Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

Help with understanding spam mails generated from server
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Help with understanding spam mails generated from server

SaahibSaahib Host Rep, Veteran
in Help

Hi friends, there are some spam mails being generated from one of the server I look after. All passwords etc. have been changed but still mails are there.

This is one of the bounce mail from mail queue:
http://pastebin.com/Ti052s22

ubbdi.net is the name of the domain , [email protected] is the user which is trying to send this but there is no such user on server.

This one is another one in mail queue:
http://pastebin.com/ETaki4vx

Here domain is
uddsolutions.com

Since accounts have hourly mail limit, there is no visible issue, only issue is that client is not able to send mail.

Can anyone help me to understand both above mails like source, how they are generated and what kind of issue could be there..

Comments

  • namhuynamhuy Member

    I believe you can use sendmail to send out email generated by php script which from email does not matter.

  • SaahibSaahib Host Rep, Veteran

    @namhuy said:
    I believe you can use sendmail to send out email generated by php script which from email does not matter.

    Ya, true then generally header contains path to script which it generated.. I don't see any such here..

  • namhuynamhuy Member

    what mail server are you using?

  • namhuynamhuy Member

    it's possible to send mail from [email protected] which can be done with php.

    In your log I found http://awsholdings.com/wp-content/plugins/wp_sed/dating.php
    Is awsholdings.com yours?

  • SaahibSaahib Host Rep, Veteran
    edited April 2014

    @namhuy said:
    it's possible to send mail from [email protected] which can be done with php.

    In your log I found http://awsholdings.com/wp-content/plugins/wp_sed/dating.php
    Is awsholdings.com yours?

    Nope...

    @namhuy said:
    what mail server are you using?

    Its standard cpanel setup, using exim MTA

  • nunimnunim Member

    @Saahib said:
    Ya, true then generally header contains path to script which it generated.. I don't see any such here..

    Not always, this is an option in the mail server configuration. Is this a cPanel server?

    You've likely got a PHP shell/mailer uploaded somewhere that is sending out mails.

  • SaahibSaahib Host Rep, Veteran

    @nunim said:
    Is this a cPanel server?

    Yes.

  • seaeagleseaeagle Member

    i dont think the email is coming from your server - you are getting the bouncebacks because of the reply to address.

  • sleddogsleddog Member

    seaeagle said: i dont think the email is coming from your server

    I think you're right.

    Received: from [132.224.113.105] (port=40140 helo=[192.168.5.07]) by 80.14.243.44

    From that, it looks like the message originated on a LAN computer at Boeing :)

  • SaahibSaahib Host Rep, Veteran

    @seaeagle said:
    i dont think the email is coming from your server - you are getting the bouncebacks because of the reply to address.

    First one is indeed a bounced mail however, what about second one, it is clearly stating that "account has reached hourly limit" of sending mail.. and yes those are limits set on that domain.

    So, rather its confusing for me.

  • wychwych Member

    @Saahib said:

    is that not your if over x% of mails fail then limit account causing a throttle due to bouncebacks?

  • seaeagleseaeagle Member

    @Saahib im not familiar with that error message or setting
    none of your IP addresses are listed in the headers so I think someone else is sending email as you are you are coping large numbers of bouncebacks.
    there is no defense against this.

Sign In or Register to comment.