Spammers Trying To Connect To Mail Server & Filling Logs
Aug 13, 2008
I use cpanel.
Is there any way to disallow connections to SEND mail FROM my server to specific IPs? (Similarly to how you can limit connections to sshd from certain IPs)
I realize I cannot disable everything completely, as yahoo and the likes will have to connect to deliver mail. But no one of any use is going to try and connect to send mail, but a spammer.
No one has gotten in and abused it as of yet (knock on wood), but SMTP is being restarted at random and I can only imagine that this is being caused by one of these scumbags probably ddos'ing me. It takes eons to browse these logs, even if they restart via logrotate periodically!
Hi, today i was banned from hotmail aparently someone enter our server to one account of one client and sent spam all over the net...
platinumservermanagement already told us the name of the account used and we change the password,
can you please tell me where can i check the out mail logs (am using centos & exim) to see if anyone else is sending out spam? or the number of emails sent?
We have been having some problems with one of our mail servers lately. Server is running Smarter Mail 4.x with declude.
Some spammers have been targeting this particular to send spam through this server. This putting lot of load on the server because declude is processing the SPOOL in Smarter Mail and spool goes upto 2000-20000 during the day. We have been checking the headers and blocking the IP's continuously of these spam but these people are using dynamic ip's. And it doesn't seem like single spammer. Content is quite different.
Blocking full ranges of certain IP Range helps though but then lot of legitimate mail is getting blocked as well.
Is there any good suggestion or a serious mail server admin who can have a look and actually sort it.
This is causing serious delays on our mail delivery through this mail server.
A spammer (probably www.powerball.com) is sending spams using one of my email addresses as his / her "from" address. This hanged my mail server last week and it took more than 60 hours to solve the problem.
My host replied me the problem was "You have over 100,000 emails in your mail queue due to a large amount of Frozen emails that were either deferred by the remote servers or sent to invalid addresses repeatedly".
From this morning, my emails are blocked again. I can't send / receive mails using any of my email accounts (from this server). I don't know how long this will take again to solve the situation, and I'm afraid that this may not be the last time.
Now I don't know what to do. Ideally, a logical solution could be to delete any bounced mail automatically (I'm using nutsmail + squirrel mail).
# telnet mail.domain.com 25 Trying xxx.xxx.xx.xx... telnet: connect to address xxx.xxx.xx.xx: Connection refused telnet: Unable to connect to remote host: Connection refused but when it's
# telnet localhost 25 Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. 220 mail.domain.com ESMTP it connects. I don't have a firewall
For some reason, one of the servers can't connect to my mail server. Whenever a user tries to send email from that server to my server, the message won't go through and I see the following in the logs (var/log/exim/mainlog):
2007-02-13 23:56:06 SMTP connection from (***.ca) [***.***.***.***] lost while reading message data (header)
this problem occurs only with this ***.ca mail server (as far as I know).
In fact, trying dnsreport.com tool on any of my server domains, I am getting the error message
"ERROR: I could not complete a connection to any of your mailservers!
******.com: Timed out [Last data sent: RCPT TO: ]
If this is a timeout problem, note that the DNS report only waits about 40 seconds for responses, so your mail *may* work fine in this case but you will need to use testing tools specifically designed for such situations to be certain.
I've been receiving emails from cPanel telling me that the /tmp partition is filling up. Right now it's at 6%, but I run a couple of crons early in the morning (mysqlcheck, then a backup of my databases). It seems like whenever mysqlcheck runs, the /tmp partition comes close to filling up.
When my server was set up, my host (dedicatednow) partitioned /home to be 210 GB, leaving little extra space for everything else (/backup is a separate drive). /home is only 1% in use. They're telling me that the only thing that can be done is to reformat the entire drive and choose a different partition scheme... is that true?
Warning: fsockopen() [function.fsockopen]: unable to connect to mail.userdomain.com:25 (Connection timed out) in /home/user/public_html/_inc/class.smtp5.php on line 122 Message could not be sent. Mailer Error: Language string failed to load: connect_host
I just opened my "catch-all" email pop account that sends me everything addressed to my server that doesn't have an assigned email address. I check it every few days.
Over 4,500 undeliverables. Someone is using mydomain as a phony return address in different forms (gleskit@mydomain.com, peterepred@mydomain.com etc.) If I got over 4,500 undeliverables, these lowlife creeps must have sent innumerable thousands or tens of thousands using my domain as a return address.
What really stinks is that I've had a bunch of users complain that they're not getting usual auto-messages from my forum software. Come to find out that my domain is now banned from at least one major ISP, I'm guessing probably more by now.
The website I run depends heavily on VOLUNTARY auto-communications and updates. For example, one mailing list I maintain have over 4,800 members who've signed up for updates. It uses other feeds and email functions as well.
Am I to understand that any jackass spammer can hose a server this way, with no redress on the part of the innocent party? Also, how am I going to get back in the good graces of the ISPs and personal anti-spam programs that have now blacklisted my server for no reason?
Besides contacting all of the larger ones personally, I wouldn't even know where to begin addressing this.
Is it possible that some nasty geek with a spam program can just ruin a server in this fashion?
Just checked the account again.
In the ten minutes it took me to write the above post, I just got 54 more undeliverables.
I think someone has successfully make my server to send out emails. Why i know this?
it's because I saw many return emails saying that the emails sent out to their inbox are consider spam. I mean a lot for instance within 1 second, there are more than 10 mails.
Can someone help explains me how I can find the culprit and fix the problem?
When i do full backup and download this backup, plesk create a temporary file inside directory /usr/local/psa/tmp but after download finish this file is not deleted, and this is causing problem because i have a server with small disk space.
