Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


help with mail server external spaming
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

help with mail server external spaming

hello guys.
am using a cpanel vps and it only host one website.
but the issue is that even after configuring the exim and tweaking some external user are still able to use my vps smtp to send bulk and spam.
this is really a big problem.
i have changed the vps in august to stop this issue only to resurface now.
i own anothet cpanel vps hosting more than 15website but it nevet had this issue.

Comments

  • any help or tips

  • Check your mailserver queue

  • i did that and maild are sending from users/sender not related to the domain on the vps.
    like the vps domain is domain.com but the senders are from eg [email protected] and many more

  • Awmusic12635Awmusic12635 Member, Host Rep

    Are you sure your server is not hacked?

  • i dont think it is.

  • enitan092enitan092 Member
    edited September 2013

    password is alpha-numeric and symbol.
    and i dont logon with any pc except mine.

  • Pro Tip: Don't configure your exim to be an open relay.

  • Yes, when simulating SMTP conversation with server, does it allow sending message to non-local addresses without authentication?

    If yes, it's an open relay, it should be fixed ASAP.

  • i will check that now

  • 23.81.64.158: Relaying denied.

  • this is an example of the spam mail

    Date:
    Fri, 27 Sep 2013 00:58:11 +0600
    From:
    =?windows-1251?B?0cXNwNLO0A==?= upopyamun9657@tiscali.it
    To:
    shoko-212@shoko.ru
    Subject:
    =?windows-1251?B?zurt7iDPwtUg5+AgMzk0MCDw?=
    Content-Type:
    multipart/related;
    type="multipart/alternative";
    boundary="----=_NextPart_000_0EDB_01CEBB1C.A33DAE50"
    Message-ID:
    <A43D78B5D99A40D889BE26185E0A717E@frlb>
    MIME-Version:
    1.0
    Received:
    from [178.126.83.231] (port=57690 helo=Unknown)
    by node.propertymartltd.com with esmtpa (Exim 4.80.1)
    (envelope-from upopyamun9657@tiscali.it)
    id 1VPGl0-00068x-Qb
    for [email protected]; Thu, 26 Sep 2013 22:57:49 +0400
    Reply-To:
    =?windows-1251?B?0cXNwNLO0A==?= gahan1987@ngs.ru
    X-Mailer:
    Microsoft Windows Live Mail 16.4.3505.912
    X-MimeOLE:
    Produced By Microsoft MimeOLE V16.4.3505.912
    X-MSMail-Priority:
    Normal
    X-Priority:
    3
    This is a multi-part message in MIME format.

    ------=_NextPart_000_0EDB_01CEBB1C.A33DAE50
    Content-Type: multipart/alternative;
    boundary="----=_NextPart_001_0EDC_01CEBB1C.A33DAE50"

    ------=_NextPart_001_0EDC_01CEBB1C.A33DAE50
    Content-Type: text/plain;
    charset="windows-1251"
    Content-Transfer-Encoding: quoted-printable

    =D3=C2=C0=C6=C0=C5=CC=DB=C5 =C4=C0=CC=DB =C8 =C3=CE=D1=CF=CE=C4=C0
    =20

  • These are the headers of an email you received? (How else did you view these headers?) So the problem is incoming spam? Don't accept mail from servers with helo=Unknown.

  • agentmishraagentmishra Member, Host Rep

    best thing is setup the iptables to secure your install

    i had the same issue in one of my installs sometime back

    i did the iptables setup and it went on smooth

    also try to change the root password after that

    do it in a fresh install will be better and easier

  • If the problem is incoming spam, then

    • drop connections from well-knonm spam sources (DROP list, infiltrated.net blacklist etc)
    • use spam filtering (SpamAssassin, Dspam - personally, I prefer the latter), to detect and mark messages already passed through initial filters

    I would also add spam weight for absence of SPF/SendID/DKIM/DomainKey fields. That given, almost all spam I receive is correctly marked, with very few false positives (less than 0.01%)

  • this is for outgoing.mail
    the server has only one site on it.
    propertymartltd.com
    but the header is
    from:
    ?windows-1251?B?0cXNwNLO0A==?
    = [email protected] To:
    [email protected]

    what is with the windows stuff.
    this is the firsy time am seeing that

  • i have also set HELO not to receive from unknow.

  • enitan092enitan092 Member
    edited September 2013

    @sleddog
    i was able to view through whm >>mail queue and mail delivery.
    i dont have such domain as
    tiscali.it or shoko.ru in my vps.

Sign In or Register to comment.