Knowledgebase

Portal Home > Knowledgebase > Articles Database > Email spam from my own server


Email spam from my own server




Posted by khoking, 12-19-2008, 10:21 PM
Email spam from my own server Hi, I received many email spam recently, with the sender address from my own server. Eg. my domain = www.shashinki.com email spam that I received = shop@shashinki.com which is being sent to my own email address of shop@shashinki.com. Yes, the sender is my own email address account. I checked using gmail and the sender is from my own server IP address and the sender's email address seems to be valid and is from my own email account. I have changed the password of my email address, added SPF to my email system...etc. I have done all that I can think of, but I still get the same spam emails. What can I do and what should I do? I got really tired of this and I am worried that my server is being used to send spams to others. My server is with LayeredTech, unmanaged server, so I dont have a manager to help me. Hope to get some insight and help from sifus here...many thanks! __________________www.ShaShinKi.com ~ Online Camera Shop!
Posted by net, 12-19-2008, 10:26 PM
Moved > Technical
Posted by majoosh, 12-20-2008, 04:00 PM
Quote: Originally Posted by khoking Hi, I received many email spam recently, with the sender address from my own server. Eg. my domain = www.shashinki.com email spam that I received = shop@shashinki.com which is being sent to my own email address of shop@shashinki.com. Yes, the sender is my own email address account. I checked using gmail and the sender is from my own server IP address and the sender's email address seems to be valid and is from my own email account. I have changed the password of my email address, added SPF to my email system...etc. I have done all that I can think of, but I still get the same spam emails. What can I do and what should I do? I got really tired of this and I am worried that my server is being used to send spams to others. My server is with LayeredTech, unmanaged server, so I dont have a manager to help me. Hope to get some insight and help from sifus here...many thanks! Can you paste the complete header of the spam mail ? Majoosh
Posted by khoking, 12-20-2008, 10:24 PM
hi Majoosh, Quote: Delivered-To: khoking@gmail.com Received: by 10.143.90.9 with SMTP id s9cs201882wfl; Sat, 20 Dec 2008 18:18:44 -0800 (PST) Received: by 10.65.153.10 with SMTP id f10mr3793555qbo.70.1229825923709; Sat, 20 Dec 2008 18:18:43 -0800 (PST) Return-Path: Received: from ns1.shashinki.net (ns1.shashinki.net [72.232.8.42]) by mx.google.com with ESMTP id 27si9579450qbw.20.2008.12.20.18.18.42; Sat, 20 Dec 2008 18:18:42 -0800 (PST) Received-SPF: pass (google.com: domain of shop@shashinki.com designates 72.232.8.42 as permitted sender) client-ip=72.232.8.42; DomainKey-Status: good Authentication-Results: mx.google.com; spf=pass (google.com: domain of shop@shashinki.com designates 72.232.8.42 as permitted sender) smtp.mail=shop@shashinki.com; domainkeys=pass header.From=shop@shashinki.com Date: Sat, 20 Dec 2008 18:18:42 -0800 (PST) Message-Id: <494da782.1b17400a.5874.0d38SMTPIN_ADDED@mx.google.com> DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=shashinki.com; h=Received:Toubject:From:MIME-Version:Importance:Content-Type; b=qWRnDx/sYYVNqHOOZ08gP4f+nm5zDlnM6xAUQUhUzARsbRR3ISctnkNMkUwGC0nQcUY67+OOYl2v+deD/8c+14APFGTXKKDNfRRq4MRMkZEUJilWr7eoOUFS+U/Du8ie; Received: from [201.63.40.10] (helo=aafc.org.au) by ns1.shashinki.net with smtp (Exim 4.69) (envelope-from ) id 1LEDty-0004RU-UX for shop@shashinki.com; Sun, 21 Dec 2008 10:18:43 +0800 To: Subject: When will we meet again? From: MIME-Version: 1.0 Importance: High Content-Type: text/html X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - ns1.shashinki.net X-AntiAbuse: Original Domain - shashinki.com X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - shashinki.com Having trouble viewing this email? Click here to view as a webpage. __________________www.ShaShinKi.com ~ Online Camera Shop!
Posted by majoosh, 12-21-2008, 01:44 AM
Quote: Originally Posted by khoking hi Majoosh, Can you get me the maillog ? just do this egrep -i 1LEDty-0004RU-UX /var/log/exim_mainlog Majoosh
Posted by khoking, 12-21-2008, 09:33 AM
Hi Majoosh, Many thanks for helping out! This is what I got: Quote: [root@ns1 ~]# egrep -i 1LEDty-0004RU-UX /var/log/exim_mainlog 2008-12-21 10:18:43 1LEDty-0004RU-UX <= shop@shashinki.com H=(aafc.org.au) [201.63.40.10] P=smtp S=718 2008-12-21 10:18:43 1LEDty-0004RU-UX => shop R=virtual_user T=virtual_userdelivery 2008-12-21 10:18:44 1LEDty-0004RU-UX DK: message signed using a=rsa-sha1; q=dns; c=nofws; s=default; d=shashinki.com; h=Received:Toubject:From:MIME-Version:Importance:Content-Type; 2008-12-21 10:18:45 1LEDty-0004RU-UX => khoking@gmail.com R=dk_lookuphost T=dk_remote_smtp H=gmail-smtp-in.l.google.com [72.14.205.27] 2008-12-21 10:18:45 1LEDty-0004RU-UX Completed __________________www.ShaShinKi.com ~ Online Camera Shop!
Posted by khoking, 12-22-2008, 12:00 PM
Can someone help? I got really frustrated with the SPAM from my own account! __________________www.ShaShinKi.com ~ Online Camera Shop!
Posted by Coryvmcs1, 12-22-2008, 03:56 PM
On your mail server turn on your SPF checking to make sure your email address is not being spoofed this happens all the time. __________________Pivotal Web - High Performance HostingNetIP Stats Networking Tools and Monitoring
Posted by stardot, 12-22-2008, 03:57 PM
Its almost impossible to prevent this sort of spam technique. Its called a "Joe Job" : http://en.wikipedia.org/wiki/Joe_job One thing you could do to prevent it is create SPF records for all the domains you host -- this will prevent other people from masquerading their email as your domain when sending outbound spam. Most inbound mail servers do SPF MX record checks to prevent this type of spam. __________________ █ www.stardothosting.com - Web Hosting In Canada █ Contact Sales for more Information : sales@stardothosting.com
Posted by Coryvmcs1, 12-22-2008, 04:34 PM
On your mail server turn on your SPF checking to make sure your email address is not being spoofed this happens all the time. __________________Pivotal Web - High Performance HostingNetIP Stats Networking Tools and Monitoring
Posted by majoosh, 12-22-2008, 09:12 PM
Quote: Originally Posted by khoking Hi Majoosh, Many thanks for helping out! This is what I got: I think you should use rbl's in your server to keep away a good amount of spam. The IP 201.63.40.10 from where you got spam is already listed in several spam source ... see http://www.robtex.com/ip/201.63.40.10.html Please see this too http://www.webhostgear.com/175.html Majoosh


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
Bandwith monitoring tool independent of panel? (Views: 563)
Server overload with got lots of email spam (Views: 585)
litespeed suexec (Views: 592)
Long-Term Resller hosting? (Views: 644)
Time in animation in php (Views: 590)