hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : big problem with SPAM
Reply

Forum Jump

big problem with SPAM

Reply Post New Thread In Hosting Security and Technology Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old 11-01-2005, 07:07 PM
Gauch0r Gauch0r is offline
Newbie
 
Join Date: Nov 2005
Posts: 19
*

big problem with SPAM


Hello,

I do a tail -f /var/log/exim_mainlog and I get..

Quote:
2005-11-01 19:38:52 H=(n4a.bulk.scd.yahoo. com) [66.94.237.38] F=<sentto-4012611-280130-1130882778-gpatxi=siteinmyserver. com@returns.groups.yahoo .com> rejected RCPT <gpatxi@siteinmyserver .com>: Unrouteable address
2005-11-01 19:38:52 H=(n8.bulk.dcn.yahoo .com) [216.155.201.61] F=<sentto-4166736-229188-1130879492-gpatxi=siteinmyserver. com@returns.groups.yahoo. com> rejected RCPT <gpatxi@siteinmyserver. com>: Unrouteable address
2005-11-01 19:38:52 H=(n2a.bulk.scd.yahoo .com) [66.94.237.36] F=<sentto-341162-45588-1130879619-gpatxi=siteinmyserver. com@returns.groups.yahoo. com> rejected RCPT <gpatxi@siteinmyserver. com>: Unrouteable address
a lot of emails, and don't stop! They still running and overloading my server...

Exist any way to block gpatxi@siteinmyserver. com to in / out of my server?

I searched in google about gpatxi and is a spanish-man that lives sending spam.

And the email account "gpatxi@siteinmyserver. com" don't exist.

Help pleaseeeeee!

How can I stop it?

Thank you very much!

edit:

I created an email account called: gpatxi@siteinmyserver. com to receive the emails...
and they are ALL emails of list accounts created at yahoo groups, subjects of some emails:

[A1 Home Biz] Earn high daily returns on your investme...
[1_more_safelist] About Get-Paid-To-Read-Email sca...
[1-list-for-all] Easiest money I have ever made - 30K ...
[1-to-1] Easiest money I have ever made - 30K in your ...
[1Business_Opp_Gold] Easiest money I have ever made - ...
[123Work_at_home] Easiest money I have ever made - 30K ...
[10DaysDouble] Easiest money I have ever made - 30K in ...
[100percentFREEMoney] Easiest money I have ever made - ...
[3MoonsDiscussion] Making money has NEVER been so ...
[0-newbies] GUARANTEED UNBELIEVABLE MONEY LOOPHOLE ...
[Ads_Unlimited] Build A Lifetime Residual Income!
[0-postfreeadz] Who is this Internet Renegade?

They are arriving about 120 or 200 by minute...


Last edited by Gauch0r; 11-01-2005 at 07:10 PM. Reason: I do a test
Reply With Quote


Sponsored Links
  #2  
Old 11-01-2005, 07:16 PM
LP-Trel LP-Trel is offline
Web Hosting Master
 
Join Date: Jul 2003
Location: Nothing but, net
Posts: 2,062
Set the domain siteinmyserver.com as default :fail: and delete the address you've created.

That should stop those emails from Yahoo! Groups quickly since the emails will "bounce".

Reply With Quote
  #3  
Old 11-01-2005, 07:19 PM
bear bear is offline
Community Leader
 
Join Date: Oct 2002
Location: Mayberry
Posts: 19,503
If you fail the default address in Cpanel, all mail to the domain will get rejected unless you create forwards for them. Create forwards in the format of:
username@servername.domain.com...and not username@domain.com and they will still get delivered to the default mailbox.

__________________
Having problems, or maybe questions about WHT? Head over to the help desk!




Last edited by bear; 11-01-2005 at 07:20 PM. Reason: removing auto links
Reply With Quote
Sponsored Links
  #4  
Old 11-01-2005, 07:27 PM
Gauch0r Gauch0r is offline
Newbie
 
Join Date: Nov 2005
Posts: 19
ok, thats ok..

but the mails still coming and overloading the server

Quote:
7444 mailnull 16 0 3600 3600 2540 S 14.1 0.3 0:00 0 exim
7447 mailnull 16 0 3600 3600 2540 S 13.5 0.3 0:00 0 exim
6690 mailnull 16 0 3600 3600 2540 S 7.3 0.3 0:01 0 exim
6783 mailnull 16 0 3600 3600 2540 S 7.3 0.3 0:01 0 exim
7360 mailnull 15 0 3592 3592 2540 S 7.3 0.3 0:00 0 exim
7454 mailnull 17 0 3592 3592 2540 S 7.3 0.3 0:00 0 exim
7261 mailnull 15 0 3604 3604 2540 S 6.7 0.3 0:01 0 exim
exist any way to STOP it before exim process the email?

Reply With Quote
  #5  
Old 11-01-2005, 08:15 PM
bear bear is offline
Community Leader
 
Join Date: Oct 2002
Location: Mayberry
Posts: 19,503
:fail: will just accept the headers to see if it's for a legitimate address and then reject based on recipient. How can it possibly reject messages it hasn't seen at all..unless it's all coming from one IP address, and then you can block that from conecting to the box at all.

__________________
Having problems, or maybe questions about WHT? Head over to the help desk!



Reply With Quote
  #6  
Old 11-01-2005, 08:44 PM
boonchuan boonchuan is offline
Retired Moderator
 
Join Date: Mar 2004
Location: Singapore/Melbourne
Posts: 6,852
Do you know where they are from? Get the IP and block them using Iptables.

Reply With Quote
  #7  
Old 11-02-2005, 12:05 AM
Eglis Eglis is offline
Junior Guru Wannabe
 
Join Date: Oct 2005
Location: Quebec
Posts: 60
You could setup rbl checks with exim, this is quite effective for me.

Reply With Quote
  #8  
Old 11-02-2005, 03:07 AM
andy18 andy18 is offline
Web Hosting Master
 
Join Date: Jul 2002
Location: Malaysia
Posts: 698
probably another implementation is to configure dictionary attack on your exim

Reply With Quote
  #9  
Old 11-02-2005, 07:40 AM
bear bear is offline
Community Leader
 
Join Date: Oct 2002
Location: Mayberry
Posts: 19,503
The problem with RBL or IP blocks is that these are all coming from Yahoo addresses. Not likely listed in RBL, and blocking all *yahoo is kind of extreme. I should think that the fail notices may eventually stop the issue, since that typically returns a "no account" type message.

Although it's unlikely they will act on it, perhaps contacting Yahoo and discuss the issue? Let them know that your domain is being used on their groups, and it's causing abuse of your mail server. Provide proof, and maybe there's something they can (and will) do.

__________________
Having problems, or maybe questions about WHT? Head over to the help desk!



Reply With Quote
  #10  
Old 11-02-2005, 08:02 AM
Blapto Blapto is offline
Web Hosting Evangelist
 
Join Date: Sep 2005
Location: Essex, England
Posts: 548
For now I would :fail: that account, that should cut down on resource use significantly. Given time, the attacks ought to drop off.
Of course, if they're from yahoo groups you could use an ACL for now, if it's too extreme even after failing them.

Reply With Quote
Reply

Related posts from TheWhir.com
Title Type Date Posted
Successful Ingredients for Stopping Outbound Spam Blog 2013-07-30 09:54:15
Outbound Spam Causing Sleepless Nights? Blog 2013-05-13 09:52:21
Spammy Hosting Clients Won't Affect Your Site Ranking: Google Blog 2013-04-10 13:36:07
eleven Email Security Report Finds European Countries Top Spam Senders in October, November Web Hosting News 2014-05-01 08:22:32
eleven August Email Security Report Sees Highest Spam Growth Rate in Two Years Web Hosting News 2012-08-08 13:22:20


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
Advertisement:
Web Hosting News:



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?