Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Advertise on LowEndTalk.com
help with mail server external spaming
New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

help with mail server external spaming

hello guys.
am using a cpanel vps and it only host one website.
but the issue is that even after configuring the exim and tweaking some external user are still able to use my vps smtp to send bulk and spam.
this is really a big problem.
i have changed the vps in august to stop this issue only to resurface now.
i own anothet cpanel vps hosting more than 15website but it nevet had this issue.

i was about to laugh but now am thinking of laughing

Comments

  • any help or tips

    i was about to laugh but now am thinking of laughing

  • Check your mailserver queue

    How to clean up a questionable reputation: throw the kids some BF/CM offers.

  • i did that and maild are sending from users/sender not related to the domain on the vps.
    like the vps domain is domain.com but the senders are from eg [email protected] and many more

    i was about to laugh but now am thinking of laughing

  • Awmusic12635Awmusic12635 Member, Provider

    Are you sure your server is not hacked?

    Subnet Labs, LLC Contact Us Deploy to: Seattle, Dallas or NYC
    Impact VPS | Cloud Servers | Storage Servers | Impact Shared | Shared Hosting

  • i dont think it is.

    i was about to laugh but now am thinking of laughing

  • enitan092enitan092 Member
    edited September 2013

    password is alpha-numeric and symbol.
    and i dont logon with any pc except mine.

    i was about to laugh but now am thinking of laughing

  • Pro Tip: Don't configure your exim to be an open relay.

  • Signatures are to identify who I am. I'm me. Who the hell are you?

  • Yes, when simulating SMTP conversation with server, does it allow sending message to non-local addresses without authentication?

    If yes, it's an open relay, it should be fixed ASAP.

    Monitor your network assets with IPHost (contact me to obtain a discount code, or use IPHM-EOTY-19-15 while year 2019 lasts)
  • i will check that now

    i was about to laugh but now am thinking of laughing

  • 23.81.64.158: Relaying denied.

    i was about to laugh but now am thinking of laughing

  • this is an example of the spam mail

    Date:
    Fri, 27 Sep 2013 00:58:11 +0600
    From:
    =?windows-1251?B?0cXNwNLO0A==?= upopyamun9657@tiscali.it
    To:
    shoko-212@shoko.ru
    Subject:
    =?windows-1251?B?zurt7iDPwtUg5+AgMzk0MCDw?=
    Content-Type:
    multipart/related;
    type="multipart/alternative";
    boundary="----=_NextPart_000_0EDB_01CEBB1C.A33DAE50"
    Message-ID:
    <[email protected]>
    MIME-Version:
    1.0
    Received:
    from [178.126.83.231] (port=57690 helo=Unknown)
    by node.propertymartltd.com with esmtpa (Exim 4.80.1)
    (envelope-from upopyamun9657@tiscali.it)
    id 1VPGl0-00068x-Qb
    for [email protected]; Thu, 26 Sep 2013 22:57:49 +0400
    Reply-To:
    =?windows-1251?B?0cXNwNLO0A==?= gahan1987@ngs.ru
    X-Mailer:
    Microsoft Windows Live Mail 16.4.3505.912
    X-MimeOLE:
    Produced By Microsoft MimeOLE V16.4.3505.912
    X-MSMail-Priority:
    Normal
    X-Priority:
    3
    This is a multi-part message in MIME format.

    ------=_NextPart_000_0EDB_01CEBB1C.A33DAE50
    Content-Type: multipart/alternative;
    boundary="----=_NextPart_001_0EDC_01CEBB1C.A33DAE50"

    ------=_NextPart_001_0EDC_01CEBB1C.A33DAE50
    Content-Type: text/plain;
    charset="windows-1251"
    Content-Transfer-Encoding: quoted-printable

    =D3=C2=C0=C6=C0=C5=CC=DB=C5 =C4=C0=CC=DB =C8 =C3=CE=D1=CF=CE=C4=C0
    =20

    i was about to laugh but now am thinking of laughing

  • These are the headers of an email you received? (How else did you view these headers?) So the problem is incoming spam? Don't accept mail from servers with helo=Unknown.

  • agentmishraagentmishra Member, Provider

    best thing is setup the iptables to secure your install

    i had the same issue in one of my installs sometime back

    i did the iptables setup and it went on smooth

    also try to change the root password after that

    do it in a fresh install will be better and easier

    skype id : agentmishra, gtalk id : agentmishra, email : [email protected]

  • If the problem is incoming spam, then

    • drop connections from well-knonm spam sources (DROP list, infiltrated.net blacklist etc)
    • use spam filtering (SpamAssassin, Dspam - personally, I prefer the latter), to detect and mark messages already passed through initial filters

    I would also add spam weight for absence of SPF/SendID/DKIM/DomainKey fields. That given, almost all spam I receive is correctly marked, with very few false positives (less than 0.01%)

    Monitor your network assets with IPHost (contact me to obtain a discount code, or use IPHM-EOTY-19-15 while year 2019 lasts)
  • this is for outgoing.mail
    the server has only one site on it.
    propertymartltd.com
    but the header is
    from:
    ?windows-1251?B?0cXNwNLO0A==?
    = [email protected] To:
    [email protected]

    what is with the windows stuff.
    this is the firsy time am seeing that

    i was about to laugh but now am thinking of laughing

  • i have also set HELO not to receive from unknow.

    i was about to laugh but now am thinking of laughing

  • enitan092enitan092 Member
    edited September 2013

    @sleddog
    i was able to view through whm >>mail queue and mail delivery.
    i dont have such domain as
    tiscali.it or shoko.ru in my vps.

    i was about to laugh but now am thinking of laughing

Sign In or Register to comment.