Spamming coming from my domain hosted elsewhere

A

asmar

Verified User
Joined
Aug 29, 2005
Messages
99
Location
https://t.me/pump_upp
Hi all,

I will appreciate some help on this as it is driving me nuts.
I found that lots of spamming going out from a server with DA.
The emails appear to be from my email/domain which has nothing to do with the server (apart from been doing some administration for a friend). My emails are hosted with Google anyway.

Below you can find the headers of an email in case someone can help.
I've replaced my domain with mydomain.com and the servers IP with 192.168.0.1

Code: 
1cn27H-0007Qb-5O-H
mail 8 8
<[email protected]>
1489319811 0
-helo_name [192.168.8.100]
-host_address 154.118.17.217.52149
-interface_address 192.168.0.1.465
-active_hostname is-26285.mydomain.com
-received_protocol esmtps
-aclm _is_whitelisted 1
1
-body_linecount 40
-max_received_linelength 70
-host_lookup_failed
-tls_cipher TLSv1:DHE-RSA-AES256-SHA:256
-tls_ourcert -----BEGIN CERTIFICATE-----\nMIICkTCCAfoCCQDnigPX/7mAIDANBgkqhkiG9w0BAQUFADCBjDELMAkGA1UEBhMC\nVVMxFTATBgNVBAgTDFNvbWVwcm92aW5jZTERMA8GA1UEBxMIU29tZXRvd24xDTAL\nBgNVBAoTBG5vbmUxDTALBgNVBAsTBG5vbmUxEjAQBgNVBAMTCWxvY2FsaG9zdDEh\nMB8GCSqGSIb3DQEJARYSd2ViYXN0ZXJAbG9jYWxob3N0MB4XDTE0MTAwMjA0NTEy\nOFoXDTQyMDIxNjA0NTEyOFowgYwxCzAJBgNVBAYTAlVTMRUwEwYDVQQIEwxTb21l\ncHJvdmluY2UxETAPBgNVBAcTCFNvbWV0b3duMQ0wCwYDVQQKEwRub25lMQ0wCwYD\nVQQLEwRub25lMRIwEAYDVQQDEwlsb2NhbGhvc3QxITAfBgkqhkiG9w0BCQEWEndl\nYmFzdGVyQGxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAoTfO\nglyEpnC1vXacllq2qHMjejiy20lFcjqesFO0oEOtiVNDYkfwKABIOBo2zdoFQmpS\n2PAappdXZPZJtE7PofIEwMn/z4UXlas8pb3C3VGKLJtLNo0OeafLVAQX6Og7cXvj\nM2x0w9TPS5Qom+s00hQb2F+B2Hg3PKHrEI54up0CAwEAATANBgkqhkiG9w0BAQUF\nAAOBgQARWx5P02MX1FqjmSFsjDxx2sfUxf5T0/2gLTQXVOo6R0Ztuo++rx1kuuvh\nZ8F97Ep6Vhu7tb3vWB0e5V1au8rWZnA83jltaGks6WyRssoF/GcCxQdnSD/yMWPX\nlzrkObEO3/XN3Bx60P6JyqwJC/0XOYeml7N50ccAQCi8LbygBA==\n-----END CERTIFICATE-----\n
XX
1
[email protected]

249P Received: from [154.118.17.217] (helo=[192.168.8.100])
	by is-26285.mydomain.com with esmtps (TLSv1:DHE-RSA-AES256-SHA:256)
	(Exim 4.88)
	(envelope-from <[email protected]>)
	id 1cn27H-0007Qb-5O
	for [email protected]; Sun, 12 Mar 2017 11:56:51 +0000
047  Content-Type: text/plain; charset="iso-8859-1"
018  MIME-Version: 1.0
044  Content-Transfer-Encoding: quoted-printable
039  Content-Description: Mail message body
033  Subject: GOOD DAY BREAKING NEWS 
019T To: [email protected]
045F From: "Mr Mia Laurenge" <[email protected]>
038  Date: Sun, 12 Mar 2017 12:32:47 +0100
057R Reply-To: [email protected], [email protected]
 
I am guessing that you have whitelisted the domain, which is why it is allowed to come in without checking. You header shows:
-aclm _is_whitelisted 1
which should only get set if either the domain, host, host ip or sender were whitelisted. Your exim's mainlog should tell you exactly which one was whitelisted.
 
You must log in or register to reply here.
Back
Top