Sponsor:

Server and Web Integrator
Link:
Kloxo-MR logo
6.5.0 or 7.0.0
Click for "How to install"
Donation/Sponsorship:
Kloxo-MR is open-source.
Donate and or Sponsorship always welcome.
Click to:
Click Here
Please login or register. 2024-03-29, 07:34:48

Author Topic: My server is sending SPAM but source cannot be tracked !  (Read 15833 times)

0 Members and 1 Guest are viewing this topic.

Offline Spacedust

  • Super Grand Master
  • ****
  • Posts: 4,050
  • Karma: +1/-0
    • View Profile
Please see this:

Quote
X-HmXmrOriginalRecipient: charlesmccue@hotmail.com
x-store-info:4r51+eLowCe79NzwdU2kR3P+ctWZsO+J
Authentication-Results: hotmail.com; spf=none (sender IP is 78.46.85.x) smtp.mailfrom=elurleneqb@aclama.com; dkim=none header.d=aclama.com; x-hmca=none header.id=elurleneqb@aclama.com
X-SID-PRA: elurleneqb@aclama.com
X-AUTH-Result: NONE
X-SID-Result: NONE
X-Message-Status: n:n
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtHRD0yO1NDTD02
X-Message-Info: q7bX5s87Og//UscsqJoXfpcDjfC2euuvvMxWpOn/Va9dqVH2UjhCRDVwS94hUAdvhFNh0j45xVlzkcPd2prHkxN3Ou2Rt3oTy570TI/RgRjHtnolhq0dQEDJQ+9dMYojDw1JH+3WmCx+jlqmvVna4LXGfDvDqNgosxB66HG0j/spfGj0954HJUyWM7TeuURdjn6UOi64en+SItCByepAAtx8Ic0btb7j
Received: from mail.xxx.pl ([78.46.85.x]) by BAY004-MC4F44.hotmail.com with Microsoft SMTPSVC(7.5.7601.22751);
    Mon, 8 Dec 2014 05:26:28 -0800
From: Elizabeth <elurleneqb@aclama.com>
Subtrahend-Oxnard: fad6187daf
Netting-Establishment: c7ccdb356d8b
Content-Transfer-Encoding: 7bit
Message-ID: <BF13f7CA3f2.2C1598a46E8fa1dD53d626Bf7cBE@aclama.com>
MIME-Version: 1.0
Content-Type: text/html; charset=UTF-8
To: charlesmccue@hotmail.com
Date: Mon, 8 Dec 2014 14:26:28 +0000
Liters-Yankees-Authenticated: 5222
Subject: Aspect Charlesmccue
Return-Path: elurleneqb@aclama.com
X-OriginalArrivalTime: 08 Dec 2014 13:26:28.0393 (UTC) FILETIME=[928A5190:01D012EA]

Offline MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,807
  • Karma: +119/-11
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: My server is sending SPAM but source cannot be tracked !
« Reply #1 on: 2014-12-08, 10:34:26 »
Possible using phpmailer because this function possible 'header' customizing.
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,807
  • Karma: +119/-11
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: My server is sending SPAM but source cannot be tracked !
« Reply #2 on: 2014-12-08, 10:35:47 »
Is enable spamdyke?.
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline Spacedust

  • Super Grand Master
  • ****
  • Posts: 4,050
  • Karma: +1/-0
    • View Profile
Re: My server is sending SPAM but source cannot be tracked !
« Reply #3 on: 2014-12-08, 11:05:30 »
Yes. Spamdyke is enabled.

Another one !

Quote
X-HmXmrOriginalRecipient: helenzinha_lima13@hotmail.com
X-Reporter-IP: 186.233.255.89
X-Message-Guid: d56567eb-7ee0-11e4-94b6-d89d675ff29c
x-store-info:4r51+eLowCe79NzwdU2kR3P+ctWZsO+J
Authentication-Results: hotmail.com; spf=fail (sender IP is 78.46.85.x) smtp.mailfrom=hanyhasan@mail2world.com; dkim=none header.d=mail2world.com; x-hmca=fail header.id=hanyhasan@mail2world.com
X-SID-PRA: hanyhasan@mail2world.com
X-AUTH-Result: FAIL
X-SID-Result: FAIL
X-Message-Status: n:n
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtHRD0yO1NDTD02
X-Message-Info: q7bX5s87Og//UscsqJoXfo7N4O1rNuooOznDj8QMbwkS1c58rQH6mde6KaR0p/PA/TsZgKL5/rSz2eHL87oxAC0iA8Mknxz6hddIFcQLpenVFifbg68fLslk8oPe6dzDbvchv94euJwop5xrh0KRHmkDwG99K+xY7+VynySnWFC9+RNxkrYsONhw57fGirV0OwPGSRmjHdmWiG3ucG54xRK/Z8PXwdlf
Received: from mail.xxx.pl ([78.46.85.x]) by COL004-MC6F32.hotmail.com with Microsoft SMTPSVC(7.5.7601.22751);
    Mon, 8 Dec 2014 05:48:12 -0800
To: helenzinha_lima13@hotmail.com
Content-Type: text/html; charset=UTF-8
From: hanyhasan@mail2world.com
Towering-Thermodynamics-Apathy: 7621978A2
Conspires-Longstreet: 4B3D1537CEE
Content-Transfer-Encoding: 7bit
Date: Mon, 8 Dec 2014 14:48:12 +0000
Message-ID: <546dAaD6d.C1eFbCaeF8a8aF4E.F82Cef2D5EBB6ca6@mail2world.com>
Subject: Possesses Helenzinha Lima
MIME-Version: 1.0
Sidewise-Curs-Unesco: 8565
Return-Path: hanyhasan@mail2world.com
X-OriginalArrivalTime: 08 Dec 2014 13:48:12.0877 (UTC) FILETIME=[9C12C7D0:01D012ED]

Offline chrisf

  • Senior Master
  • **
  • Posts: 883
  • Karma: +11/-1
  • Gender: Male
  • Be the change that you wish to see in the world.
    • View Profile
    • Conviction's Hosting
Re: My server is sending SPAM but source cannot be tracked !
« Reply #4 on: 2014-12-08, 20:42:27 »
This is another reason we need to disable php ini sendmail path change for clients.
Christopher

Knowledge in: PHP, Perl, MySQL, Javascript, Actionscript, FLASH, HTML, CSS
Server Administrator / Developer: https://convictionshosting.com

Offline MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,807
  • Karma: +119/-11
  • Gender: Male
    • View Profile
    • MRatWork Forum
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline Spacedust

  • Super Grand Master
  • ****
  • Posts: 4,050
  • Karma: +1/-0
    • View Profile
Re: My server is sending SPAM but source cannot be tracked !
« Reply #6 on: 2014-12-09, 09:14:36 »
@Spacedust,

Read http://www.codero.com/knowledge-base/questions/290/How+to+find+the+source+of+unknown+mail+when+using+qmail

I have sendmail-limits already installed ! Nothing wrong is reported out there !

Example of report:

Quote
Dec  9 16:26:32 online send: 1418138792.102454 new msg 798125
Dec  9 16:26:32 online send: 1418138792.102478 info msg 798125: bytes 2044 from <anonymous@mail.xxx.pl> qp 25314 uid 48
Dec  9 16:26:32 online send: 1418138792.107146 starting delivery 2849: msg 798125 to remote stiomsch@yahoo.com
Dec  9 16:26:32 online send: 1418138792.107165 status: local 0/500 remote 2/200
Dec  9 16:26:32 online send: 1418138792.540848 delivery 2848: deferral: Connected_to_98.138.112.33_but_sender_was_rejected./Remote_host_said:_421_4.7.0_[TS01]_Messages_from_78.46.85.x_temporarily_deferred_due_to_user_complaints_-_4.16.55.1;_see_http://postmaster.yahoo.com/421-ts01.html/
Dec  9 16:26:32 online send: 1418138792.540868 status: local 0/500 remote 1/200
« Last Edit: 2014-12-09, 09:28:47 by Spacedust »

Offline Spacedust

  • Super Grand Master
  • ****
  • Posts: 4,050
  • Karma: +1/-0
    • View Profile
Re: My server is sending SPAM but source cannot be tracked !
« Reply #7 on: 2014-12-09, 09:39:56 »
Someone is trying to spoof localhost with some other server and trying to login as admin user.

Please see this:

Quote
Dec  9 16:36:09 online vpopmail[19312]: vchkpw-smtp: vpopmail user not found admin@:113.165.73.218

It has spoofed revDNS as localhost:

 
Quote
1. static.65.85.46.78.clients.your-server.de                                                               0.0%     2    0.7   2.7   0.7   4.7   2.8
 2. hos-tr4.juniper2.rz12.hetzner.de                                                                        0.0%     2   11.3   5.7   0.2  11.3   7.9
 3. core22.hetzner.de                                                                                       0.0%     2    0.2   0.2   0.2   0.2   0.0
 4. core11.hetzner.de                                                                                       0.0%     2    2.8   2.8   2.8   2.8   0.0
 5. juniper4.rz2.hetzner.de                                                                                 0.0%     2    2.8   2.8   2.8   2.8   0.0
 6. r1nue2.core.init7.net                                                                                   0.0%     2    3.0   3.0   3.0   3.0   0.0
 7. r1fra3.core.init7.net                                                                                   0.0%     2    5.9  11.7   5.9  17.6   8.2
 8. pni-pccw.fra3.init7.net                                                                                 0.0%     2    6.1   6.1   6.1   6.1   0.0
 9. ???
10. ???
11. ???
12. localhost                                                                                               0.0%     2  315.0 315.0 315.0 315.0   0.0
13. localhost                                                                                               0.0%     1  316.1 316.1 316.1 316.1   0.0
14. localhost                                                                                               0.0%     1  344.8 344.8 344.8 344.8   0.0


Offline Spacedust

  • Super Grand Master
  • ****
  • Posts: 4,050
  • Karma: +1/-0
    • View Profile
Re: My server is sending SPAM but source cannot be tracked !
« Reply #8 on: 2014-12-12, 06:33:39 »
Still not resolved !

We are now banned on yahoo, hotmail and comcast !

Offline MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,807
  • Karma: +119/-11
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: My server is sending SPAM but source cannot be tracked !
« Reply #9 on: 2014-12-12, 07:06:40 »
Update your qmail-toaster because the latest including report 'caller' of 'sendmail' (usually using by php mail()). Need cleanup/fixmail-all.
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline Spacedust

  • Super Grand Master
  • ****
  • Posts: 4,050
  • Karma: +1/-0
    • View Profile
Re: My server is sending SPAM but source cannot be tracked !
« Reply #10 on: 2014-12-12, 10:24:33 »
I've updated it and still nothing - yahoo and comcast unlocked us - hotmail is still banned.

Offline MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,807
  • Karma: +119/-11
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: My server is sending SPAM but source cannot be tracked !
« Reply #11 on: 2014-12-12, 10:45:34 »
latest qmail-toaster just add info 'caller' of 'php mail()' in maillog log file. It's not for prevent/protect purpose.
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline Spacedust

  • Super Grand Master
  • ****
  • Posts: 4,050
  • Karma: +1/-0
    • View Profile
Re: My server is sending SPAM but source cannot be tracked !
« Reply #12 on: 2014-12-12, 14:09:16 »
Got that domain finally ;) We will see how it works now.

Offline Spacedust

  • Super Grand Master
  • ****
  • Posts: 4,050
  • Karma: +1/-0
    • View Profile
Re: My server is sending SPAM but source cannot be tracked !
« Reply #13 on: 2014-12-14, 14:58:24 »
Still not resolved. Now we are banned on yahoo, hotmail, gmx, comcast etc.

It's not sendmail. It's something else !

Offline Spacedust

  • Super Grand Master
  • ****
  • Posts: 4,050
  • Karma: +1/-0
    • View Profile
Re: My server is sending SPAM but source cannot be tracked !
« Reply #14 on: 2014-12-14, 15:14:27 »
Please see how it looks like in hotmail:

 


Top 4 Global Search Engines:    Google    Bing    Baidu    Yahoo
Click Here

Page created in 0.086 seconds with 21 queries.

web stats analysis