Overloaded with outgoing spams, ip blacklisted.
My IP is blacklisted. i requested a delist, and now i'm investigating the spam sources. Please I need your help here, I did read many documentations, but i'm a beginner with all this spam mess.
Using the "Mail Delivery Reports" i found out that almost all my accounts are sending spams. some of them are not CMS, or even do not have mailing scripts, just html and css.
i attached this img
.vB
.vB
where do they come from ?
how can i treat it?
does this status (Sender verify failed) is the cause of blacklisting my IP ?
I appreciate your help.
-
here you have the current situation. all my clients are complaining about the email stoppage, hundreds of emails waiting in the queue since 3 days, server still sending tons of spams, lashback blacklist don't answer my phone calls or reply to my emails, cpanel moderators not responding. What should i do now ? 0 -
While youre waiting for someone to come along with a definitive answer. PYXSOFT offer a 7 day trial on their WHM AntiMalware software. Maybe this might help. Be careful though, don't just delete everything that it detects, as some detections may be false positives. 0 -
Hello :) Try checking your mail queue to see if additional SPAM messages still exist in the queue: "WHM Home " Email " Mail Queue Manager" You can look at the message header and body to see if you can find out if an actual username authenticated, or if it was sent from a script. The following document is useful if you want to prevent email abuse: cPanel - Prevent Email Abuse Thank you. 0 -
]Hello :) Try checking your mail queue to see if additional SPAM messages still exist in the queue: "WHM Home " Email " Mail Queue Manager" You can look at the message header and body to see if you can find out if an actual username authenticated, or if it was sent from a script. The following document is useful if you want to prevent email abuse:
0 -
Hello :) Did you review the document referenced in my previous post for information on how to prevent outgoing SPAM on your system? Thank you. 0 -
]Hello :) Did you review the document referenced in my previous post for information on how to prevent outgoing SPAM on your system? Thank you.
Yes i applied what is advised in the documentation you sent me. Many of them before my IP blacklisted. Before the spam happened: DKIM and SPF on all account by default (enabled) SMTP restriction (enabled) Minimum password strength (100) Restrict the nobody (enabled) Initial default/catch-all forwarder destination (Fail) After the spam: max hourly emails settings to 100 Enables spam assassin on all accounts - Incoming emails - (Enabled) Enables spam assassin on all accounts - Outgoing emails - (Enabled) Still not configured: EXPERIMENTAL: Rewrite From: header to match actual sender (What should I chose ? Disable, All, Remote) Maximum percentage of failed or deferred messages a domain may send per hour (Didn't understand it, I appreciate an e.g. if you can) Enable suPHP (currently its fcgi) ======================================= Please let me know what else should I do. Scenario If a user on my system is a 70 years old archaeologist, he open and dig deep any spam attachment he receive => his email start sending bulk emails => ISPs blacklist my IP => My server is handicapped for 4 days. My question to you How can I receive a notification whenever an account start sending bulk emails ? Thank you, I appreciate if you can follow this case to the end. so I won't bother you with another thread.0 -
I tested my relays on rbl.jp, mxtoolbox.com and mailradar.com All tested completed! No relays accepted by remote host! but as you can see in the 1st attachment (Opening post), my server is sending spoof emails ? 0 -
It's really a matter of detecting the source of SPAM and suspending the account or removing the offending script. The following command may help you better determine where the email is coming from: awk '$3 ~ /^cwd/{print $3}' /var/log/exim_mainlog | sort | uniq -c | sed "s|^ *||g" | sort -nr
This will list the source and the number of messages from each source. Thank you.0
Please sign in to leave a comment.
Comments
8 comments