Today I started getting pounded with emails that I thought at first were spam. Some of them I'm sure are, but others may not be. They look like they are being sent from my server and my mail queue on the server has a ton of emails frozen that are going to recipients I don't even know. I contacted the host of the server and they said everything is running fine, but I get the feeling he didn't really check. Here is a header from one of the returned emails I got.
Hi. This is the qmail-send program at webserver2.g4.net.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.
<[email protected]>:
This address no longer accepts mail.
--- Below this line is a copy of the message.
Return-Path: <[email protected]>
Received: (qmail 47585 invoked from network); 1 Mar 2007 00:15:42 -0000
Received: from unknown (HELO surgemail.g4.net) (216.177.0.60)
by test.cav.org with SMTP; 1 Mar 2007 00:15:42 -0000
Received-SPF: neutral (Last token {?all} (res=NEUTRAL)) client-ip=87.116.176.2; envelope-from=<[email protected]>; x-ip-name=cable-87-116-176-2.dynamic.sbb.co.yu;
X-Default-Received-SPF: fail (Last token {-all} (res=FAIL)) client-ip=87.116.176.2; envelope-from=<[email protected]>; x-ip-name=cable-87-116-176-2.dynamic.sbb.co.yu;
Received: from cable-87-116-176-2.dynamic.sbb.co.yu (unverified [87.116.176.2])
by g4.net (SurgeMail 3.8f3) with ESMTP id 33986323-1861873
for <[email protected]>; Tue, 27 Feb 2007 19:23:57 -0500
Return-Path: <[email protected]>
X-Verify-SMTP: Host 87.116.176.2 sending to us was not listening
Received: from ([104.109.143.189]:4779 "EHLO "
smtp-auth: <none> TLS-CIPHER: <none> TLS-PEER-CN1: <none>)
by with ESMTP id S22KWIIBIFEWCSXX (ORCPT
<rfc822;tjeffbagwell%[email protected]>);
Wed, 28 Feb 2007 01:23:58 +0100
Message-ID: <001001c75ace$af92e130$00000000@user924a2c5187>
From: "Phothai Meahan" <[email protected]>
To: [email protected]
Subject: Spam:********, thriller costarring Kevin Bacon
Date: Wed, 28 Feb 2007 01:23:35 +0100
MIME-Version: 1.0
Content-Type: multipart/related;
type="multipart/alternative";
boundary="----=_NextPart_000_000C_01C75AD7.11574930"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-SpamDetect: ********: 8.600000 SPF Neutral=1.5,ImageSize=4.0,SPF Default Fail=2.5,X-Verify-SMTP present=0.6
X-IP-stats: No info recorded yet ip=87.116.176.2
X-Originating-IP: 87.116.176.2
------=_NextPart_000_000C_01C75AD7.11574930
Content-Type: multipart/alternative;
boundary="----=_NextPart_001_000D_01C75AD7.11574930"
jeffrust.com is my domain but the only email I ever use from is it jeff AT jeffrust.com and I am the only user so I have no idea who PhothaiMeahan is.
Is there an easy way to see if someone has hacked into my server and is sending out spam through it?
thanks in advance for any help.
Jeff
Hi. This is the qmail-send program at webserver2.g4.net.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.
<[email protected]>:
This address no longer accepts mail.
--- Below this line is a copy of the message.
Return-Path: <[email protected]>
Received: (qmail 47585 invoked from network); 1 Mar 2007 00:15:42 -0000
Received: from unknown (HELO surgemail.g4.net) (216.177.0.60)
by test.cav.org with SMTP; 1 Mar 2007 00:15:42 -0000
Received-SPF: neutral (Last token {?all} (res=NEUTRAL)) client-ip=87.116.176.2; envelope-from=<[email protected]>; x-ip-name=cable-87-116-176-2.dynamic.sbb.co.yu;
X-Default-Received-SPF: fail (Last token {-all} (res=FAIL)) client-ip=87.116.176.2; envelope-from=<[email protected]>; x-ip-name=cable-87-116-176-2.dynamic.sbb.co.yu;
Received: from cable-87-116-176-2.dynamic.sbb.co.yu (unverified [87.116.176.2])
by g4.net (SurgeMail 3.8f3) with ESMTP id 33986323-1861873
for <[email protected]>; Tue, 27 Feb 2007 19:23:57 -0500
Return-Path: <[email protected]>
X-Verify-SMTP: Host 87.116.176.2 sending to us was not listening
Received: from ([104.109.143.189]:4779 "EHLO "
smtp-auth: <none> TLS-CIPHER: <none> TLS-PEER-CN1: <none>)
by with ESMTP id S22KWIIBIFEWCSXX (ORCPT
<rfc822;tjeffbagwell%[email protected]>);
Wed, 28 Feb 2007 01:23:58 +0100
Message-ID: <001001c75ace$af92e130$00000000@user924a2c5187>
From: "Phothai Meahan" <[email protected]>
To: [email protected]
Subject: Spam:********, thriller costarring Kevin Bacon
Date: Wed, 28 Feb 2007 01:23:35 +0100
MIME-Version: 1.0
Content-Type: multipart/related;
type="multipart/alternative";
boundary="----=_NextPart_000_000C_01C75AD7.11574930"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-SpamDetect: ********: 8.600000 SPF Neutral=1.5,ImageSize=4.0,SPF Default Fail=2.5,X-Verify-SMTP present=0.6
X-IP-stats: No info recorded yet ip=87.116.176.2
X-Originating-IP: 87.116.176.2
------=_NextPart_000_000C_01C75AD7.11574930
Content-Type: multipart/alternative;
boundary="----=_NextPart_001_000D_01C75AD7.11574930"
jeffrust.com is my domain but the only email I ever use from is it jeff AT jeffrust.com and I am the only user so I have no idea who PhothaiMeahan is.
Is there an easy way to see if someone has hacked into my server and is sending out spam through it?
thanks in advance for any help.
Jeff
