Spam Being Sent From Our Server.. But How And From Where
Apr 2, 2009
We're using whm/cpanel and we're always up to date with the latest upgrades (with all our scripts).
2 weeks ago, we receive a notification from SpamCop saying that our server was sending out spam. We verified everything and found nothing. 2 days ago, same story.
We tried looking at our logs and found nothing. Does this mean that there's a security hole somewhere? How can we find out from where the spammer is sending his viagra emails from ? We do not want to be permanently banned because of a spammer.
View 5 Replies
ADVERTISEMENT
Oct 17, 2013
Microsoft Windows Server 2008 R2 Service Pack 1
Panel version 11.0.9 Update #59, last updated at Oct 3, 2013 02:06 AM
MailEnable version 5
I see in the plesk documentation that the screen to enable SPAM filtering for an individual there is an option to "Move spam to the Spam folder". I don't see that option so I am wondering if it is only available on some versions of Plesk, or in combination with certain mail servers. How to make that option available?
View 3 Replies
View Related
Jul 14, 2009
I noticed that reported server usage from Plesk is 2.x - 3.x, so I went to mail queue (in Plesk) and saw lots of mails that shouldn't be there.
There were several senders under the domain dedibox.fr sendint LOTS of emails to lots of addresses in the same email. There shouldn't be a sender @dedibox.fr, as that domain isn't hosted on our dedicated server.
I know little about Linux administration... I tried going to the /var/log folder and grep for dedibox on the messages and maillog files, but nothing found...
How can I know if someone connected to our server as an user or something like that?
View 6 Replies
View Related
Dec 16, 2008
I'm hosted with elitehosts.com, they've been absolutely GREAT for 2 years now.
However, one of my sites gets SOOO much spam email that the host cannot handle it. Apparently the limit is like 500/hour.
The result is email for the domain is no longer dependable.
Senders to the domain get undeliverable bouncebacks.
Is there anyway to fix the problem? The server side spam filters catch the email, but doesn't solve the problem of all the incoming mail.
Is finding a new host (if even just for email) my only option?
View 10 Replies
View Related
Apr 7, 2008
Have any of your seen anything like this before?
Someone is somehow sending spam via my server.
Looking at /var/log/exim_mainlog I can see many entries like the following:
2008-04-07 21:10:43 1Jixfv-0006ad-4Y [= [] H=smtp.inet.fi [192.89.123.192] P=esmtp S=4192 id=I81c2X5ll000c597d@smtpgw.lapit.fi
2008-04-07 21:10:43 1Jixfv-0006ad-4Y =] info [bot@dole.ie] R=virtual_user T=virtual_userdelivery
2008-04-07 21:10:43 1Jixfv-0006ad-4Y Completed
So it looks like this is an e-mail being sent to bot@dole.ie
However when I look at my mail I can see the mails are being sent FROM bot@dole.ie. For example:
Sorry, but Lyris ListManager did not find your email address
-] "bot@dole.ie"
listed as a member of techno-l.
Only members of techno-l are allowed to contribute messages.
Because Lyris ListManager could not confirm that you are a member of techno-l, your message was not accepted.
---
Return-Path: [bot@dole.ie]
Received: from mail.reginamater.com ([201.231.192.60]) by listserver.knowledgeexpress.com with SMTP (Lyris ListManager WIN32 version 8.9a); Mon, 07 Apr 2008 16:01:23 -0500
Message-ID: [000501c898ea$068d922e$f5014499@bhudl]
From: "gun mella" [bot@dole.ie]
To: [techno-l@techno-l.org]
Subject: Don't pay too much for your drugs. Buy from us.
Date: Mon, 07 Apr 2008 18:15:12 +0000
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
4 free pills with every order
[url]
...
There are lots of bounced e-mails being sent back to me.
Does anyone know how I can check to see what's spending the spam or how to stop it?
View 2 Replies
View Related
Feb 8, 2007
For some days now, the server`s been sending spam through our main domain, under different email aliases that don`t even exist : fdg@domain.com , gfhh@domain.com ( email aliases that don`t even exist )( I changed my domain with domain.com for privacy measures )....so on.. I tried to check what is sending out emails. Any idea how to track/check/scan for what is sending out emails?
View 8 Replies
View Related
Oct 29, 2006
I have:
WHM 10.8.0 cPanel 10.9.0-R44
CentOS 3.8 i686 - WHM X v3.1.0
I've gotten several complaints through spamcop in the last several weeks. The headers show the spam mails coming from nobody@ my server and they show the originating IP as my server. The datacenter is threatening to shut me down.
I've looked in the mail queue and haven't found any of the sent spam mails in there (or bounces from them). I am getting bounces into horde that were apparently sent from me.
How do I find which client is sending them? Or maybe the server has been hacked and spam software uploaded somewhere?
View 14 Replies
View Related
Jan 1, 2009
I recieved a new block of ips from my server folks and this block is worse than before, the main ip is on more than 10 spam lists.
How do I resolve this? Is there a way a server company can select a clean block of ips?
can I set the email program to use a separate ip or something intead of changing ips of server?
View 3 Replies
View Related
May 20, 2009
how to best deal with email spam.
Here is what's up...
I recently got a dedicated server with The Planet. WHM/Cpanel...
I am a designer and starting to host my clients. So far i've setup about 5 different clients and everyone says the same thing...
Since they've switched to my server the email spam they get to their emails is out of control.
I asked The Planet for help and they said to make sure some spam filters were automatically checked for each account in my WHM and in their unique cpanel accounts, and they are but it hasnt helped. They also have a spam service but i do not want to pay any more per month than i already am.
What would cause this to be so bad versus my clients old servers?
Secondly, what open source solutions are there out there and who is the best to hire to install them on my server?
View 14 Replies
View Related
Jan 11, 2009
I currently have a dedicated server, Linux, with 1 website on it that is sending spam.
At first I thought it was someone spoofing my email address, however when I check my servers Email queue I can see the spam emails in there being sent.
My problem is that I have contacted my server provider and support for the scripts I'm running and everyone is saying its the other persons fault. My server provider is saying everything is up to date and it must be a software exploit on one of my scripts, and the support team from my software is saying its not them that its the server.
View 1 Replies
View Related
Nov 5, 2009
Can you control SPAM on a server ? I've got this email account that all receives is SPAM, nothing else. I'd like to eliminate this so it doesn't get any more SPAM.
View 13 Replies
View Related
Dec 19, 2008
I received many email spam recently, with the sender address from my own server.
Eg.
my domain = www.shashinki.com
email spam that I received = shop@shashinki.com which is being sent to my own email address of shop@shashinki.com. Yes, the sender is my own email address account.
I checked using gmail and the sender is from my own server IP address and the sender's email address seems to be valid and is from my own email account.
I have changed the password of my email address, added SPF to my email system...etc. I have done all that I can think of, but I still get the same spam emails.
What can I do and what should I do? I got really tired of this and I am worried that my server is being used to send spams to others.
My server is with LayeredTech, unmanaged server, so I dont have a manager to help me.
Hope to get some insight and help from sifus here...
View 10 Replies
View Related
Nov 25, 2008
I have reason to believe that a site on my server was hacked and is now being used to send out spam emails.
View 9 Replies
View Related
Jun 26, 2008
what experiences other people have been having with loads on their servers from spam. I was doing some profiling of our machines and noticed that load actually a fairly significant part of the load on our servers, and its way worse than it used to be.
Looking at the numbers I suspect we could comfortably have way more accounts per server if we could deal with spam better.
View 2 Replies
View Related
Feb 5, 2007
Today data center mailed us and told some one is sending spam from our server.
The copy of spam mail they give us is below
Quote:
Return-Path: <a...@aliativa.com>
Received: from server10.hosthat.com (server10.hosthat.com [65.98.61.138])
by mta2.spin.it (Postfix) with SMTP id B06FE14AD6
for <(MUNGED)>; Sun, 4 Feb 2007 07:43:42 +0100 (CET)
Received: from ouwd (78.181.146.18)
by server10.hosthat.com; Sun, 4 Feb 2007 06:43:47 -0000
Date: Sun, 4 Feb 2007 06:43:47 -0000
From: =?iso-8859-5?B?RGF2aXMgS2V5cw==?= <a...@aliativa.com>
X-Mailer: The Bat! (v2.01)
Reply-To: =?iso-8859-5?B?YWRtaW4=?= <a...@aliativa.com>
X-Priority: 3 (Normal)
Message-ID: <(MUNGED)@aliativa.com>
To: (MUNGED) <(MUNGED)>
Subject: =?iso-8859-5?B?aW52ZXN0IHRvIGFsaWF0aXZh?=
=?iso-8859-5?B?LmNvbQ==?=
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----------(MUNGED)"
------------(MUNGED)
Content-Type: text/plain; charset=iso-8859-5
Content-Transfer-Encoding: 8bit
Aliativa Investments philosophy is underpinned by two brilliant rules.
* We should invest our clients' monies with the same care as though it were our money.
* We are doing our best for the every our investor.
Register now: http://www.aliativa.com/index.php
------------(MUNGED)--
As you can see there is no account info regarding who send spam mail.
In server phpsuexec is enabled.
In Tweak Settings, "Track the origin of messages sent though the mail server by adding the X-Source headers (exim 4.34+ required)" is enabled.
The spamer domain aliativa.com (why no one take the spamer down ?) is not hosted by us. But found following in exim_mainlog
Quote:
2007-02-04 06:27:11 1HDaq9-0007nb-Oc <= support@aliativa.com H=localhost (server10.hosthat.com) [127.0.0.1] P=smtp S=1378 id=008f01c43f8b$3ccd8848$0b56efd5@tkpdwifh
2007-02-04 06:27:19 1HDaq9-0007nb-Oc ** 00032rc@golden.ripco.com R=fail_remote_domains: unrouteable mail domain "golden.ripco.com"
2007-02-04 06:27:19 1HDaqN-0007oe-8c <= <> R=1HDaq9-0007nb-Oc U=mailnull P=local S=2238
2007-02-04 06:27:13 1HDaqB-0007nc-3s <= admin@aliativa.com H=localhost (server10.hosthat.com) [127.0.0.1] P=smtp S=1187 id=915817196.20060825223219@aliativa.com
2007-02-04 06:27:16 1HDaqB-0007nc-3s ** 000iskc@golden.ripco.com R=fail_remote_domains: unrouteable mail domain "golden.ripco.com"
2007-02-04 06:27:16 1HDaqK-0007ob-UA <= <> R=1HDaqB-0007nc-3s U=mailnull P=local S=2041
Anyone know how he send SPAM ? Using SMTP from localhost ? Why mail header do not include anything about who send spam?
View 6 Replies
View Related
Oct 4, 2007
We recently had a problem with a mail spammer. He sent over 90,000 emails and had 20,000 in the queue. Is there anyway to possibly stop this as it was really lagging the server bad. So bad the softlayer took it offline for a while...
View 4 Replies
View Related
Apr 2, 2007
got a 2nd notice from my ISP complaining that spams are being sent from my dedicated box. Since the first notice, I had stopped all the mail-related services (sendmail, mailman, courier-imap), which means no emails will be sent out from this box. However, I still received the 2nd notice for spamming.
own dedicated box running CentOS 4.2 with Plesk 8.1. 1 site hosted on it.
concerns are
1. Is my box hacked in and hijacked to send out spam? If yes, how can I check for system integrity?
2. Based on the service status dump, is there something else I need to do in the meantime to stop the box from sending out spam?
3. If there's someone who willing to help out, I'm willing to pay a small amount (~$50, sorry I'm broke!) to fix the server and just kinda help me through the process.
View 3 Replies
View Related
Aug 12, 2007
I just found that some spammer send email through my server. I am using sendmail.
So if they know my domains in /etc/mail/local-host-names, can they spam email through my server without knowing username and password?
Do you think postfix is a better solution? The server is used by me only. I even won't connect to the server to sendmail. I use web mail to check email in the server.
View 2 Replies
View Related
Dec 3, 2008
Exim server - being used to relay spam?
Hoping someone can help here. I have a web server running a couple of sites, has been for a couple of years now. With one of the domains, I have an email forwarder setup through cpanel to forward mail sent to a specific address at that domain to my gmail account (it's a "contact us" type address). I don't think the email address is listed on the web anywhere.
Anyway, I am noticing a lot of spam emails being sent to that address, from that same address and they all appear to be relayed through my exim server legitimately. Obviously they aren't (as I am not sending them).
I am only familiar with sendmail, and am unsure about where to look for any possible hacks to my exim server. Can someone point me in the right direction? I want to stop these spam messages being sent, asap.
View 3 Replies
View Related
Mar 25, 2008
I have a cPanel dedicated server and have a lot of spam attacks on this server. It's getting so bad that our IP is being added to Yahoo & AOL blacklists and my emails are bouncing to these accounts.
Is there anyone on here who can do a thourough check on our server and install anything necessary to stop this kind of activity?
View 5 Replies
View Related
Jul 13, 2008
I have a (dedicated) server out of control. It is managed by a 3rd party company who has never been able to get the spam and server load under control. Loads average over 5! and there is no activity in top other than sendmail and mailscanner (with Ensim).
I turned off mailscanner and sendmail while I typed this and server load went to .08.
I'm going to switch (dedicated) servers to a new provider (for reasons above plus a few others) which will include managed service from the server provider as well.
There are only a few programs that need to run on this server. VBulletin is the main concern.
I want to lock down all mail access. I want vbulletin to be able to send outgoing email as part of its administration and as part of its member notifications.
I don't want ANYONE OUTSIDE THE SERVER to be able to send mail through this server.
One idea I have had is to use DNS to assign all MX records of every domain on the machine to the free gmail service.
I have one domain on this machine (and important domain) that gets thousands and thousands of spam. I assigned its' MX records to NO-IP.com who filters and forwards email to me. That has worked - but server load never budged.
View 1 Replies
View Related
Jan 26, 2008
how you avoid dealing with problems related to SPAM? I want to avoid blacklists at all possible, what are your steps for detecting and eliminating spam sent from your server? Is there a certain software out there that will detect spam being sent?
View 2 Replies
View Related
Dec 18, 2008
My server was abused by spammers and now it is blocked. How do I change this? CentOS 5.2 Cpanel/WHM 11.
View 4 Replies
View Related
Feb 27, 2007
I just installed the latest version of PHPList (Email manager program) on our client's dedicated server. The dedicated server is using Linux with Apache and PHP version 4.4.4.
When I try to subscribe to the newsletter I am suppose to receive a confirmation email.
Unfortunately my company's email host blocks this email thinking it's spam and I so I never receive the confirmation email. I then installed the exact same version of PHPList on a shared server with Linux, Apache, and PHP 4.4.4. Using this setup I received the confirmation email.
So it seems like the server is the problem and not the software. The IP address of the dedicated server is not blacklisted. Actually the IP address just came into existence in January 2007.
It really makes no sense to me why emails coming from the dedicated server are marked spam, but emails coming from the shared server are fine. Both servers are hosted by Hostgator.
I am clueless as to what action to take next. Are there any server settings that could fix this problem? Any ideas is greatly appreciated.
View 1 Replies
View Related
May 29, 2007
Logwatch says I send out about 3k emails each day and that is a ridiculous amount. I use postfix and do not run any sort of relay, even for myself. I have IPB 2.2.2, Wordpress 2.0.4, and Gallery 2.x.
How can I track down where these messages are originating from? Or perhaps I am reading my LogWatch file incorrectly?
Quote:
--------------------- postfix Begin ------------------------
17999281 bytes transferred
2460 messages sent
26 messages expired and returned to sender
145 messages removed from queue
Top ten senders:
24 messages sent by:
apache (uid=48):
2 messages sent by:
root (uid=0):
View 4 Replies
View Related
Feb 7, 2007
I have a client on my server from ThePlanet. That client sends a newsletter once a week to about 50,000 recipients with a program that i built. The list was purchased from a company that sells targeted directory listings.
Each email has a very clear opt out link, and one click takes them off the list. There is also a direct link to the contact form, as well as the information of the company sending the mass emails (me). This should satisfy all regulatory requirements to comply with existing laws.
Now, these emails have been sent once a week for about a month now. Today, ThePlanet issued a support ticket entitled "Abuse: Spam Source". It seems that there was a problem from aol, and one of the emails was redacted.
Reading through ThePlanet terms of service, it seems that they only allow closed system mass mailings. So now I am faced with a problem, because I have a client who expects to send out emails next week with a system i built, and I have a hosting provider that is demanding some sort of "proof" that these emails are solicited.
For the record, this newsletter isn't junk spam like selling viagra or pumping a stock. It is a free weekly summary of significant new york appellate cases, and it has been very well received by the attorneys on the mailing list. There have been ridiculously few opt outs ( < 2%), and there have been literally *hundreds* of emails coming back to show their gratitude for the free service. Not even one comment has been negative.
So what can I do now? A significant number of attorneys on this list are expecting the newsletter, but it cant be sent due to this problem.
The best that I could come up with so far is to send an "Opt in" mass email, where users must click the link to opt in, and everyone else would be removed from the mass email. I could then use the unique keys used for opt ins as "proof" for ThePlanet that the emails are solicited.
View 5 Replies
View Related
Jul 2, 2008
how can I restrict how many emails can be send per domain base? I know hostgator and hostmonster can restrict their email per hour base on their domain name...
View 2 Replies
View Related
Dec 17, 2007
I'm having problems with incoming spam on my dedicated server the load average of the server is around 80 or 100.2 I know it's incoming spam because when I check the exim process I see a lot of ips from russia, germany, taiwan then I block that ips with the /etc/apf/apf -d ip command and then the load of the server drops down to 7 or less, so the cuestion is how can I detect and block the spammers ips automatically on the server? I have spam assassin running and blocks the spam emails right, the real problem is the high load generated for spamd application and all the incoming connections of the spammers ips on the server.
Server specifications:
Cent OS 4
Control panel: directadmin
Dual-Core AMD Opteron(tm) Processor 2214 HE
1GB RAM
Exim 4.68
Apache 1.3.39
MySQL 5.0.37
vm-Pop3d 1.1.7f-DA-2
View 8 Replies
View Related
Nov 30, 2007
I just found out all my mails sent to Gmail are marked as spam. However, if I check my IP address in independant grass-root spam databases, my IP address isn't blacklisted. I checked 7 of them. Do you know how to solve this problem
View 6 Replies
View Related