Results 1 to 6 of 6
  1. #1

    Alot of spam sent..

    Hey guys,

    I've been using the same server for the last 3 years, I run a few websites but they are small, im running CentOS and the latest cPanel WHM.

    Recently i've had emails bouncing back as my IP has been blacklisted due to spam, Thought it was odd.. So went through my logs and statistics and found a few things..

    This is the report for the last 2 days.. "Exim statistics from 2011-03-21 20:33:03 to 2011-03-23 22:36:09"

    Volume Messages
    **bypassed** 931KB 98
    local_delivery 135MB 41565
    remote_smtp 84MB 62014
    virtual_userdelivery 17MB 147

    --

    Top 50 sending hosts by message count

    Messages Bytes Average Sending host
    122972 304MB 2592 local

    --

    As you see, thats some serious spam.. but how can i find where its originating from? I've changed "Prevent “nobody” from sending mail" to "On" but its still going..

  2. #2
    Join Date
    Nov 2009
    Location
    Vista, CA
    Posts
    1,060
    I think that you are using dedicated IPs? Do you host other sites? Maybe someone use spam sending software there?
    WebIntellects - Fully Managed Dedicated and Virtual Private Servers since1999.
    WebhostGIANT - LOW Cost Hosting

  3. #3
    Yeah using dedicated ips, I host other sites but controlled by me, Basically design a website, host it and thats it.

  4. #4
    Have just looked at my queue and heres one..


    1Q2LWc-0000va-RP-H
    theaccount 32007 32009
    <[email protected]**.com>
    1300876970 0
    -ident theaccount
    -received_protocol local
    -body_linecount 17
    -max_received_linelength 405
    -auth_id theaccount
    -auth_sender [email protected]**.com
    -allow_unqualified_recipient
    -allow_unqualified_sender
    -local
    XX
    1
    [email protected]

    204P Received: from theaccount by server.**.com with local (Exim 4.69)
    (envelope-from <[email protected]**.com>)
    id 1Q2LWc-0000va-RP
    for [email protected]; Wed, 23 Mar 2011 23:42:50 +1300
    035T To: [email protected]
    029 Subject: Surgery to correct.
    043F From: Mikhail Sereda <[email protected]>
    038R Reply-To: [email protected]
    018 MIME-Version: 1.0
    025 Content-Type: text/plain
    032 Content-Transfer-Encoding: 8bit
    051I Message-Id: <[email protected]**.com>
    038S Sender: <[email protected]**.com>
    038 Date: Wed, 23 Mar 2011 23:42:50 +1300

  5. #5
    Close port 25 on your firewall.

  6. #6
    Join Date
    Jan 2004
    Posts
    593
    Quote Originally Posted by Question Everything View Post
    Close port 25 on your firewall.
    You really spout off a lot of useless information that could be detrimential to helping solve issues.

    OP, have you looked at your apache logs to see if any scripts are ran way more than others? You could have an exploit on the server from a non-updated script.

    If you look at the que and see the same username show up frequently, its possible the issue resides in that users account.

    Do you use suphp or fastcgi?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •