Results 1 to 6 of 6
  1. #1
    Join Date
    Jan 2007
    Posts
    688

    100's of spam per hour!

    I'm getting literally about 100 of these per hour easy in whm > mail queue! Where is it coming from and how do I stop this?


    Code:
    1JBOml-0008CW-Fz-H
    mailnull 47 12
    <>
    1199600103 0
    -ident mailnull
    -received_protocol local
    -body_linecount 33
    -max_received_linelength 115
    -allow_unqualified_recipient
    -allow_unqualified_sender
    -localerror
    XX
    1
    [email protected]
    
    154P Received: from mailnull by server.domain.com with local (Exim 4.68)
        id 1JBOml-0008CW-Fz
        for [email protected]; Sun, 06 Jan 2008 00:15:03 -0600
    038  X-Failed-Recipients: [email protected]
    029  Auto-Submitted: auto-replied
    063F From: Mail Delivery System <[email protected]>
    029T To: [email protected]
    059  Subject: Mail delivery failed: returning message to sender
    052I Message-Id: <[email protected]>
    038  Date: Sun, 06 Jan 2008 00:15:03 -0600
    
    1JBOml-0008CW-Fz-D
    This message was created automatically by mail delivery software.
    
    A message that you sent could not be delivered to one or more of its
    recipients. This is a permanent error. The following address(es) failed:
    
      [email protected]
        SMTP error from remote mail server after RCPT TO:<[email protected]>:
        host sentry.domainbank.com [64.85.73.28]: 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
    
    ------ This is a copy of the message, including all the headers. ------
    
    Return-path: <[email protected]>
    Received: from root by server.domain.com with local (Exim 4.68)
        (envelope-from <[email protected]>)
        id 1JBOmk-0008CJ-To
        for [email protected]; Sun, 06 Jan 2008 00:15:02 -0600
    To: [email protected]
    Subject: Services(2) failed
    From: [email protected]
    Message-Id: <[email protected]>
    Date: Sun, 06 Jan 2008 00:15:02 -0600
    
    Address:domain.com
    
    Following services are down:
    
    SSH(22)
    MySQL(3306)
    
    Do not reply to this!
    For further details please contact your provider!

  2. #2
    Join Date
    Apr 2005
    Location
    Cochin
    Posts
    2,446
    I beleive its cpanel alerts.

    Have you set your hostname correctly and your email contact in WHM ?
    Sam
    Supportlobby.com - Expertise in Windows/Linux server support, IaaS and PaaS Management
    Spiralbean.com - Custom Software Development
    Email: exec @ activelobby.net | Skype: unni_active

  3. #3
    Join Date
    Jan 2007
    Posts
    688
    No I did not because I don't want to receive any server alerts.

    SSH is on a custom port and mysql 3306 port is closed via CSF firewall. Could that be it?

  4. #4
    Join Date
    Apr 2005
    Location
    Cochin
    Posts
    2,446
    if you dont want to receive your alerts. Disable all notifications via WHM and set a valid contact email id and it need not be your personal id. That would eradicate these messages.

    However i suggest keeping the server alerts as a part of server maintenance plan to atleast your technical person.
    Sam
    Supportlobby.com - Expertise in Windows/Linux server support, IaaS and PaaS Management
    Spiralbean.com - Custom Software Development
    Email: exec @ activelobby.net | Skype: unni_active

  5. #5
    Join Date
    Jan 2007
    Posts
    688
    Now I get these after setting up cron for my support desk

    Code:
     1JBPIf-0000gg-N6-D
    --00:48:01--  http://domain.com/support/cron/index.php?_t=parser
               => `/dev/null'
    Resolving domain.com... xxx.xxx.64.2
    Connecting to domain.com|xxx.xxx.64.2|:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 94 [text/html]
    
        0K                                                       100%   11.21 MB/s
    
    00:48:01 (11.21 MB/s) - `/dev/null' saved [94/94]
    That's annoying. How do I stop these?

    I set that up via crontab -e by the way, not cpanel area.

  6. #6
    Join Date
    Oct 2004
    Location
    Kerala, India
    Posts
    4,750
    Remove the mail id specified in the "Basic cPanel/WHM Setup" --> Edit Setup -> server contact email address.
    David | www.cliffsupport.com
    Affordable Server Management Solutions sales AT cliffsupport DOT com
    CliffWebManager | Access WHM from iPhone and Android

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •