Email - Spamer sending mail from my site?
 

I recieved an email from Luxury@debian1.the-computerguy.biz That is my server but this email account is not on my system. The mail came to an email account on one of my other sites. Did I miss something in my setup so others are useing my email services? How can I stop this?

It also seems that most of my spam and people giving post the links point to .ru sites. Is there any way to just block all the sites from another country like .ru?

Did you check the email header to see if the maill really originated from your server?
Did you check if your server is blacklisted? http://www.mxtoolbox.com/blacklists.aspx

It is possible that spammers abuse a vulnerable web application, so I'd make sure these are all up to date.

This link might also be of interest: http://www.howtoforge.com/how-to-log...tect-form-spam

It looks like my server sent it because it said debian1.the-computerguy.biz and I naver as far as i can remember used the debian1. other then during setup. I am not on the blacklist. I may need to find a way to password all email sending. I know how to secure a windows server but I am still learning the linux side of web serving.

Did you check the email headers to be sure?

Hmm, It does looked like someone faked it but I do not understand how they got the debian1. part. Here is my header. It looks like the ip was not mine.

Return-Path: <lkuy@bpr.it>
Delivered-To: info@maineonlinemall.com
Received: from localhost (localhost.localdomain [127.0.0.1])
by debian1.the-computerguy.biz (Postfix) with ESMTP id 57D13ADC0FA
for <info@maineonlinemall.com>; Sat, 26 Feb 2011 10:05:49 -0500 (EST)
X-Virus-Scanned: Debian amavisd-new at debian1.the-computerguy.biz
X-Spam-Flag: YES
X-Spam-Score: 13.623
X-Spam-Level: *************
X-Spam-Status: Yes, score=13.623 tagged_above=1 required=4.5
tests=[HTML_MESSAGE=0.001, RDNS_NONE=0.1, URIBL_AB_SURBL=1.613,
URIBL_BLACK=1.961, URIBL_JP_SURBL=2.857, URIBL_SBL=2.468,
URIBL_SC_SURBL=2.523, URIBL_WS_SURBL=2.1]
Received: from debian1.the-computerguy.biz ([127.0.0.1])
by localhost (debian1.the-computerguy.biz [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id pDmANK9RIaqX for <info@maineonlinemall.com>;
Sat, 26 Feb 2011 10:05:46 -0500 (EST)
Received: from [178.122.49.51] (unknown [178.122.49.51])
by debian1.the-computerguy.biz (Postfix) with ESMTP id 2C008ADC0F5
for <info@maineonlinemall.com>; Sat, 26 Feb 2011 10:05:46 -0500 (EST)
Received: from [132.104.123.62] (account lkuy@bpr.it HELO nozhktfps.htofosvpfbhase.ua)
by (CommuniGate Pro SMTP 5.2.3)
with ESMTPA id 132543730 for <info@maineonlinemall.com>; Sat, 26 Feb 2011 20:05:44 +0500
Date: Sat, 26 Feb 2011 20:05:44 +0500
From: Luxury@debian1.the-computerguy.biz,
Watches_and_Handbags <lkuy@bpr.it>
X-Mailer: The Bat! (v2.00.5) Business
X-Priority: 3 (Normal)
Message-ID: <6085981689.UDO49OFH800586@kmapjygsfe.bfblvu.org >
To: <info@maineonlinemall.com>
Subject: ***SPAM***Everything on our site is On sale this Week as we are
consolidating and must get rid of it all FAST!
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----------5424DEB1D1061FA"

I think 132.104.123.62 is the host from which it was originally sent.

I was thinking the same think. I need to figure out how to block IPs I guess. New to linux sorry for being a little slow :)
Thanks for the help

That won't help you because the mails were sent through a different server.