Jump to content
Sign in to follow this  
cc4op5

need help

Recommended Posts

hello

i have small linux server who is already almost 2 years on line with web and mail server on it

until today i never got spamed but the last 2 days i recieve somethiogn very weird and i dont have idea how to block it

this it the full path:

Return-Path: <Dj[at]katsarov.com>

Received: from friend ([59.58.37.239])

by Server1.katsarov.com (8.12.11/8.12.11) with ESMTP id k39M6P1q031864

for <stanislav[at]katsarov.com>; Mon, 10 Apr 2006 00:06:27 +0200

Date: Mon, 10 Apr 2006 00:06:25 +0200

Message-Id: <88660434352114.H7mYKri3764[at]katsarov.com>

From: Dora <Dj[at]katsarov.com>

To: stanislav[at]katsarov.com

Subject: Career opportunity from Quadrum inc.

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="----=_NextPart_000_002E_01C65BF9.1479D1B0"

in the mail server there are 3 account and but only my primary mail is spammed

every time its a diffrent ip so i cant block a hole range of ip so

any ideas how to stop this spamm because it comes every 30 min

thx

Share this post


Link to post
Share on other sites

hmm after my last check this come from some kind php scri_pt mailer

any idea how to stop it ?

Share this post


Link to post
Share on other sites

Subject line offers no clue as to what the 'subject' is ....

After reading the first post, I was still not sure what was being requested.

Not a clue how you came up with the results in your second post.

Data not provided .. so had to look it up elsewhere;

nshost1.st2.lyceu.net reports the following MX records:

Preference Host Name IP Address

10 mailspool.katsarov.com 82.226.194.171

20 maildefer.katsarov.com 82.226.194.171

Server1.katsarov.com ESMTP Sendmail 8.12.11/8.12.11; Mon, 10 Apr 2006 06:07:47 +0200

E-mail header sample I believe indicates the forging of the From: and Return: lines ... how often to you e-mail yourself? possible filter action

Received from 59.58.37.239 which was just listed on the CBL this morning;

http://cbl.abuseat.org/lookup.cgi?ip=59.58.37.239

IP Address 59.58.37.239 was found in the CBL.

It was detected at 2006-04-10 05:00 GMT (+/- 30 minutes

You received your spam prior to this IP addresses being abused enough to get itself listed somewhere ...

But, the question is .. do you use any BLs to check your incoming e-mail?

If this isn't what you are actually asking about, please explain what it is you are looking for.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×