Exim :: Catch The User Sending Spam With Mailnull?
May 28, 2009i have a vps but there is too much process called mailnull
after that the data centre closed my server for being sent spam
so how i can catch the user sending spam with mailnull?
ADVERTISEMENT
Entry Mailnull In The Mail Logs Of Exim?
Apr 8, 2008I have often seen the entry mailnull in the mail logs of exim.
I don't understand it. What is meant by mailnull? where can i get information about it?
Directadmin Exim Problem Sending Mails
Jul 15, 2009I recently got a server from leaseweb with directadmin on it, I have a big problem sending e-mails .
Most of my e-mails remains in queue:
Is there any way to check why the e-mail stays on queue , any log file i can read?
can i get my e-mails using imap?
Block Users Sending Over Exim Limits
Mar 2, 2008on whm/Cpanel I have set max emails per hour limit to 250 for the server, but when a user tries to send thousands of emails, the server still accepts them (they are placed in queue but not delivered) and load spikes.
I am wondering is there is a way for exim to reject those emails when the user attempts to do so.
Mail Server Exim- Emails Not Sending
Apr 17, 2007Whenever I send mail, it never gets sent and I get the following error under "View Mail Statistics" in WHM:
1 xxx@aol.com R=fail_remote_domains: unrouteable
mail domain "aol.com"
I have only recently noticed these errors, as my mail was working before.
Sending Mails Without SMTP Authentication On Exim
Oct 17, 2007I have a customer that wants to send emails using Exim and SMTP (using outlook), withouth authentication. Now.. the big question is ... how can I configure the Exim server to work withouth any authentication?
I know the risks of this withouth any authentication, but is my customer's server and he want to work in this way.
He is also asking if he is able to send emails withouth authentication using SMTP for certain IP addresses.. is that possible? Can be done for only 1 domain, or for the entire server?
Im using Exim 4.6.8 and RHE 4 + cPanel.
Exim Keeps Sending Thousands Of Messages To Non-valid Email.
Feb 14, 2007For the last 5 days, exim has been retrying to resend email to a recipent every
1 millisecond.
As result, logs are huge, and load is being affected.
So I'd like to know how can I set/configure exim to ingore sending to any
email I'd tell it.
I mean is there any config file I can look into, to set a ignore list, or even
how to have it so that it retries sending every 1 hour, instead of every 1 millisecond.
Sending Spam
Feb 13, 2007someone is sending spam using my smtp on qmail. I have authentication on sending messages, but my host company is complaining about spam messages that are sending to numerous emails. is there any solution? or how to fix that...
View 3 Replies View RelatedSending Spam
Sep 17, 2007I have been able to get my server to notify me fast enough so I can delete the account and all he messages sent by that user fast enough. Taking to long might result in getting blacklisted, etc..
So, my question is, how can I prevent something like this? Isn't there a way to completely disable mail for an account (cPanel server) so they can't send mail in the first place? Or, is there a way to somehow silently discard all the eMail sent by a user in a specific group?
Disable User 'nobody' From Sending Emails
May 19, 2008In our quest to stop 'some' of the spamming techniques, I was wondering if there is a way to disable user 'nobody' from sending emails on either a domain or account level - rather than server-wide?
Reason for asking is that I would like to allow 'nobody' emails to just a handfull of trusted clients that have never had problems.
Email Sending To Spam Box
Jun 5, 2009one of our dedicate server which host only one website and use vbulletin.
we are unhappy about sending mail and it goes to spam box.
but we see that some website send many mail. for examle they have 1,000,000 user and send email to them every day.but their email send to inbox
what can we do about it?
Server Sending Spam
Jan 11, 2009I currently have a dedicated server, Linux, with 1 website on it that is sending spam.
At first I thought it was someone spoofing my email address, however when I check my servers Email queue I can see the spam emails in there being sent.
My problem is that I have contacted my server provider and support for the scripts I'm running and everyone is saying its the other persons fault. My server provider is saying everything is up to date and it must be a software exploit on one of my scripts, and the support team from my software is saying its not them that its the server.
Somebody Is Sending Spam To My Email
Dec 3, 2008i have been receiving lot of spam emails with from and to address being the same email of my domain with content being "click here to see web page" or an image link of viagra shop seen. sometimes it is sent with title "delivery status failure"
i checked the mail headers and it seems that they do not originate with contact form since i used captcha to protect them.
Apache Sending Spam
Aug 29, 2007Yesterday my mail logs started showing many a spam email being sent from my server. There isn't anything mission critical running on it, so I took down qmail until I could find the vulnerability and fix it. But try as I might, I haven't found any conclusive vulnerability, so I thought to ask here where someone with more experience might spot something obvious that I've missed (I'm still somewhat new to this).
Anyway, the qmail logs show that the messages came from uid 48, apache. Log excerpt (sending of first spam mail):
Quote:
Aug 28 11:10:51 host qmail-queue[8056]: mail: all addreses are uncheckable - need to skip scanning (by deny mode)
Aug 28 11:10:51 host qmail-queue[8056]: scan: the message(drweb.tmp.TNDOi2) sent by anonymous@HOSTNAME to SPAMADDRESS should be passed without checks, because contains uncheckable addresses
Aug 28 11:10:51 host qmail: 1188295851.742521 new msg 51970054
Aug 28 11:10:51 host qmail: 1188295851.742679 info msg 51970054: bytes 445 from <anonymous@HOSTNAME> qp 8057 uid 48
Aug 28 11:10:51 host qmail: 1188295851.752799 starting delivery 460: msg 51970054 to remote SPAMADDRESS
Aug 28 11:10:51 host qmail: 1188295851.752933 status: local 0/10 remote 1/20
Unfortunately, my Apache logs have no entries around the time when these messages were sent. There are some suspect "CONNECT" requests scattered throughout the logs, but all are denied with 405's, and none correspond exactly with the time of the spam. Example (from about 3 hours after the spam):
Quote:
210.17.191.242 - - [28/Aug/2007:14:34:43 +0100] "CONNECT 205.158.62.146:25 HTTP/1.0" 405 235 "-" "-"
210.17.191.242 - - [28/Aug/2007:14:34:43 +0100] "PUT [url]
HTTP/1.0" 405 231 "-" "-"
210.17.191.242 - - [28/Aug/2007:14:34:43 +0100] "POST [url]
HTTP/1.0" 200 2 "-" "-"
(The fact that the final query wasn't denied worries me slightly though. Does anyone have any insight?)
I'm not sure where to go from here. I'm concerned about the lack of logs by Apache. There's a nine hour period without any entries; not unusual for my server given that its not very active, but the time when the spam was sent falls in this time period. I've checked for common security issues, but qmail is configured only to relay from localhost, and Apache isn't configured as an open proxy. Are there any other common issues I should check for? Is there any other information I should post here to help identify the problem?
I'm running Apache version 2.0.52, and qmail 1.03.
I'd be very grateful for any help or links to relevant HOWTOs.
Abusing Box By Sending Out Spam
Dec 24, 2007My server is being used for sending out spam email using SMTP auth on server. I am failed to recognize it using phpnobody spam.
The email headers are as below:
[root@serverl ~]# /root/qmHandle -m38168420
--------------
MESSAGE NUMBER 38168420
--------------
Received: (qmail 19615 invoked from network); 21 Dec 2007 11:14:02 -0500
Received: from 124-8-103-212.dynamic.tfn.net.tw (HELO lzbldm) (124.8.103.212)
by ip-xx-xx-xxx-229.static.priatdns.com with SMTP; 21 Dec 2007 11:14:02 -0500
Message-ID: <003761451621$48031823$28802762@lzbldm>
From: =?big5?B?uPKmaL5sqs6m17uh2VTZVA==?= <twzcgj@ip-72-55-159-229.static.pedns.com>
To: <ahyu327@yahoo.com.tw>,
<r820309@yahoo.com.tw>,
<janejanexxx@yahoo.com.tw>,
<mirror8210@yahoo.com.tw>,
<angr34@yahoo.com.tw>,
<sungerhuang@yahoo.com.tw>,
<andy422927@yahoo.com.tw>,
<a155882@yahoo.com.tw>,
<tsai1926@yahoo.com.tw>,
<87878787@yahoo.com.tw>,
<joe-5409@yahoo.com.tw>
Subject: =?big5?B?s2+xTqxPp0GzzKvhpECmuLTuqs4=?=
Date: Sat, 22 Dec 2007 00:14:39 +0800
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0748_01590CDE.19AA17B0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3198
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
This is a multi-part message in MIME format.
The qmail logs are as below
Dec 23 04:22:02 serverl qmail: 1198401722.886024 end msg 38163426
Dec 23 04:22:02 serverl qmail: 1198401722.886435 new msg 38163440
Dec 23 04:22:02 serverl qmail: 1198401722.886630 info msg 38163440: bytes 5274 from <> qp 21043 uid 2522
Dec 23 04:22:02 serverl qmail: 1198401722.897484 starting delivery 247946: msg 38163440 to remote jr1979@freenet.de
Dec 23 04:22:02 serverl qmail: 1198401722.897706 status: local 0/10 remote 9/20
Dec 23 04:22:03 serverl qmail: 1198401723.035092 delivery 247944: failure: 195.4.92.17_does_not_like_recipient./Remote$
Dec 23 04:22:03 serverl qmail: 1198401723.035296 status: local 0/10 remote 8/20
Dec 23 04:22:03 serverl qmail-queue[21076]: mail: all addreses are uncheckable - need to skip scanning (by deny mode)
Dec 23 04:22:03 serverl qmail-queue[21076]: scan: the message(drweb.tmp.fkOXLe) sent by #@[] to postmaster@cl-t061-160$
Dec 23 04:22:03 serverl qmail: 1198401723.192176 bounce msg 38163423 qp 21076
Dec 23 04:22:03 serverl qmail: 1198401723.192241 end msg 38163423
Dec 23 04:22:03 serverl qmail: 1198401723.193683 new msg 38163429
Dec 23 04:22:03 serverl qmail: 1198401723.193930 info msg 38163429: bytes 5878 from <#@[]> qp 21092 uid 2522
Dec 23 04:22:03 serverl qmail: 1198401723.220191 starting delivery 247947: msg 38163429 to local 9-postmaster@cl-t061-$
Dec 23 04:22:03 serverl qmail: 1198401723.220247 status: local 1/10 remote 8/20
Dec 23 04:22:03 serverl qmail-local-handlers[21111]: starter: submitter[21118] with error code 100
Dec 23 04:22:03 serverl qmail-local-handlers[21111]: mailsend: wait for submitter failed
Dec 23 04:22:03 serverl qmail-local-handlers[21111]: cannot reinject message to mail system
Dec 23 04:22:03 serverl qmail: 1198401723.270544 delivery 247947: failure: This_address_no_longer_accepts_mail./
Dec 23 04:22:03 serverl qmail: 1198401723.270720 status: local 0/10 remote 8/20
Dec 23 04:22:03 serverl qmail: 1198401723.270863 triple bounce: discarding bounce/38163429
Dec 23 04:22:03 serverl qmail: 1198401723.270906 end msg 38163429
Dec 23 04:22:03 serverl pop3d:
Dec 23 04:22:03 serverl qmail: 1198401723.821852 delivery 247946: failure: 195.4.92.17_does_not_like_recipient./Remote$
Dec 23 04:22:03 serverl qmail: 1198401723.821918 status: local 0/10 remote 7/20
Dec 23 04:22:03 serverl pop3d: IMAP connect from @ [71.107.192.162]INFO: LOGIN, user=support, ip=[71.107.192.162]
Dec 23 04:22:03 serverl qmail-queue[21226]: mail: all addreses are uncheckable - need to skip scanning (by deny mode)
Dec 23 04:22:03 serverl qmail-queue[21226]: scan: the message(drweb.tmp.Ge7OVb) sent by #@[] to postmaster@cl-t061-160$
Dec 23 04:22:04 serverl qmail: 1198401724.007097 bounce msg 38163440 qp 21226
Dec 23 04:22:04 serverl qmail: 1198401724.007177 end msg 38163440
Dec 23 04:22:04 serverl qmail: 1198401724.008599 new msg 38163295
Dec 23 04:22:04 serverl qmail: 1198401724.008829 info msg 38163295: bytes 5837 from <#@[]> qp 21240 uid 2522
Dec 23 04:22:04 serverl qmail: 1198401724.042842 starting delivery 247948: msg 38163295 to local 9-postmaster@cl-t061-$
Dec 23 04:22:04 serverl qmail: 1198401724.042898 status: local 1/10 remote 7/20
Dec 23 04:22:04 serverl qmail-local-handlers[21255]: starter: submitter[21262] with error code 100
Dec 23 04:22:04 serverl qmail-local-handlers[21255]: mailsend: wait for submitter failed
Dec 23 04:22:04 serverl qmail-local-handlers[21255]: cannot reinject message to mail system
Dec 23 04:22:04 serverl qmail: 1198401724.089046 delivery 247948: failure: This_address_no_longer_accepts_mail./
Dec 23 04:22:04 serverl qmail: 1198401724.089108 status: local 0/10 remote 7/20
I tried to grep some more information agains UID but failed:
[root@serverl ~]# grep 2020 /etc/passwd
alias:x:2021:2020:Qmail User:/var/qmail/alias:/bin/false
qmaild:x:2020:2020:Qmail User:/var/qmail/:/bin/false
qmaill:x:2022:2020:Qmail User:/var/qmail/:/bin/false
qmailp:x:2023:2020:Qmail User:/var/qmail/:/bin/false
[root@serverl ~]# grep 2522/etc/passwd
[root@serverl ~]# grep 2522 /etc/passwd
qmails:x:2522:2520:Qmail User:/var/qmail/:/bin/false
psaftp:x:2524:2522:anonftp psa user:/:/bin/false
how can i catch this spammer domain name hosted on my server. Its CentOS Plesk 8 Server.
Help! My Server Is Sending Out Spam
Apr 2, 2007got a 2nd notice from my ISP complaining that spams are being sent from my dedicated box. Since the first notice, I had stopped all the mail-related services (sendmail, mailman, courier-imap), which means no emails will be sent out from this box. However, I still received the 2nd notice for spamming.
own dedicated box running CentOS 4.2 with Plesk 8.1. 1 site hosted on it.
concerns are
1. Is my box hacked in and hijacked to send out spam? If yes, how can I check for system integrity?
2. Based on the service status dump, is there something else I need to do in the meantime to stop the box from sending out spam?
3. If there's someone who willing to help out, I'm willing to pay a small amount (~$50, sorry I'm broke!) to fix the server and just kinda help me through the process.
QMail Sending All Requests As Spam
Mar 28, 2008I have a Qmail server that is using relays.ordb.org
As you probaly know this shut down two years ago. But is now sending all requests as spam. No one is recieving there emails.
this a Standard Qmail,with a hacked qmail-send witch intergrates with Mysqld.
is not installed with qmailroks, or supervise. Can't find the config text file.
how can we remove traces or referrences to relays ordb.org
Exim/Cpanel No Such User Here
Jun 25, 2008I'm having an issue with email generated from a website contact form. The email is being sent from the website via php. The issue is that the email address that it is being sent to is a domain/website that is also on cpanel. It is trying to deliver it to a local account, but the email is acutally on a third party system outside of cpanel. Does anyone know anyway for exim to not try and deliver locally?
View 4 Replies View RelatedMailenable Possibly Sending Out Spam But Nothing In Logs
Feb 22, 2007My server running mailenable is possibly sending out spam because ive had a returned mail saying my IP is on a blacklist at CBL.
IP Address 64.X.X.10 was found in the CBL.
It was detected at 2007-02-17 13:00 GMT (+/- 30 minutes), approximately 5 days, 5 hours, 30 minutes ago.
However when i checked my smtp and pop logs i only see small ammounts of mail thats been delivered.
When I run the netstat command have the following connections. The ones to the .nl domain looks strange
C:Documents and SettingsAdministrator>netstat
Active Connections
Proto Local Address Foreign Address State
TCP server:telnet server.indis.nl:3409 CLOSE_WAIT
TCP server:telnet server.indis.nl:3410 CLOSE_WAIT
TCP server:epmap dsl10-037.express.oricom.ca:2253 ESTABLISHED
TCP server:1121 ipchicken.com:http CLOSE_WAIT
TCP server:1122 ipchicken.com:http CLOSE_WAIT
TCP server:1136 ipchicken.com:http CLOSE_WAIT
TCP server:1138 ipchicken.com:http CLOSE_WAIT
TCP server:1199 ecostumeshop.com:domain ESTABLISHED
TCP server:telnet server.indis.nl:3326 CLOSE_WAIT
Plesk 12.x / Linux :: Sending Lots Of Spam From Server
Nov 8, 2014I have a Plesk v12.0.18_build1200140606.15 os_CentOS 6 server. using postfix
And Lots of spam is send from my server.
I tried: [URL] .... but with no results.
on the moment the /var/log/maillog file is over 5,5GB
and the /var/log/maillog.processed is over 7,2GB and splitted into multiple .gz files
What can I do to find the source of the problem and stop it ?
Plesk 11.x / Linux :: Postfix Server Sending Spam
Jul 24, 2014Somebody is sending spam from my postfix server.
How can I locate the domain causing the problem?
Exim: User Unknown (domain Forward)
Dec 3, 2007One of my clients has 2 accounts:
- foo.com, with a mail account info@foo.com.
- bar.com, with domain forwarding to foo.com.
Sending an email message to info@foo.com works.
Sending an email message to info@bar.com doesn't work. When using the ZoneEdit SMTP test utility I get the following error message:
Code:
> RCPT TO:<info@bar.com>
< 550 5.1.1 User unknown: info@bar.com
I checked "/etc/vdomainaliases/bar.com" and "/etc/localdomains", they are configured properly.
Any suggestions?
CPanel + Exim + User Level Filtering
Nov 18, 2008whether our webhost has their configuration messed up, or if this is not genuinely possible with cpanel + exim + shared hosting.
Our email server is hosted with the web host, and what we want to do is to not allow certain users to be able to receive (And send) outgoing email to non-local domains e.g. they should only be able send and receive within our hosted domain, @mydomain.com .
Now, we've tried doing this using cpanel's user level filters and have setup the following:
Rules:
If Field To does not contain @mydomain.com OR
If Field From does not contain @mydomain.com
Action:
Fail with message.
We've tested these filters using combinations and they seem to be working as far as we can see on cpanel (it has the filter testing feature)
Now this works for people sending emails into our domain e.g. someone from hotmail tries sending emails to a user, and it bounces back.
But people from inside the domain can send emails to other domains even when they give valid results on the cpanel filter tester.
Exim Server - Being Used To Relay Spam?
Dec 3, 2008Exim server - being used to relay spam?
Hoping someone can help here. I have a web server running a couple of sites, has been for a couple of years now. With one of the domains, I have an email forwarder setup through cpanel to forward mail sent to a specific address at that domain to my gmail account (it's a "contact us" type address). I don't think the email address is listed on the web anywhere.
Anyway, I am noticing a lot of spam emails being sent to that address, from that same address and they all appear to be relayed through my exim server legitimately. Obviously they aren't (as I am not sending them).
I am only familiar with sendmail, and am unsure about where to look for any possible hacks to my exim server. Can someone point me in the right direction? I want to stop these spam messages being sent, asap.
