Now first I will say I have NO idea how such spamming works, how a punk can get on my server and sent emails out.
I have had a team to look at it they also did something, but now it happens again for the 5th time, what can i do, are there any software or tools one can use like a antivirus to check the server and how can I avoid such sh..
I recently moved web services for one of my hosted domains (let's call it example.com) from one server (let's call it .org) to another server (let's call it .net) example.com has been on .org for about 5 years. .org handled all example.com web services, and all email. I recently updated example.com's DNS record to point www.example.com and example.com to the .net server. I didn't change the MX record or mail.example.com to point to .net. Mail continues to be delivered normally to example.com on the .org server.
Except now spammers are hitting the .net server, e.g.
Is it normal practice for spammers to send dictionary attack based spam to a domain's server that doesn't even handle email? All the spam coming is clearly just random email addresses not based on anything that exsists at the domain, and most of the addresses are so very random I can't imagine they exsist anywhere.
I have recently been receiving reports from AOL's feedback loop that my server is sending out spam. I have checked the whole server, but cannot find anything strange.
There are some strange things with these feedback reports. I'll post a few lines below (i crossed out my domain with xxx):
Quote:
Received: from andersenreesel by holderem.xxx.biz with local (Exim 4.23)
Received: (qmail 64859 invoked by uid 24901)
Received: from janislanhami by xxx.biz with local (Exim 4.26)
Received: from raphaelpinkertone by standei.xxx.biz with local (Exim 4.23)
Received: from imanoldelphine by dispatched.xxx.biz with local (Exim 4.23)
Received: from conrado by hostic.xxx.biz with local (Exim 4.23)
The first issue i have is with the subdomains, like "dispatched", "standei", "hostic", etc. These subdomains do not exist on my system. Also, my server does not run the exim MTA.
Another issue i have is the "invoked by uid" statements with uid's 147 and 24901. These UID's do not exist on my system. The passwd file uid's go to around 110.
Apart from these strange things, the IP that is listed in the upper part of the headers:
Quote:
Received: from xxx.biz (xxx.biz [85.xxx.xxx.xxx])
The domain and IP address is correct there, which should indicate that the spam was sent from my system. Or wasn't it?
I host a vBulletin forum on a US server. I've been getting a lot of signups from one particular spammer, wanting to post about gold harvesting for WoW. I've blocked his IP's, however he keeps using proxies.
He constantly signs up under the name "Array"... Is there a way I can block him for good? I can't moderate user sign-ups, as I'm mostly away from my computer and can't moderate them all the time.
None of domain in this email is hosted with us but there are thousand of emails day some body blast in our queue. We are failed to detect. We have enabled phpnobody spam logging but failed to get track of this user.
how to catch this spammer. There are no clues of to catch him.
[root@sm4 ~]# /root/qmHandle -m3261696
-------------- MESSAGE NUMBER 3261696 -------------- Received: (qmail 7056 invoked from network); 16 May 2007 05:34:18 -0500 Received: from axicom.net (HELO User) (67.112.176.250) by 14.32.5446.static.theplanet.com with SMTP; 16 May 2007 05:34:18 -0500 Reply-To: <notice@boamilitary.com> From: "Bank of America Military Bank"<notice@boamilitary.com> Subject: Notification from Bank of America Military Bank Date: Wed, 16 May 2007 04:44:51 -0700 MIME-Version: 1.0 Content-Type: text/html; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 1 X-MSMail-Priority: High X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
None of domain in this email is hosted with us but there are thousand of emails day some body blast in our queue. We are failed to detect. We have enabled phpnobody spam logging but failed to get track of this user.
how to catch this spammer. There are no clues of to catch him.
I just found posts every a few days from an apparent spammer "sagepowder" in my forum (not so popular and has nothing to do with skiing). The subject is always "new here".
The content is "Any snowboarders or skiiers on this forum? I am planning a trip to BC on a snowboarding trip next week" or "I am new here, just saying hello".
I checked the apache log and it doesn't seem to be a robot script posting this. i.e. it browses to the index page, picked up my hidden field that blocks robots, post new topic, the go back to index page.
What surprised me is that when I google this guy, I got 108,000 results with the same content on tons of forums! All with total post number of 1 or 2 on each forum: [url]
For about a month or so now I have a domain I host under serious attack from what I think are spammers. It's a wordpress site, and they are getting big numbers of POST requests to the WordPress comments file, e.g.
Code:
POST /wp-comments-post.php HTTP/1.1 It's a well distributed attack, and I'm doing well with some scripts I wrote to block the requests to the wp-comments-post.php file. The real comment file has long since been moved, so any POST to the file gets firewalled. It's several thousand IPs from all over the place.
I don't believe it's a malicious attempt to bring the site down, but I'm guessing it's a blog comment spammer that has something set wrong and he's pounding this site to death by accident. I could be wrong on that though.
Sometimes my clients install untrusted scripts to their account what causes spamming, because these scripts sending high number of spam emails. Is there an automatically way to disable php mail function, or disable the account temporary?
I currently have a domain on Server 1 (Linux, Apache, Ubuntu, Matrix control panel).
This server does not have any spam filter, so I have moved all the email accounts to Server 2 (Linux, Apache, Fedora Core, Plesk) which does have a brilliant spam filter; and have changed the DNS record for mail.domain.com to the IP address for Server 2.
Emails are being successfully received on Server 2.
On Server 1, when an email is sent through SMTP to an address at that domain, it does not send it to Server 2, it gets delivered to the hosting account for the domain on Server 1. So what I am guessing is happening is that Server 1 detects the domain has an account on the server, and instead of looking up the DNS info for that domain, just assumes it is on Server 1.
What I need to do, is force Server 1 to send email for that domain to Server 2. Is this possible, and if so, how can it be achieved? If more info about the server is required for a solution please let me know and I'll provide what I can.
I have a client who has his own hosting account, and wants to leave his e-mail on his own hosting account, but his website on my hosting account.
On his own hosting he has created a sub domain called shop, and pointed its A record to the IP address of my server. On my server I've setup his domain name, and created the sub domain shop. That all works fine.
The problem I have is that the site under the shop domain needs to send an e-mail to sales@hisdomain.com. Now my server thinks the main domain is setup on my server, so it sends the e-mail to itself.
I'm justing wondering how I can get the server to point the mails back to his hosting?
A previous host I've used said they had to add the domain as a remote domain on the server, then they had to make some changes to /etc/localdomains because I was getting errors trying to send mails to the address.
This is the scenario, domain.com are setup on server1, however server2 also has the same profile of domain.com as we use ns3 and ns4 using domain.com. This works fine with the nameserver setup on server2.
However I encounter problems as the emails from server2 won't reach server1 as there are duplicate profile on server2.
My question is how do I setup the DNS in cpanel/whm from server2 so the emails from server2 will reach server1?
I have a collocated server which I'd like to do some upgrades to. I'm having it shipped back to me so that I can do the upgrades myself. However, since I use this as my primary email server, I need help setting something up so I have no email downtime.
I have a cheap shared hosting account with DreamHost so one idea I have is to point the domain to their servers and handle things through there for a bit. This seems like the "brute force" way to do it though since I have to wait for DNS propagation and what not. Another idea was to use a service like DynDNS' MailHop BackupMX which does storage and forwarding. However, this service is kind of expensive ($30) considering I'm only going to use it a week or so.
i been getting these errors do not what they mean sinse i have never seen them
Error connecting to IMAP server: localhost. 111 : Connection refused Sending' reported error (0x800CCC0F) : 'The connection to the server was interrupted. If this problem continues, contact your server administrator or Internet service provider (ISP).'
i tried restarting my server and restarting my httpd but nothing still budges still the same any way of fixing this?
I'm a web and software developer that owns and maintains two servers. Mainly I use these servers for hosting my clients (I dont sell hosting as a stand alone) and for development. I offered email as a service to my clients, but after 3 years of doing it, its just too much. I want to get rid of serving email. Certainly there is someone who has had a simular expierence and found a solution?
i have a rolling IP and on a bt business connection and have a dyn host name from dyndns.org (xtcservers.mine.nu.
i have an email server setup up an is now receiving email wit no problems but sending is a different matter.
i am using Dovecot IMAP server an Sendmail and roundcube webmail client ad i say receiving mail is fine from both outlook an webmail client. but when trying to send mail it shows this error (reason: (554 Mail from 86.159.133.235 refused, see RBL server zen.dnsbl)i think this is because this is from a dynamic ip.
is there anything i can do when i first set the server up i could sent mail to but just stopped after my server crashed an had to install a fresh copy of linux.
well we have a reseller pack due to some reasons all the mails from our sites are going to bulk/junk ..all scrits and webmails.... our mailserver is clean not backlisted and not even warned we tried many things ..but have not worked
so as a solution we have though of following ..are those possible and might work
1) as all sites mails are going to bulk i think they are using ip for that .ip of mail server..can we use another mail server with another ip ..with in existing dns address...just chaning ip of mail server ..and use another mail server whose mail are going to inbox... is it possible
2) can we use smtp server to send mail ..we have smtp address of our isp and google smtp as well can we use it to send all emails in our all websites... is it possibles.....what can be problems
is there any other way ..without changing(service provider) of the reseller package any way
I'm using a shared hosting plan. I dont want my emails to be blocked if other sites spam emails. Would a dedicated IP for my domain/email prevent other sites spam on the server from affecting me (ie being blocked from hotmail, etc.)?
Anybody has experience running qmail or exim beyond 8TB of data? Any performance issue?
One of my client would need to archive their emails for a decade...so the data storage would be the main issue here. I have never run such huge email server before...any input?
I run dating sites and when a user signs up, or messages another user, they receive an email in the inbox stating this. would anyone know why these emails are only being sent out and received occasionally as opposed to all the time?
I am having trouble delivering email to hotmail from one server that was reported as spam source yesterday.
We have removed the offending account and placed a request to msn support to remove any block on our IP address but still have not answer to our request since almost 24 hours. Still keep receiving the same answer:
Quote:
550 SC-001 Mail rejected by Windows Live Hotmail for policy reasons. Reasons for rejection may be related to content with spam-like characteristics or IP/domain reputation problems. If you are not an email/network admin please contact your E-mail/Internet Service Provider for help. Email/network admins, please visit [url]for email delivery information and support
Is it possible to route my server email though another machine at least while the ip address is kept blocked? I mean may I use any firewall rule to move all port 25 trafic to a clean server to avoid the delivery problems?
I have 100 customers who can't communicate with its partners due this problem.