Hi,
I have tried all topics I could find but nothing helps me eliminate the spam that gets through my server. This server is designed to NOT use email accounts, only send email generated on webforms. SpamBlocker 4.5.4 etc is installed.
See logs for info. Can anyone please help me with this? I want to ELIMINATE ALL ACCESS which does not use authentication, as this clearly is...
2017-06-16 01:28:23 1dLeBa-0001t3-WB <= [email protected] H=(IP-223-11) [46.183.223.11] P=esmtps X=TLSv1ES-CBC3-SHA:168 CV=no S=1223 id=029e7fc8-42902-01381029703819@ip-223-11 T="Re: Greetings" from <[email protected]> for [email protected]
2017-06-16 01:28:23 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1dLeBa-0001t3-WB
2017-06-16 01:28:24 1dLeBa-0001t3-WB => [email protected] F=<[email protected]> R=lookuphost T=remote_smtp S=1254 H=mx1.hotmail.com [104.44.194.236] X=TLSv1.2:ECDHE-RSA-AES256-SHA384:256 CV=yes C="250 <029e7fc8-42902-01381029703819@ip-223-11> Queued mail for delivery"
2017-06-16 01:28:24 1dLeBa-0001t3-WB Completed
2017-06-16 01:28:26 1dLeBe-0001t7-1f <= [email protected] H=(IP-223-11) [46.183.223.11] P=esmtps X=TLSv1ES-CBC3-SHA:168 CV=no S=1268 id=029e7fc9-42902-01391029996759@ip-223-11 T="Re: Greetings" from <[email protected]> for [email protected]
2017-06-16 01:28:26 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1dLeBe-0001t7-1f
2017-06-16 01:28:27 1dLeBe-0001t7-1f => [email protected] F=<[email protected]> R=lookuphost T=remote_smtp S=1300 H=aspmx.l.google.com [173.194.69.26] X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=yes C="250 2.0.0 OK 1497569307 b28si400037eda.91 - gsmtp"
2017-06-16 01:28:27 1dLeBe-0001t7-1f Completed
2017-06-16 01:28:27 SMTP connection from (IP-223-11) [46.183.223.11] lost while reading message data (header)
2017-06-16 01:28:57 1dLeC9-0001tQ-17 <= [email protected] H=(IP-223-11) [46.183.223.11] P=esmtps X=TLSv1ES-CBC3-SHA:168 CV=no S=1264 id=029e7fcb-42902-013b1033655208@ip-223-11 T="Re: Greetings" from <[email protected]> for [email protected]
2017-06-16 01:28:57 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1dLeC9-0001tQ-17
LIST OF THINGS I TRIED:
- da-popb4smtp was alreay disabled (which it is by default). And I have checked, buy the pophosts list is empty.
- exim.pl is already version 21.
- exim.conf is with spamblocker 4.5.4
- exim.conf #EDIT#25 (acl_check_helo) is in place.
- CSF/LFD both running
- Mailradar test: Port 25 is Open at xx.xx.xx.xx... All tested completed! No relays accepted by remote host!
- SMTP_BLOCK in CSF was set to off, have set it to ON but this disabled my users using an external smtp server for sending form generated mails
- Easy spam fighter and Blockcracking is on
CHANGES I PREVIOUSLY MADE TO EXIM IN A OTHERWISE DEFAULT INSTALL:
1. to let is use a different IP-address then the servers ip, following this: https://help.directadmin.com/item.php?id=152
2. Added this, found in first post near end here: http://forum.directadmin.com/showthread.php?t=43500
The part with: # Prevents unencrypted mail submission.
FURTHER INFO:
- there are no mail addresses in any user account, other than a catch-all or forwarder. ALL users use externally hosted email.
I have tried all topics I could find but nothing helps me eliminate the spam that gets through my server. This server is designed to NOT use email accounts, only send email generated on webforms. SpamBlocker 4.5.4 etc is installed.
See logs for info. Can anyone please help me with this? I want to ELIMINATE ALL ACCESS which does not use authentication, as this clearly is...
2017-06-16 01:28:23 1dLeBa-0001t3-WB <= [email protected] H=(IP-223-11) [46.183.223.11] P=esmtps X=TLSv1ES-CBC3-SHA:168 CV=no S=1223 id=029e7fc8-42902-01381029703819@ip-223-11 T="Re: Greetings" from <[email protected]> for [email protected]
2017-06-16 01:28:23 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1dLeBa-0001t3-WB
2017-06-16 01:28:24 1dLeBa-0001t3-WB => [email protected] F=<[email protected]> R=lookuphost T=remote_smtp S=1254 H=mx1.hotmail.com [104.44.194.236] X=TLSv1.2:ECDHE-RSA-AES256-SHA384:256 CV=yes C="250 <029e7fc8-42902-01381029703819@ip-223-11> Queued mail for delivery"
2017-06-16 01:28:24 1dLeBa-0001t3-WB Completed
2017-06-16 01:28:26 1dLeBe-0001t7-1f <= [email protected] H=(IP-223-11) [46.183.223.11] P=esmtps X=TLSv1ES-CBC3-SHA:168 CV=no S=1268 id=029e7fc9-42902-01391029996759@ip-223-11 T="Re: Greetings" from <[email protected]> for [email protected]
2017-06-16 01:28:26 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1dLeBe-0001t7-1f
2017-06-16 01:28:27 1dLeBe-0001t7-1f => [email protected] F=<[email protected]> R=lookuphost T=remote_smtp S=1300 H=aspmx.l.google.com [173.194.69.26] X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=yes C="250 2.0.0 OK 1497569307 b28si400037eda.91 - gsmtp"
2017-06-16 01:28:27 1dLeBe-0001t7-1f Completed
2017-06-16 01:28:27 SMTP connection from (IP-223-11) [46.183.223.11] lost while reading message data (header)
2017-06-16 01:28:57 1dLeC9-0001tQ-17 <= [email protected] H=(IP-223-11) [46.183.223.11] P=esmtps X=TLSv1ES-CBC3-SHA:168 CV=no S=1264 id=029e7fcb-42902-013b1033655208@ip-223-11 T="Re: Greetings" from <[email protected]> for [email protected]
2017-06-16 01:28:57 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1dLeC9-0001tQ-17
LIST OF THINGS I TRIED:
- da-popb4smtp was alreay disabled (which it is by default). And I have checked, buy the pophosts list is empty.
- exim.pl is already version 21.
- exim.conf is with spamblocker 4.5.4
- exim.conf #EDIT#25 (acl_check_helo) is in place.
- CSF/LFD both running
- Mailradar test: Port 25 is Open at xx.xx.xx.xx... All tested completed! No relays accepted by remote host!
- SMTP_BLOCK in CSF was set to off, have set it to ON but this disabled my users using an external smtp server for sending form generated mails
- Easy spam fighter and Blockcracking is on
CHANGES I PREVIOUSLY MADE TO EXIM IN A OTHERWISE DEFAULT INSTALL:
1. to let is use a different IP-address then the servers ip, following this: https://help.directadmin.com/item.php?id=152
2. Added this, found in first post near end here: http://forum.directadmin.com/showthread.php?t=43500
The part with: # Prevents unencrypted mail submission.
FURTHER INFO:
- there are no mail addresses in any user account, other than a catch-all or forwarder. ALL users use externally hosted email.
Last edited: