LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-22-2009, 11:30 AM   #1
iamfish
LQ Newbie
 
Registered: Nov 2009
Posts: 1

Rep: Reputation: 0
Unhappy Block outgoing email


my server sends a lot of spam mails recently and i am no ideas what's wrong it is. i receive my isp's complaint as AOL report that my server is keeping to send spam mail.

now, i would like to know is there any methods to prevent sending email to specific domains? e.g. aol.com

second, how to trace the sender of spam mail?

this is a part of qmail log
*****************************
Nov 22 15:56:59 server qmail: 1258876619.407107 starting delivery 25732: msg 19089508 to remote oneflatiron@aol.com
Nov 22 15:56:59 server qmail: 1258876619.407183 status: local 0/10 remote 12/20
Nov 22 15:56:59 server qmail: 1258876619.408313 starting delivery 25733: msg 19089508 to remote onehitsong@aol.com
Nov 22 15:56:59 server qmail: 1258876619.408384 status: local 0/10 remote 13/20
Nov 22 15:56:59 server qmail: 1258876619.409860 starting delivery 25734: msg 19089508 to remote oneixgrunt@aol.com
Nov 22 15:56:59 server qmail: 1258876619.409927 status: local 0/10 remote 14/20
Nov 22 15:56:59 server qmail: 1258876619.411165 starting delivery 25735: msg 19089508 to remote onelowdraggins10@aol.com
Nov 22 15:56:59 server qmail: 1258876619.411242 status: local 0/10 remote 15/20
Nov 22 15:57:01 server qmail: 1258876621.228044 delivery 25731: deferral: 205.188.155.72_failed_after_I_sent_the_message./Remote_host_said:_421-:__(RLY:CH)__http://postmaster.info.aol.com/errors/554rlych.html/421_SERVICE_NOT_AVAILABLE/
Nov 22 15:57:01 server qmail: 1258876621.228134 status: local 0/10 remote 14/20
Nov 22 15:57:01 server qmail: 1258876621.240484 delivery 25728: deferral: 205.188.159.216_failed_after_I_sent_the_message./Remote_host_said:_421-:__(RLY:CH)__http://postmaster.info.aol.com/errors/554rlych.html/421_SERVICE_NOT_AVAILABLE/
*****************************

this is spam mail header
*****************************
Return-Path: <BPOL@poste.it>
Received: from rly-dd07.mx.aol.com (rly-dd07.mail.aol.com [172.19.141.154]) by air-dd04.mail.aol.com (v125.7) with ESMTP id MAILINDD041-b8e4b06f3a43a7; Fri, 20 Nov 2009 14:53:21 -0500
Received: from mydomain.com (mydomain.com [2xx.xxx.xxx.xxx]) by rly-dd07.mx.aol.com (v125.7) with ESMTP id MAILRELAYINDD078-b8e4b06f3a43a7; Fri, 20 Nov 2009 14:53:09 -0500
Received: (qmail 12162 invoked from network); 14 Nov 2009 22:38:18 +0800
Received: from unknown (HELO User) (94.52.185.94)
by mydomain.com with SMTP; 14 Nov 2009 22:38:18 +0800
Reply-To: <BP0L@poste.it>
From: "BPOL@poste.it"<BPOL@poste.it>
Subject: nuova gamma completa di servizi online
Date: Sat, 14 Nov 2009 16:38:07 -0500
MIME-Version: 1.0
Content-Type: text/html;
charset="Windows-1251"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-AOL-IP: 2xx.xxx.xxx.xxx
Message-ID: <200911201453.b8e4b06f3a43a7@rly-dd07.mx.aol.com>
To:
Content-Transfer-Encoding: quoted-printable
X-MIME-Autoconverted: from 8bit to quoted-printable by imr-da05.mx.aol.com id nAKL20R7031045
*****************************

ps: i am using qmail

many many thanks for your help
 
Old 11-23-2009, 04:36 AM   #2
wfh
Member
 
Registered: Sep 2009
Location: Northern California
Distribution: Ubuntu Debian CentOS RHEL Suse
Posts: 164

Rep: Reputation: 44
As for tracing the origin of spam, good luck. I filter 98% of traffic on one of my servers using SpamAssassin. Spammers are very good at hiding their origins, using compromised hosts, open relays, etc.

It sounds like you have a misconfiguration in qmail.

Start by testing your server and see if it is configured as an open relay:

Mail relay testing
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
outgoing email blocked ? Grub3r Linux - Software 7 03-02-2009 06:50 AM
Shorewall - block outgoing jonnytabpni Linux - Security 1 09-14-2008 06:47 PM
Iptables/Guarddog - how to block specific outgoing packets craftybytes Linux - Security 7 05-19-2006 12:26 AM
SuSEfirewall - how to block outgoing connections dbraghi Linux - Security 4 04-02-2005 09:08 PM
Block outgoing traffic through router? Micro420 Linux - Networking 3 03-15-2005 07:01 AM


All times are GMT -5. The time now is 04:56 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration