Spam mails in 'Mail queue administration'

Robbus

Robbus

Verified User
Joined
Jan 21, 2011
Messages
33
Hi,

For the second time in just a few weeks my server mail queue got flushed with emails which did not origin from my server. But apparantly are somehow linked to my server!?

What happened?
I see thousands of of entries in my Mail queue administration.
The thing is I didn't see any email address related to my server. None at all.
The only link to my server is the
- interface_address
line, where my server IP showed up.

What is this interface address means exactly, and why is my server accepting these emails and trying to send them out? Isn't that really strange?
Can anyone just use a random interface address? Where is this set?
How can I prevent his?

So many questions....maybe some of you have some answers or usefull links.

Thanks,

Rob



Email header
1PgDTb-0007YO-Mb-H
mail 8 12
<[email protected]>
1295602815 0
-helo_name User
-host_address 173.203.60.222.54629
-host_auth login
-interface_address MY.SERVER.IP.ADDRESS.587
-received_protocol esmtpa
-body_linecount 32
-max_received_linelength 103
-auth_id [email protected]
-host_lookup_failed
XX
50
(And here you see hundreds of email addresses where the email was addressed too.)
 
Already solved.

It was a user on my own server. But invisible....

He (or she) created a domain and user, send the spam and immediately deleted domain and user again. He is history now.
But now we saw it happen and realised it came from the inside....

Sorry to bother you...

BerrisHosting said:
Hi,

For the second time in just a few weeks my server mail queue got flushed with emails which did not origin from my server. But apparantly are somehow linked to my server!?

What happened?
I see thousands of of entries in my Mail queue administration.
The thing is I didn't see any email address related to my server. None at all.
The only link to my server is the
- interface_address
line, where my server IP showed up.

What is this interface address means exactly, and why is my server accepting these emails and trying to send them out? Isn't that really strange?
Can anyone just use a random interface address? Where is this set?
How can I prevent his?

So many questions....maybe some of you have some answers or usefull links.

Thanks,

Rob



Email header
1PgDTb-0007YO-Mb-H
mail 8 12
<[email protected]>
1295602815 0
-helo_name User
-host_address 173.203.60.222.54629
-host_auth login
-interface_address MY.SERVER.IP.ADDRESS.587
-received_protocol esmtpa
-body_linecount 32
-max_received_linelength 103
-auth_id [email protected]
-host_lookup_failed
XX
50
(And here you see hundreds of email addresses where the email was addressed too.)
Click to expand...
 
No bother at all. You've alerted all of us about a new spammer trick.

Jeff
 
You must log in or register to reply here.
Back
Top