SPAM Source Identification not possible..
Hello,
last days my system sends/receive spam mails and i cant find out where the problem is.
the spams were sent over the additional exim mail IP.
Currently i have CSF Firewall and limitation for cPanel User (maximum percentage failed...)
Lot of spam mails to a spefic email adress:
[bounce] to username @ hotmail.com:
FROM username @ hotmail.com (4 emails in queue) :
can anyone help me, thank you
1VJA2p-0004Ud-BK-H
mailnull 47 12
<>
1378766095 0
-ident mailnull
-received_protocol local
-body_linecount 54
-max_received_linelength 130
-allow_unqualified_recipient
-allow_unqualified_sender
-frozen 1378766097
-localerror
XX
1
username @ domain.com.br
157P Received: from mailnull by EDITED with local (Exim 4.80.1)
id 1VJA2p-0004Ud-BK
for username @ domain.com.br; Tue, 10 Sep 2013 00:34:55 +0200
048 X-Failed-Recipients: root@MY Serverdom
029 Auto-Submitted: auto-replied
065F From: Mail Delivery System EDITED>
028T To: username@ domain.com.br
059 Subject: Mail delivery failed: returning message to sender
054I Message-Id: EDITED>
038 Date: Tue, 10 Sep 2013 00:34:55 +0200
FROM username @ hotmail.com (4 emails in queue) :
1VJBdC-0002gn-1X-H
mailnull 47 12
1378772194 0
-helo_name localhost
-host_address 127.0.0.1.52360
-host_name localhost
-interface_address 127.0.0.1.25
-received_protocol esmtp
-aclc _authenticated_local_user 4
root
-body_linecount 17
-max_received_linelength 69
XX
1
username @ peoplepc.com
224P Received: from localhost ([127.0.0.1]:52360)
by EDITED with esmtp (Exim 4.80.1)
(envelope-from )
id 1VJBdC-0002gn-1X
for username @ peoplepc.com; Tue, 10 Sep 2013 02:16:34 +0200
059F From: username here.
033R Reply-To: username @ gmail.com
021 Subject: RE: URGENT!
018 MIME-Version: 1.0
025 Content-Type: text/plain
032 Content-Transfer-Encoding: 8bit
can anyone help me, thank you
-
Hello :) Try checking your mail queue to see if additional SPAM messages still exist in the queue: "WHM Home " Email " Mail Queue Manager" You can look at the message header and body to see if you can find out if an actual username authenticated, or if it was sent from a script. The following document is useful if you want to prevent email abuse: cPanel - Prevent Email Abuse Thank you. 0 -
hello, i cant see any usernames in message header or body. This is why i asked for other ways to find the source problem :) The steps except: "Step 3 suphp", is already configured. i use fcgi. 0 -
It's possible that the message was sent out by an authenticated email account. It's difficult to determine the exact source or to know if an account username was listed in the email headers because those aspects were edited out of your original message. Thank you. 0
Please sign in to leave a comment.
Comments
3 comments