Spam problems

S

selinux

New member
Joined
Oct 29, 2009
Messages
3
Hi All,

I'm currently having some spam problems. In the mail queue there are a lot of e-mail like this:

Headers:
Code: 
1N3TDo-00087g-R6-H
mail 8 12
<>
1256815876 0
-ident mail
-received_protocol local
-body_linecount 29
-allow_unqualified_recipient
-allow_unqualified_sender
-frozen 1256815877
-localerror
XX
1
[email protected]

151P Received: from mail by myserverhostname.com with local (Exim 4.67)
	id 1N3TDo-00087g-R6
	for [email protected]; Thu, 29 Oct 2009 12:31:16 +0100
038  X-Failed-Recipients: [email protected]
029  Auto-Submitted: auto-replied
063F From: Mail Delivery System <[email protected]>
030T To: [email protected]
059  Subject: Mail delivery failed: returning message to sender
052I Message-Id: <[email protected]>
038  Date: Thu, 29 Oct 2009 12:31:16 +0100

Body chunk:
Code: 
1N3TDo-00087g-R6-D
This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

  [email protected]
    all relevant MX records point to non-existent hosts

------ This is a copy of the message, including all the headers. ------

Return-path: <[email protected]>
Received: from [127.0.0.1] (helo=myserverhostname.com)
	by myserverhostname.com with smtp (Exim 4.67)
	(envelope-from <[email protected]>)
	id 1N3TDo-00087c-Nm
	for [email protected]; Thu, 29 Oct 2009 12:31:16 +0100
Date: Thu, 29 Oct 2009 12:22:14 +0100
From: <[email protected]>
Reply-To: <[email protected]>
X-Priority: 3
Message-ID: <[email protected]>
To: <[email protected]>
Subject: At fortyodd befell
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

They seek a southern lea
http://birniehuang0332.blogspot.com


My TMP folder is mounted as noexec, and php mailer patch is installed (but nog X-php-script is added to these spam mails).
I've lookin in the exim logs, but can't find the user which is sending spam/or has leaky scripts.

Anyone who can help me with this?
 
Is myserverhostname.com your domain name? Your real domain name? If not, then it's hard to help you.

Is the IP# 127.0.0.1 the real IP# that was in the message? If you've changed it, then nothing I can tell you would necesarily be correct.

Do you run the mailserver for charter.net? If not, then with the information you've sent it's impossible to tell why you got the email.

But it's probably something called backscatter spam, caused when someone forges your server. If so, then the final release of SpamBlocker 3 should resolve the problem; I'm trying to get it out as soon as possible.

Jeff
 
jlasman said:
Is myserverhostname.com your domain name? Your real domain name? If not, then it's hard to help you.

Is the IP# 127.0.0.1 the real IP# that was in the message? If you've changed it, then nothing I can tell you would necesarily be correct.

Do you run the mailserver for charter.net? If not, then with the information you've sent it's impossible to tell why you got the email.

But it's probably something called backscatter spam, caused when someone forges your server. If so, then the final release of SpamBlocker 3 should resolve the problem; I'm trying to get it out as soon as possible.

Jeff
Click to expand...


Hi, myserverhostname.com is not my server hostname (i don't want to have it public, but I can send it via PM). I've changed only the hostname, all other things aren't changed
So 127.0.0.1 is correct ;-)

I'm not running a mailserver for charter.net (every message has another domain in it)
 
Please see my original post. Without real information I can't test anything. I'm happy to offer help privately, through either PM, email, or telephone. In fact, that's my main business. NoBaloney Internet Services is a Third Party commercial support provider. If you're interested in buying commercial support from us, please contact me by email using the email address below, but be prepared to pay our normal commercial rate.

If you'd like free support from NoBaloney Internet Services, then I'm happy to do that, as time and resources permit, publicly, on these forums, but not unless the necessary information is made public on these forums. If you're running an Internet Server, then I presume you want people to find your site. If you need to post an email address you can create one for testing, and then remove it later.

If you don't want to pay me for commercial support, and you don't want to make your informatoin public, that's very understandable. Then consider that the problem is must likely one of backscatter and search for that on these forums, and keep watching these forums for my announcement of a version of SpamBlocker Technology exim.conf for DirectAdmin. Otherwise, hopefully someone else will respond here and offer to help you with a private correspondence other than on the forums.

Jeff
 
You must log in or register to reply here.
Back
Top