Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 26th February 2011, 17:09
rtrynor rtrynor is offline
Member
 
Join Date: Nov 2010
Posts: 42
Thanks: 7
Thanked 1 Time in 1 Post
Default Email - Spamer sending mail from my site?

I recieved an email from Luxury@debian1.the-computerguy.biz That is my server but this email account is not on my system. The mail came to an email account on one of my other sites. Did I miss something in my setup so others are useing my email services? How can I stop this?

It also seems that most of my spam and people giving post the links point to .ru sites. Is there any way to just block all the sites from another country like .ru?

Last edited by rtrynor; 26th February 2011 at 17:17.
Reply With Quote
Sponsored Links
  #2  
Old 27th February 2011, 20:51
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

Did you check the email header to see if the maill really originated from your server?
Did you check if your server is blacklisted? http://www.mxtoolbox.com/blacklists.aspx

It is possible that spammers abuse a vulnerable web application, so I'd make sure these are all up to date.

This link might also be of interest: http://www.howtoforge.com/how-to-log...tect-form-spam
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 28th February 2011, 01:31
rtrynor rtrynor is offline
Member
 
Join Date: Nov 2010
Posts: 42
Thanks: 7
Thanked 1 Time in 1 Post
Default

It looks like my server sent it because it said debian1.the-computerguy.biz and I naver as far as i can remember used the debian1. other then during setup. I am not on the blacklist. I may need to find a way to password all email sending. I know how to secure a windows server but I am still learning the linux side of web serving.
Reply With Quote
  #4  
Old 28th February 2011, 15:04
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

Did you check the email headers to be sure?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 28th February 2011, 18:53
rtrynor rtrynor is offline
Member
 
Join Date: Nov 2010
Posts: 42
Thanks: 7
Thanked 1 Time in 1 Post
Default

Hmm, It does looked like someone faked it but I do not understand how they got the debian1. part. Here is my header. It looks like the ip was not mine.

Return-Path: <lkuy@bpr.it>
Delivered-To: info@maineonlinemall.com
Received: from localhost (localhost.localdomain [127.0.0.1])
by debian1.the-computerguy.biz (Postfix) with ESMTP id 57D13ADC0FA
for <info@maineonlinemall.com>; Sat, 26 Feb 2011 10:05:49 -0500 (EST)
X-Virus-Scanned: Debian amavisd-new at debian1.the-computerguy.biz
X-Spam-Flag: YES
X-Spam-Score: 13.623
X-Spam-Level: *************
X-Spam-Status: Yes, score=13.623 tagged_above=1 required=4.5
tests=[HTML_MESSAGE=0.001, RDNS_NONE=0.1, URIBL_AB_SURBL=1.613,
URIBL_BLACK=1.961, URIBL_JP_SURBL=2.857, URIBL_SBL=2.468,
URIBL_SC_SURBL=2.523, URIBL_WS_SURBL=2.1]
Received: from debian1.the-computerguy.biz ([127.0.0.1])
by localhost (debian1.the-computerguy.biz [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id pDmANK9RIaqX for <info@maineonlinemall.com>;
Sat, 26 Feb 2011 10:05:46 -0500 (EST)
Received: from [178.122.49.51] (unknown [178.122.49.51])
by debian1.the-computerguy.biz (Postfix) with ESMTP id 2C008ADC0F5
for <info@maineonlinemall.com>; Sat, 26 Feb 2011 10:05:46 -0500 (EST)
Received: from [132.104.123.62] (account lkuy@bpr.it HELO nozhktfps.htofosvpfbhase.ua)
by (CommuniGate Pro SMTP 5.2.3)
with ESMTPA id 132543730 for <info@maineonlinemall.com>; Sat, 26 Feb 2011 20:05:44 +0500
Date: Sat, 26 Feb 2011 20:05:44 +0500
From: Luxury@debian1.the-computerguy.biz,
Watches_and_Handbags <lkuy@bpr.it>
X-Mailer: The Bat! (v2.00.5) Business
X-Priority: 3 (Normal)
Message-ID: <6085981689.UDO49OFH800586@kmapjygsfe.bfblvu.org >
To: <info@maineonlinemall.com>
Subject: ***SPAM***Everything on our site is On sale this Week as we are
consolidating and must get rid of it all FAST!
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----------5424DEB1D1061FA"
Reply With Quote
  #6  
Old 1st March 2011, 16:21
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

Quote:
Received: from [132.104.123.62] (account lkuy@bpr.it HELO nozhktfps.htofosvpfbhase.ua)
by (CommuniGate Pro SMTP 5.2.3)
I think 132.104.123.62 is the host from which it was originally sent.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #7  
Old 1st March 2011, 16:28
rtrynor rtrynor is offline
Member
 
Join Date: Nov 2010
Posts: 42
Thanks: 7
Thanked 1 Time in 1 Post
Default

Quote:
Originally Posted by falko View Post
I think 132.104.123.62 is the host from which it was originally sent.
I was thinking the same think. I need to figure out how to block IPs I guess. New to linux sorry for being a little slow
Thanks for the help
Reply With Quote
  #8  
Old 2nd March 2011, 19:18
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
 
Default

Quote:
Originally Posted by rtrynor View Post
I need to figure out how to block IPs I guess.
That won't help you because the mails were sent through a different server.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
How cai remove amavis from postfix ? gabrix Server Operation 16 2nd October 2012 09:58
sneaking suspicion my postfix config has gone awry mjbarfoot Installation/Configuration 7 24th August 2010 12:23
dovecot: lda: Fatal: Unknown user dpicella Installation/Configuration 1 22nd August 2010 02:59
Postfix + postfixadmin = SMTP errors... Rashef Server Operation 4 25th June 2009 16:12
localhost postfix/master: fatal: bind 127.0.0.1 port 125: Permission denied g18c Installation/Configuration 4 24th March 2009 17:39


All times are GMT +2. The time now is 07:04.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.