HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (
-   Installation/Configuration (
-   -   Possible spam source (

Cass-hacks 25th March 2013 18:00

Possible spam source
My problem is this, I'm getting tons of bounces for spam that weren't legitimately sent from any account on my Ispconfig3 installation.

The contents of the bounce messages contain the spam the bouncing server received.

The first received header of the attached spam contains a source from an apparent zombie-bot but it also says (Authenticated Sender : [VALID_ACCOUNT])

The subsequent received headers list my server.

The spam all contain an email with multiple CC addresses, which I am getting the bounces from.

Is my server receiving the spam and through normal authentication somehow and then sending it to all the CC'd addresses?

The password on the account has been changed numerous times but to no affect.

How can I figure out what is going on?

Cass-hacks 25th March 2013 18:34

It does seem like the account is actually being used to CC the spam because when the email account is turned off, the bounce-flood stops.

Also, I've changed passwords on multiple types of systems on multiple computers so it is unlikely there is a back-door key logger involved.

And, this is just a normal Ispconfig3 installation so I can't figure out what I might have done wrong.

Any ideas?

Cass-hacks 25th March 2013 18:42

D'Oh! That was stupid of me.

It seems the spamming has stopped because I stopped getting bounce messages in Squirrelmail but since the account I am using is the account I turned off, OF COURSE I'm not going to see anything.

So ignore that part of the update and original post, the rest still stands though.

All times are GMT +2. The time now is 12:10.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.