Results 1 to 13 of 13
Thread: spamming problem! please help
-
12-26-2006, 01:37 PM #1Junior Guru Wannabe
- Join Date
- Apr 2006
- Posts
- 57
spamming problem! please help
Hello,
I have a vps and I have a great problem. My server is sending many emails from an adresse mail (lindaxxx@yahoo.com) that is the same for all messages. I view mail queue and it had always messages. Please how can I stop that ?
Please give me details because I'm a newbie.
Thank you in advance.
Best regards.
-
12-26-2006, 01:47 PM #2LORD OF THE RINGS
- Join Date
- Dec 2005
- Location
- Internet
- Posts
- 1,352
Whether the SPAM is incoming or outgoing? Check the email header to find out the culprit
-
12-26-2006, 01:54 PM #3Web Hosting Master
- Join Date
- May 2006
- Location
- India
- Posts
- 661
Login to your WHM
Service Configuration>>Exim Configuration Editor>>Switch to Advanced Mode (or in /etc/exim.conf - after the hostlist auth_relay_hosts = * entry add the line
log_selector = +all
This will make sure that you have a very detailed log.
Now execute the following command.
tail -f /var/log/exim_mainlog |grep sendmail
If the log shows numerous entries for a particular user like cwd=/home/username/
/public_html/ then give a thorough search in his home directory for the script that is used to sent mails.██ SparkSupport.Com - The Premier Tech Company
██ Cloud Solutions|Email Infra setup|VOIP|Video Streaming|Software Development
██ Email: info@sparksupport.com █ Phone : 1- 408-600-1449 | Skype : shijils
-
12-26-2006, 02:13 PM #4Junior Guru Wannabe
- Join Date
- Apr 2006
- Posts
- 57
this is the header of emails sent :
Return-path: <lindaxxx@yahoo.com>
Received: from localhost ([127.0.0.1] helo=mydomain.com)
by mydomain.com with smtp (Exim 4.52)
id 1GzGJB-0001RG-Oz
for anwar41@caramil.com; Tue, 26 Dec 2006 18:41:49 +0100
Received: from qkjiyyhm (2.131.50.124)
by mydomain.com; Tue, 26 Dec 2006 18:41:49 +0100
Date: Tue, 26 Dec 2006 18:41:49 +0100
From: <lindaxxx@yahoo.com>
X-Mailer: The Bat! (v2.01)
Reply-To: <lindaxxx@yahoo.com>
X-Priority: 3 (Normal)
Message-ID: <0827944393.20061023063757@aol.com>
To: <anwar41@caramil.com>
Subject: =?koi8-r?B?UmVjZWl2ZSBvZiBNb25leQ==?=
MIME-Version: 1.0
-
12-27-2006, 02:22 AM #5Web Hosting Master
- Join Date
- Jul 2004
- Location
- Texas
- Posts
- 688
X-Mailer: The Bat! (v2.01)
seems like spam to me, lots of times spammers use the bat. (or it could be some one with a newsletter, but i doubt that..)
-
12-27-2006, 12:22 PM #6Junior Guru Wannabe
- Join Date
- Apr 2006
- Posts
- 57
Please help me. I have an email from my supplier for an abuse complain from : http://www.spamcop.net
They give me a message with header and ask me to resolve that in 48 hours evenelse they will terminate my account.
[ Offending message ]
Return-Path:
Delivered-To: x
Received: (qmail 23476 invoked from network); 22 Dec 2006 10:00:27 -0000
X-Spam-Checker-Version: SpamAssassin 3.1.4 (2006-07-26) on filter7
X-Spam-Level: ****
X-Spam-Status: hits=4.8 tests=HTML_IMAGE_ONLY_20,HTML_MESSAGE,
HTML_MIME_NO_HTML_TAG,HTML_SHORT_LINK_IMG_3,MIME_HTML_ONLY,
NO_REAL_NAME,SUBJECT_EXCESS_BASE64,URIBL_OB_SURBL version=3.1.4
Received: from unknown (192.168.1.101)
by filter7.cesmail.net with QMQP; 22 Dec 2006 10:00:27 -0000
Received: from unknown (HELO mydomain.com) (64.xxx.xxx.xxx)
by mailgate.cesmail.net with SMTP; 22 Dec 2006 10:00:27 -0000
Received: from kzkmu (75.184.102.155)
by mydomain.com; Fri, 22 Dec 2006 11:00:26 +0100
Date: Fri, 22 Dec 2006 11:00:26 +0100
From:
X-Mailer: The Bat! (v2.01)
Reply-To:
X-Priority: 3 (Normal)
Message-ID:
To:
Subject: =?koi8-r?B?UmVjZWl2ZSBvZiBNb25leQ==?=
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----------49528913250"
X-SpamCop-Checked:
X-SpamCop-Disposition: Blocked SpamAssassin=4
------------49528913250
Content-Type: text/html; charset=koi8-r
Content-Transfer-Encoding: 8bit
Welcome to Real Time Invest!
Fully Automated System! Payment for referral - INSTANT. There is
internal chat.
Waiting for your help
-
12-27-2006, 01:38 PM #7Retired Moderator
- Join Date
- Oct 2004
- Location
- Ohio
- Posts
- 1,668
If this box is important to you, your best bet is to hire someone who can get this taken care of asap.
-
12-27-2006, 02:11 PM #8Junior Guru Wannabe
- Join Date
- Apr 2006
- Posts
- 57
any compagny for doing that is recommended ???
-
12-27-2006, 02:17 PM #9Web Hosting Master
- Join Date
- Jul 2004
- Location
- Texas
- Posts
- 688
Try Rack911, Platinum Server Management. (i have not used them, but they have good reviews here)
-
12-27-2006, 02:21 PM #10Junior Guru Wannabe
- Join Date
- Apr 2006
- Posts
- 57
what are their websites ?
-
12-27-2006, 02:25 PM #11Retired Moderator
- Join Date
- Jun 2003
- Location
- Proud She-Geek
- Posts
- 1,723
<?php echo "Signature here"; ?>
-
12-28-2006, 01:58 AM #12Web Hosting Master
- Join Date
- Dec 2005
- Posts
- 1,272
Originally Posted by Tree-nut
-
12-28-2006, 06:07 AM #13Junior Guru Wannabe
- Join Date
- Jan 2006
- Posts
- 37
for now just stp sendmail or whatever you are useing. easy fix untill you can find whos doing it. install spamassasin i it works with your setup not just with direct admin then look for something like clam av or similer for finding misc files.