New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
help with mail server external spaming
hello guys.
am using a cpanel vps and it only host one website.
but the issue is that even after configuring the exim and tweaking some external user are still able to use my vps smtp to send bulk and spam.
this is really a big problem.
i have changed the vps in august to stop this issue only to resurface now.
i own anothet cpanel vps hosting more than 15website but it nevet had this issue.
Comments
any help or tips
Check your mailserver queue
i did that and maild are sending from users/sender not related to the domain on the vps.
like the vps domain is domain.com but the senders are from eg [email protected] and many more
Are you sure your server is not hacked?
i dont think it is.
password is alpha-numeric and symbol.
and i dont logon with any pc except mine.
Pro Tip: Don't configure your exim to be an open relay.
http://tuttujolly.blogspot.com/2013/07/how-to-stop-open-relay-of-exim-cpanel.html
Yes, when simulating SMTP conversation with server, does it allow sending message to non-local addresses without authentication?
If yes, it's an open relay, it should be fixed ASAP.
i will check that now
23.81.64.158: Relaying denied.
this is an example of the spam mail
Date:
Fri, 27 Sep 2013 00:58:11 +0600
From:
=?windows-1251?B?0cXNwNLO0A==?= upopyamun9657@tiscali.it
To:
shoko-212@shoko.ru
Subject:
=?windows-1251?B?zurt7iDPwtUg5+AgMzk0MCDw?=
Content-Type:
multipart/related;
type="multipart/alternative";
boundary="----=_NextPart_000_0EDB_01CEBB1C.A33DAE50"
Message-ID:
<A43D78B5D99A40D889BE26185E0A717E@frlb>
MIME-Version:
1.0
Received:
from [178.126.83.231] (port=57690 helo=Unknown)
by node.propertymartltd.com with esmtpa (Exim 4.80.1)
(envelope-from upopyamun9657@tiscali.it)
id 1VPGl0-00068x-Qb
for [email protected]; Thu, 26 Sep 2013 22:57:49 +0400
Reply-To:
=?windows-1251?B?0cXNwNLO0A==?= gahan1987@ngs.ru
X-Mailer:
Microsoft Windows Live Mail 16.4.3505.912
X-MimeOLE:
Produced By Microsoft MimeOLE V16.4.3505.912
X-MSMail-Priority:
Normal
X-Priority:
3
This is a multi-part message in MIME format.
------=_NextPart_000_0EDB_01CEBB1C.A33DAE50
Content-Type: multipart/alternative;
boundary="----=_NextPart_001_0EDC_01CEBB1C.A33DAE50"
------=_NextPart_001_0EDC_01CEBB1C.A33DAE50
Content-Type: text/plain;
charset="windows-1251"
Content-Transfer-Encoding: quoted-printable
=D3=C2=C0=C6=C0=C5=CC=DB=C5 =C4=C0=CC=DB =C8 =C3=CE=D1=CF=CE=C4=C0
=20
These are the headers of an email you received? (How else did you view these headers?) So the problem is incoming spam? Don't accept mail from servers with helo=Unknown.
best thing is setup the iptables to secure your install
i had the same issue in one of my installs sometime back
i did the iptables setup and it went on smooth
also try to change the root password after that
do it in a fresh install will be better and easier
If the problem is incoming spam, then
I would also add spam weight for absence of SPF/SendID/DKIM/DomainKey fields. That given, almost all spam I receive is correctly marked, with very few false positives (less than 0.01%)
this is for outgoing.mail
the server has only one site on it.
propertymartltd.com
but the header is
from:
?windows-1251?B?0cXNwNLO0A==?
= [email protected] To:
[email protected]
what is with the windows stuff.
this is the firsy time am seeing that
i have also set HELO not to receive from unknow.
@sleddog
i was able to view through whm >>mail queue and mail delivery.
i dont have such domain as
tiscali.it or shoko.ru in my vps.