All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Help with understanding spam mails generated from server
Hi friends, there are some spam mails being generated from one of the server I look after. All passwords etc. have been changed but still mails are there.
This is one of the bounce mail from mail queue:
http://pastebin.com/Ti052s22
ubbdi.net is the name of the domain , [email protected] is the user which is trying to send this but there is no such user on server.
This one is another one in mail queue:
http://pastebin.com/ETaki4vx
Here domain is
uddsolutions.com
Since accounts have hourly mail limit, there is no visible issue, only issue is that client is not able to send mail.
Can anyone help me to understand both above mails like source, how they are generated and what kind of issue could be there..
Comments
I believe you can use sendmail to send out email generated by php script which from email does not matter.
Ya, true then generally header contains path to script which it generated.. I don't see any such here..
what mail server are you using?
it's possible to send mail from [email protected] which can be done with php.
In your log I found http://awsholdings.com/wp-content/plugins/wp_sed/dating.php
Is awsholdings.com yours?
Nope...
Its standard cpanel setup, using exim MTA
Not always, this is an option in the mail server configuration. Is this a cPanel server?
You've likely got a PHP shell/mailer uploaded somewhere that is sending out mails.
Yes.
i dont think the email is coming from your server - you are getting the bouncebacks because of the reply to address.
I think you're right.
From that, it looks like the message originated on a LAN computer at Boeing
First one is indeed a bounced mail however, what about second one, it is clearly stating that "account has reached hourly limit" of sending mail.. and yes those are limits set on that domain.
So, rather its confusing for me.
is that not your if over x% of mails fail then limit account causing a throttle due to bouncebacks?
@Saahib im not familiar with that error message or setting
none of your IP addresses are listed in the headers so I think someone else is sending email as you are you are coping large numbers of bouncebacks.
there is no defense against this.