Possible spam source

Discussion in 'Installation/Configuration' started by Cass-hacks, Mar 25, 2013.

  1. Cass-hacks

    Cass-hacks New Member

    My problem is this, I'm getting tons of bounces for spam that weren't legitimately sent from any account on my Ispconfig3 installation.

    The contents of the bounce messages contain the spam the bouncing server received.

    The first received header of the attached spam contains a source from an apparent zombie-bot but it also says (Authenticated Sender : [VALID_ACCOUNT])

    The subsequent received headers list my server.

    The spam all contain an email with multiple CC addresses, which I am getting the bounces from.

    Is my server receiving the spam and through normal authentication somehow and then sending it to all the CC'd addresses?

    The password on the account has been changed numerous times but to no affect.

    How can I figure out what is going on?
  2. Cass-hacks

    Cass-hacks New Member

    It does seem like the account is actually being used to CC the spam because when the email account is turned off, the bounce-flood stops.

    Also, I've changed passwords on multiple types of systems on multiple computers so it is unlikely there is a back-door key logger involved.

    And, this is just a normal Ispconfig3 installation so I can't figure out what I might have done wrong.

    Any ideas?
  3. Cass-hacks

    Cass-hacks New Member

    D'Oh! That was stupid of me.

    It seems the spamming has stopped because I stopped getting bounce messages in Squirrelmail but since the account I am using is the account I turned off, OF COURSE I'm not going to see anything.

    So ignore that part of the update and original post, the rest still stands though.

Share This Page