Results 1 to 9 of 9
  1. #1
    Join Date
    Nov 2005
    Location
    Netherlands
    Posts
    172

    Is my mailserver being used by spammers?

    I have a lot e-mails in mail queue sent from <> to all kind of weird e-mail adresses. Does that mean my mailserver is being used by a spammer?
    How can i find out? I didn't configure my mail server after i installed directadmin.

  2. #2
    Join Date
    May 2006
    Posts
    307
    you need to check the emails' header to see more details
    Traditional music traveling

  3. #3
    Join Date
    Nov 2004
    Location
    India
    Posts
    1,100
    Most of the spammers use forms and scripts better you check the apache processes carefully using the pstree command. Installing mod_security also help you to prevent spammers using the buggy contact us pages.
    AssistanZ - Beyond Boundaries...
    Cloudstack Consultancy / 24x7 Web Hosting Support / 24x7 Server Management / Infrastructure Management Services
    Web & Mobile Apps Development / Web Designing Services / Php, Grails, Java Development

  4. #4
    Join Date
    Mar 2005
    Location
    Maine, USA
    Posts
    302
    http://www.abuse.net/relay.html
    check your mail server at that site to see if it is an open-relay. if it is not, then the issue is probably what assistanz247 said, a buggy contact us page, formmailer, or some other web page that allows e-mail to be sent.

  5. #5
    Join Date
    Nov 2005
    Location
    Netherlands
    Posts
    172
    That tool isn't working.

  6. #6
    Join Date
    Nov 2005
    Location
    Netherlands
    Posts
    172
    Oh now it does.

    My server is open relay

    Mail relay testing

    Connecting to xxxxx.com for registered user test ...

    <<< 220 xxxx.xxx*********** ESMTP Exim 4.60 Sun, 01 Oct 2006 15:21:14 -0400
    >>> HELO www.abuse.net
    <<< 250 xxxxxx.xxxx*********** Hello www.abuse.net [xxx.xxxx.xx.xxx]
    Relay test 1

    >>> RSET
    <<< 250 Reset OK
    >>> MAIL FROM:<[email protected]>
    <<< 250 OK
    >>> RCPT TO:[email protected]
    <<< 250 Accepted
    >>> DATA
    <<< 354 Enter message, ending with "." on a line by itself
    >>> (message body)
    <<< 250 OK id=xxxxxxxx-xxxxxxxx-xxx

    Relay test result

    Hmmn, at first glance, host appeared to accept a message for relay.

    THIS MAY OR MAY NOT MEAN THAT IT'S AN OPEN RELAY.
    Some systems appear to accept relay mail, but then reject messages internally rather than delivering them, but you cannot tell at this point whether the message will be relayed or not. If it is really an open relay, the test message will be delivered to you. If you do not receive the test message in your e-mail in the next few hours, it IS NOT an open relay.

    I received the test message in my mail!


    This is a test of third-party mail relay, generated via the Network Abuse Clearinghouse at
    http://www.abuse.net.
    Target host = xxxxx.com [xxxx.xxx.xxxx.xxxx]
    Test performed by [email protected] from xxx.xxx.xxx.xxx
    A well-configured mail server should NOT relay third-party email. Otherwise, the server is subject to abuse by vandals and spammers, and probable blacklisting by recipients of the unwanted third-party e-mail.
    For information on how to secure a mail server against third-party relay, visit <URL:
    http://www.mail-abuse.com/support/an_sec3rdparty.html>.

  7. #7
    Join Date
    Nov 2005
    Location
    Netherlands
    Posts
    172
    Does anyone know if there's a quick solution to disable open relay for Exim?

  8. #8
    Join Date
    Mar 2005
    Location
    Maine, USA
    Posts
    302

  9. #9
    Join Date
    Nov 2005
    Location
    Netherlands
    Posts
    172
    Quote Originally Posted by hawk82
    Yeah i've seen that website before, but unfortunately i don't have time to learn everything about exim. I need a quick solution
    Directadmin sucks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •