Spam sent from one of my servers?

smurfkillin · October 17th, 2005, 5:57 PM

I just started getting a TON of returned mail from various servers, mainly telling me that a message cannot be sent because the user doesnt exist, blah blah. Sample below:

______________________________________
Hi. This is the qmail-send program at triskel.steredenn.net.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<woody

ff6sol.com>:
Sorry, no mailbox here by that name. vpopmail (#5.1.1)

--- Below this line is a copy of the message.

Return-Path: <c.silver_hh

mperalta.com>
Received: (qmail 28523 invoked by uid 503); 17 Oct 2005 21:17:36 -0000
Received: from unknown (HELO millepattes.com) (61.144.222.80)
by triskel.steredenn.net with SMTP; 17 Oct 2005 21:17:36 -0000
Message-ID: <2.2.32.2005091721143900b7f733

mperalta.com>
From: "Carmelo Silver" <c.silver_hh

mperalta.com>
Subject: =?ISO-8859-1?B?Rmxhd2xlc3MgRmluYW5jaW5nIFNvbHV0aW9ucw==?=
Date: Mon, 17 Oct 2005 21:14:39 +0000
MIME-Version: 1.0
X-Sender: <c.silver_hh

mperalta.com>
In-Reply-To: <dbe701c5ce39$d6f66639$0772b87d

uq16xx3>
X-Mailer: Windows Eudora Pro Version 2.2 (32)
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 8bit

ÂHi,

ÂFlawless Home Loan Offer

Âhttp://b.09mort.com/6/index/owner/

______________________________________

Problem is: there is no user named 'c.silver_hh

mperalta.com' - this is one of my servers, but it seems that someone is spoofing the domain name and sending emails and i am getting the returned message on my default/catch all address.

IS THERE ANY way to stop this?
thanks

**Bigjohn** · October 17th, 2005, 8:04 PM

It's caused because someone is spoofing your domain.... nothing you can really do about it, unfortunately. Just make sure your default address is 'blackhole'.

John

sacjeanie · October 17th, 2005, 11:13 PM

Quote:

Originally Posted by Bigjohn

Just make sure your default address is 'blackhole'.

John

Whoosh! is the sound as that statement goes over my head. Can you explain Big John? Type slowly as I'm currently enjoying a "Bavaria" Holland beer and I might not be able to read that fast.

**Jamie** · October 22nd, 2005, 11:51 PM

To set individual "blackhole" setting for cPanel account [theme=x]:
Log in to cPanel
Click on "Mail" icon
Under the "Mail Manager Main Menu" click on "Default Address"
In "Default Address Maintenance" window, click on "Set Default Address"
Enter ":blackhole:" [without quotes] to discard all incoming unrouted mail.
NOTE: this must be done for each subdomain also.

To set default "blackhole" for all new accounts created in WHM:
Log in to WHM.
Under "Server Configuration" menu, click on "Tweak Settings".
In "Tweak Settings" window, under "Mail" section, ensure "Default catch-all/default address behavior for new accounts. fail will generally save the most CPU time." is set to "blackhole".
Scroll down and "save".

sacjeanie · October 23rd, 2005, 11:50 AM

So if I'm understanding this correctly, ":blackhole:" just puts bounced e-mail into the big e-mail recycle bin. It's never actually saved to your system and you don't need to wade through the junk.

Big John, I didn't mean to offend. I was actually laughing at myself because I'm such a lightweight with alcohol and yet being originally German, I _really_ enjoy good beer.

October 17th, 2005, 5:57 PM	#1 (permalink)
smurfkillin Registered User Seasoned Poster Joined in Jan 2004 Lives in Tucson AZ Hosted on pass2 81 posts Gave thanks: 1 Thanked 0 times	Spam sent from one of my servers? I just started getting a TON of returned mail from various servers, mainly telling me that a message cannot be sent because the user doesnt exist, blah blah. Sample below: ______________________________________ Hi. This is the qmail-send program at triskel.steredenn.net. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. <woodyff6sol.com>: Sorry, no mailbox here by that name. vpopmail (#5.1.1) --- Below this line is a copy of the message. Return-Path: <c.silver_hhmperalta.com> Received: (qmail 28523 invoked by uid 503); 17 Oct 2005 21:17:36 -0000 Received: from unknown (HELO millepattes.com) (61.144.222.80) by triskel.steredenn.net with SMTP; 17 Oct 2005 21:17:36 -0000 Message-ID: <2.2.32.2005091721143900b7f733mperalta.com> From: "Carmelo Silver" <c.silver_hhmperalta.com> Subject: =?ISO-8859-1?B?Rmxhd2xlc3MgRmluYW5jaW5nIFNvbHV0aW9ucw==?= Date: Mon, 17 Oct 2005 21:14:39 +0000 MIME-Version: 1.0 X-Sender: <c.silver_hhmperalta.com> In-Reply-To: <dbe701c5ce39$d6f66639$0772b87duq16xx3> X-Mailer: Windows Eudora Pro Version 2.2 (32) Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 8bit ÂHi, ÂFlawless Home Loan Offer Âhttp://b.09mort.com/6/index/owner/ ______________________________________ Problem is: there is no user named 'c.silver_hhmperalta.com' - this is one of my servers, but it seems that someone is spoofing the domain name and sending emails and i am getting the returned message on my default/catch all address. IS THERE ANY way to stop this? thanks __________________ Dedicated www.aragonperalta.com

October 17th, 2005, 8:04 PM	#2 (permalink)
Bigjohn minor deity Super #1 Joined in Apr 2004 Lives in Georgia Hosted on XEON 7,229 posts Gave thanks: 19 Thanked 91 times	It's caused because someone is spoofing your domain.... nothing you can really do about it, unfortunately. Just make sure your default address is 'blackhole'. John __________________ Proud to be a Surmunity Mod! XEON PASS60 PASS61 Make a fundamental difference! My Sites: Curious about Brewing Beer? Join the community! >>>>> Some Change is GOOD! Keep your paycheck! Support the Fair Tax Get into an Art museum Victorian London It's your brain -*ON WEB* - mybrainhost.com (under development) What SHOULD Government do? Much Less than it Does!

October 22nd, 2005, 11:51 PM	#4 (permalink)
Jamie Surpass Fan Comfy Contributor Joined in Oct 2003 Hosted on Dedicated 297 posts Gave thanks: 0 Thanked 0 times	To set individual "blackhole" setting for cPanel account [theme=x]: Log in to cPanel Click on "Mail" icon Under the "Mail Manager Main Menu" click on "Default Address" In "Default Address Maintenance" window, click on "Set Default Address" Enter ":blackhole:" [without quotes] to discard all incoming unrouted mail. NOTE: this must be done for each subdomain also. To set default "blackhole" for all new accounts created in WHM: Log in to WHM. Under "Server Configuration" menu, click on "Tweak Settings". In "Tweak Settings" window, under "Mail" section, ensure "Default catch-all/default address behavior for new accounts. fail will generally save the most CPU time." is set to "blackhole". Scroll down and "save". __________________ Jme ++++++ Site: WalkerNetwork.com My Dumb Blog Server: Dedicated IM: Visit my profile for more info. Official Title: Queen of Run-On Sentences [ONE] - The Campaign to Make Poverty History

October 23rd, 2005, 11:50 AM	#5 (permalink)
sacjeanie Registered User Comfy Contributor Joined in Sep 2005 Hosted on sh84 117 posts Gave thanks: 0 Thanked 0 times	So if I'm understanding this correctly, ":blackhole:" just puts bounced e-mail into the big e-mail recycle bin. It's never actually saved to your system and you don't need to wade through the junk. Big John, I didn't mean to offend. I was actually laughing at myself because I'm such a lightweight with alcohol and yet being originally German, I _really_ enjoy good beer. __________________ datadoggie.com \| Server: SH84 Bike Odometer: 140 miles

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)