Page 1 of 2 12 LastLast
Results 1 to 20 of 22

Thread: Spammers mail bouncing back to my server

  1. #1
    Join Date
    May 2005
    Posts
    45

    Spammers mail bouncing back to my server

    My server is getting pounded with thousands of emails per hour that are bounces from a spammer. The spammer is using bogus email addresses from 2 domains on the server in the spam they are sending out. The 2 domains are mine so I know it's not someone sending it out from my server.

    All of the bounces from their spam are returning to me. I actually created accounts for a couple of the email addresses they have been using and checked the headers in some of the emails. Looking at the IPs in the emails, they appear to be originating from all over the world.

    The spam message appears to be trying to pump up a California company's stock:

    Reynaldo's Mexican Foods (RYNL)

    Anyone have any ideas on what I can do about this? It's killing my server and I hate to see what my bandwidth costs are going to be.

    Thanks,
    David

  2. #2
    Join Date
    May 2004
    Location
    London, UK
    Posts
    334
    David have you checked that it's not a form being exploited on one of your websites?

    Rob
    Matrixx

  3. #3
    Join Date
    May 2005
    Posts
    45
    No, there is no form. The spammer is using bogus email account names from 2 domains on my server as fake sender email addresses for their spam. And all the other servers that are rejecting the mail are bounding it back to my server.

  4. #4
    Join Date
    Aug 2004
    Posts
    101
    If there are two specific addresses involved, set up an alias for each one to

    :fail:

    That way your server will refuse to accept the emails. AFAIK that is the method that will use the least resources on your server.
    Mike
    ... an impresssed DA user, slowly gaining experience over the years...

  5. #5
    Join Date
    Jun 2003
    Location
    California
    Posts
    26,122
    Mike is right; that's about all you can do.

    Now you can see why our SpamBlocker system refuses to accept known spam rather than accepting it and returning it later as mailscanners do. We don't want our DA boxes to be part of the problem.

    The recipients who are using a SpamBlocker type solution aren't sending the forged spam to you.

    According to rules of netiquette, any sever sending you back the returns is guilty of spamming and if you report them to SpamCop, they'll get blocked for spamming you. And rightfully so, since their servers should be smart enough to know you didn't send the email.

    What we often do is create a script to send these emails back to the postmaster at the sending domain, attached to a short email explaining that they're spamming us by presuming we sent the spam with the forged addresses, and that we're rightfully reporting the spam back to them, and that if it doesn't stop we'll have them added to both SpamCop and to Sorbs. SpamCop is relatively easy to get off of, but to get off Sorbs actually costs money.

    Of course you shouldn't do that unless you're a Sorbs authorized submitter who can add to their blocklists.

    Jeff
    +1 951 643-5345
    Third-Party DirectAdmin administration and support
    Dedicated Servers, Dedicated Reseller Accounts
    NoBaloney Internet Services div. Qnito Incorporated
    848 North Rainbow Blvd., Suite #3789
    Las Vegas, NV 89107-1103

  6. #6
    Join Date
    May 2005
    Posts
    45
    The spam bombardment continues.

    The spammer is using an endless variety of random dictionary words for the email addresses like:

    tankers@domain.com
    Lithuanian@domain.com
    wantonly@domain.com

    None of them are valid email addresses. I've even gone so far as to disable mail services on the 2 domains and from the DA CP set them to not handle mail from the domains, and to remove their mx records.

    Interestingly, I did some checking on the company whose stock is being promoted in the spam. Seems they have been mixed up in a similar scam using junk fax spam. I actually called the company and spoke with a guy there. He said they're not doing it, but they're not doing anything to find out who is and he didn't seem particularly bothered that it was happening.

  7. #7
    Join Date
    Feb 2005
    Posts
    294
    me too

    This message was created automatically by mail delivery software.

    A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:

    charieses329@aol.com
    Unrouteable address

    ------ This is a copy of the message, including all the headers. ------

    Return-path: <admin@servertweak.com>
    Received: from apache by reseller.servertweak.com with local (Exim 4.60)
    (envelope-from <admin@servertweak.com>)
    id 1EsZM6-0002Ti-J5; Fri, 30 Dec 2005 21:32:38 -0800
    To: ivan@servertweak.com
    Subject: into6404@servertweak.com
    MIME-Version: 1.0
    From: "into6404@servertweak.com" <mirrors
    Content-Type: text/plain; charset="us-ascii"
    MIME-Version: 1.0
    Content-Transfer-Encoding: 7bit
    Subject: tax return. lease contact us beforehand to let us
    Message-Id: <E1EsZM6-0002Ti-J5@reseller.servertweak.com>
    Date: Fri, 30 Dec 2005 21:32:38 -0800

    57f324094b487c167dd7320ba2b8f0b8
    .>
    Reply-To: "into6404@servertweak.com" <mirrors
    Content-Type: text/plain; charset="us-ascii"
    MIME-Version: 1.0
    Content-Transfer-Encoding: 7bit
    Subject: tax return. lease contact us beforehand to let us
    bcc: charieses329@aol.com

    57f324094b487c167dd7320ba2b8f0b8
    .>
    Content-type: text/plain; charset=iso-8859-1


    into6404@servertweak.com


    --
    No virus found in this incoming message.
    Checked by AVG Free Edition.
    Version: 7.1.371 / Virus Database: 267.14.8/215 - Release Date: 12/27/2005
    ServerTweak Networks, LLC ServerTweak.com
    ServerTweak.com: Premium Services, Powered by Customers.
    Fremont & Los Angeles Locations | RAID 10 Dedicated Servers | Colocation | IP Transit | 1/4 - Full Cab & Cages sales

  8. #8
    Join Date
    Feb 2005
    Posts
    294
    how can i stop this ?


    Originally posted by servertweak
    me too

    This message was created automatically by mail delivery software.

    A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:

    charieses329@aol.com
    Unrouteable address

    ------ This is a copy of the message, including all the headers. ------

    Return-path: <admin@servertweak.com>
    Received: from apache by reseller.servertweak.com with local (Exim 4.60)
    (envelope-from <admin@servertweak.com>)
    id 1EsZM6-0002Ti-J5; Fri, 30 Dec 2005 21:32:38 -0800
    To: ivan@servertweak.com
    Subject: into6404@servertweak.com
    MIME-Version: 1.0
    From: "into6404@servertweak.com" <mirrors
    Content-Type: text/plain; charset="us-ascii"
    MIME-Version: 1.0
    Content-Transfer-Encoding: 7bit
    Subject: tax return. lease contact us beforehand to let us
    Message-Id: <E1EsZM6-0002Ti-J5@reseller.servertweak.com>
    Date: Fri, 30 Dec 2005 21:32:38 -0800

    57f324094b487c167dd7320ba2b8f0b8
    .>
    Reply-To: "into6404@servertweak.com" <mirrors
    Content-Type: text/plain; charset="us-ascii"
    MIME-Version: 1.0
    Content-Transfer-Encoding: 7bit
    Subject: tax return. lease contact us beforehand to let us
    bcc: charieses329@aol.com

    57f324094b487c167dd7320ba2b8f0b8
    .>
    Content-type: text/plain; charset=iso-8859-1


    into6404@servertweak.com


    --
    No virus found in this incoming message.
    Checked by AVG Free Edition.
    Version: 7.1.371 / Virus Database: 267.14.8/215 - Release Date: 12/27/2005
    ServerTweak Networks, LLC ServerTweak.com
    ServerTweak.com: Premium Services, Powered by Customers.
    Fremont & Los Angeles Locations | RAID 10 Dedicated Servers | Colocation | IP Transit | 1/4 - Full Cab & Cages sales

  9. #9
    Join Date
    Oct 2005
    Posts
    63
    i'm receiving a lot of spam too, more than 200MB per Hour

  10. #10
    Join Date
    Jun 2003
    Location
    California
    Posts
    26,122
    First a reply to UpAllNight:

    You never posted all the headers from one of the spam emails, as did servertweak.

    Please do.

    And now a reply to servertweak:

    Your headers indicate that the spam is coming from a php program or form on your server; probably one owned by admin or oneinto6404@servertweak.com owned by a user named into6404.

    And now a reply to sspt:

    Me too responses generally don't get replies because they don't offer any clue as to why the problem may be occurring.

    If you can post the headers from the outgoing spam, that'll help us help you.

    Jeff
    +1 951 643-5345
    Third-Party DirectAdmin administration and support
    Dedicated Servers, Dedicated Reseller Accounts
    NoBaloney Internet Services div. Qnito Incorporated
    848 North Rainbow Blvd., Suite #3789
    Las Vegas, NV 89107-1103

  11. #11
    Join Date
    May 2005
    Posts
    45
    Hi Jeff,

    I'm assuming you meant headers from the original spam, not the headers from the mail server returning the bounced spam. Here are 2 headers from the original spam as included by the mail server bouncing them back to me. My domain that is being falsely used is flagart.com. The other domain of mine they are using is 247max.com.

    -------------- START 1 --------------
    Hi. This is the qmail-send program at secure.hummer6.net.
    I'm afraid I wasn't able to deliver your message to the following addresses.
    This is a permanent error; I've given up. Sorry it didn't work out.

    <dawson@lykeng.com>:
    This address no longer accepts mail.

    --- Below this line is a copy of the message.

    Return-Path: <aristocrats@flagart.com>
    Received: (qmail 14505 invoked from network); 29 Dec 2005 01:00:26 -0000
    Received: from unknown (HELO 201.240.246.224) (201.240.246.224)
    by hummer6.net with SMTP; 29 Dec 2005 01:00:26 -0000
    Received: from [192.168.40.200] (port=21786 helo=ktnckyiu)
    by 201.240.246.224 with esmtp
    id 1Erm1X-0002l8-Y5
    for dawson@lykeng.com; Wed, 28 Dec 2005 19:52:07 -0500
    Date: Wed, 28 Dec 2005 19:58:55 -0500
    From: <aristocrats@flagart.com>
    X-Mailer: The Bat! (v3.5) Professional
    X-Priority: 3 (Normal)
    Message-ID: <994620586.2005122819527@201.240.246.224>
    To: <dawson@lykeng.com>
    Subject: news report
    MIME-Version: 1.0
    Content-Type: multipart/related;
    boundary="=_373b352f7ba38ba5a57013defbbf3ea3"
    X-Spam: Not detected

    --=_373b352f7ba38ba5a57013defbbf3ea3
    Content-Type: text/html; charset="ISO-8859-1"
    Content-Transfer-Encoding: quoted-printable

    <img src=3Dcid:42ddbe071279dd3568b540320c38562a>

    --=_373b352f7ba38ba5a57013defbbf3ea3
    Content-Type: image/gif
    Content-Transfer-Encoding: base64
    Content-Disposition: inline; filename="hrav.gif"
    Content-ID: <42ddbe071279dd3568b540320c38562a>
    -------------- END 1 --------------


    -------------- START 2 --------------
    Hi. This is the qmail-send program at brick.suitage.jp.
    I'm afraid I wasn't able to deliver your message to the following addresses.
    This is a permanent error; I've given up. Sorry it didn't work out.

    <davidson@lcdb.com>:
    Sorry. Although I'm listed as a best-preference MX or A for that host,
    it isn't in my control/locals file, so I don't treat it as local. (#5.4.6)

    --- Below this line is a copy of the message.

    Return-Path: <aristocrats@flagart.com>
    Received: (qmail 25518 invoked from network); 29 Dec 2005 01:04:10 -0000
    Received: from unknown (HELO 201-248-56-68.genericrev.cantv.net) (201.248.56.68)
    by brick.suitage.jp with SMTP; 29 Dec 2005 01:04:10 -0000
    Received: from [192.168.40.200] (port=21780 helo=dqlkklj)
    by 201-248-56-68.genericrev.cantv.net with esmtp
    id 1Erm0a-0005th-B6
    for davidson@lcdb.com; Wed, 28 Dec 2005 13:51:08 -1100
    Date: Wed, 28 Dec 2005 21:04:02 -0400
    From: <aristocrats@flagart.com>
    X-Mailer: The Bat! (v3.5) Professional
    X-Priority: 3 (Normal)
    Message-ID: <799188762.2005122813518@201-248-56-68.genericrev.cantv.net>
    To: <davidson@lcdb.com>
    Subject: news report
    MIME-Version: 1.0
    Content-Type: multipart/related;
    boundary="=_94398f05b5256b1bf68306a1b2d85cfa"
    X-Spam: Not detected

    --=_94398f05b5256b1bf68306a1b2d85cfa
    Content-Type: text/html; charset="ISO-8859-1"
    Content-Transfer-Encoding: quoted-printable

    <img src=3Dcid:eab00e6f70825e05ef9ce353e3fa8f43>

    --=_94398f05b5256b1bf68306a1b2d85cfa
    Content-Type: image/gif
    Content-Transfer-Encoding: base64
    Content-Disposition: inline; filename="zyjqix.gif"
    Content-ID: <eab00e6f70825e05ef9ce353e3fa8f43>
    -------------- END 2 --------------
    Last edited by UpAllNight; 01-01-2006 at 09:10 PM.

  12. #12
    Join Date
    May 2005
    Posts
    45
    Still trying to find out why / how the spammers picked be for their spam barage which has gone on non-stop for well over a week now. Poking around in some of the server logs I found these:

    [root]# grep "66.199.162.235" secure.2
    Dec 19 17:12:11 lion xinetd[10623]: START: imap pid=23047 from=66.199.162.235
    Dec 19 17:12:11 lion xinetd[10623]: START: imap pid=23048 from=66.199.162.235
    Dec 19 17:12:13 lion xinetd[10623]: START: imap pid=23049 from=66.199.162.235
    Dec 19 17:12:13 lion xinetd[10623]: START: imap pid=23050 from=66.199.162.235
    Dec 19 17:12:13 lion xinetd[10623]: START: imap pid=23051 from=66.199.162.235
    Dec 19 17:12:13 lion xinetd[10623]: START: imap pid=23052 from=66.199.162.235
    Dec 19 17:12:13 lion xinetd[10623]: START: imap pid=23053 from=66.199.162.235
    Dec 19 17:12:13 lion xinetd[10623]: START: imap pid=23054 from=66.199.162.235
    Dec 19 17:12:13 lion xinetd[10623]: START: imap pid=23055 from=66.199.162.235
    Dec 19 17:12:13 lion xinetd[10623]: START: imap pid=23056 from=66.199.162.235
    Dec 19 17:12:16 lion xinetd[10623]: START: imap pid=23057 from=66.199.162.235
    Dec 19 17:12:16 lion xinetd[10623]: START: imap pid=23058 from=66.199.162.235
    Dec 19 17:12:16 lion xinetd[10623]: START: imap pid=23059 from=66.199.162.235
    Dec 19 17:12:16 lion xinetd[10623]: START: imap pid=23060 from=66.199.162.235
    Dec 19 17:12:16 lion xinetd[10623]: START: imap pid=23061 from=66.199.162.235
    Dec 19 17:12:16 lion xinetd[10623]: START: imap pid=23062 from=66.199.162.235
    Dec 19 17:12:17 lion xinetd[10623]: START: imap pid=23063 from=66.199.162.235
    Dec 19 17:12:17 lion xinetd[10623]: START: imap pid=23064 from=66.199.162.235
    Dec 19 17:12:17 lion xinetd[10623]: START: imap pid=23065 from=66.199.162.235
    Dec 19 17:12:17 lion xinetd[10623]: START: imap pid=23066 from=66.199.162.235
    Dec 19 17:12:17 lion xinetd[10623]: START: imap pid=23067 from=66.199.162.235
    Dec 19 17:12:18 lion xinetd[10623]: START: imap pid=23068 from=66.199.162.235
    Dec 19 17:12:18 lion xinetd[10623]: START: imap pid=23069 from=66.199.162.235
    Dec 19 17:12:18 lion xinetd[10623]: START: imap pid=23070 from=66.199.162.235
    Dec 19 17:12:18 lion xinetd[10623]: START: imap pid=23071 from=66.199.162.235
    Dec 19 17:12:18 lion xinetd[10623]: START: imap pid=23072 from=66.199.162.235



    [root]# grep "66.199.162.235" maillog.2
    Dec 19 17:12:13 lion imapd[23053]: imap service init from 66.199.162.235
    Dec 19 17:12:16 lion imapd[23047]: imap service init from 66.199.162.235
    Dec 19 17:12:16 lion imapd[23048]: imap service init from 66.199.162.235
    Dec 19 17:12:18 lion imapd[23049]: imap service init from 66.199.162.235
    Dec 19 17:12:18 lion imapd[23050]: imap service init from 66.199.162.235
    Dec 19 17:12:18 lion imapd[23051]: imap service init from 66.199.162.235
    Dec 19 17:12:18 lion imapd[23052]: imap service init from 66.199.162.235
    Dec 19 17:12:18 lion imapd[23055]: imap service init from 66.199.162.235
    Dec 19 17:12:18 lion imapd[23054]: imap service init from 66.199.162.235
    Dec 19 17:12:18 lion imapd[23053]: Null command before authentication host=[66.199.162.235]
    Dec 19 17:12:18 lion imapd[23053]: Null command before authentication host=[66.199.162.235]
    Dec 19 17:12:18 lion imapd[23053]: Command stream end of file, while reading line user=??? host=[66.199.162.235]
    Dec 19 17:12:18 lion imapd[23056]: imap service init from 66.199.162.235
    Dec 19 17:12:21 lion imapd[23057]: imap service init from 66.199.162.235
    Dec 19 17:12:21 lion imapd[23058]: imap service init from 66.199.162.235
    Dec 19 17:12:21 lion imapd[23059]: imap service init from 66.199.162.235
    Dec 19 17:12:21 lion imapd[23060]: imap service init from 66.199.162.235
    Dec 19 17:12:21 lion imapd[23061]: imap service init from 66.199.162.235
    Dec 19 17:12:22 lion imapd[23062]: imap service init from 66.199.162.235
    Dec 19 17:12:22 lion imapd[23047]: Null command before authentication host=[66.199.162.235]
    Dec 19 17:12:22 lion imapd[23048]: Null command before authentication host=[66.199.162.235]
    Dec 19 17:12:22 lion imapd[23063]: imap service init from 66.199.162.235
    Dec 19 17:12:22 lion imapd[23064]: imap service init from 66.199.162.235
    Dec 19 17:12:22 lion imapd[23065]: imap service init from 66.199.162.235
    Dec 19 17:12:22 lion imapd[23066]: imap service init from 66.199.162.235
    Dec 19 17:12:23 lion imapd[23067]: imap service init from 66.199.162.235
    Dec 19 17:12:23 lion imapd[23068]: imap service init from 66.199.162.235
    Dec 19 17:12:23 lion imapd[23069]: imap service init from 66.199.162.235
    Dec 19 17:12:23 lion imapd[23070]: imap service init from 66.199.162.235
    Dec 19 17:12:23 lion imapd[23049]: Null command before authentication host=[66.199.162.235]
    Dec 19 17:12:23 lion imapd[23071]: imap service init from 66.199.162.235
    Dec 19 17:12:23 lion imapd[23072]: imap service init from 66.199.162.235
    Dec 19 17:12:23 lion imapd[23050]: Null command before authentication host=[66.199.162.235]
    Dec 19 17:12:23 lion imapd[23051]: Null command before authentication host=[66.199.162.235]
    Dec 19 17:12:23 lion imapd[23054]: Null command before authentication host=[66.199.162.235]
    Dec 19 17:12:23 lion imapd[23052]: Null command before authentication host=[66.199.162.235]
    Dec 19 17:12:23 lion imapd[23055]: Null command before authentication host=[66.199.162.235]
    Dec 19 17:12:24 lion imapd[23056]: Null command before authentication host=[66.199.162.235]
    Dec 19 17:12:26 lion imapd[23059]: Null command before authentication host=[66.199.162.235]
    Dec 19 17:12:26 lion imapd[23057]: Null command before authentication host=[66.199.162.235]
    Dec 19 17:12:26 lion imapd[23058]: Null command before authentication host=[66.199.162.235]
    Dec 19 17:12:26 lion imapd[23060]: Null command before authentication host=[66.199.162.235]
    Dec 19 17:12:26 lion imapd[23061]: Null command before authentication host=[66.199.162.235]
    Dec 19 17:12:27 lion imapd[23062]: Null command before authentication host=[66.199.162.235]
    Dec 19 17:12:27 lion imapd[23063]: Null command before authentication host=[66.199.162.235]
    Dec 19 17:12:28 lion imapd[23064]: Null command before authentication host=[66.199.162.235]
    Dec 19 17:12:28 lion imapd[23066]: Null command before authentication host=[66.199.162.235]
    Dec 19 17:12:28 lion imapd[23065]: Null command before authentication host=[66.199.162.235]
    Dec 19 17:12:28 lion imapd[23067]: Null command before authentication host=[66.199.162.235]
    Dec 19 17:12:28 lion imapd[23068]: Null command before authentication host=[66.199.162.235]
    Dec 19 17:12:28 lion imapd[23069]: Null command before authentication host=[66.199.162.235]
    Dec 19 17:12:28 lion imapd[23072]: Null command before authentication host=[66.199.162.235]
    Dec 19 17:12:28 lion imapd[23070]: Null command before authentication host=[66.199.162.235]
    Dec 19 17:12:28 lion imapd[23071]: Null command before authentication host=[66.199.162.235]

    Can anyone elnlighten me as to what these entries are for? I know that logging into squirrelmail for domains on the site come on on 127.0.0.1. What else would these be coming from?

    Thanks,
    David

  13. #13
    Join Date
    Jun 2003
    Location
    California
    Posts
    26,122
    Responding to your first email, unless your server uses these IP#s:

    201.240.246.224
    201.248.56.68

    then the spam is not coming from you.

    And there's nothing you can do about it. What you can and should do is notify the postmaster at hummer6.net that he shouldn't be responding to you since your server didn't send the spam he's responding to. And that he should respond to the sender's server.

    Of course by default qmail can't do that, and most postmasters using it will have no idea how to patch it so it can.

    So then you can report hummer6.net to the RFC Ignorant group (you can google it) and they'll list him and it will become his problem. Of course it will remain your problem as well.

    Same for brick.suitage.jp; they also run qmail, and have the same problem.

    Just another reason not to use qmail .

    To answer your second email, perhaps these lines are caused by others trying to either legitimately or illegitimately trying to log into your imap server.

    Jeff
    +1 951 643-5345
    Third-Party DirectAdmin administration and support
    Dedicated Servers, Dedicated Reseller Accounts
    NoBaloney Internet Services div. Qnito Incorporated
    848 North Rainbow Blvd., Suite #3789
    Las Vegas, NV 89107-1103

  14. #14
    Join Date
    May 2005
    Posts
    45
    Hi Jeff,

    I really appreciate your help and expertise with this.

    No, they're not my IP#s. Unfortuanatly those and their domains are only 2 of literally thousands of domains that this has happened with. I shut down mail service on both of my domains so now I'm only seing my server rejecting all the mail that the spammers are trying to send through my box (If I'm reading the logs right).


    2006-01-02 18:01:06 H=mail3.smartmailservers.com [69.57.4.13] F=<> rejected RCPT <predominant@247max.com>: authentication required
    2006-01-02 18:01:06 H=mail3.smartmailservers.com [69.57.4.13] incomplete transaction (QUIT) from <>


    As for the imap, one of the sections is from the secure log. Is that indicating that they were able to access imap service on my box?


    Jan 2 11:36:58 lion xinetd[9670]: START: imap pid=8914 from=209.176.194.25
    Jan 2 11:36:58 lion xinetd[9670]: START: imap pid=8915 from=209.176.194.25
    Jan 2 11:36:58 lion xinetd[9670]: START: imap pid=8916 from=209.176.194.25


    I don't have any clients associated with the ip address show in the logs or the half dozen other ip#s with similar entries in my secure and exim mainlog.

    Thanks,
    David

  15. #15
    Join Date
    Oct 2005
    Posts
    12

    Same problem here.

    Hate to 'me too', but me too.

    I have a domain that I have had as a mail funnel for years, by bad luck, they are using this domain as jumping point for this crappy stock spam.

    I was :fail:'ing all mail returning to me, but it is truly extensive a library of usernames it is using. No chance to block or /dev/null them all.

    I went into DA's mail filter at http://www.<my domain>.net:2222/CMD_EMAIL_FILTER?domain=<domain>.net and was putting filters in like:

    Block e-mail containing this word: Mail delivery failed:
    Block e-mail containing this word: Returned mail:
    Block e-mail containing this word: Undeliverable mail:
    Block e-mail containing this word: Undelivered Mail Returned to Sender
    Block e-mail containing this word: Non delivery report: 5.1.1
    Block e-mail containing this word: Delivery Status Notification (Failure)
    Block e-mail containing this word: failure notice

    But that wasn't working at all. Why isn't that working?

    So I have Outlook filtering somewhat, but it's coming in fast & furious.

    Can anyone figure out how to make the above filtering work in DA? It would be the solution to those of us that use email domains as email funnels.

    Thanks,
    -WC-

  16. #16
    Join Date
    Jun 2003
    Location
    California
    Posts
    26,122
    I've never studied the DA mail filters but I know they do work under at least certain circumstances.

    I don't have any easy answers.

    Perhaps someone else will know why the filters are failing to filter.

    Jeff
    +1 951 643-5345
    Third-Party DirectAdmin administration and support
    Dedicated Servers, Dedicated Reseller Accounts
    NoBaloney Internet Services div. Qnito Incorporated
    848 North Rainbow Blvd., Suite #3789
    Las Vegas, NV 89107-1103

  17. #17
    Join Date
    Sep 2005
    Posts
    32
    Quote Originally Posted by WildCard View Post
    I went into DA's mail filter at http://www.<my domain>.net:2222/CMD_EMAIL_FILTER?domain=<domain>.net and was putting filters in like:

    Block e-mail containing this word: Mail delivery failed:
    Block e-mail containing this word: Returned mail:
    Block e-mail containing this word: Undeliverable mail:
    Block e-mail containing this word: Undelivered Mail Returned to Sender
    Block e-mail containing this word: Non delivery report: 5.1.1
    Block e-mail containing this word: Delivery Status Notification (Failure)
    Block e-mail containing this word: failure notice

    But that wasn't working at all. Why isn't that working?
    Without reading this topic, I've done the same thing just right now; also I'm experiencing the same troubles as you did. Did you find any solution for it? Maybe it has to do with Exim somewhere always trying to accept mail from mailer-daemons?

  18. #18
    Join Date
    Nov 2005
    Posts
    17
    Superdeboer im having the same problem atm. Dont know how to stop it :/

  19. #19
    Join Date
    Jan 2004
    Posts
    79
    At the moment the same problem is rising here. Hope someone has a solution for us

  20. #20
    Join Date
    Jan 2005
    Location
    Netherlands
    Posts
    230
    whe have now some serves that not accept mail of servers that hasn't reverse dns.
    60% of the spam and bounces are gone.

    (hmm, but some good mails are gone also)

Page 1 of 2 12 LastLast

Similar Threads

  1. Mail forwarders are bouncing but mail sent from server is working.
    By jim.thornton in forum System-Level Technical Discussion
    Replies: 2
    Last Post: 11-20-2012, 08:14 AM
  2. Spammers sending mail through server.
    By wdalessi in forum E-Mail
    Replies: 4
    Last Post: 08-06-2009, 04:05 PM
  3. mail bouncing instead of rejecting
    By Chrysalis in forum E-Mail
    Replies: 4
    Last Post: 05-16-2009, 09:38 PM
  4. Bouncing mail
    By webone in forum User-Level Difficulties
    Replies: 2
    Last Post: 04-05-2004, 11:46 PM
  5. Mail server bouncing emails
    By Mike Healan in forum Admin-Level Difficulties
    Replies: 10
    Last Post: 03-12-2004, 11:04 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •