I recieved an email from [email protected] That is my server but this email account is not on my system. The mail came to an email account on one of my other sites. Did I miss something in my setup so others are useing my email services? How can I stop this? It also seems that most of my spam and people giving post the links point to .ru sites. Is there any way to just block all the sites from another country like .ru?
Did you check the email header to see if the maill really originated from your server? Did you check if your server is blacklisted? http://www.mxtoolbox.com/blacklists.aspx It is possible that spammers abuse a vulnerable web application, so I'd make sure these are all up to date. This link might also be of interest: http://www.howtoforge.com/how-to-log-emails-sent-with-phps-mail-function-to-detect-form-spam
It looks like my server sent it because it said debian1.the-computerguy.biz and I naver as far as i can remember used the debian1. other then during setup. I am not on the blacklist. I may need to find a way to password all email sending. I know how to secure a windows server but I am still learning the linux side of web serving.
Hmm, It does looked like someone faked it but I do not understand how they got the debian1. part. Here is my header. It looks like the ip was not mine. Return-Path: <[email protected]> Delivered-To: [email protected] Received: from localhost (localhost.localdomain [127.0.0.1]) by debian1.the-computerguy.biz (Postfix) with ESMTP id 57D13ADC0FA for <[email protected]>; Sat, 26 Feb 2011 10:05:49 -0500 (EST) X-Virus-Scanned: Debian amavisd-new at debian1.the-computerguy.biz X-Spam-Flag: YES X-Spam-Score: 13.623 X-Spam-Level: ************* X-Spam-Status: Yes, score=13.623 tagged_above=1 required=4.5 tests=[HTML_MESSAGE=0.001, RDNS_NONE=0.1, URIBL_AB_SURBL=1.613, URIBL_BLACK=1.961, URIBL_JP_SURBL=2.857, URIBL_SBL=2.468, URIBL_SC_SURBL=2.523, URIBL_WS_SURBL=2.1] Received: from debian1.the-computerguy.biz ([127.0.0.1]) by localhost (debian1.the-computerguy.biz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pDmANK9RIaqX for <[email protected]>; Sat, 26 Feb 2011 10:05:46 -0500 (EST) Received: from [178.122.49.51] (unknown [178.122.49.51]) by debian1.the-computerguy.biz (Postfix) with ESMTP id 2C008ADC0F5 for <[email protected]>; Sat, 26 Feb 2011 10:05:46 -0500 (EST) Received: from [132.104.123.62] (account [email protected] HELO nozhktfps.htofosvpfbhase.ua) by (CommuniGate Pro SMTP 5.2.3) with ESMTPA id 132543730 for <[email protected]>; Sat, 26 Feb 2011 20:05:44 +0500 Date: Sat, 26 Feb 2011 20:05:44 +0500 From: [email protected], Watches_and_Handbags <[email protected]> X-Mailer: The Bat! (v2.00.5) Business X-Priority: 3 (Normal) Message-ID: <[email protected]> To: <[email protected]> Subject: ***SPAM***Everything on our site is On sale this Week as we are consolidating and must get rid of it all FAST! MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----------5424DEB1D1061FA"
I was thinking the same think. I need to figure out how to block IPs I guess. New to linux sorry for being a little slow Thanks for the help
