Skip to main content

cPanel admin on Go Daddy being spammed significantly.

Comments

8 comments

  • cPanelLauren
    Hello, Since this is email for accounts that don't exist it tells me you have the catch-all set to the admin user. To change this I would suggest doing the following -> Go to cPanel>>Email>>Default Address and change the setting from "Forward to your system account" to "Discard the email while your server processes it by SMTP time with an error message."
    0
  • keat63
    I'm a little confused. "I get double digit duplicates from unique addresses of users that appear locally originated but are not valid user accounts. " Lets assume that your domain is mydomain.com Are you receiving emails to somebody@mydomain.com (where somebody doesn't exist.) Or are you receving emails from somebody@mydomain.com (where somebody doesn't exist.) " The sender domain is unresponsive even though it asks for complaints and reporting of abuses. " I'm not aware that i've ever seen an abuse complaint taken seriously, we are just small fish.
    0
  • Cool_Games
    I'm a little confused. "I get double digit duplicates from unique addresses of users that appear locally originated but are not valid user accounts. " Lets assume that your domain is mydomain.com Are you receiving emails to somebody@mydomain.com (where somebody doesn't exist.) Or are you receving emails from somebody@mydomain.com (where somebody doesn't exist.) " The sender domain is unresponsive even though it asks for complaints and reporting of abuses. " I'm not aware that i've ever seen an abuse complaint taken seriously, we are just small fish.

    The from is an unique name to mydomain.com from someuser@paid-domain.com processed by the-emailer.com. the-emailer.com is in the header but the unsourced version sees from some.body@mydomain.com sender someuser@paiddomain.com. Next message sent closely timed is some.body-else@mydomain.com as a duplicate of the previous message. All have valid links in body to unsubscribe with destination not visible to untrained eye that are created to compute into the mailing list of destinations. The effect is new user can unsubscribe for a one time message then next message is another from xxx.yyy@mydomain.com which may be harvested names making them appear as real people but as though from mydomain.com.
    0
  • cPanelLauren
    My original advice would resolve this if they're sending to notvaliduser@yourdomain.com which it looks like they're doing.
    0
  • keat63
    Don't ever unsubscribe from a spammer. All you're doing is confirming that someone exists, so they'll spam you more. Unfortunately, as a web site owner, you don't have a lot of tools to deal with this. Enabling SPF and DKIM might help, but I doubt it will eradicate these altogether. Try to find a re-occurring pattern, create a filter based on such, a global filter is probably about the best tool in your arsenal. eg: if any header contains the-emailer.com or if any header contains paid-domain.com or from contains paid-domain.com then discard If there are re-occurring phrases in the message body or maybe even a common spelling mistake. I had one where it the email said something along the lines of 'view in a brower' (misspelt browser), that one was easy to block.
    0
  • Cool_Games
    My original advice would resolve this if they're sending to notvaliduser@yourdomain.com which it looks like they're doing.

    This appears to have worked for the sender that I had been trying to eliminate. Now wondering why SPAM Filters has remaining messages that are marked SPAM but are being sent to junk folder even with delete set to 5 X-Spam-Status: Yes, score=7.4 X-Spam-Score: 74 X-Spam-Bar: +++++++ Content analysis details: (7.4 points, 4.0 required) Automatically Delete New Spam (Auto-Delete): Auto-Delete is enabled. This will permanently delete all new email messages with a calculated spam score that meets or exceeds the Auto-Delete Threshold Score (5).
    0
  • cPanelLauren
    Hi @Cool_Games Do you have any other filters in place? It does indeed look like it would qualify for Auto-Delete. Can you show the email transaction for one of those? You can find the email logs at /var/log/exim_mainlog
    0
  • Cool_Games
    I can not get easily to cPanel the way GoDaddy has it set up. [CODE=bash]$ ls /var/log ./ ../
    Inversely SPAM filter missed this and delivered to inbox. Today I got an Apple app receipt that was not possible as I use Android. I could have sent it but it is a security issue to save "show source" because Chrome removes it if I do "save as" txt. I needed to cut and paste into offline editor while viewing online. Return-path: Subject: Re: [Receipt Order] - [14995171] : Your Receipt From Apple - Modern Combat Date: Thursday, July 9, 2020 [SDW] X-Ham-Report: Spam detection software, running on the system "GO_DADDY.secureserver.net", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email Your Receipt are in the attachment, Content-Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document; name="INVOICE-Modern-Combat-5-2.docx" Content-Disposition: attachment; filename="INVOICE-Modern-Combat-5-2.docx" Content-Transfer-Encoding: base64
    0

Please sign in to leave a comment.