• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Server being used as Spam-Server?

C

Cepe

Guest
Hi,

since a few days now I get many emails with "Delivery Status Notification (Failure)" or "Mail delivery failed" and so - the sort of emails you get back, when you send emails to an non existing address.

Here is an example email:
Hi. This is the qmail-send program at members.cjhunter.com.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<[email protected]>:
Sorry, no mailbox here by that name. (#5.1.1)

--- Below this line is a copy of the message.

Return-Path: <[email protected]>
Received: (qmail 1650 invoked from network); 30 Apr 2008 21:05:56 -0000
Received: from unknown (HELO dsl-189-175-222-164.prod-infinitum.com.mx) (unknown)
by unknown with SMTP; 30 Apr 2008 21:05:56 -0000
Message-ID: <000601c8ab0e$02a58acd$72c37684@oghmqm>
From: "viarga cilais " <[email protected]>
To: <[email protected]>
Subject: 75% off for ofuthoreauezi
Date: Wed, 30 Apr 2008 20:19:38 +0000
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198

Hello, make a wise decision, purchase your drugs from the most reliable provider.
http://www.google.co.uk/pagead/iclk?sa=l&ai=ACQwec&num=98326&adurl=http://195.11.70.43/redir.html
Code #Q6kA
giuseppe endah
Click to expand...

I suspect someone is using my server to send spam.

SMTP authentication for relaying is set.

more /usr/local/psa/var/log/maillog | grep to=
more /usr/local/psa/var/log/maillog.bak | grep to=
does not contain any suspicious email adresses, only those I really sent emails to.

locate formmail.cgi, formmail.pl, FormMail.cgi, FormMail.pl does not return any results (in an other thread was said, that there was an exploit for these scripts).

I am using CentOS 5, Kernel version 2.6.18, and Plesk 8.3.
 
See if some one on your server is actually sending the spam, or using some one elses php form mail scripts to send email through your server.

http://kb.odin.com/en/1711

You can also make sure that relaying is disabled.
 
You must log in or register to reply here.

Similar threads

R
Issue Problem Delivering Emails to Outlook/Hotmail Inbox (Ends up in Spam)
Replies
1
Views
4K
mow
M
petrosvw
Resolved Receiving spam from localhost
Replies
4
Views
3K
petrosvw
petrosvw
U
Question spam not checked by spamassassin
Replies
6
Views
2K
UweO
U
V
Issue E-mail - User IP being verified in RBL
Replies
2
Views
1K
ViaHosting
V
K
Issue Emails marked as SPAM, hotmail & Gmail
Replies
0
Views
3K
Koen
K
Back
Top