Search Results

Search found 2201 results on 89 pages for 'anti spam'.

Page 22/89 | < Previous Page | 18 19 20 21 22 23 24 25 26 27 28 29  | Next Page >

  • Has this server been compromised?

    - by Griffo
    A friend is running a VPS (CentOS) His business partner was the sysadmin but has left him high and dry to look after the system. So, I've been asked to help out in fixing an apparent spam problem. His IP address got blacklisted for unsolicited mail. I'm not sure where to look for a problem, but I started with netstat to see what open connections were running. It looks to me like he has remote hosts connected to his SMTP server. Here's the output: Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 78.153.208.195:imap 86-40-60-183-dynamic.:10029 ESTABLISHED tcp 0 0 78.153.208.195:imap 86-40-60-183-dynamic.:10010 ESTABLISHED tcp 0 1 78.153.208.195:35563 news.avanport.pt:smtp SYN_SENT tcp 0 0 78.153.208.195:35559 vip-us-br-mx.terra.com:smtp TIME_WAIT tcp 0 0 78.153.208.195:35560 vip-us-br-mx.terra.com:smtp TIME_WAIT tcp 1 1 78.153.208.195:imaps 86-40-60-183-dynamic.:11647 CLOSING tcp 1 1 78.153.208.195:imaps 86-40-60-183-dynamic.:11645 CLOSING tcp 0 0 78.153.208.195:35562 mx.a.locaweb.com.br:smtp TIME_WAIT tcp 0 0 78.153.208.195:35561 mx.a.locaweb.com.br:smtp TIME_WAIT tcp 0 0 78.153.208.195:imap 86-41-8-64-dynamic.b-:49446 ESTABLISHED Does this indicate that his server may be acting as an open relay? Mail should only be outgoing from localhost. Apologies for my lack of knowledge but I don't work on linux in my day job. EDIT: Here's some output from /var/log/maillog which looks like it may be the result of spam. If it appears to be the case to others, where should I look next to investigate a root cause? I put the server IP through www.checkor.com and it came back clean. Jun 29 00:02:13 vps-1001108-595 qmail: 1309302133.721674 status: local 0/10 remote 9/20 Jun 29 00:02:13 vps-1001108-595 qmail: 1309302133.886182 delivery 74116: deferral: 200.147.36.15_does_not_like_recipient./Remote_host_said:_450_4.7.1_Client_host_rejected:_cannot_find_your_hostname,_[78.153.208.195]/Giving_up_on_200.147.36.15./ Jun 29 00:02:13 vps-1001108-595 qmail: 1309302133.886255 status: local 0/10 remote 8/20 Jun 29 00:02:13 vps-1001108-595 qmail: 1309302133.898266 delivery 74115: deferral: 187.31.0.11_does_not_like_recipient./Remote_host_said:_450_4.7.1_Client_host_rejected:_cannot_find_your_hostname,_[78.153.208.195]/Giving_up_on_187.31.0.11./ Jun 29 00:02:13 vps-1001108-595 qmail: 1309302133.898327 status: local 0/10 remote 7/20 Jun 29 00:02:14 vps-1001108-595 qmail: 1309302134.137833 delivery 74111: deferral: Sorry,_I_wasn't_able_to_establish_an_SMTP_connection._(#4.4.1)/ Jun 29 00:02:14 vps-1001108-595 qmail: 1309302134.137914 status: local 0/10 remote 6/20 Jun 29 00:02:19 vps-1001108-595 qmail: 1309302139.903536 delivery 74000: failure: 209.85.143.27_failed_after_I_sent_the_message./Remote_host_said:_550-5.7.1_[78.153.208.195_______1]_Our_system_has_detected_an_unusual_rate_of/550-5.7.1_unsolicited_mail_originating_from_your_IP_address._To_protect_our/550-5.7.1_users_from_spam,_mail_sent_from_your_IP_address_has_been_blocked./550-5.7.1_Please_visit_http://www.google.com/mail/help/bulk_mail.html_to_review/550_5.7.1_our_Bulk_Email_Senders_Guidelines._e25si1385223wes.137/ Jun 29 00:02:19 vps-1001108-595 qmail: 1309302139.903606 status: local 0/10 remote 5/20 Jun 29 00:02:19 vps-1001108-595 qmail-queue-handlers[15501]: Handlers Filter before-queue for qmail started ... EDIT #2 Here's the output of netstat -p with the imap and imaps lines removed. I also removed my own ssh session Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 1 78.153.208.195:40076 any-in-2015.1e100.net:smtp SYN_SENT 24096/qmail-remote. tcp 0 1 78.153.208.195:40077 any-in-2015.1e100.net:smtp SYN_SENT 24097/qmail-remote. udp 0 0 78.153.208.195:48515 125.64.11.158:4225 ESTABLISHED 20435/httpd

    Read the article

  • How to protect my VPS from winlogon RDP spam requests

    - by Valentin Kuzub
    I got some hackers constantly hitting my RDP and generating thousands of audit failures in event log. Password is pretty elaborate so I dont think bruteforcing will get them anywhere. I am using VPS and I am pretty much a noob in Windows Server security (am a programmer myself and its my webserver for my site). Which is a recommended approach to deal with this? I would rather block IPs after some amount of failures for example. Sorry if question is not appropriate.

    Read the article

  • Minimize the chance my email is blocked/filtered as spam

    - by justSteve
    I'm running a web-based store where order confirmations are sometimes blocked and don't reach the intended user. The structure of the business model is such that our product is marketed to the end-user by a 3rd parities - affiliates how are known entities to the end-users and email is freely exchanged between end-users and our affiliates. Our confirmations being blocked is becoming a big enough problem that we are considering implementing a system where a 'confirmations' address is created within the affiliates domain, then we'd have our app send via the affiliate's mail server instead of our own. But that'd be lots of work. The idea has been raised to have our app use our affiliates' email in the FROM field but still send from our server. My thinking is that would be detected at the end-users side and blocked just as often - we dealing with institutions large enough at least some checks up at the perimeter. Is this assumption correct (more likely to be blocked) or is there a less round about way to send messages under the auspices of 3rd parties? thx

    Read the article

  • Bypass spam check for Auth users in postfix

    - by magiza83
    I would like to know if there is any option to "FILTER" auth users in postfix. Let me explain me better, I have the amavis and dspam services between postfix(25) and postfix(10026) but I would like to avoid this check if the users are authenticated. postfix(25)->policyd(10031)->amavis(10024)->postfix(10025)->dspam(dspam.sock)->postfix(10026)--->cyrus | /|\ |________auth users______________________________________________________________| my conf is: main.cf ... smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_sasl_path = smtpd smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unauth_destination, check_policy_service inet:127.0.0.1:10040, reject_invalid_hostname, reject_rbl_client multi.uribl.com, reject_rbl_client dsn.rfc-ignorant.org, reject_rbl_client dul.dnsbl.sorbs.net, reject_rbl_client list.dsbl.org, reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client dnsbl.sorbs.net, reject_rbl_client cbl.abuseat.org, reject_rbl_client ix.dnsbl.manitu.net, reject_rbl_client combined.rbl.msrbl.net, reject_rbl_client rabl.nuclearelephant.com, check_policy_service inet:127.0.0.1:10031, permit_mynetworks, reject ... I would like something like "FILTER smtp:localhost:10026" in case they are authenticated, because in my actual configuration i'm only avoiding policyd, but not amavis and dspam. Thanks.

    Read the article

  • Spam in the VS2010 Extension Manager

    - by Alex DeLarge
    What's with all the spam (free trials and so on from Component Source & Telerik among others) in the VS 2010 Extensions Manager. Without going to the website there is no way to know whether a listing is free or trialware so, for me, the entire user experience of the Extensions Manager is ruined. Anyone else finding this? Is there a way of suppressing these? Alex...

    Read the article

  • Sending single emails works, but sending to the same email in a distribution list is bounced

    - by EvilChookie
    I'm running an Exchange 2003 server on a Telstra Business internet connection (in Australia). I'm routing emails through the SMTP connecter, using the host smtp.telstrabusiness.com When users send single emails to a single recipient, the emails are sent correctly. However, when users send emails to a distribution list, they bounce back with: The message could not be delivered because the recipient's destination email system is unknown or invalid. Please check the address and try again, or contact your system administrator to verify connectivity to the email system of the recipient. One of the people in the list was able to recieve a single email from us just a few minutes afterwards, but did not recieve any of the email that should have come from the distribution list. Is there a way I can throttle the number of messages that Exchange will send at a time, so as not to appear as spam to Telstra?

    Read the article

  • Custom Filter in cPanel to Auto-Delete Emails with Russian Characters

    - by John Conde
    I get a lot of spam to my email account from Russia. The emails themselves (name, subject, body) are in Russian and I was hoping to create a custom filter in cPanel (not in SpamAssassin but in cPanel itself) to catch these emails and delete them before they hit my inbox. I've tried setting up rules to flag emails with these characters but they still are getting through. This leads me to believe that there is an encoding issue at play here. Unfortunately I do not know how to overcome this. Ideas?

    Read the article

  • McAfee Secure Messaging Service / Postini: false positive?

    - by Martin
    Hello, I'm puzzled by this email message that gets quarantined by McAfee Secure Messaging Service (it's based on Postini) for no reason that I can think of. Here are the Postini headers: X-pstn-2strike: clear X-pstn-neptune: 0/0/0.00/0 X-pstn-levels: (S: 0.02932/98.63596 CV:99.9000 FC:95.5390 LC:95.5390 R:95.9108 P:95.9108 M:97.0282 C:98.6951 ) X-pstn-settings: 3 (1.0000:1.0000) s cv gt3 gt2 gt1 r p m c X-pstn-addresses: from [db-null] X-pstn-disposition: quarantine I read the docs (http://www.mcafee-sms.com/webdocs/admin%5Fee%5Fmcafee/wwhelp/wwhimpl/common/html/wwhelp.htm?context=MACAFFHelp&file=header%5Foverview.html#951634) and in short, the x-pstn-settings header tells me that NONE of the filters was triggered, but the x-pstn-levels header tells me that the final score (0.02932) is low enough to classify the email as bulk/spam. Can anyone explain to me why the final score is so low when none of the filters were triggered? Does anyone have any suggestions on how to prevent this from happening? Regards, Martin

    Read the article

  • Blacklisting: IP's or domains?

    - by johnnietheblack
    I am implementing a blacklisting system on my website that monitors contact forms for suspicious usage (both spam content and excessive frequency). When I find somebody / robot that meets my criteria for blacklisting, I want to send them to my DB as a blacklisted entity. My question is, should I blacklist them as an IP or as a domain? As far as I can see, blacklisting an IP is going to be far more effective, because I allow people to enter their email address in the form, and they can easily just change their domain on a regular basis. However, the downside is that if I blacklist an IP, I could potentially be blacklisting a large group of people who share an IP, when only one person is bad (ie - college campuses, coffee shops, etc). Is there a solution I'm missing?

    Read the article

  • Training Exchange junk filter via OS X Mail.app

    - by Doug Harris
    My company uses Exchange 2007 for our mail server (via 3rd party hosted service), I use OS X Mail.app on my MacBook Pro. When viewing my junk folder in the webmail interface, there's a "Not Junk" button which will move the email out of the Junk folder. I can mimic the basic functionality in Mail.app by dragging the message from the junk folder to another folder. But... does this train the server? Specific questions: Does pressing the "Not Junk" button in the webmail interface (or Outlook) do anything more on the server side? Does Exchange used any sort of statistical spam filtering (e.g. bayesian filtering) based on this action? If the answer to #1 is yes, does moving the folder out of the junk folder in Mail.app trigger the statistical learning? If the answer to #2 is no, is there a different way to trigger the learning?

    Read the article

  • sendmail is using return-path instead of from address

    - by magd1
    I have a customer that is complaining about emails marked as spam. I'm looking at the header. It shows the correct From: [email protected] However, it doesn't like the return-path. Return-Path: <[email protected]> Received-SPF: neutral (google.com: x.x.x.x is neither permitted nor denied by domain of [email protected]) client-ip=x.x.x.x; Authentication-Results: mx.google.com; spf=neutral (google.com: x.x.x.x is neither permitted nor denied by domain of [email protected]) [email protected] How do I configure sendmail to use the From address for the Return-Path?

    Read the article

  • How can I find a computer on my network that is doing mass mailings?

    - by Alex Ciarlill
    I was notified by my isp that one of my machines is sending out spam. This happened about 3 months ago on windows machine running cygwin that was hacked due to an SSH vuln. The hackers setup IIS and SMTP. I cleared out the machine and all the services are disabled so I think that machine is okay I am wondering if there is any other way to identify which machine it could be coming from? The ISP has NO useful information such as source port, destination port, destination IP... nothing. I am running DD-WRT on my router, Windows 7 PC and a Windows XP PC.

    Read the article

  • Does RDNS for mail server have to match the mail server hostname exactly?

    - by threecheeseopera
    Typically when setting up a mail server, I create an rDNS record for the mail server IP to match the mail server hostname (ex: mail.example.com). Can I instead set the rDNS ptr to match the parent domain (e.g. example.com), if this server is being used for multiple purposes, and still send mail successfully (i.e. not be classified as spam b/c of mismatched rDNS)? Thanks! EDIT: The article at http://en.wikipedia.org/wiki/Forward_Confirmed_reverse_DNS seems to indicate that it might be more complicated than I had thought. For instance, 1) I did not know that you could have multiple PTR records for a given IP; 2) it appears that as long as each PTR record matches an A record, everything is good (basically nullifying my question). Would you agree?

    Read the article

  • How to ban fans from a specific country - Facebook

    - by Lukas
    my question is kind of weird, because i want thousands of fans to dislike my page! Since this is not a common problem I hardly can find anything about it! my facebook page just got spammed with thousands of "fans" from a specific country. When I set a coountry restriction for that country, will the fans be banned and the number of fans be the same as before the spam-attack? I really need to get rid of those fans. I already restricted that country and facebook actually updated the chart where I can see where my fans are coming from. So fb knows that I have those "fans", but the number of likes remains the same... Any idea? It is not possible to ban every fan 1 by 1 because I can only see the last 100 fans.

    Read the article

  • SMTP hacked by spammer using base64 encoding to authenticate

    - by Throlkim
    Over the past day we've detected someone from China using our server to send spam email. It's very likely that he's using a weak username/password to access our SMTP server, but the problem is that he appears to be using base64 encoding to prevent us from finding out which account he's using. Here's an example from the maillog: May 5 05:52:15 195396-app3 smtp_auth: SMTP connect from (null)@193.14.55.59.broad.gz.jx.dynamic.163data.com.cn [59.55.14.193] May 5 05:52:15 195396-app3 smtp_auth: smtp_auth: SMTP user info : logged in from (null)@193.14.55.59.broad.gz.jx.dynamic.163data.com.cn [59.55.14.193] Is there any way to detect which account it is that he's using?

    Read the article

  • Postfix block senders outside from local domains

    - by Tibor Peter Toth
    I would like to block every mail that is coming in from a domain that is running on my server. Example: I have domain1.com on my mail server and I'm getting a mail from outside with an email address of [email protected] Then I know it's a Spam, because domain1.com is on my server, so the sender cannot come from outside. I want postfix to check for this, and simply block these kind of emails. I know this is a function in postfix, just don't know which one. Thanks.

    Read the article

  • does it still have any sense to directly drop mails that trigger RBLs?

    - by Luke404
    Once upon a time, using RBLs to drop mails was actually a good idea. These days seems it is no more possible for a reason or the other, so every one switched / is_switching to just use RBLs as another test in score based antispam solutions (read: SpamAssassin & friends). This gives good results, but neglects one of the benefits of RBLs, namely the ability to reject (supposed) spam before even receiving the message body. Is still there any RBL that makes sense to use that way, to hardly reject anything that fires a match in that list? If there are people doing it that way, do you ever get false positives due to the list?

    Read the article

  • Configure Postini and emailreg.org

    - by crn
    One of our companies uses Postini services as our spam filtering service. Unfortunately, the company has been tagged as a spammer and we're trying to use emailreg.org to whitelist us. Emailreg.org wants us to add a CNAME which points to their domain (emaireg.org), while Postini has us add MX records (such as domainname.s7a1.psmtp.com. Here are my questions: 1. Can adding Emaireg's CNAME cause either Postini to not work or our emails to be lost? 2. Which is order of execution (do the email go to Postini and upon their return to EmailReg or is it the other way around)? 3. Is there anything of which I should be aware when using such a setup? Thanks, in advance, for all your help!

    Read the article

  • Offlineimap -- push changes to all folders; only pull from INBOX folder

    - by g33kz0r
    I would like to be able to set up offlineimap to do the following Sync Remote/INBOX - Local Sync Local/Maildirs/* - Remote Possible? The use case here is: I download all new mail from my remote IMAP INBOX folder with offlineimap. offlineimap's posthook command calls a custom python script which does junk filtering, then sorts and categorizes my mail in the local INBOX folder to various local maildirs based on sender, etc. I read my mail with mutt and perhaps do some more categorization. ? Step 4 is what I'm after. I want offlineimap to push my local changes (categorization, filtering, deletion in the case of spam) back to the various folders on the imap server, but as you can see, there's no need for me to be pulling any changes from folders other than Remote/INBOX, as no changes happen on the IMAP server itself. I hope that's a clear explanation of the problem.

    Read the article

  • Log with iptalbes which user is delivering email to port 25

    - by Maus
    Because we got blacklisted on CBL I set up the following firewall rules with iptables: #!/bin/bash iptables -A OUTPUT -d 127.0.0.1 -p tcp -m tcp --dport 25 -j ACCEPT iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --gid-owner mail -j ACCEPT iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --uid-owner root -j ACCEPT iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --uid-owner Debian-exim -j ACCEPT iptables -A OUTPUT -p tcp -m limit --limit 15/minute -m tcp --dport 25 -j LOG --log-prefix "LOCAL_DROPPED_SPAM" iptables -A OUTPUT -p tcp -m tcp --dport 25 -j REJECT --reject-with icmp-port-unreachable I'm not able to connect to port 25 from localhost with another user than root or a mail group member - So it seems to work. Still some questions remain: How effective do you rate this rule-set to prevent spam coming from bad PHP-Scripts hosted on the server? Is there a way to block port 25 and 587 within the same statement? Is the usage of /usr/sbin/sendmail also limited or blocked by this rule-set? Is there a way to log the username of all other attempts which try to deliver stuff to port 25?

    Read the article

  • Something is spamming from my hMail server - how can I deal with this?

    - by joshcomley
    My Windows 2008 server is attempting to send out a lot of spam, I've just discovered, and I'm not sure how to see where the compromise is. For example: has someone hacked an account? Has someone hacked the server? Is there a virus on the server? What can I do to investigate this? Edit Thanks for the replies so far. I am running hMail server, and have spent so long investigating the correct configuration but still I end up with these emails being sent. Here is a screenshot of my Internet IP range settings on the server: (let me know what else I can provide to help)

    Read the article

  • It's possible to use google smtp for sending email from my server?

    - by Magnetic_dud
    Well, I am becoming crazy to let my email deliver to gmail/hotmail from my new ip. Last year, i had no problems with my past ip, but now my emails go straight to the spam folder of gmail and hotmail. I checked with mxtoolbox.com and i am not blacklisted, not an open proxy, rdns is configured the right way, SPF policy is present on the DNS. My spf is v=spf1 a mx ~all But, still, I am filtered. So, I am wondering: since gmail does not accept my emails, it's possible to use gmail smtp server to deliver all mails from my server? AFAIK, it will change all the "from" address, but maybe there is a way to not let it happen?

    Read the article

  • How to modify a message, so it will be for 100% recognizable as spam by Exchange junk e-mail filter

    - by user71061
    Hi! I have an sendmail server, sitting in front of my Exchange server. This server filter spam with SpamAssassin (and do it incredibly well!), but it merely tag spam messages with appropriate header flags and by modifying message subject. When such a message arrives to user mailbox on Exchange server, where it is examined by Echange/Outlook junk e-mail filter, which put most of spam in junk message folder. And that is my problem: most, but not all! To put all spam in junk e-mail message folder, user has to define an rule, saying f.e: "If header contains text 'X-Spam-Flag: YES' then move it to 'Junk e-mail messages' folder". Fine, but it has to be done on every user (for some users, this task is too "complicated" to made it themselves :-) . So I want to know, how could I modify message header in such a way, that Exchange junk e-mail filter will for 100% recognize this message as a spam, freeing user from task of defining his own rule. Some solution could be defining such a rule by using AD and group policy, but I wan't to avoid this due to many possible caveats: there are so many combination of different operating system and different Outlook versions, and to be honest, I doubt if it is even possible.

    Read the article

< Previous Page | 18 19 20 21 22 23 24 25 26 27 28 29  | Next Page >