Current time: 12-24-2024, 12:49 PM Hello There, Guest! (LoginRegister)


Post Reply 
[ help needed! ] my server is sending spam
Author Message
Eminos Offline
Junior Member
*

Posts: 159
Joined: Jan 2007
Reputation: 0
Post: #1
[ help needed! ] my server is sending spam
Hi guys!

I'm having a major problem on my server (Debian Lenny, ispCP 1.0.3 default). I noticed that it was running really slow at times, and I checked the mail logs and found out a HUGE list of mails beeing sent.

I will try to show you some parts from the mail.log.

---

Code:
Apr 23 21:54:24 server1 postfix/smtp[9462]: connect to comcase.com[38.117.90.45]:25: Connection timed out
Apr 23 21:54:24 server1 postfix/smtp[9462]: 6C7BF1100802B: to=<rogeliopriojas@comcase.com>, relay=none, delay=246560, delays=246529/1/30/0, dsn=4.4.1, status=deferred (connect to comcase.com[38.117.90.45]:25: Connection timed out)
Apr 23 21:54:24 server1 postfix/smtp[9511]: connect to cerbernet.co.uk[216.8.179.23]:25: Connection timed out
Apr 23 21:54:24 server1 postfix/smtp[9511]: 67B613BA9AD2: to=<antony@cerbernet.co.uk>, relay=none, delay=197421, delays=197389/1.3/30/0, dsn=4.4.1, status=deferred (connect to cerbernet.co.uk[216.8.179.23]:25: Connection timed out)
Apr 23 21:54:24 server1 postfix/smtp[9451]: 65F951100846D: to=<gusandjoneitzel@dominionvalleycc.com>, relay=none, delay=139203, delays=139171/1.5/30/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=dominionvalleycc.com type=MX: Host not found, try again)
Apr 23 21:54:24 server1 postfix/smtp[9476]: connect to smtp.idmi.net[208.91.146.30]:25: Connection timed out
Apr 23 21:54:24 server1 postfix/smtp[9476]: 830D91100C9C4: to=<mfoleyjr@foleydistributing.com>, relay=none, delay=99131, delays=99100/0.15/32/0, dsn=4.4.1, status=deferred (connect to smtp.idmi.net[208.91.146.30]:25: Connection timed out)
Apr 23 21:54:24 server1 postfix/smtp[9517]: 1341411008010: to=<verna.linker@quinlanisd.net>, relay=none, delay=200576, delays=200544/7.5/24/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=quinlanisd.net type=MX: Host not found, try again)
Apr 23 21:54:30 server1 postfix/smtp[9471]: connect to sprintpcs.com[144.230.162.36]:25: Connection timed out
Apr 23 21:54:30 server1 postfix/smtp[9471]: 622C511008B50: to=<peter28@sprintpcs.com>, relay=none, delay=46369, delays=46332/7/30/0, dsn=4.4.1, status=deferred (connect to sprintpcs.com[144.230.162.36]:25: Connection timed out)
Apr 23 21:54:30 server1 postfix/smtp[9508]: connect to example.com[192.0.32.10]:25: Connection timed out
Apr 23 21:54:30 server1 postfix/smtp[9436]: connect to btopenworld.co.uk[213.121.143.193]:25: Connection timed out
Apr 23 21:54:30 server1 postfix/smtp[9529]: connect to sprintpcs.com[144.230.162.36]:25: Connection timed out
Apr 23 21:54:30 server1 postfix/smtp[9508]: 69E171100AF3A: to=<deepak@example.com>, relay=none, delay=100763, delays=100726/7/30/0, dsn=4.4.1, status=deferred (connect to example.com[192.0.32.10]:25: Connection timed out)
Apr 23 21:54:30 server1 postfix/smtp[9436]: 17F4F3BA94D6: to=<charliehardy@btopenworld.co.uk>, relay=none, delay=197480, delays=197443/7/30/0, dsn=4.4.1, status=deferred (connect to btopenworld.co.uk[213.121.143.193]:25: Connection timed out)
Apr 23 21:54:30 server1 postfix/smtp[9529]: 103B011008A53: to=<wwilliams845@sprintpcs.com>, relay=none, delay=98477, delays=98440/7/30/0, dsn=4.4.1, status=deferred (connect to sprintpcs.com[144.230.162.36]:25: Connection timed out)
Apr 23 21:54:30 server1 postfix/smtp[9467]: connect to arabia.com[82.98.86.178]:25: Connection timed out
Apr 23 21:54:30 server1 postfix/smtp[9467]: 1CE892D1103F: to=<gmela@arabia.com>, relay=none, delay=19271, delays=19234/7/30/0, dsn=4.4.1, status=deferred (connect to arabia.com[82.98.86.178]:25: Connection timed out)
Apr 23 21:54:30 server1 postfix/smtp[9526]: connect to dmhosting.g.ysm.yahoo.com[72.30.190.101]:25: Connection timed out
Apr 23 21:54:30 server1 postfix/smtp[9526]: 6FBBE3BA88F3: to=<bobmary@dmhosting.g.ysm.yahoo.com>, relay=none, delay=139440, delays=139403/7/30/0, dsn=4.4.1, status=deferred (connect to dmhosting.g.ysm.yahoo.com[72.30.190.101]:25: Connection timed out)
Apr 23 21:54:30 server1 postfix/smtp[9478]: connect to hpiug.org[82.98.86.172]:25: Connection timed out
Apr 23 21:54:30 server1 postfix/smtp[9478]: 6EF1811008918: to=<cmorrison@hpiug.org>, relay=none, delay=165499, delays=165462/7/30/0, dsn=4.4.1, status=deferred (connect to hpiug.org[82.98.86.172]:25: Connection timed out)
Apr 23 21:54:30 server1 postfix/smtp[9458]: connect to millikenpub.com[64.56.101.184]:25: Connection timed out
Apr 23 21:54:30 server1 postfix/smtp[9458]: 1FA4511008479: to=<meaves@millikenpub.com>, relay=none, delay=46504, delays=46467/7/30/0, dsn=4.4.1, status=deferred (connect to millikenpub.com[64.56.101.184]:25: Connection timed out)
Apr 23 21:54:30 server1 postfix/smtp[9455]: connect to blsfund.com[65.51.243.21]:25: Connection timed out

Code:
Apr 23 21:53:56 server1 postfix/qmgr[9432]: E25B611008ECC: to=<monbarry@yahoo.com>, relay=none, delay=137755, delays=137752/2.9/0/0, dsn=4.7.0, status=deferred (delivery temporarily suspended: host e.mx.mail.yahoo.com[67.195.168.230] refused to talk to me: 421 4.7.0 [TS01] Messages from 83.169.33.81 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html)
Apr 23 21:53:56 server1 postfix/qmgr[9432]: E928E110093C6: to=<mentos217@yahoo.com>, relay=none, delay=135785, delays=135782/2.9/0/0, dsn=4.7.0, status=deferred (delivery temporarily suspended: host e.mx.mail.yahoo.com[67.195.168.230] refused to talk to me: 421 4.7.0 [TS01] Messages from 83.169.33.81 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html)
Apr 23 21:53:56 server1 postfix/qmgr[9432]: E6FA211009704: to=<mia.blakey@yahoo.com>, relay=none, delay=133632, delays=133629/2.9/0/0, dsn=4.7.0, status=deferred (delivery temporarily suspended: host e.mx.mail.yahoo.com[67.195.168.230] refused to talk to me: 421 4.7.0 [TS01] Messages from 83.169.33.81 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html)
Apr 23 21:53:56 server1 postfix/qmgr[9432]: EF4E21100912E: to=<monicahrrck@yahoo.com>, relay=none, delay=137478, delays=137475/2.9/0/0, dsn=4.7.0, status=deferred (delivery temporarily suspended: host e.mx.mail.yahoo.com[67.195.168.230] refused to talk to me: 421 4.7.0 [TS01] Messages from 83.169.33.81 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html)
Apr 23 21:53:56 server1 postfix/qmgr[9432]: E5D721100A9AB: to=<richard_williams20022002@yahoo.com>, relay=none, delay=45839, delays=45837/2.9/0/0, dsn=4.7.0, status=deferred (delivery temporarily suspended: host e.mx.mail.yahoo.com[67.195.168.230] refused to talk to me: 421 4.7.0 [TS01] Messages from 83.169.33.81 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html)
Apr 23 21:53:56 server1 postfix/qmgr[9432]: EEEC111008ECF: to=<monbooty_19@yahoo.com>, relay=none, delay=137755, delays=137752/2.9/0/0, dsn=4.7.0, status=deferred (delivery temporarily suspended: host e.mx.mail.yahoo.com[67.195.168.230] refused to talk to me: 421 4.7.0 [TS01] Messages from 83.169.33.81 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html)
Apr 23 21:53:56 server1 postfix/qmgr[9432]: E3D3A110093F4: to=<mercedes_mercedesv@yahoo.com>, relay=none, delay=135776, delays=135773/2.9/0/0, dsn=4.7.0, status=deferred (delivery temporarily suspended: host e.mx.mail.yahoo.com[67.195.168.230] refused to talk to me: 421 4.7.0 [TS01] Messages from 83.169.33.81 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html)
Apr 23 21:53:56 server1 postfix/qmgr[9432]: ED03B11008513: to=<naomiannb@yahoo.com>, relay=none, delay=166211, delays=166208/2.9/0/0, dsn=4.7.0, status=deferred (delivery temporarily suspended: host e.mx.mail.yahoo.com[67.195.168.230] refused to talk to me: 421 4.7.0 [TS01] Messages from 83.169.33.81 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html)
Apr 23 21:53:56 server1 postfix/qmgr[9432]: EAC2511009574: to=<colebain@yahoo.com>, relay=none, delay=46009, delays=46006/2.9/0/0, dsn=4.7.0, status=deferred (delivery temporarily suspended: host e.mx.mail.yahoo.com[67.195.168.230] refused to talk to me: 421 4.7.0 [TS01] Messages from 83.169.33.81 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html)
Apr 23 21:53:56 server1 postfix/qmgr[9432]: EBBD311009D5D: to=<cmdyson07@yahoo.com>, relay=none, delay=133383, delays=133380/2.9/0/0, dsn=4.7.0, status=deferred (delivery temporarily suspended: host e.mx.mail.yahoo.com[67.195.168.230] refused to talk to me: 421 4.7.0 [TS01] Messages from 83.169.33.81 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html)
Apr 23 21:53:56 server1 postfix/qmgr[9432]: ED8EC11008E5C: to=<momto302@yahoo.com>, relay=none, delay=137779, delays=137776/2.9/0/0, dsn=4.7.0, status=deferred (delivery temporarily suspended: host e.mx.mail.yahoo.com[67.195.168.230] refused to talk to me: 421 4.7.0 [TS01] Messages from 83.169.33.81 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html)
Apr 23 21:53:56 server1 postfix/qmgr[9432]: E7E861100990C: to=<michelegogas@yahoo.com>, relay=none, delay=133558, delays=133555/2.9/0/0, dsn=4.7.0, status=deferred (delivery temporarily suspended: host e.mx.mail.yahoo.com[67.195.168.230] refused to talk to me: 421 4.7.0 [TS01] Messages from 83.169.33.81 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html)
Apr 23 21:53:56 server1 postfix/qmgr[9432]: E48FE110087D9: to=<darrianwalker@yahoo.com>, relay=none, delay=46374, delays=46371/2.9/0/0, dsn=4.7.0, status=deferred (delivery temporarily suspended: host e.mx.mail.yahoo.com[67.195.168.230] refused to talk to me: 421 4.7.0 [TS01] Messages from 83.169.33.81 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html)
Apr 23 21:53:56 server1 postfix/qmgr[9432]: EAFE01100A68E: to=<geraldpacesetter@yahoo.com>, relay=none, delay=103484, delays=103481/2.9/0/0, dsn=4.7.0, status=deferred (delivery temporarily suspended: host e.mx.mail.yahoo.com[67.195.168.230] refused to talk to me: 421 4.7.0 [TS01] Messages from 83.169.33.81 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html)
Apr 23 21:53:56 server1 postfix/qmgr[9432]: E2BEE110099FF: to=<michellerainey@yahoo.com>, relay=none, delay=133516, delays=133513/2.9/0/0, dsn=4.7.0, status=deferred (delivery temporarily suspended: host e.mx.mail.yahoo.com[67.195.168.230] refused to talk to me: 421 4.7.0 [TS01] Messages from 83.169.33.81 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html)

Code:
Apr 23 21:53:54 server1 postfix/qmgr[9432]: A35BE1100976A: from=<webmaster@cust-domain.com>, size=1248, nrcpt=1 (queue active)
Apr 23 21:53:54 server1 postfix/qmgr[9432]: A04A611009976: from=<webmaster@cust-domain.com>, size=1248, nrcpt=1 (queue active)
Apr 23 21:53:54 server1 postfix/qmgr[9432]: ABE7B11008E47: from=<webmaster@cust-domain.com>, size=1249, nrcpt=1 (queue active)
Apr 23 21:53:54 server1 postfix/qmgr[9432]: A7304110098AC: from=<webmaster@cust-domain.com>, size=1249, nrcpt=1 (queue active)
Apr 23 21:53:54 server1 postfix/qmgr[9432]: A46BC11009F2E: from=<webmaster@cust-domain.com>, size=1249, nrcpt=1 (queue active)
Apr 23 21:53:54 server1 postfix/qmgr[9432]: A457B11009163: from=<webmaster@cust-domain.com>, size=1257, nrcpt=1 (queue active)
Apr 23 21:53:54 server1 postfix/qmgr[9432]: A103F11009F4B: from=<webmaster@cust-domain.com>, size=1245, nrcpt=1 (queue active)
Apr 23 21:53:54 server1 postfix/qmgr[9432]: ABD7011008F21: from=<webmaster@cust-domain.com>, size=1252, nrcpt=1 (queue active)
Apr 23 21:53:54 server1 postfix/qmgr[9432]: ADFC211008D0A: from=<webmaster@cust-domain.com>, size=1249, nrcpt=1 (queue active)
Apr 23 21:53:54 server1 postfix/qmgr[9432]: AA6F511008658: from=<webmaster@cust-domain.com>, size=1246, nrcpt=1 (queue active)
Apr 23 21:53:54 server1 postfix/qmgr[9432]: A9832110093E1: from=<webmaster@cust-domain.com>, size=1244, nrcpt=1 (queue active)

I really don't know what is causing this.
Is it a hacked scripts?
Is it possible to send mail from my server without a smtp login/pass ?
HOW can I find what is causing this?
What domain-user / smtp-user ?

Very very grateful to who ever helps me and teaches me how to fix these kind of problems..

/E
04-24-2010 06:32 AM
Find all posts by this user Quote this message in a reply
Eminos Offline
Junior Member
*

Posts: 159
Joined: Jan 2007
Reputation: 0
Post: #2
RE: [ help needed! ] my server is sending spam
Anyone? Please Smile

As soon as I start postfix the mail logs start filling up with these lines.
I tried deleting all the mail accounts associated with the cust-domain.com, and also disabling the domain user in ispCP. It didn't help.

It would be great if I could find out WHAT login credentials it uses to connect to the smtp server, so I can disable that account. Is there any way to find out this? Or is it possible that it sends mail bypassing smtp?

/E
04-24-2010 10:21 AM
Find all posts by this user Quote this message in a reply
Eminos Offline
Junior Member
*

Posts: 159
Joined: Jan 2007
Reputation: 0
Post: #3
RE: [ help needed! ] my server is sending spam
Hi. I'm kinda answering my self right now as I find a "solution" for the problem.

I disabled the "mail" function in php.ini for my cust-domain.com. So it was a script sending all the spam. Would've been nice to know what script as well, but at least it's not hogging my server.

BUT, Now, suddenly, I have a problem with mail forwarding. I'll start a new thread.

/E
04-24-2010 03:44 PM
Find all posts by this user Quote this message in a reply
foxb Offline
Junior Member
*

Posts: 37
Joined: Mar 2010
Reputation: 0
Post: #4
RE: [ help needed! ] my server is sending spam
(04-24-2010 03:44 PM)Eminos Wrote:  Hi. I'm kinda answering my self right now as I find a "solution" for the problem.

I disabled the "mail" function in php.ini for my cust-domain.com. So it was a script sending all the spam. Would've been nice to know what script as well, but at least it's not hogging my server.

BUT, Now, suddenly, I have a problem with mail forwarding. I'll start a new thread.

/E

Probably your IP is blacklisted...

To find the script just grep for php mail function...
04-26-2010 08:09 AM
Find all posts by this user Quote this message in a reply
avispa987 Offline
Junior Member
*****
Dev Team

Posts: 70
Joined: Oct 2007
Reputation: 0
Post: #5
RE: [ help needed! ] my server is sending spam
You maybe need to set up some extra records. like SPF,or mx records.. you can do it here ..http://www.openspf.org/
by the way i recommend you to check if your IP its blacklisted, you run lucky that your email didn't directly falls into trash...

I hope i help in something
04-26-2010 08:18 AM
Find all posts by this user Quote this message in a reply
c0urier Offline
Junior Member
*

Posts: 89
Joined: Jun 2007
Reputation: 1
Post: #6
RE: [ help needed! ] my server is sending spam
Well I guess this is your IP: 83.169.33.81

It's blocked at BARRACUDA RBL.

Regarding Yahoo, it writes the reason for not accepting your mails -> To many user complaints, which I guess is related to the spam your customers script has send out.

Else check this side, looks like Barracude is the only place that has marked you as a poor mailhost.
http://www.mxtoolbox.com/SuperTool.aspx?....169.33.81
(This post was last modified: 04-26-2010 11:21 AM by c0urier.)
04-26-2010 11:20 AM
Visit this user's website Find all posts by this user Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)