#1  
Old 25th March 2013, 18:00
Cass-hacks Cass-hacks is offline
Junior Member
 
Join Date: Mar 2013
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default Possible spam source

My problem is this, I'm getting tons of bounces for spam that weren't legitimately sent from any account on my Ispconfig3 installation.

The contents of the bounce messages contain the spam the bouncing server received.

The first received header of the attached spam contains a source from an apparent zombie-bot but it also says (Authenticated Sender : [VALID_ACCOUNT])

The subsequent received headers list my server.

The spam all contain an email with multiple CC addresses, which I am getting the bounces from.

Is my server receiving the spam and through normal authentication somehow and then sending it to all the CC'd addresses?

The password on the account has been changed numerous times but to no affect.

How can I figure out what is going on?
Reply With Quote
Sponsored Links
  #2  
Old 25th March 2013, 18:34
Cass-hacks Cass-hacks is offline
Junior Member
 
Join Date: Mar 2013
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default

[UPDATE]
It does seem like the account is actually being used to CC the spam because when the email account is turned off, the bounce-flood stops.

Also, I've changed passwords on multiple types of systems on multiple computers so it is unlikely there is a back-door key logger involved.

And, this is just a normal Ispconfig3 installation so I can't figure out what I might have done wrong.

Any ideas?
Reply With Quote
  #3  
Old 25th March 2013, 18:42
Cass-hacks Cass-hacks is offline
Junior Member
 
Join Date: Mar 2013
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

D'Oh! That was stupid of me.

It seems the spamming has stopped because I stopped getting bounce messages in Squirrelmail but since the account I am using is the account I turned off, OF COURSE I'm not going to see anything.

So ignore that part of the update and original post, the rest still stands though.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
HOWTO: Implement iptables blocking by Country drewb0y Tips/Tricks/Mods 16 5th October 2013 01:07
Spamfilter policy - question about spam actions prisfeo Installation/Configuration 4 2nd February 2010 17:17
Ubuntu 8.04 Spamsnake - all SA scores 0.00 Thomas_Powers HOWTO-Related Questions 23 24th June 2008 18:37
Dspam planet_fox General 6 20th January 2007 19:42
Upgrade from 2.2.0 to 2.2.1 successful but SSL and IMAP stopped working teleriddler Installation/Configuration 8 29th April 2006 15:25


All times are GMT +2. The time now is 17:56.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.