Email - Spamer sending mail from my site?

Discussion in 'Installation/Configuration' started by rtrynor, Feb 26, 2011.

  1. rtrynor

    rtrynor New Member

    I recieved an email from Luxury@debian1.the-computerguy.biz That is my server but this email account is not on my system. The mail came to an email account on one of my other sites. Did I miss something in my setup so others are useing my email services? How can I stop this?

    It also seems that most of my spam and people giving post the links point to .ru sites. Is there any way to just block all the sites from another country like .ru?
     
    Last edited: Feb 26, 2011
  2. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

  3. rtrynor

    rtrynor New Member

    It looks like my server sent it because it said debian1.the-computerguy.biz and I naver as far as i can remember used the debian1. other then during setup. I am not on the blacklist. I may need to find a way to password all email sending. I know how to secure a windows server but I am still learning the linux side of web serving.
     
  4. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    Did you check the email headers to be sure?
     
  5. rtrynor

    rtrynor New Member

    Hmm, It does looked like someone faked it but I do not understand how they got the debian1. part. Here is my header. It looks like the ip was not mine.

    Return-Path: <lkuy@bpr.it>
    Delivered-To: info@maineonlinemall.com
    Received: from localhost (localhost.localdomain [127.0.0.1])
    by debian1.the-computerguy.biz (Postfix) with ESMTP id 57D13ADC0FA
    for <info@maineonlinemall.com>; Sat, 26 Feb 2011 10:05:49 -0500 (EST)
    X-Virus-Scanned: Debian amavisd-new at debian1.the-computerguy.biz
    X-Spam-Flag: YES
    X-Spam-Score: 13.623
    X-Spam-Level: *************
    X-Spam-Status: Yes, score=13.623 tagged_above=1 required=4.5
    tests=[HTML_MESSAGE=0.001, RDNS_NONE=0.1, URIBL_AB_SURBL=1.613,
    URIBL_BLACK=1.961, URIBL_JP_SURBL=2.857, URIBL_SBL=2.468,
    URIBL_SC_SURBL=2.523, URIBL_WS_SURBL=2.1]
    Received: from debian1.the-computerguy.biz ([127.0.0.1])
    by localhost (debian1.the-computerguy.biz [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id pDmANK9RIaqX for <info@maineonlinemall.com>;
    Sat, 26 Feb 2011 10:05:46 -0500 (EST)
    Received: from [178.122.49.51] (unknown [178.122.49.51])
    by debian1.the-computerguy.biz (Postfix) with ESMTP id 2C008ADC0F5
    for <info@maineonlinemall.com>; Sat, 26 Feb 2011 10:05:46 -0500 (EST)
    Received: from [132.104.123.62] (account lkuy@bpr.it HELO nozhktfps.htofosvpfbhase.ua)
    by (CommuniGate Pro SMTP 5.2.3)
    with ESMTPA id 132543730 for <info@maineonlinemall.com>; Sat, 26 Feb 2011 20:05:44 +0500
    Date: Sat, 26 Feb 2011 20:05:44 +0500
    From: Luxury@debian1.the-computerguy.biz,
    Watches_and_Handbags <lkuy@bpr.it>
    X-Mailer: The Bat! (v2.00.5) Business
    X-Priority: 3 (Normal)
    Message-ID: <6085981689.UDO49OFH800586@kmapjygsfe.bfblvu.org>
    To: <info@maineonlinemall.com>
    Subject: ***SPAM***Everything on our site is On sale this Week as we are
    consolidating and must get rid of it all FAST!
    MIME-Version: 1.0
    Content-Type: multipart/alternative;
    boundary="----------5424DEB1D1061FA"
     
  6. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    I think 132.104.123.62 is the host from which it was originally sent.
     
  7. rtrynor

    rtrynor New Member

    I was thinking the same think. I need to figure out how to block IPs I guess. New to linux sorry for being a little slow :)
    Thanks for the help
     
  8. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    That won't help you because the mails were sent through a different server.
     

Share This Page