Dangerous spam attack with google.com accounts
Hi,
I can see my cpanel is affected severe spam attack ..i can see many fake mails log as follows:-
-RSA-AES128-GCM-SHA256:128 C="250 2.0.0 OK 1387264961 s20si13325349igd.32 - gsmtp"
2013-12-17 02:22:55 H=228-26.thezone.bg [85.217.228.26]:46653 F= rejected RCPT : No Such User Here"
2013-12-17 02:22:55 H=228-26.thezone.bg [85.217.228.26]:46654 F= rejected RCPT : No Such User Here"
2013-12-17 02:22:55 H=228-26.thezone.bg [85.217.228.26]:46653 F= rejected RCPT : No Such User Here"
2013-12-17 02:22:55 H=228-26.thezone.bg [85.217.228.26]:46654 F= rejected RCPT : No Such User Here"
2013-12-17 02:22:55 H=228-26.thezone.bg [85.217.228.26]:46653 F= rejected RCPT : No Such User Here"
2013-12-17 02:22:56 H=228-26.thezone.bg [85.217.228.26]:46654 F= rejected RCPT : No Such User Here"
2013-12-17 02:22:56 H=228-26.thezone.bg [85.217.228.26]:46653 F= rejected RCPT : No Such User Here"
2013-12-17 02:22:56 H=228-26.thezone.bg [85.217.228.26]:46654 F= rejected RCPT : No Such User Here"
2013-12-17 02:22:56 H=228-26.thezone.bg [85.217.228.26]:46653 F= rejected RCPT : No Such User Here"
2013-12-17 02:22:56 H=228-26.thezone.bg [85.217.228.26]:46654 F= rejected RCPT : No Such User Here"
2013-12-17 02:22:56 H=228-26.thezone.bg [85.217.228.26]:46653 F= rejected RCPT : No Such User Here"
2013-12-17 02:22:57 H=228-26.thezone.bg [85.217.228.26]:46654 F= rejected RCPT : No Such User Here"
2013-12-17 02:22:57 H=228-26.thezone.bg [85.217.228.26]:46653 F= rejected RCPT : No Such User Here"
2013-12-17 02:22:57 H=228-26.thezone.bg [85.217.228.26]:46654 F= rejected RCPT : No Such User Here"
2013-12-17 02:22:57 H=228-26.thezone.bg [85.217.228.26]:46653 F= rejected RCPT : No Such User Here"
2013-12-17 02:22:57 H=228-26.thezone.bg [85.217.228.26]:46654 F= rejected RCPT : No Such User Here"
2013-12-17 02:22:58 H=228-26.thezone.bg [85.217.228.26]:46653 F= rejected RCPT : No Such User Here"
2013-12-17 02:22:58 H=228-26.thezone.bg [85.217.228.26]:46654 F= rejected RCPT : No Such User Here"
2013-12-17 02:22:58 H=228-26.thezone.bg [85.217.228.26]:46653 F= rejected RCPT : No Such User Here"
2013-12-17 02:22:58 H=228-26.thezone.bg [85.217.228.26]:46654 F= rejected RCPT : No Such User Here"-
Hello :) The "rejected RCPT" message indicates the emails were rejected and bounced to the original sender. Were you seeking some other additional action, or were you looking to enable additional measures to prevent outgoing SPAM from your server? This document may be of use: cPanel - Prevent Email Abuse Thank you. 0 -
All those steps done ... mainly its as below, also getting it from the same email ID 2013-12-17 23:47:12 1Vt92L-0003O0-AG <= cordialvkom88@google.com H=190-76-80-114.dyn.movilnet.com.ve [190.76.80.114]:43489 P=esmtp S=3930 id=4918061991.AS35O243388918@xxxxx.com T="Clean energy firm recruiting agents worldwide." for rchkaibane@xxxxxx.com0 -
The message getting bounced to the sender ensures it's not delivered to the email account. Could you elaborate on the additional action you would like to see? Thank you. 0 -
Hi, All these google.com email IDs re not real... its SMTP attack. Also some of the mails delivered by this IDs are getting in outlook as the mails from their own IDs. So its not the issue of not delivering,but need to get any remedy for blocking such big attack mailnly from *.google.com mail ids 0 -
You may want to utilize the "Account Level Filtering" option in cPanel for the accounts that you want to block all google.com mail addresses. Also, review the options in: "WHM Home " Service Configuration " Exim Configuration Manager" There are several options here that can help block SPAM. It's up to you how agressive you want to be in blocking the messages. Thank you. 0
Please sign in to leave a comment.
Comments
5 comments