Hey,
spam send out from my server keeps on going
i'm using exim.conf 4.5.7
running on centos 6 with directadmin
fail2ban and csf
i even used the isp of my vps hes service for smtp
i just set some spf records to there and they handle it
but the problem is started on my server
i now blocked most country's in csf for smtp usage but its not a solution
i changed my password allready 5 times even a very hard password and i think they just keep on going trough there
some logs from exim mainlog:
2018-03-10 10:04:29 1euaQX-0001WG-Cu <= [email protected] H=(mail.opelmanta.be) [178.246.104.77] P=esmtpsa X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no A=plain:alex S=4005 id=578398276309$hp0tojkg$1tkl2dlk$@Carmine-PC T="" from <[email protected]> for [email protected]
2018-03-10 10:04:30 1euaQX-0001WG-Cu => [email protected] F=<[email protected]> R=transip_email T=auth_relay S=4925 H=vps.transip.email [149.210.149.126] X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=yes A=auth_login C="250 2.0.0 Ok: queued as 3zyyx96LY9z1gwjc"
2018-03-10 10:03:39 1euaPj-0001WG-Dw <= [email protected] H=(mail.opelmanta.be) [178.246.104.77] P=esmtpsa X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no A=plain:alex S=3921 id=084366706732$vl0t3a7w$y0a6a583$@Oletha-PC T="" from <[email protected]> for [email protected]
2018-03-10 10:03:40 1euaPj-0001WG-Dw => [email protected] F=<[email protected]> R=transip_email T=auth_relay S=4840 H=vps.transip.email [149.210.149.126] X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=yes A=auth_login C="250 2.0.0 Ok: queued as 3zyywC74kYz1gwjc"
etc and it goes on
the transip things is the spf service of the isp mail.opelmanta.be should be the incoming server and smtp.opelmanta.be should be the outgoing its not an open relay normaly
i don't know what to do next
this is my csf config:
http://www.opelmanta.be/csfconfig
and
http://www.opelmanta.be/eximconfig
even if i did the dkim thing and all the protection on my own smtp i had even more spam
i use port 587 for outgoing mails
i thought port 25 should be more locked with my csf config
i still can do
[root@gsi public_html]# telnet directadmin.com 25
Trying 216.144.255.179...
Connected to directadmin.com.
Escape character is '^]'.
220 jbmc-software.com ESMTP Exim 4.90_1 Sat, 10 Mar 2018 04:14:03 -0700
if anyone has an idea for me please support me i'm looking for solutions for more than 3 weeks now
thanks alex
spam send out from my server keeps on going
i'm using exim.conf 4.5.7
running on centos 6 with directadmin
fail2ban and csf
i even used the isp of my vps hes service for smtp
i just set some spf records to there and they handle it
but the problem is started on my server
i now blocked most country's in csf for smtp usage but its not a solution
i changed my password allready 5 times even a very hard password and i think they just keep on going trough there
some logs from exim mainlog:
2018-03-10 10:04:29 1euaQX-0001WG-Cu <= [email protected] H=(mail.opelmanta.be) [178.246.104.77] P=esmtpsa X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no A=plain:alex S=4005 id=578398276309$hp0tojkg$1tkl2dlk$@Carmine-PC T="" from <[email protected]> for [email protected]
2018-03-10 10:04:30 1euaQX-0001WG-Cu => [email protected] F=<[email protected]> R=transip_email T=auth_relay S=4925 H=vps.transip.email [149.210.149.126] X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=yes A=auth_login C="250 2.0.0 Ok: queued as 3zyyx96LY9z1gwjc"
2018-03-10 10:03:39 1euaPj-0001WG-Dw <= [email protected] H=(mail.opelmanta.be) [178.246.104.77] P=esmtpsa X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no A=plain:alex S=3921 id=084366706732$vl0t3a7w$y0a6a583$@Oletha-PC T="" from <[email protected]> for [email protected]
2018-03-10 10:03:40 1euaPj-0001WG-Dw => [email protected] F=<[email protected]> R=transip_email T=auth_relay S=4840 H=vps.transip.email [149.210.149.126] X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=yes A=auth_login C="250 2.0.0 Ok: queued as 3zyywC74kYz1gwjc"
etc and it goes on
the transip things is the spf service of the isp mail.opelmanta.be should be the incoming server and smtp.opelmanta.be should be the outgoing its not an open relay normaly
i don't know what to do next
this is my csf config:
http://www.opelmanta.be/csfconfig
and
http://www.opelmanta.be/eximconfig
even if i did the dkim thing and all the protection on my own smtp i had even more spam
i use port 587 for outgoing mails
i thought port 25 should be more locked with my csf config
i still can do
[root@gsi public_html]# telnet directadmin.com 25
Trying 216.144.255.179...
Connected to directadmin.com.
Escape character is '^]'.
220 jbmc-software.com ESMTP Exim 4.90_1 Sat, 10 Mar 2018 04:14:03 -0700
if anyone has an idea for me please support me i'm looking for solutions for more than 3 weeks now
thanks alex