sky
Verified User
- Joined
- Nov 12, 2004
- Messages
- 338
Hello
EDIT: exim version is 4.86.
I also have easy spam block and CSF installed and working.
I am having a problem finding out to stop this local mail spam relay.
I tested the server IP, and it is not a open relay.
The domain that is sending emails / or using it as a relay, does not even have email (mx) on this server. They use a exchange server.
So external email configuration.
The server is receiving all these emails that are being relayd to incorrect email account from account that do not exist.
The aco**** in question does not seam to be sending emails according to DA... perhaps a relay is not counted ?
Here is a sample of a header :
I suppose the emails content is not important.
Then, here is the log for that same email :
Then, i am also receing tones of emails with this sibject : Mail delivery failed: returning message to sender
Here is the header for that error return email :
and the content :
The emails i am receiving from CSF are wth this subject : lfd on server.goeticweb.com: RELAY Alert for 204.45.30.196 (US/United States/is.not.okay.to.strangled.net)
The question is : could someone help me out with understanding where the email originate from and why it's getting onto my server ?
Could it be a "maleware" on someone's computer that has say outlook configured with that domain (acr-regulation.com) ?
But because my server does not "serv" email for that domain ... i dont understand.
Any would be appreciated.
EDIT: exim version is 4.86.
I also have easy spam block and CSF installed and working.
I am having a problem finding out to stop this local mail spam relay.
I tested the server IP, and it is not a open relay.
The domain that is sending emails / or using it as a relay, does not even have email (mx) on this server. They use a exchange server.
So external email configuration.
The server is receiving all these emails that are being relayd to incorrect email account from account that do not exist.
The aco**** in question does not seam to be sending emails according to DA... perhaps a relay is not counted ?
Here is a sample of a header :
Code:
1a21v4-0000cV-L6-H
mail 8 12
<[email protected]>
1448564966 0
-helo_name www.acr-regulation.com
-host_address 204.45.30.196.55355
-interface_address 37.187.136.150.25
-active_hostname server.goeticweb.com
-received_protocol esmtp
-aclm _is_whitelisted 1
1
-body_linecount 78
-max_received_linelength 303
-host_lookup_failed
XX
1
[email protected]
231P Received: from [204.45.30.196] (helo=www.acr-regulation.com)
by server.goeticweb.com with esmtp (Exim 4.86)
(envelope-from <[email protected]>)
id 1a21v4-0000cV-L6
for [email protected]; Thu, 26 Nov 2015 20:09:27 +0100
049F From: "Vivo Empresas" <[email protected]>
065 Subject: 100 Minutos + 1 GB Internet + Aparelho Celular por ....
023T To: [email protected]
024 Content-Type: text/html
038 Date: Thu, 26 Nov 2015 17:03:03 -0300
I suppose the emails content is not important.
Then, here is the log for that same email :
Code:
2015-11-26 20:09:27 Received from [email protected] H=(www.acr-regulation.com) [204.45.30.196] P=esmtp S=3663 T="100 Minutos + 1 GB Internet + Aparelho Celular por ...."
2015-11-26 20:09:27 [email protected] <[email protected]> R=localuser T=local_delivery defer (-29): User 0 set for local_delivery transport is on the never_users list
Then, i am also receing tones of emails with this sibject : Mail delivery failed: returning message to sender
Here is the header for that error return email :
Code:
1a22hI-000170-QT-H
mail 8 12
<>
1448567956 0
-active_hostname server.goeticweb.com
-ident mail
-received_protocol local
-aclm _user 0
-aclm _uid 2
-1
-aclm _username 7
unknown
-body_linecount 115
-max_received_linelength 303
-allow_unqualified_recipient
-allow_unqualified_sender
-deliver_firsttime
-localerror
XX
1
[email protected]
154P Received: from mail by server.goeticweb.com with local (Exim 4.86)
id 1a22hI-000170-QT
for [email protected]; Thu, 26 Nov 2015 20:59:17 +0100
043 X-Failed-Recipients: [email protected]
029 Auto-Submitted: auto-replied
064F From: Mail Delivery System <[email protected]>
032T To: [email protected]
100 Content-Type: multipart/report; report-type=delivery-status; boundary=1448567956-eximdsn-1363980706
018 MIME-Version: 1.0
059 Subject: Mail delivery failed: returning message to sender
053I Message-Id: <[email protected]>
038 Date: Thu, 26 Nov 2015 20:59:16 +0100
and the content :
Code:
1a22hI-000170-QT-D
--1448567956-eximdsn-1363980706
Content-type: text/plain; charset=us-ascii
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
[email protected]
Unrouteable address
--1448567956-eximdsn-1363980706
Content-type: message/delivery-status
Reporting-MTA: dns; server.goeticweb.com
Action: failed
Final-Recipient: rfc822;[email protected]
Status: 5.0.0
--1448567956-eximdsn-1363980706
Content-type: message/rfc822
Return-path: <[email protected]>
Received: from [204.45.30.196] (helo=www.acr-regulation.com)
by server.goeticweb.com with esmtp (Exim 4.86)
(envelope-from <[email protected]>)
id 1a22hI-00016o-2B
for [email protected]; Thu, 26 Nov 2015 20:59:16 +0100
From: "Vivo Empresas" <[email protected]>
Subject: 100 Minutos + 1 GB Internet + Aparelho Celular por ....
To: [email protected]
Content-Type: text/html
Date: Thu, 26 Nov 2015 17:52:52 -0300
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
</head>
<body bgcolor="#ffffff" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" style="TEXT-ALIGN: center"></TABLE>
<table id="Tabela_01" width="748" height="956" border="0" cellpadding="0" cellspacing="0" align="center" >
<tr>
<td align="middle" style="PADDING-BOTTOM: 10px; PADDING-LEFT: 10px; PADDING-RIGHT: 10px; FONT-FAMILY: Verdana, Arial, Helvetica, sans-serif; COLOR: #777; FONT-SIZE: 9px; PADDING-TOP: 10px"
>
<div align="center">
<table border="0" width="690" cellspacing="0" cellpadding="0" bgcolor="#00a4ec">
<tr>
<td>
<p align="center"><font size="2"><br>
</font> <font style="FONT-SIZE: 10pt" face="Arial">Caso tenha problemas em visualizar essa mensagem, copie e<br>
cole esse link
direto no seu navegador: </font> <font color="#0000ff">
<b>
<font size="2" style="FONT-SIZE: 10pt" face="Arial">
<u>
<a href="http://contato.ms/6YN"><font color="#000000">ofertas-selecionadas.com/vivoempresas</font></a></u></font></b></font><br> </p>
</td>
</tr>
</table>
</div>
</td>
</tr>
<tr>
<td>
<a href="http://contato.ms/6YN">
<img src="http://staticsimagem.com/vivolb/01.jpg" alt="" border="0"></a></td>
</tr>
<tr>
<td>
<a href="http://contato.ms/6YN">
<img src="http://staticsimagem.com/vivolb/02.jpg" alt="" border="0"> </a></td><img src="http://8.26.21.109/visitante/[email protected]&visita=49&v=9" height="1" width="1" border="0"
>
</tr>
</table>
<table width="748" align="center" border="0" cellpadding="0" cellspacing="0">
<tr>
<td style="MARGIN: 11px">
<p style="MARGIN: 10px 5px 10px 10px; FONT-FAMILY: Verdana, Geneva, sans-serif; COLOR: #666; FONT-SIZE: 10px"
>*Funcionalidade disponivel para aparelhos compativeis, consulte disponibilidade.
Preencha o formulario atraves do site e receba o atendimento de um consultor autorizado Vivo Empresa em no maximo 24 horas. Consulte as condicoes dessa oferta junto ao consultor de vendas. Oferta valida para cliente pessoa jurÃ*dica. Verifique a disponibilidade da oferta e aparelhos para a sua regiao.
<br ></p>
</td>
</tr>
</table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="748">
<tr>
<td align="middle" style="PADDING-BOTTOM: 10px; PADDING-LEFT: 10px; PADDING-RIGHT: 10px; FONT-FAMILY: Verdana, Arial, Helvetica, sans-serif; COLOR: #777; FONT-SIZE: 9px; PADDING-TOP: 10px"
>
<div align="center">
<table border="0" width="694" cellspacing="0" cellpadding="0" bgcolor="#00a4ec">
<tr>
<td>
<p align="center"><font size="2"><br>
</font> <font style="FONT-SIZE: 10pt" face="Arial">Caso tenha problemas em visualizar essa mensagem, copie e<br>
cole esse link
direto no seu navegador: </font> <font color="#0000ff">
<b>
<font size="2" style="FONT-SIZE: 10pt" face="Arial">
<u>
<a href="http://contato.ms/6YN"><font color="#000000">ofertas-selecionadas.com/vivoempresas</font></a></u></font></b></font><br> </p>
</td>
</tr>
</table>
</div>
<p> </p>
<p>Nos respeitamos sua privacidade, segue
<a target="_blank" href="http://contato.ms/6YL">link</a> de
remocao automatica.</p> </td>
</tr>
</table>
<font size=1><p align=left>be9kz</p></font>
</body>
</html>
--1448567956-eximdsn-1363980706--
The emails i am receiving from CSF are wth this subject : lfd on server.goeticweb.com: RELAY Alert for 204.45.30.196 (US/United States/is.not.okay.to.strangled.net)
The question is : could someone help me out with understanding where the email originate from and why it's getting onto my server ?
Could it be a "maleware" on someone's computer that has say outlook configured with that domain (acr-regulation.com) ?
But because my server does not "serv" email for that domain ... i dont understand.
Any would be appreciated.
Last edited: