Spam Relay

Neso

• December 05, 2016 08:20

Hi, can anybody help me to stop these Russian spammers, how they send emails over my server, how can I block them I use CSF, SMTP_BLOCK is active ... is this relay and if yes how to stop ? Here details about one of emails:
1cDZdJ-00082C-JP-H mailnull 47 12 1480868841 0 -helo_name 77.221.130.6.addr.domain.ru -host_address 203.192.221.87.57235 -interface_address SERVER-IP.587 -received_protocol esmtps -body_linecount 23 -max_received_linelength 76 -host_lookup_failed -tls_cipher TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 -tls_ourcert -----BEGIN CERTIFICATE-----\nMIIFajCCBFKgAwIBAgIRAM7Iw/n6TSL42MnWKY7ga7cwDQYJKoZIhvcNAQELBQAw\ngZAxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO\nBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTYwNAYD\nVQQDEy1DT01PRE8gUWxpZGF0ZWQxFDASBgNVBAsTC1Bvc2l0aXZlU1NMMSAw\nHgYDVQQDExdzZXJ2ZXItdXMwMS5zZXJ2ZXIucGx1czCCASIwDQYJKoZIhvcNAQEB\nBQADggEPADCCAQoCggEBAMkSKVSix6Er+aKbHKD8WHjAJ9dpZuaVMBMyKPnHWi08\n7lFCA17MyxXlaqBkN5lCgX0dc7WADxc/eBlBjrnE58n/1qcU8TvWbXaa2oPj0C4s\nkzCgWnZFgZuEIu/MAcDq75xiSxkVol3iYyDkKDI8Us5faOfOklwrJhgOLHTHsyac\nPJC+W4StzCLLvUjAmPZgOJ5UO+RIsLjkqvyIWOnZXBQcyQ8NFEaEiwJ41yML9m/V\nT5zaiHDel55ymouKuGpkbKaMjxAMqKQguHlbbGMaMa7d6lxifdIKYz1GoNHFyAjU\njZclAXj3nvHpWqO9BJPhcM8KdGCxXjKRrZU4OiLb2zECAwEAAaOCAfEwggHtMB8G\nA1UdIwQYMBaAFJCvajqUWgvYkOoSVnPfQ7Q6KNrnMB0GA1UdDgQWBBSd4KtKLw5u\nyqQPb6Efe9Necr/6ujAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNV\nHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwTwYDVR0gBEgwRjA6BgsrBgEEAbIx\nAQICBzArMCkGCCsGAQUFBwIBFh1odHRwczovL3NlY3VyZS5jb21vZG8uY29tL0NQ\nUzAIBgZngQwBAgEwVAYDVR0fBE0wSzBJoEegRYZDaHR0cDovL2NybC5jb21vZG9j\nYS5jb20vQ09NT0RPUlNBRG9tYWluVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNy\nbDCBhQYIKwYBBQUHAQEEeTB3ME8GCCsGAQUFBzAChkNodHRwOi8vY3J0LmNvbW9k\nb2NhLmNvbS9DT01PRE9Euc2VydmVyLnBsdXOCG3d3dy5zZXJ2ZXItdXMwMS5z\nZXJ2ZXIucGx1czANBgkqhkiG9w0BAQsFAAOCAQEAdB/5z5m0vIz3gqNIOlHrkSvx\niuyq9alESU/jG2RM8pqF8je3AwV5i5or1qvkfNNrbzapIfB6LShUOa6Eo94hJHTd\ng1h+V6dlesGhkpHonSwdCYoPxQboGPByAjFTEdy2YM/WJ9wbN49QMzGaVDtaq5+j\nZ01ligSki+cbM/1cQV78FmQ6iiqnRhHfDQhNCDQJak1WcWITWQlb9ND7TzLk1qi8\nlFeu8cviI7TdzEKWnhgF5E5bzQ1I7hO4iTLU1exKER7LPSjqN1GxKZtML+tcj4Dn\n/6EqdIeO2auyzx/3oHwl8ELJ7XPD6yInTGrrWyg4mJ6knK9OYiRRf1G5Jy/XUw==\n-----END CERTIFICATE-----\n XX 1 colar@domain.ru 292P Received: from [203.192.221.87] (port=57235 helo=77.221.130.6.addr.example.ru) by server-us01.xxx.xxx with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.87) (envelope-from ) id 1cDZdJ-00082C-JP for colar@domain.ru; Sun, 04 Dec 2016 11:27:22 -0500 058I Message-ID: <47BDFEDD6EBA95568A8FC6783CE9531E@moskva.com> 073F From: =?windows-1251?B?yOPu8PwgyOPu8OXi6PcgIA==?= 023T To: 057 Subject: =?windows-1251?B?yvPv6/4v7/Du5ODsIGJpdGNvaW4=?= 037 Date: Sun, 4 Dec 2016 17:27:18 +0100 018 MIME-Version: 1.0 048 Content-Type: text/html; charset="windows-1251" 044 Content-Transfer-Encoding: quoted-printable 078 X-cPanel-MailScanner-Information: Please contact the ISP for more information 042 X-cPanel-MailScanner-ID: 1cDZdJ-00082C-JP 040 X-cPanel-MailScanner: Found to be clean 033 X-cPanel-MailScanner-SpamCheck: 048 X-cPanel-MailScanner-From: ortukov82@example.com 018 X-Spam-Status: No

• 

  cPanelMichael

  • December 06, 2016 16:51

  Hello, The following thread is a good place to start: How can I find out if my server is sending spam? You should also change the password for that email account, and for the cPanel account it's added to. Let us know if this helps. Thank you.

  0

Please sign in to leave a comment.