cc4op5 Posted April 10, 2006 Share Posted April 10, 2006 hello i have small linux server who is already almost 2 years on line with web and mail server on it until today i never got spamed but the last 2 days i recieve somethiogn very weird and i dont have idea how to block it this it the full path: Return-Path: <Dj[at]katsarov.com> Received: from friend ([59.58.37.239]) by Server1.katsarov.com (8.12.11/8.12.11) with ESMTP id k39M6P1q031864 for <stanislav[at]katsarov.com>; Mon, 10 Apr 2006 00:06:27 +0200 Date: Mon, 10 Apr 2006 00:06:25 +0200 Message-Id: <88660434352114.H7mYKri3764[at]katsarov.com> From: Dora <Dj[at]katsarov.com> To: stanislav[at]katsarov.com Subject: Career opportunity from Quadrum inc. MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_002E_01C65BF9.1479D1B0" in the mail server there are 3 account and but only my primary mail is spammed every time its a diffrent ip so i cant block a hole range of ip so any ideas how to stop this spamm because it comes every 30 min thx Link to comment Share on other sites More sharing options...
cc4op5 Posted April 10, 2006 Author Share Posted April 10, 2006 hmm after my last check this come from some kind php scri_pt mailer any idea how to stop it ? Link to comment Share on other sites More sharing options...
Wazoo Posted April 10, 2006 Share Posted April 10, 2006 Subject line offers no clue as to what the 'subject' is .... After reading the first post, I was still not sure what was being requested. Not a clue how you came up with the results in your second post. Data not provided .. so had to look it up elsewhere; nshost1.st2.lyceu.net reports the following MX records: Preference Host Name IP Address 10 mailspool.katsarov.com 82.226.194.171 20 maildefer.katsarov.com 82.226.194.171 Server1.katsarov.com ESMTP Sendmail 8.12.11/8.12.11; Mon, 10 Apr 2006 06:07:47 +0200 E-mail header sample I believe indicates the forging of the From: and Return: lines ... how often to you e-mail yourself? possible filter action Received from 59.58.37.239 which was just listed on the CBL this morning; http://cbl.abuseat.org/lookup.cgi?ip=59.58.37.239 IP Address 59.58.37.239 was found in the CBL. It was detected at 2006-04-10 05:00 GMT (+/- 30 minutes You received your spam prior to this IP addresses being abused enough to get itself listed somewhere ... But, the question is .. do you use any BLs to check your incoming e-mail? If this isn't what you are actually asking about, please explain what it is you are looking for. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.