Spammers Trying To Connect To Mail Server & Filling Logs
Aug 13, 2008
I use cpanel.
Is there any way to disallow connections to SEND mail FROM my server to specific IPs? (Similarly to how you can limit connections to sshd from certain IPs)
I realize I cannot disable everything completely, as yahoo and the likes will have to connect to deliver mail. But no one of any use is going to try and connect to send mail, but a spammer.
No one has gotten in and abused it as of yet (knock on wood), but SMTP is being restarted at random and I can only imagine that this is being caused by one of these scumbags probably ddos'ing me. It takes eons to browse these logs, even if they restart via logrotate periodically!
View 3 Replies
ADVERTISEMENT
Mar 31, 2009
Hi, today i was banned from hotmail aparently someone enter our server to one account of one client and sent spam all over the net...
platinumservermanagement already told us the name of the account used and we change the password,
can you please tell me where can i check the out mail logs (am using centos & exim) to see if anyone else is sending out spam? or the number of emails sent?
View 0 Replies
View Related
May 22, 2009
We have been having some problems with one of our mail servers lately. Server is running Smarter Mail 4.x with declude.
Some spammers have been targeting this particular to send spam through this server. This putting lot of load on the server because declude is processing the SPOOL in Smarter Mail and spool goes upto 2000-20000 during the day. We have been checking the headers and blocking the IP's continuously of these spam but these people are using dynamic ip's. And it doesn't seem like single spammer. Content is quite different.
Blocking full ranges of certain IP Range helps though but then lot of legitimate mail is getting blocked as well.
Is there any good suggestion or a serious mail server admin who can have a look and actually sort it.
This is causing serious delays on our mail delivery through this mail server.
View 12 Replies
View Related
Jun 19, 2008
In my Exim mail queue, there are around 33,000 messages, all of which appear to be "Mail delivery failed: returning message to sender" messages.
The reason for these bounces is because spam is being continuously sent to non-existent addresses on my domain.
View 2 Replies
View Related
Feb 1, 2009
A spammer (probably www.powerball.com) is sending spams using one of my email addresses as his / her "from" address. This hanged my mail server last week and it took more than 60 hours to solve the problem.
My host replied me the problem was "You have over 100,000 emails in your mail queue due to a large amount of Frozen emails that were either deferred by the remote servers or sent to invalid addresses repeatedly".
From this morning, my emails are blocked again. I can't send / receive mails using any of my email accounts (from this server). I don't know how long this will take again to solve the situation, and I'm afraid that this may not be the last time.
Now I don't know what to do. Ideally, a logical solution could be to delete any bounced mail automatically (I'm using nutsmail + squirrel mail).
View 5 Replies
View Related
Mar 22, 2007
I can't telnet to mail server. when I try
# telnet mail.domain.com 25
Trying xxx.xxx.xx.xx...
telnet: connect to address xxx.xxx.xx.xx: Connection refused
telnet: Unable to connect to remote host: Connection refused
but when it's
# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 mail.domain.com ESMTP
it connects. I don't have a firewall
View 1 Replies
View Related
Feb 14, 2007
For some reason, one of the servers can't connect to my mail server. Whenever a user tries to send email from that server to my server, the message won't go through and I see the following in the logs (var/log/exim/mainlog):
2007-02-13 23:56:06 SMTP connection from (***.ca) [***.***.***.***] lost while reading message data (header)
this problem occurs only with this ***.ca mail server (as far as I know).
In fact, trying dnsreport.com tool on any of my server domains, I am getting the error message
"ERROR: I could not complete a connection to any of your mailservers!
******.com: Timed out [Last data sent: RCPT TO: ]
If this is a timeout problem, note that the DNS report only waits about 40 seconds for responses, so your mail *may* work fine in this case but you will need to use testing tools specifically designed for such situations to be certain.
View 14 Replies
View Related
Jun 6, 2008
I've been receiving emails from cPanel telling me that the /tmp partition is filling up. Right now it's at 6%, but I run a couple of crons early in the morning (mysqlcheck, then a backup of my databases). It seems like whenever mysqlcheck runs, the /tmp partition comes close to filling up.
My partition scheme is like this:
/ | 1.5G
/usr | 7.7G
/var | 7.7G
/tmp | 494M
/home | 210G
/backup | 230G
When my server was set up, my host (dedicatednow) partitioned /home to be 210 GB, leaving little extra space for everything else (/backup is a separate drive). /home is only 1% in use. They're telling me that the only thing that can be done is to reformat the entire drive and choose a different partition scheme... is that true?
View 11 Replies
View Related
Feb 20, 2008
Warning: fsockopen() [function.fsockopen]: unable to connect to mail.userdomain.com:25 (Connection timed out) in /home/user/public_html/_inc/class.smtp5.php on line 122
Message could not be sent. Mailer Error: Language string failed to load: connect_host
Using php 5 with phpsuexec enabled.
View 2 Replies
View Related
Apr 8, 2008
I have often seen the entry mailnull in the mail logs of exim.
I don't understand it. What is meant by mailnull? where can i get information about it?
View 2 Replies
View Related
Aug 9, 2007
I just opened my "catch-all" email pop account that sends me everything addressed to my server that doesn't have an assigned email address. I check it every few days.
Over 4,500 undeliverables. Someone is using mydomain as a phony return address in different forms (gleskit@mydomain.com, peterepred@mydomain.com etc.) If I got over 4,500 undeliverables, these lowlife creeps must have sent innumerable thousands or tens of thousands using my domain as a return address.
What really stinks is that I've had a bunch of users complain that they're not getting usual auto-messages from my forum software. Come to find out that my domain is now banned from at least one major ISP, I'm guessing probably more by now.
The website I run depends heavily on VOLUNTARY auto-communications and updates. For example, one mailing list I maintain have over 4,800 members who've signed up for updates. It uses other feeds and email functions as well.
Am I to understand that any jackass spammer can hose a server this way, with no redress on the part of the innocent party? Also, how am I going to get back in the good graces of the ISPs and personal anti-spam programs that have now blacklisted my server for no reason?
Besides contacting all of the larger ones personally, I wouldn't even know where to begin addressing this.
Is it possible that some nasty geek with a spam program can just ruin a server in this fashion?
Just checked the account again.
In the ten minutes it took me to write the above post, I just got 54 more undeliverables.
View 6 Replies
View Related
Oct 19, 2007
I think someone has successfully make my server to send out emails. Why i know this?
it's because I saw many return emails saying that the emails sent out to their inbox are consider spam. I mean a lot for instance within 1 second, there are more than 10 mails.
Can someone help explains me how I can find the culprit and fix the problem?
View 14 Replies
View Related
Apr 22, 2015
I have a plesk
[root@srv tmp]# cat /usr/local/psa/version
10.3.1 CentOS 5 1013110726.09
I have following problem:
When i do full backup and download this backup, plesk create a temporary file inside directory /usr/local/psa/tmp but after download finish this file is not deleted, and this is causing problem because i have a server with small disk space.
View 1 Replies
View Related
May 30, 2015
I have the problem that I can't connect to my mailserver tru the mail client (Webmail works fine, I receive mails and can send mails)
But if i try to connect over mailclient I get this error in errorlog:
couriertls: connect: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
What can I do to get connection over mailclient?
View 2 Replies
View Related
Jul 25, 2007
is it possiable to delete these files in the server access_logs and errors_logs
View 1 Replies
View Related
Jun 27, 2009
as the title states,where do i find my server logs?
i run LAMP and have root access.
and once i find the file,how do i view it through shell?
View 12 Replies
View Related
Jan 28, 2007
we have dual xeon linux server redhat 9 / cpanel
we have a strange crash .... you cant access ftp /ssh / httpd ...
i need to request a server reboot to get access ... and everything after this run ok...
i have check message log .. nothing in it for example
10:20:10 ftp log
11:15:60 rebootlog
also the same in httpd log ...
so as you see there is a gab between the server crash till reboot....
this happen 3 times till now ...
View 3 Replies
View Related
