Help! spammer using Local to send spam from my server
I have had this problem regardless if I change servers, change usernames/passwords, etc.
The culprit is not using relaying, I have no open relays, and no one is giving out passwords.
(I am the only one who has domains on this server.)
The following is a sample of what headers are used within the spammed emails.
They are sending the spam to bogus alisis for a domain on my server and they are spamming AOL lists using BCC:
The following is taken from a message sitting in the Mail Que.
1AmBnM-00067N-IX-H
p5HW27mz 32004 32004
1075381280 0
-ident p5HW27mz
-received_protocol local
-body_linecount 79
-auth_id p5HW27mz
-auth_sender p5HW27mz@1n-77.servernode.net
-deliver_firsttime
-local
XX
502
brian68@vvww.emanuelhomesteadgoldens.com
<changed w to vv because of forum rules not allowing url to new posts>
nlbalick@aol.com
jscha92725@aol.com
mruhfus@aol.com
johnraiti@aol.com
macswat@aol.com
bigeesmurf@aol.com
gkoolaid@aol.com
capthowdy07727@aol.com
maxi1@aol.com
flycan1@aol.com
gwhite47802@aol.com
klm3475@aol.com
mybetsee@aol.com
phil4239@aol.com
sdally@aol.com
djohdj@aol.com
tropicaine@aol.com
johnrajah@aol.com
r7obsrob@aol.com
soleman187@aol.com
--- Cut off ---
125P Received: from p5HW27mz by 1n-77.servernode.net with local (Exim 4.24)
id 1AmBnM-00067N-IX;
Thu, 29 Jan 2004 08:01:20 -0500005T
To: 044T
To: brian68@vvww.emanuelhomesteadgoldens.com
<changed w to vv because of forum rules not allowing url to new posts>
038F
From: HottestNewStock876@manawatu.com
8902*
bcc: nlbalick@aol.com,jscha92725@aol.com,mruhfus@aol.com,
johnraiti@aol.com,macswat@aol.com,bigeesmurf@aol.com,
gkoolaid@aol.com,capthowdy07727@aol.com,maxi1@aol.com,
flycan1@aol.com,gwhite47802@aol.com,klm3475@aol.com,
mybetsee@aol.com,phil4239@aol.com,sdally@aol.com,
djohdj@aol.com,tropicaine@aol.com,johnrajah@aol.com,
r7obsrob@aol.com, ---Cut off ---
I have tried researching ways to prevent spamming but I don't know how to stop this
person from using the mail server on a local level.
Any suggestions?
( I have considered using Kai's SpamShield but have not yet installed it.)
This is getting frusterating as all this spam is clogging up my Mail que and shutting down Exim.
Example: over the course of 2 days, I have deleted over 240 spam mails caught up in the mail que.
Thanks for your help.
Jenn
I had the same problem when the domain was on another server. When I switched the domain to this server, the problem continued. I have changed the username for the account as well as passwords and nothing has helped.
