SurgeMail Archive: [SurgeMail List] Re: Spaming through my email server.

Subject:	[SurgeMail List] Re: Spaming through my email server.
From:	Surgemail Support
Date:	10-Aug-2015
On 8/10/2015 3:11 PM, surgemailHIDDEN@etwinsite.com wrote: > Someone is spamming using my mail server. > I have removed the domain region39.org and all the files within the setup. > I have checked my relay and spam setting many times and blocked relay from 127.0.0.1 Blocking relay through 127.0.0.1 is not really a solution, if the spammer has access to 127.0.0.1, then they are 'on the server' and blocking them won't work. The log line you need to find is the Received log entry, and then find on that log line the 'relay=xxxx' to find the user account or reason the message is being relayed, but if the message is from 127.0.0.1 then you need to find how they are sending email from that address, most likely they are using a web script in your web server, or a virus on the system. Or you maybe be looking at bounces in which case an examination of the queued messages should show this and then finding the reason for the bounces is the goal. tellmail showq Examining the headers of the spam messages may indicate which is the case. (A web script may be leaving a clear header/clue). A virus won't leave a clue. And bounces will be obviously bounces :-) ChrisP. > > Here is a sample of my log files. > 9 22:05:23.00 [789056] Sent 127.0.0.1 erikaHIDDEN@region39.org <seymourstephanie50@yahoo.com> 0 "Delivered to remote host 98.138.112.34 - 250 ok dirdel" > 9 22:05:24.00 [823556] Sent 127.0.0.1 meredithHIDDEN@region39.org <sutelavinny@yahoo.com> 0 "Delivered to remote host 98.138.112.34 - 250 ok dirdel" > 9 22:05:25.00 [789756] Sent 127.0.0.1 leslieHIDDEN@@region39.org <kandrbrown@yahoo.com> 0 "Delivered to remote host 63.250.192.46 used SSL - 250 ok dirdel" > 9 22:05:28.00 [804456] Later 127.0.0.1 lenaHIDDEN@@region39.org <erineef@aol.com> 0 "Open (64.12.88.132) Error 1sec (421 mtaig-mcd03.mx.aol.com Service unavailable - try again later)" > 9 22:05:32.00 [841356] Later 127.0.0.1 mabelHIDDEN@egion39.org <penguins8736@aim.com> 0 "Open (152.163.0.100) Error 0sec (421 mtaig-aaj01.mx.aol.com Service unavailable - try again later)" > 9 22:05:38.00 [833456] Later 127.0.0.1 aliceHIDDEN@er@region39.org <robbbude@aol.com> 0 "Open (64.12.91.195) Error 0sec (421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)" > 9 22:05:39.00 [792156] Sent 127.0.0.1 sherriHIDDEN@n@region39.org <mirobed@yahoo.com> 0 "Delivered to remote host 66.196.118.33 used SSL - 250 ok dirdel" > 9 22:05:39.00 [826356] Failed 127.0.0.1 violaHIDDEN@s@region39.org <quapan25@yahoo.com> 0 "Site yahoo.com (98.138.112.34) said after data sent: 554 delivery error: dd This user doesn't have a yahoo.com account (quapan25@yahoo.com) [0] - mta1273.mail.ne1.yahoo.com" > 9 22:05:39.00 [826356] Changed 127.0.0.1 violaHIDDEN@s@region39.org <quapan25@yahoo.com> 0 "[Site yahoo.com (98.138.112.34) said after data sent: 554 delivery error: dd This user doesn't have a yahoo.com account (quapan25@yahoo.com) [0] - mta1273.mail.ne1.yahoo.com] Not Bounced - Please see http://netwinsite.com/surgemail/help/bounce.htm" > 9 22:05:39.00 [826356] Failed 127.0.0.1 violaHIDDEN@s@region39.org <quapan25@yahoo.com> 0 "[Site yahoo.com (98.138.112.34) said after data sent: 554 delivery error: dd This user doesn't have a yahoo.com account (quapan25@yahoo.com) [0] - mta1273.mail.ne1.yahoo.com] Not Bounced - Please see http://netwinsite.com/surgemail/help/bounce.htm" > 9 22:05:39.00 [798956] Sent 127.0.0.1 andreaHIDDEN@t@region39.org <chaderic2002@yahoo.com> 0 "Delivered to remote host 66.196.118.33 - 250 ok dirdel" > 9 22:05:40.00 [788756] Sent 127.0.0.1 marieHIDDEN@man@region39.org <kelkape@yahoo.com> 0 "Delivered to remote host 66.196.118.33 - 250 ok dirdel" > 9 22:05:40.00 [797856] Later 127.0.0.1 dellaHIDDEN@@region39.org <jvilla99@aol.com> 0 "Open (64.12.88.132) Error 0sec (421 mtaig-mcb04.mx.aol.com Service unavailable - try again later)" > 9 22:05:41.00 [822956] Sent 127.0.0.1 priscillaHIDDEN@uez@region39.org <fenriquez2001@yahoo.com> 0 "Delivered to remote host 66.196.118.33 - 250 ok dirdel" > 9 22:05:41.00 [820256] Sent 127.0.0.1 bridgetHIDDEN@@region39.org <neil_kanth@yahoo.com> 0 "Delivered to remote host 66.196.118.33 - 250 ok dirdel" > 9 22:05:42.00 [822156] Sent 127.0.0.1 sueHIDDEN@s@region39.org <looney682@yahoo.com> 0 "Delivered to remote host 66.196.118.33 - 250 ok dirdel" > 9 22:05:42.00 [798256] Sent 127.0.0.1 vernaHIDDEN@@region39.org <colinsurffl@yahoo.com> 0 "Delivered to remote host 98.136.217.203 used SSL - 250 ok dirdel" > > Any Help, > Thanks

Last Message | Next Message


Search website: