Spammers sending mail through server.

[wdalessi]

Hello,

i am having a problem with some spambots sending mail through my server, and I am not able to stop it for some reason. I have tried everything th DirectAdmin (Spam Filters, Spamassasin)

I have loged into the server and edited the exim Blacklist_sender

Nothing stops these guys. They are relentless.

It always sends massive email to Brazil.

Here is a sample header. They are all the same basically except the end recieving email address is different on each one.

If anyone have an idea how to stop this I really appreciate your ideas!

(Sample Header Data)

--------------------------------------------------------------------------

1MYrSo-00073K-PY-H
root 0 0
<[email protected]>
1249520894 0
-ident root
-received_protocol local
-body_linecount 51
-auth_id root
-auth_sender [email protected]
-allow_unqualified_recipient
-allow_unqualified_sender
-local
XX
1
[email protected]

176P Received: from root by cp.dalessi.com with local (Exim 4.67)
(envelope-from <[email protected]>)
id 1MYrSo-00073K-PY
for [email protected]; Wed, 05 Aug 2009 18:08:14 -0700
024 content-type: text/html
041 Subject: Falhas em Nosso Banco de Dados.
031F From: [email protected]
021T To: [email protected]
047I Message-Id: <[email protected]>
038 Date: Wed, 05 Aug



Thank you in advance for your help!

Bill D.

 

[R1Lover]

how are they sending mail through your server? I just tested it and it's not open to relay?

 

[R1Lover]

your name servers are also open for recursive lookups as well. Another big no no.

 

[wdalessi]

recursive lookups

Hello,

Thanks for the information.

Can you tell me is that how you think they may be bypassing the system security, and how changes may be made to prevent them from doing it in the future.

 

[nobaloney]

The email appears to be originating on your server. Can you find log entries in the exim logfiles?

You may need to hire someone to log into your server and start looking.

Jeff