosts who provide Cpanel. Please Check your "Mail" feature.
I just check all of my sites Mail in the Mail section.
All of my sites do not have webmail set up, but I was surprised to find tens of thousans of spam mails and I dont even have any email accounts set up!
This was causing me to get 'iNode" warnings that my account would be soon suspended and I should upgrade my site to Dedicated Hosting, something I cannot afford! Go to [url] Steps
1. Click on Mail 2. Click on Webmail 3. Click on Horde 4. Login 5. Click on Mail
SURPRISE! Do you too have thousands of Spams ... even if you dont even have an email account set up?
If you folder is full of thousands of Spams then do this...
6. Click on Folders 7. Tick Inbox 8. Choose Empy Folders from the Drop Down box above 9. Click Empty Selected Folders 10. Do this regularly before you get an email from Hostgator like this:
To maintain the highest level of performance on our shared servers we have a maximum inode (file) limit of 50,000 inodes (files) per account. The size of the file does not matter, only the number of files. For example, a DVD image (say, 4.5gb) only counts as one inode, or file. Our limit, as outlined in our terms of service, is 50,000 files per account. We generally don't hold people strictly to this limit, but at the same time we expect our users to respect the limits of the system. When an account has hundreds of thousands of files, it significantly degrades overall disk performance, as each file on the disk must be tracked/indexed.
An easy analogy would be a table of contents or glossary for a book. If the book only has a few hundred pages, the index or glossary is likely to be small and easy to search. If the book has 5,000 pages, finding what you want might take significantly longer. The file system on a server works in a similar way, just on a larger scale. Our experience has shown that 50,000 files per account is a fair number, and accounts that exceed that by a significant amount cause disk performance issues. This message is to inform you that the listed account has significantly exceeded our limits for disk inodes/files and could potentially lead to disk issues.
It is also important to realize that accounts that exceed the inode (file) limit are not backed up by our courtesy weekly backup service, per section 7b of our Terms of Service. Of course, we advise every user to run their own backups to be safe. Accounts over our the 50,000 inode limit are bypassed so that backups can complete in a timely fashion for everyone. Otherwise, accounts with hundreds of thousands or more inodes will utilize more server resources than other accounts, and could lead to file system errors on our backup servers.
This account will be re-checked again in 7 days to verify it is below 50,000 files. If this account remains above the maximum inode limit after repeated checks, we'll have to review the situation further and advise a course of action. It is critical that one of the following actions take place before that happens:
a) reduce the number of inodes/files. This change must be permanent; if you have a high number of cache files or similar, and you expect them to naturally exceed the inode limit again in the future, the configuration must be changed to limit the total number of cached files.
If you are completely unaware of the source of the inodes, it may be that you have left your default mailbox enabled, and never cleared it. Over time, it can fill up with spam, consuming hundreds of thousands of inodes. If you have a catch-all enabled on your account, this can greatly increase the amount of mail/spam that our account receives and will raise your inode usage quickly unless routinely emptied. If you would like assistance clearing these folders from unwanted email or removing the catch-all from your account, please let us know and we would be happy to assist you.
The default mailbox is located at:
/home/xxxx/mail/cur /home/xxxxx/mail/new
b) upgrade to dedicated service, where inode counts are no longer checked. In many cases, accounts that significantly exceed our inode/file limits have simply outgrown the shared environment, and a dedicated server is the logical choice. In many cases, the transfer from a shared to dedicated server will incur no charge. In rare situations, accounts with excessive numbers of accounts or users may require a fee; the transfer department would advise you of that fact prior to the transfer taking place. If you've read this far, it's clear you're serious about taking care of the issue and we can offer you 50% off off the first month's purchase of a dedicated server. To receive the discount, please:
- Reply to this email stating you'd like to upgrade. You will automatically be assigned a ticket number, which will be visible in the subject line. You may need to confirm your email if this is the first time you've ever sent us a ticket or emailed one of our departments.
- Order a dedicated server: [url]
- Email sales@hostgator.com after placing your order. This promotion is unadvertised, and must be manually approved. You must reference the ticket # you receive (above) to qualify for the discounted rate. This promotion only applies to dedicated servers priced $ 219.00 or higher.
We thank you for taking the time to resolve this issue. If you have any questions or perhaps you are not sure what could be causing the high number of inodes, we can help you with that. Simply reply to this email and we will be more than happy to assist you.
As soon as I deleted all of my emails, guess what .... I already have 4 Spam emails, that is very quick!
I have 4 main sites with hostgator and this how much emails I have without knowing:
Site 1: 27,237 Spam Emails Site 2: 43,438 Spam Emails Site 3: 7,398 Spam Emails Site 4: 63,972 Spam Emails
This is who one Spam was from:
To: myaccount@gator257.hostgator.com
So the spammers send the emails to gator257.hostgator.com and so forth!
That is crap! Surely they can fix it, as I say, I dont even have a email account in my Cpanel!
154P Received: from mailnull by server.domain.com with local (Exim 4.68) id 1JBOml-0008CW-Fz for root@server.domain.com; Sun, 06 Jan 2008 00:15:03 -0600 038 X-Failed-Recipients: admin@domain.com 029 Auto-Submitted: auto-replied 063F From: Mail Delivery System <Mailer-Daemon@server.domain.com> 029T To: root@server.domain.com 059 Subject: Mail delivery failed: returning message to sender 052I Message-Id: <E1JBOml-0008CW-Fz@server.domain.com> 038 Date: Sun, 06 Jan 2008 00:15:03 -0600
1JBOml-0008CW-Fz-D This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:
admin@domain.com SMTP error from remote mail server after RCPT TO:<admin@domain.com>: host sentry.domainbank.com [64.85.73.28]: 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
------ This is a copy of the message, including all the headers. ------
Return-path: <root@server.domain.com> Received: from root by server.domain.com with local (Exim 4.68) (envelope-from <root@server.domain.com>) id 1JBOmk-0008CJ-To for admin@domain.com; Sun, 06 Jan 2008 00:15:02 -0600 To: admin@domain.com Subject: Services(2) failed From: monitor@domain.com Message-Id: <E1JBOmk-0008CJ-To@server.domain.com> Date: Sun, 06 Jan 2008 00:15:02 -0600
I have configured qmail+spamassassin. It working find but still I have 2 problem. I am receiving spam mails from my own account to my own account e.g. from=info@domain.com to info@domain.com. How can I block this spam?
I contacted the guys who I pay to watch over my linux Cpanel server and I do not think they know how to fix the problem. When I look in my mail queue manager in WHM I always see these spam type emails. I also see that my site IP gets blacklisted on:
[url]
I delist and then it appears again a couple of days later. My server is only used to send emails such as registrations and user notifications that they have subscribed to. Could anyone please tell me how to get rid of the spam?
Emails generated by my site scripts go to the junk/spam folder of gmail/yahoo etc
I am using the Google Apps for email of my domain (means that I have pointed the MX records of my domain to Google) but the emails which are being generated from my site just use the server capabilities to generate the emails (means that the emails generated by script don't pass through Google email servers)
I suspect that this might be causing problems with spam tagging ? and what can I do to get around this
