Another Host Spam Problem

[fariborz]

Hello,
I read this thread, but i don't understand or i can't find any solution for stopping spam.
I have many domains on my server, but on of them is open for sending spam, why?
I removed the domain, and recreate with dkim, but problem not solved!
I removed DNS Zone, and after that i recreate manually dns zone like another domains, but...

this is my server info:

#PHP Settings
php1_release=5.3
php1_mode=suphp
php2_release=5.5
php2_mode=fastcgi
opcache=no
htscanner=no
php_ini=no
php_timezone=Europe/Berlin
php_ini_type=production
ioncube=yes
zend=no
suhosin=yes
x_mail_header=yes

#MySQL Settings
mysql=5.6
mysql_inst=no
mysql_backup=yes
mysql_backup_dir=/usr/local/directadmin/custombuild/mysql_backups
mysql_force_compile=no

#WEB Server Settings
webserver=nginx_apache
apache_ver=2.4
apache_mpm=auto
mod_ruid2=no
harden_symlinks_patch=yes
use_hostname_for_alias=auto
redirect_host=server.takdata.com
redirect_host_https=no

#WEB Applications Settings
phpmyadmin=yes
phpmyadmin_ver=4
squirrelmail=no
roundcube=yes

#ClamAV-related Settings
clamav=yes
clamav_exim=yes
proftpd_uploadscan=no
pureftpd_uploadscan=yes
suhosin_php_uploadscan=yes

#Mail Settings
exim=yes
eximconf=no
spamassassin=yes
dovecot=yes
pigeonhole=no

#FTP Settings
ftpd=pureftpd

#Statistics Settings
awstats=no
webalizer=yes

#CustomBuild Settings
custombuild=2.0
autover=no
bold=yes
clean=yes
cleanapache=yes
clean_old_tarballs=yes
clean_old_webapps=yes
downloadserver=files6.directadmin.com

#Cronjob Settings
cron=no
cron_frequency=weekly
[email protected]
notifications=yes
da_autoupdate=no
updates=no
webapps_updates=yes

#CloudLinux Settings
cloudlinux=no
cagefs=no

#Advanced Settings
autoconf=yes
automake=yes
libtool=yes
curl=yes
new_pcre=no

I was tested my domain in this website:

https://www.wormly.com/test_smtp_server

and i have access to sending spam with this domain. not with another of my hosted domains on the server.
how can i do?
I was config my server exim with dkim, but problem not resolved

May you help me please?
Thanks

 

[zEitEr]

Hello,

Please check this http://help.directadmin.com/item.php?id=21

To help you further we need more information, logs, etc. Or please hire somebody from us here to fix it for you.

 

[fariborz]

Not worked

Thanks, i've done, but its not working and my server is under spam
Why DA has so many bugs?
After working with cpanel for 10years...
I think i must to retransfer my websites to cpanel again...

 

[nobaloney]

Why DA has so many bugs?

What bugs? Someone is using your server to send spam? Why don't you give us any information we'd need to do anything besides guess?

How do you know your server is sending spam? What report did you get? From whom?

Will you post some of your /var/log/exim/mainlog, showing us entries of spam being sent through your server?

If not, then there are too many possible reasons, none of which have anything to do with the Control Panel.

For example, has someone managed to get a password for one of your email accounts?

Has someone managed to upload some kind of spam software on your software?

Has some site on your server been compromised and is being used to send spam?

With a snippet from your log files we can help you figure this out.

Jeff

 

[fariborz]

This problem is just for one of my domains, not any other.
Please help me.
After some processing of the /etc/virtual/usage/vistnailc.bytes file, it was found that the highest sender was [email protected], at 6 emails.

One of "E-Mail Headers"

1XgU18-0001Ia-FW-H
mail 8 12
<>
1413877086 0
-ident mail
-received_protocol local
-body_linecount 46
-max_received_linelength 111
-allow_unqualified_recipient
-allow_unqualified_sender
-frozen 1413877086
-localerror
XX
1
[email protected]

146P Received: from mail by server.takdata.com with local (Exim 4.84)
	id 1XgU18-0001Ia-FW
	for [email protected]; Tue, 21 Oct 2014 09:38:06 +0200
045  X-Failed-Recipients: [email protected]
029  Auto-Submitted: auto-replied
062F From: Mail Delivery System <[email protected]>
026T To: [email protected]
059  Subject: Mail delivery failed: returning message to sender
051I Message-Id: <[email protected]>
038  Date: Tue, 21 Oct 2014 09:38:06 +0200

E-Mail Body Chunk

1XgU18-0001Ia-FW-D
This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

  [email protected]
    SMTP error from remote mail server after RCPT TO:<[email protected]>:
    host mx.ig.com.br [177.153.26.10]: 550 5.7.1 <[email protected]>:
    Recipient address rejected: SPF MAIL FROM check failed

------ This is a copy of the message, including all the headers. ------

Return-path: <[email protected]>
Received: from [198.143.132.6] (helo=mail.vistanail.com)
	by server.takdata.com with smtp (Exim 4.84)
	(envelope-from <[email protected]>)
	id 1XgU0z-0001GB-4d
	for [email protected]; Tue, 21 Oct 2014 09:37:57 +0200
From: [email protected]
Subject: mail.vistanail.com:25
To: [email protected]
Date: Tue, 21 Oct 2014 02:37:46 -0500

Olá!

Já imaginou assistir em seu computador, notebook, etc... a inúmeros canais de televisão, inclusive os fechados?

Isso tudo usando apenas a Internet? E o melhor: Sem pagar assinatura Mensal!!!

Algumas vantagens:

- Com conexão banda larga, você pode assistir de qualquer computador;

- Não precisa instalar nenhum programa;

- Você assiste a canais de TV e Rádio do mundo todo;

- Filmes, Séries, Esportes, Jogos de Futebol que só passam na TV fechada, e muito mais!

http://www.tvonlinepc.com.br/af/17

Abraço,

Fabiana

2014-10-19 08:11:03 1Xfjhn-0000sF-71 failed to expand condition "${if and{{bool_lax{NULL}}{bool_lax{${perl{check_limits}}}}}}" for lookuphost router: You (vistnailc) have reached your daily email limit of 70 emails
 inside "and{...}" condition
2014-10-19 08:11:04 1Xfjhn-0000sF-71 ** [email protected] F=<[email protected]>: Unrouteable address
2014-10-19 08:11:04 cwd=/var/spool/exim 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1Xfjhn-0000sF-71
2014-10-19 08:11:04 1Xfjho-0000si-4j <= <> R=1Xfjhn-0000sF-71 U=mail P=local S=1894 T="Mail delivery failed: returning message to sender" from <> for [email protected]
2014-10-19 08:11:04 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1Xfjho-0000si-4j
2014-10-19 08:11:04 1Xfjho-0000si-4j ** [email protected] F=<> R=virtual_aliases:
2014-10-19 08:11:04 1Xfjho-0000si-4j Frozen (delivery error message)
2014-10-19 08:11:04 1Xfjhn-0000sF-71 Completed
2014-10-19 08:13:17 108.178.60.188 whitelisted in local domains whitelist
2014-10-19 08:13:17 108.178.60.188 whitelisted in local domains whitelist
2014-10-19 08:13:18 1Xfjjx-00012g-Ko <= [email protected] H=(mail.vistanail.com) [108.178.60.188] P=smtp S=1055 T="mail.vistanail.com:25" from <[email protected]> for [email protected]

My user under vistanail.com domain can't send email because of my limit and sending spam with another host.
Please help me
[email protected] its not exists. i have just "[email protected]" on this domain.

Regards,
Fariborz

 

[nobaloney]

Nothing in the piece of log you posted gives me anyuseful information. Except perhaps one thing.

Do you have the name of a local domain in any of your whitelists? If so, remove it. If you have local domains or senders in yor whitelists anyone using any return address with that domain can spam through your server.

Jeff