Hi,
I've got 1 user that for some reason masses of spam is being sent through his username. The mail account isn't used, I've changed permissions and owners for it in an attempt to stop the spam going through.
I was using the default exim.conf and I've tried a variety of others and to no avail. If I test any DirectAdmin server via http://www.abuse.net/relay.html they all get the email that should not come through.
I've started running out of ideas, here's some info that may help:
2004-05-09 13:24:57 Received from [email protected] U=username P=local S=9175
2004-05-09 13:24:58 caprice377@www.customersdomain.com R=lookuphost defer (-1): remote host address is the local host
2004-05-09 13:24:59 [email protected] R=lookuphost T=remote_smtp: SMTP error from remote mailer after initial connection: host mailin-01.mx.aol.com [64.12.1$
** Then a thousand other lines of AOL users.
------ This is a copy of the message, including all the headers. ------
Return-path: <[email protected]>
Received: from username by host.name.com with local (Exim 4.24)
id 1BMYHb-00015v-Lb; Sun, 09 May 2004 06:18:51 +1000
To: michael696@www.customerdomain.com
From:
To: michael696@www.customerdomain.com
From: [email protected]
Content-Type: multipart/alternative; boundary=E3hCLnHuss0S
Subject: Your chance to get in on the bottom of an amazing company Sy656V
K6R /xiVzC ddG5yE RnJcHb weLJ Message-Id:
<[email protected]>
Date: Sun, 09 May 2004 06:18:51 +1000
--E3hCLnHuss0S
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
r7W kAJr0 O1 r KVme rE
7dTX3rm E7zofzEu hNrZyesx4BU gq2PQx1J G zCvi ktIUmgPdvyV9
suqhq8NlE6qi YOqlLJu1 6fE4PJ 5 ejCaIUzG dI
c7XP
44yug2Qp7NWFWQSxh2KX 35T
5j p0SuQW Z3
T X j KZLg9 9LWQpC EQjKDRoG4vyQKuE D5H2iO R x JUj1V UyQ5BRjKY co7Z1dR
uHhS QbV
c8C5
Xo
I Th yJDi s
--E3hCLnHuss0S
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
2004-05-09 13:25:00 Received from <> R=1BMevx-0000HC-VN U=mail P=local S=295509
2004-05-09 13:25:00 routing failed for [email protected]: Unrouteable address
*** Frozen (delivery error message)
1BMew0-0000HP-Bz-D
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
[email protected]
SMTP error from remote mailer after initial connection:
host mailin-04.mx.aol.com [205.188.156.57]: 554-(RLY:B1) The information presently available to AOL indicates this
554-server is generating high volumes of member complaints from AOL's
554-member base. Based on AOL's Unsolicited Bulk E-mail policy at
554-http://www.aol.com/info/bulkemail.html AOL may not accept further
554-e-mail transactions from this server or domain. For more information,
554 please visit http://postmaster.info.aol.com.
It goes on and on - Only 1GB worth of spam so far :-(
Changing things in exim.conf did stop them for a while and abuse.net tests did fail (fail - being the good thing), but soon after it was back to doing it again. I've also upgraded to Exim 4.32 - still the same.
It is only 1 account that is sending the spam out.
Any Ideas ????
Thanks.
I've got 1 user that for some reason masses of spam is being sent through his username. The mail account isn't used, I've changed permissions and owners for it in an attempt to stop the spam going through.
I was using the default exim.conf and I've tried a variety of others and to no avail. If I test any DirectAdmin server via http://www.abuse.net/relay.html they all get the email that should not come through.
I've started running out of ideas, here's some info that may help:
2004-05-09 13:24:57 Received from [email protected] U=username P=local S=9175
2004-05-09 13:24:58 caprice377@www.customersdomain.com R=lookuphost defer (-1): remote host address is the local host
2004-05-09 13:24:59 [email protected] R=lookuphost T=remote_smtp: SMTP error from remote mailer after initial connection: host mailin-01.mx.aol.com [64.12.1$
** Then a thousand other lines of AOL users.
------ This is a copy of the message, including all the headers. ------
Return-path: <[email protected]>
Received: from username by host.name.com with local (Exim 4.24)
id 1BMYHb-00015v-Lb; Sun, 09 May 2004 06:18:51 +1000
To: michael696@www.customerdomain.com
From:
To: michael696@www.customerdomain.com
From: [email protected]
Content-Type: multipart/alternative; boundary=E3hCLnHuss0S
Subject: Your chance to get in on the bottom of an amazing company Sy656V
K6R /xiVzC ddG5yE RnJcHb weLJ Message-Id:
<[email protected]>
Date: Sun, 09 May 2004 06:18:51 +1000
--E3hCLnHuss0S
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
r7W kAJr0 O1 r KVme rE
7dTX3rm E7zofzEu hNrZyesx4BU gq2PQx1J G zCvi ktIUmgPdvyV9
suqhq8NlE6qi YOqlLJu1 6fE4PJ 5 ejCaIUzG dI
c7XP
44yug2Qp7NWFWQSxh2KX 35T
5j p0SuQW Z3
T X j KZLg9 9LWQpC EQjKDRoG4vyQKuE D5H2iO R x JUj1V UyQ5BRjKY co7Z1dR
uHhS QbV
c8C5
Xo
I Th yJDi s
--E3hCLnHuss0S
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
2004-05-09 13:25:00 Received from <> R=1BMevx-0000HC-VN U=mail P=local S=295509
2004-05-09 13:25:00 routing failed for [email protected]: Unrouteable address
*** Frozen (delivery error message)
1BMew0-0000HP-Bz-D
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
[email protected]
SMTP error from remote mailer after initial connection:
host mailin-04.mx.aol.com [205.188.156.57]: 554-(RLY:B1) The information presently available to AOL indicates this
554-server is generating high volumes of member complaints from AOL's
554-member base. Based on AOL's Unsolicited Bulk E-mail policy at
554-http://www.aol.com/info/bulkemail.html AOL may not accept further
554-e-mail transactions from this server or domain. For more information,
554 please visit http://postmaster.info.aol.com.
It goes on and on - Only 1GB worth of spam so far :-(
Changing things in exim.conf did stop them for a while and abuse.net tests did fail (fail - being the good thing), but soon after it was back to doing it again. I've also upgraded to Exim 4.32 - still the same.
It is only 1 account that is sending the spam out.
Any Ideas ????
Thanks.
Last edited: